Search the VMware Knowledge Base (KB)
View by Article ID

Unable to connect to a VMware View Manager desktop via the Security Server from outside the firewall (1039021)

  • 10 Ratings

Symptoms

  • You are unable to launch PCoIP session from outside the firewall.
  • You can authenticate, but the session disconnects when you select the pool.
  • You may see a black screen just before the session disconnects.
  • The PCoIP logs on the View Client contain entries similar to:

    05/06/YYYY, 03:09:15.398> LVL:2 RC: 0 MGMT_SSIG :Initiating session with: (xx.xx.xx.xx)
    05/06/YYYY, 03:09:15.654> LVL:2 RC: 0 MGMT_PCOIP_DATA :Tx thread info: bw limit = 0, plateau = 0.0, avg tx = 0.0, avg rx = 0.0 (KBytes/s)
    05/06/YYYY, 03:09:15.654> LVL:1 RC: 0 VGMAC :Stat frms: R=000000/000000/000000 T=000000/000000/000000 (A/I/O) Loss=0.00%/0.00% (R/T)
    05/06/YYYY, 03:09:36.400> LVL:1 RC:-500 MGMT_SCHAN :scnet_client_open: tera_sock_connect failed to connect to 10.194.166.69:4172!
    05/06/YYYY, 03:09:36.400> LVL:1 RC:-500 MGMT_SCHAN :scnet_client_open: tera_sock_connect returned error 10060 - Connection timed out!

    Note: Where the xx.xx.xx.xx is the actual external IP address of the firewall for PCoIP communication.

  • This issue does not occur with RDP connections.

Cause

This issue occurs if the communication requirements for the PCoIP connection from the Client to the View Desktop through the PCoIP Secure Gateway are not met.

Resolution

To troubleshoot this issue:
  1. Check that the PCoIP Secure Gateway configuration is correct. For more information, see Configuring PCoIP Secure Gateway in VMware View (1036208) and Troubleshooting PCoIP Secure Gateway (PSG) issues (1034825).

  2. Check that the firewall rules are correct and the firewall is actually allowing the traffic to pass properly for PCoIP connections. These tables provide the front-end and back-end firewall rules for the DMZ where the Security Server (PCoIP Secure Gateway runs on Security Server) is located
This table provides information about front-end firewall rules:
 
Source Protocol Port Destination
Any HTTP 80
Security Server
Any HTTPS 443
Security Server
Any PCoIP
TCP 4172
UDP 4172
Security Server
Client Web Browser HTTPS TCP 8443 Security Server
This table provides information about back-end firewall rules:
 
Source
Protocol
Port
Destination
Security Server
PCoIP
TCP 4172
UDP 4172
View Desktops
Security Server
HTTPS
TCP 22443
View Desktops

Note: The back-end firewall rules shown here are only for PCoIP connections. For all firewall requirements, see the Firewall Rules for DMZ-Based Security Servers section in the VMware View Architecture Planning Guide.
 
  1. Ensure that the AES encryption protocol is selected in the View Client Desktops. Connection through the secure gateway is only supported with AES. For information, see Connecting to a View desktop using PCoIP fails with the error: Unable to connect to the desktop, a common encryption protocol is not available (1038613).

Additional Information

To be alerted when this article is updated, click Subscribe to Document in the Actions box.

Tags

pcoip-secure-gateway pcoip-connection-failure pcoip-connection-fails

See Also

Update History

05/09/2013 - Removed the reference to an actual IP address from the symptoms section and replaced it with xx.xx.xx.xx 06/17/2013 - Added new releases to the product section and removed the reference to view 4.6 specifically on the title section 10/08/2013 - Added view 5.2 to Product Versions. 11/18/2013 - Added 8443 and 22443 ports to the tables.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 10 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 10 Ratings
Actions
KB: