Search the VMware Knowledge Base (KB)
View by Article ID

Installing or upgrading to VMware Horizon View Security Server 5.1 or later fails with the error: Error 28083. IPsec setup failed (2033171)

  • 5 Ratings

Symptoms

  • Cannot install or upgrade to VMware Horizon View 5.1 Security Server or later.
  • Installing or upgrading to VMware Horizon View 5.1 Security Server fails.
  • You see the error:

    Error 28083. IPsec failed.  Please refer to the C:\Users\....\vminst.log file for further details.

    Make sure the Windows Firewall is turned on for the active profile on the specified View Connection Server. Also ensure that any other firewalls between this Security Server and the specified View Connection Server are configured to allow IPsec traffic, as detailed in the View Architecture Planning and View Installation guides.
     
  • The vminst.log file contains the error:

    ERROR: Failed to get a successful response from the Connection Server after IPsec setup 
Note: For more information on the location of the View log files, see Location of VMware View log files (1027744).

Cause

To allow IPsec traffic, VMware Horizon View 5.1 or later requires additional ports to be open between the Connection Server and the Security Server. If your network topology includes a backend firewall between Security Server and Connection Server instances, you must configure certain protocols and ports on the firewall to support IPsec. Without proper configuration, data sent between a Security Server and Connection Server instance fails to pass through the firewall.
 
To support IPsec, the Connection Server installer can configure Windows firewall rules on the Windows Server hosts where View servers are installed. For a backend firewall, you must configure the rules yourself.

Resolution

To resolve this issue, ensure that the appropriate firewall rules are configured, and that intrusion detection hardware and software is not blocking communication.

Also ensure that these two Microsoft services are enabled: 
  1. IKE and AuthIP IPsec Keying Modules - set to automatic and running
  2. IPsec Policy Agent - set to manual and called by above service

Notes
:
  • Intrusion detection systems can be configured to block communication over a port such as, IPSEC port 500 UDP. 
  • Ensure that the ESP protocol is enabled in the back-end firewall between the security server and the connection broker when you are using IPsec
For more information on the NAT and non-NAT firewall rules, see Configuring a Back-End Firewall to Support IPsec in the VMware View 5.1 Installation Guide or the VMware View 5.2 Installation Guide.

See Also

Update History

05/17/2013 - Intrusion detection system information added to the resolution section; Added View 5.2 to Product list.

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 5 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 5 Ratings
Actions
KB: