How To Troubleshoot VmWare VDI Connection Issues?

Jump to latest Follow Reply
S

spicehead-53186

Smack-Fu Master, in training
86
  • #1
    Our users access another companies(at&t) system using VmWare Horizon Client. Our users are provided a company/work laptop we manage with "always on" VPN. They sign in to VMware Horizon Client successfully but when they click to launch their desktop they get this error:

    Loading Failed​

    VDPCONNECT_CONNECT_TLS: The connection to the gateway or the remote computer could not be established because of a TLS error. This could be due to a TLS handshake failure, a certificate check failure or other related errors. If the issue persists, please contact your system administrator."


    b16zuTO.png



    However, if they are outside of the office, they can successfully launch their vdi desktop. So my instincts tell me it an issue on our side/network right?

    However, where do I look? I have the keys to our entire kingdom but not the knowledge and wisdom and experience that is the usual requisite for such power and responsibility.

    I putzed around in Palo Alto Panorama FW, and O365 Defender blocked url's and found nothing to indicate we are blocking it. I then used chatGPT to give me a bit more of a refined scope to search out, i.e. Panaroma > Monitor > URL filtering > search scope, but still nothing.



    I would appreciate any input and direction on this as not sure what else to do or where to look?
     
    Paladin

    Paladin

    Ars Legatus Legionis
    32,552
    Subscriptor
  • #2
    Our users access another companies(at&t) system using VmWare Horizon Client.
    Click to expand...
    I would start by talking to that company. Make sure they are not having a problem or know what the issue is.

    Then check for any SSL/TLS inspection on your network that might be interfering with the encrypted connection, though I would expect you would see similar errors in general web site surfing if you had a problem with that. Your firewall should probably not being doing SSL/TLS inspection on VDI traffic since you already have implicit trust if you are using that other company to provide your whole client environment.
     
    S

    spicehead-53186

    Smack-Fu Master, in training
    86
  • #3
    Paladin said:
    I would start by talking to that company. Make sure they are not having a problem or know what the issue is.

    Then check for any SSL/TLS inspection on your network that might be interfering with the encrypted connection, though I would expect you would see similar errors in general web site surfing if you had a problem with that. Your firewall should probably not being doing SSL/TLS inspection on VDI traffic since you already have implicit trust if you are using that other company to provide your whole client environment.
    Click to expand...

    The other company is AT&T, and they hired our firm to do some design work(civil engineering) for new fibre optic layouts. So our end users were given virtual desktops by AT&T to have access to their corp environment, via VMware Horizon View Client.

    The issue ONLY occurs when on our internal network.. soon as they leave our office and use a different network with our "always on" VPN, such as personal or public wifi no connection issues, VDI desktop launches successfully.

    Does that breakdown offer any new insight? Otherwise, any pointers or suggestions on where in my environment I would look for these SSL/TLS features you suggested?
     
    S

    spicehead-53186

    Smack-Fu Master, in training
    86
  • #6
    Paladin said:
    The difference is either your firewall or your ISP at your office. One or the other is either interfering with SSL/TLS traffic or perhaps a proxy server on your network is doing so. Some kind of security device that is messing with the SSL traffic, I would assume.
    Click to expand...

    we use Palo Alto Firewall, but I am not seeing any blockage in the Panorama, but also I know nothing about it and have been using Google and chatgpt as a guide..
    Wudan Master said:
    Can you get to the connection manager/broker? ort is it the desktop presentation that is failing?
    Click to expand...

    users can sign into VmWare sign in portal successfully, but when they launch their VDI desktop is when it fails with the above error.


    if it was you guys, where would you look?
     
    T

    tremere98

    Smack-Fu Master, in training
    29
  • #8
    I think Paladin has the right if it.

    I’m betting your “always on” VPN is really a nonissue in this regard because it’s split tunneled, and the users are going out their own internet to the ATT gateway.

    This would leave, as he said, your own FW blocking something leaving your HQ.

    But that’s just my opinion based on the info at hand. Best of luck!
     
    You must log in or register to reply here.
    Jump to latest Follow Reply
    Jump to latest Follow Reply