Shulou(Shulou.com)06/02 Report--

When deploying VMware Horizon View virtual desktops, one of the most common problems for beginners is the "black screen": when connected to the published virtual desktop, it will appear as a black screen, and then automatically disconnect after waiting for a while. For the black screen of the View desktop, the main reason is that the ports mapped by the View security server, View connection server and firewall are not correct. To illustrate this problem in detail, let's take several cases as examples. Readers can refer to the topology, computer name, domain name, and IP address mentioned in this article, and compare your network. For example, the record of the first case is shown in Table 1-1. In the later operation, use your IP address and domain name instead of the IP address and domain name in the text.

Table 1-1 sample IP address or domain name with your information

In the case in figure 1, heuet.com is a legitimate domain name applied for at Internet, where the A record named view points to the IP address 222.223.233.162 on the outside of the firewall. In the corporate LAN where the View connection server is located, the domain name heuet.com is also used, and the internal DNS address is 172.30.6.1. The View connection server joins the domain of heuet.com and is a member server in the domain, while Composer and View security servers do not need to join to the domain. The View connection server, the security server and the Composer server are all network cards.

[note] when planning a network, many beginners configure the "View security server" as two network cards, one of which is the IP address of the local area network, and the other is the IP address of the wide area network to connect to the Internet. In this kind of planning, it is incorrect to treat the View security server as a NAT device. The View security server needs to be forwarded by the firewall at the exit, not at the edge of the network.

Figure 1 Topology diagram of a single View connection server and a single extranet IP

In figure 1, if a user in Internet wants to access the View desktop, there are two ways:

Access as HTML as Web: https://view.heuet.com.

Using Horizon View Client, the login address is view.heuet.com.

Internet users need to resolve the domain name of view.heuet.com to 222.223.233.162. If your DNS resolution does not work, edit the local hosts file (saved at c:\ windows\ system32\ drivers\ etc\ hosts by default) and add the following line:

222.223.233.162 View.heuet.com

For users in the local area network, as long as DNS is set to 172.30.6.1, you can use vcs.heuet.com to access the View desktop. At this time, you only need to "View to connect to the server" and do not need a View security server. Within the LAN, vcs.heuet.com resolves to 172.30.6.2.

Knowing the topology, we introduce the configuration of the View connection server, firewall (or router), respectively.

1.1 configure in the View Administrator interface

After installing the View security server, log in to the View Administrator management interface, check and configure the View connection server and View security server. The main steps are as follows.

(1) Log in to View Administrator, in the "View configure → Server" list, on the "Connect Server" tab, click the "Edit" button, as shown in figure 2.

Figure 2 Editing the connection server

(2) in the "Edit View connection Server Settings" dialog box, set a tag for the View connection server in the "tag" text box, such as the configuration screenshot of the vcs,View connection server providing services for LAN users as shown in figure 3, and click the "OK" button after setting.

[note] when entering the IP address and port, and the colon (:) used should be English half-width characters, can not use Chinese or full-width characters.

Select connect to the computer using secure encrypted links, and enter the DNS name of the current View connection server in external URL, in this case https://vcs.heuet.com:443, where the domain name must be used.

Select "PCoIP Security Gateway" and enter the IP address of the connection server in "PCoIP external URL", which in this example is 172.30.6.2 IP 4172.

Select "HTML Access the computer using Blast Security Gateway" and enter it as the domain name of the View connection server in "Blast external URL". This example is

Https://vcs.heuet.com:8443 .

Figure 3 Editing connection server settings

(3) return to View Administrator and click the Edit button in the Security Server, as shown in figure 4.

Figure 4 Editing the security server

(4) in the "Edit Security Server-VIEW" dialog box

In the HTTP (S) secure encrypted Link option, enter the domain name and port published to Internet as a domain name, and enter https://view.heuet.com:443 here

In the PCoIP Security Gateway option, enter the external URL as the IP address, which in this example is 222.223.233.162 URL 4172.

In the Blast Security Gateway option, enter as a domain name, in this example, https://view.heuet.com:8443.

After setting up, click the OK button, as shown in figure 5.

Figure 5 Editing View Security Server

1.2 modify the router to publish View security server to Internet

Finally, the firewall or router maps ports 443,8443 of TCP and port 4172 of TCP and UDP to the IP address of the View security server. This example is 172.16.17.51. We take the TP-LINK router as an example.

(1) Log in to the router's management interface, and in "forwarding Rule → Virtual Server", click "add New entry", as shown in figure 6.

Figure 6 add a new entry

(2) enter the first mapped port 443 IP address in the "server port number" text to the address of the View security server 172.16.17.51, select TCP for the protocol, and then click the "Save" button, as shown in figure 7.

Figure 7 adding a mapping for port 443

There are also TP-LINK routers that can set "external port", "internal port" and port range when doing port forwarding, such as TL-ER5120. If this kind of router, the external port (the port mapped by the external network IP, in this case, 222.223.233.162) is written as 44343 (indicating that only the port 443is used), and the internal port (the internal IP address mapped to) is written. In this example, 172.16.17.51) write 443-443, as shown in figure 8.

Figure 8 external port, internal port

This feature maps external ports to different internal ports. For example, you can map 1234 of the external network 222.223.233.162 to 2345 of the internal network 172.16.17.51. If such a mapping is carried out, accessing 222.223.233.162Rich 1234 will access port 2345 of 172.16.17.51.

(3) then add the mapping from 4172, 8443 to 172.16.17.51, where you need to select ALL (including TCP and UDP protocols) when adding the mapping for port 4172, as shown in figure 9.

Figure 9 adding a mapping

After this setting, Horizon View Client, when using the domain name view.heuet.com to access the View desktop, as long as the view.heuet.com domain name can be correctly resolved and the network connection is normal, it can access the View desktop behind the router. These contents will no longer be introduced.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.