VMware Desktop and Mobility certification exam continue today with a new topic. VCP6-DTM Objective 4.3 – Troubleshoot connectivity between Horizon (with View) components. All exam topics can be found on VCP6-DTM Study Guide page on this blog.
Difficult to do a post on troubleshooting when having a lab deployment only and not a large scale production environment with more remote sites etc. But will try. Let's get started. The idea is to know what to troubleshoot, from where to start and where to go. The help can be found in below PDFs, but there are also some VMware KB articles which will be mentioned below the post. Feel free to add a comment if you found an error or wrong statement. I'm only a human too, and everyone does make errors.
VMware Knowledge for today's topic:
- Troubleshoot Horizon View client connectivity issues
- Troubleshoot Horizon View client protocol connectivity issues
- Troubleshoot desktop connectivity issues
- Generate and analyze log bundles
Documentation Tools:
- Horizon View Administration Guide
- Horizon View Installation Guide
- Horizon View Administrator
Troubleshoot Horizon View client connectivity issues
There are different parts where you can encounter connectivity problems. The problem can be situated on any of the parts of the infrastructure so its important to test against several places. it can be wrong internet settings on the client PC, Issue with a DNS or a whole branch failure.
Issues with DNS can be one of those and it's usually good to start with this. Check the resolution of DNS from a virtual desktop. Open command prompt and type:
Start > run > type cmd > click OK > type nslookup IP_of_your_connection_server
Make sure that:
- The DNS name matches the DNS name configured on the connection server
- The port 4001 is opened (do a “telnet IP_of_your_connection_server 4001″ command)
If you're getting errors, you might have a firewall enabled or antivirus active on the virtual desktop, connection server or on the part of the network between those two points.
Client – Server Connectivity problems:
- Wrong Internet settings on the client computer – try the RDP client and if you can't connect, try browser https, https. If you can't reach the login page then do a general troubleshooting of the client's connection. Eventually reset completely the connection, and (or) use ipconfig /release (/renew) commands to refresh the DHCP stack.
- Impossible to resolve DNS of the connection server – when you're trying to connect and you have a connection screen but an error after entering your credentials, then the problem might be in the DNS settings of the client. The error is that the client or proxy server is unable to resolve the DNS name of the connection server. When the client successfully authenticates to the connection server, the server directs the client to open a secure connection, If it cannot be resolved by the IP address of the broker computer, the secure connection setup fails. If the browser is configured with an HTTP proxy Web access, the proxy server has to resolve the fully qualified domain name (FQDN). Configure the VDM server to report its externally visible DNS name or IP address in the external URL setting.
- Branch Failure – if the client has an error in the connection (connection failed) or “a secure connection to the VDM server cannot be established”.
There is another possibility of failure. The connection problem can be between the Connection server and the VDI desktop.
Server – Desktop communication problems:
In order to have a communication between the connection server and VDI desktop you should check the following:
- Connection server and security server has to be able to connect via RDP to the VDI desktop via the last reported IP address and through port 3389. If there is a security server deployed, within a DMZ, exception rules must be created in the inner firewall to allow RDP connectivity between the security server and all desktop virtual machines. If you bypass the secure connection, the client must establish a direct RDP communication to the desktop virtual machine over RDP (port 3389).
- Security server can establish a JMS communication with its connection server –
If secure connections are bypassed, verify that the firewall rules allow a client to establish either a direct RDP connection to the desktop virtual machine on TCP port 3389, or a direct PCoIP connection to the desktop virtual machine on TCP port 4172 and UDP port 4172.
Verify that exception rules are configured in the inner firewall to allow connections between each Security Server and its associated View Connection Server host on TCP port 4001 (JMS) and TCP port 8009 (AJP13).
Troubleshoot Horizon View client protocol connectivity issues
Make sure that the ports on the firewall for the security server or View connection server:
| Port | Description |
| TCP 4172 | From View Client to the security server or View Connection Server host. |
| UDP 4172 | Between View client and the security server or View Connection Server host, in both directions. |
| TCP 4172 | From the security server or View Connection Server host to the View desktop. |
| UDP 4172 | Between the security server or View Connection Server host and the View desktop, in both directions. |
| UDP 50002 / 55000 | PCoIP also uses UDP port 50002 from Horizon Client (or UDP port 55000 from the PCoIP Secure Gateway) to port 4172 of the remote desktop or application. |
Troubleshoot desktop connectivity issues
The connectivity problems between a desktop and a View Connection Server instance can occur for different reasons:
- Lookup failure on the desktop for the DNS name of the View Connection Server host.
- The ports for JMS, RDP, or AJP13 communication being blocked by firewall rules.
- The failure of the JMS router on the View Connection Server host.
resolution: try nslookup: nslookup IP_of_your_connection_server
Generate and analyze log bundles
There is a support tool, in View, which allows you to set logging levels and generate log files for View Connection Server. The support tool is not intended to collect diagnostic information for Horizon Client or View Agent. You must instead use the support script.
The steps:
login to View connection server and go to Start > All programs > VMware > Set View Connection Server Log Levels.
Then, in the command line window, enter the level you wish:
- 0 – Resets the logging level to the default value.
- 1 – Selects a normal level of logging.
- 2 – Selects a debug level of logging (default).
- 3 – Selects full logging.
The system will starts recording log information with the level of detail that you have selected.
After collecting enough informations you can create a log bundle:
Start > All Programs > VMware > Generate View Connection Server Log Bundle.
A new file will be created (on the desktop of the View connection Server) in a folder called vdm-sdct
To collect logs for View Agent, Horizon Client or View connection server from the console
You can use the support scripts to generate log files for View Connection Server, Horizon Client, or remote desktops that are running View Agent. You must have direct access to the console.
Step 1 – open command prompt and do a CD to a directory of your choice depending on which logs you want to collect.
Step 2 – for different components you need to CD to different directory as below:
- View Agent – Change to the C:\Program Files\VMware View\Agent\DCT directory.
- Horizon Client – Change to the C:\Program Files\VMware View\Client\DCT directory.
- View Connection Server – Change to the C:\Program Files\VMware View\Server\DCT directory.
Step 3 – type a command to run the support script
.\support.bat [loglevels]
Where different log levels are proposed:
- 0 – Resets the logging level to the default value.
- 1 – Selects a normal level of logging.
- 2 – Selects a debug level of logging (default).
- 3 – Selects full logging.
- 4 – Selects informational logging for PCoIP (View Agent and Horizon Client only).
- 5 – Selects debug logging for PCoIP (View Agent and Horizon Client only).
- 6 – Selects informational logging for virtual channels (View Agent and Horizon Client only).
- 7 – Selects debug logging for virtual channels (View Agent and Horizon Client only).
- 8 – Selects trace logging for virtual channels (View Agent and Horizon Client only).
The script writes the zipped log files to the folder vdm-sdct on the desktop.
A View Composer guest agent logs are in the C:\Program Files\Common Files\VMware\View Composer Guest Agent svi-ga-support directory.
Further Troubleshooting via VMware KB:
- https://kb.vmware.com/kb/2127396
- https://kb.vmware.com/kb/1006734
- https://kb.vmware.com/kb/1030697
