Unified Access Gateway | Released on 23 March 2021

Check for additions and updates to these release notes.

VMware Unified Access Gateway Release Notes provides information on the new features and enhancements for the 2103 release. This page also provides a list of our resolved issues and known issues. The 2103 release has been replaced by the 2103.1 release which contains further important updates which are listed in the 2103.1 release notes. Unified Access Gateway 2103.1 or later should be downloaded and deployed to benefit from both sets of updates.

What is New in This Release

VMware Unified Access Gateway 2103 provides the following new features and enhancements:

For more information about these features, see the Documentation Center.

  • Unified Access Gateway can now be deployed in Google Cloud as a Compute Engine VM. This deployment option is in addition to the existing support for vSphere (vCenter/ESXi), Amazon AWS EC2, Microsoft Azure, and Microsoft Hyper-V VMs. 
  • Edge services on Unified Access Gateway are managed by a component called esmanager. If this process fails and restarts for any reason, then when it restarts, it will now automatically attempt to restore the session state of all existing client TLS sessions. This means that in most cases, users will not be impacted if this happens.
  • Added support for Horizon client device certificate authentication prior to SAML passthrough authentication used when launching Horizon sessions through Unified Access Gateway from Workspace ONE Access. 
  • SAML authentication for Horizon access through Unified Access Gateway now supports encrypted SAML assertions when enabled in the SAML IdP configuration. Normally encrypted SAML assertions are not required as Unified Access Gateway only accepts TLS encrypted communication anyway, but this feature allows for additional encryption if the IdP requires it.
  • For Unified Access Gateway forwarding of events to an external event management system, multiple Syslog server destinations can now be specified.
  • Updates to swap space location and inactivity timer have been made to meet Microsoft Azure VM compliance requirements. The waagent process is now started every time Unified Access Gateway boots up on Azure. The waagent log file /opt/waagent/log/waagent.log is now used.
  • Added support for Horizon Chromebook clients using SAML authentication. 
  • Updates to Photon OS package versions and Java versions.


The Unified Access Gateway user interface, online help, and product documentation are available in Japanese, French, German, Spanish, Brazilian Portuguese, Simplified Chinese, Traditional Chinese, and Korean. For the complete documentation, go to the Documentation Center.

Compatibility Notes

For more information about the VMware Product Interoperability Matrix, go to http://www.vmware.com/resources/compatibility/sim/interop_matrix.php.

Lifecycle Support policy

For information about the Unified Access Gateway Lifecycle Support policy, go to https://kb.vmware.com/s/article/2147313.

Installation and Upgrade

To download the Unified Access Gateway, see the Product Download page.

Sizing Options

For the Unified Access Gateway sizing recommendations, go to VMware Configuration Maximums.

Technical Resources

To learn and master Unified Access Gateway, go to https://techzone.vmware.com/mastering-unified-access-gateway.

Resolved Issues

  • Resolved a trusted certificate handling issue for certificates containing spaces in the name.

  • Resolved an issue relating to the inaccurate health monitoring of Unified Access Gateway from load balancers, where the Horizon UDP Tunnel Server was marked as down even though it was working correctly. The workaround of disabling the UDP Tunnel Server is no longer required. 

  • An issue relating to Horizon 'Unauthenticated' access where the client IP address 'peer' field was not forwarded to the Horizon broker is resolved.

  • The flag logoutOncertremoval should not have been sent to the Horizon client when certificate authentication is skipped. This is now resolved.

  • Resolved issue with the Secure Email Gateway where links with the pattern www- do not properly match hyperlink transform rules.

Known Issues

  • If a backslash (\) character is used when setting an admin password, root password, or RADIUS shared secret, then it must be escaped by using an extra backslash character. So, the admin must specify a password like Secret\123 as Secret\\123.

    Workaround:  Prefix \ with an extra backslash \ (for example, \\u).

  • When Horizon SAML 2.0 is used with Horizon True SSO to avoid the initial AD password prompt, and if the session is manually locked or locks due to inactivity, the user must either enter their AD password to unlock the session or close the client and reconnect. The Horizon True SSO unlock mechanism currently depends on Workspace ONE Access.

    Workaround: None

check-circle-line exclamation-circle-line close-line
Scroll to top icon