VMware View 4.6 PCoIP Secure Gateway Troubleshooting
First off read the View 4.6 Upgrades guide, this lists out the steps required to upgrade all components of the View infrastructure including how to upgrade the View Transfer server, the Composer server etc.My own upgrade was with a single connection server, a security server, a vCenter Server with View Composer and the Active Directory back-end servers.
If you follow the instructions in this guide then the upgrade process should be relatively painless.
The key steps are
- Make backups and record various configuration and system settings
- Halt scheduled tasks.
- If end users are using View 3.1.x or 4.0.x Client with Offline Desktop or View 4.5 Client with Local Mode, ask them to check in their View desktops.
- Upgrade View Connection Server.
- Upgrade the View Security Server. (see below)
- Upgrade Transfer Server instances.
- Upgrade View Composer.
- Upgrade the View Agents on the template virtual machines
- Upgrade the View Client software or download the iPad View 4.6 PCoIP client.
The View Security Server has to be Windows Server 2008 R2, which is a 64-bit server. The connection server can remain Windows Server 2003 32-bit or you can upgrade it to 64-bit version of Server 2003 or 2008.
When configuring the PCoIP secure gateway element you can either install this on the View Connection server or on the View Security Server which can then be installed in a DMZ. The upgrade wizard will prompt for the external PCoIP secure gateway server settings during setup, ensure you enter externally accessible information in here. When you pair the security server to the connection server this information will appear in the connection server web interface. Now all you need to do is go into the view connection server settings and enable the PCoIP Secure Gateway server option.
If you pair a Windows 2003 connection server with a PCoIP server you may get this error after enabling PCoIP support. Warning: This connection server or one of its paired security servers does not have a PCoIP Secure Gateway installed. Ensure that this configuration is correct for your intended use of PCoIP.
This is normal as the 32-bit connection server doesn’t understand the PCoIP element of the View Secure Gateway as it doesn’t have that role installed. It will work fine.
Provided all these steps have been followed the security server should be working as expected.
If not check the following firewall ports are correctly configured.
PCoIP between View Client and Security Server
- TCP 4172 from Client to Security Server
- UDP 4172 from Client to Security Server
- UDP 4172 from Security Server to Client
- TCP 443 from Client to Security Server
- UDP 443 from Client to Security Server
- TCP 80 from Client to Security Server (If not using SSL, not recommended)
- UDP 80 from Client to Security Server (If not using SSL, not recommended)
PCoIP between Security Server and virtual desktop
- TCP 4172 from Security Server to virtual desktop
- UDP 4172 from Security Server to virtual desktop
- UDP 4172 from virtual desktop to Security Server
Edit: I have removed the links to Paul Slager’s website as this site contains malware