You might experience difficulty when you deploy Unified Access Gateway in your environment. You can use a variety of procedures for diagnosing and fixing problems with your deployment.
Security warning when running scripts downloaded from internet
Verify that the PowerShell script is the script you intend to run, and then from the PowerShell console, run the following command:
ovftool command not found
Verify that you have installed the OVF Tool software on your Windows machine and that it is installed in the location expected by the script.
Invalid Network in property netmask1
The message might state netmask0, netmask1 or netmask2. Check that a value has been set in the .INI file for each of the three networks such as netInternet, netManagementNetwork, and netBackendNetwork.
Verify that a vSphere Network Protocol Profile has been associated with every referenced network name. This specifies network settings such as IPv4 subnet mask, gateway, and so on. Ensure the associated Network Protocol Profile has correct values for each of the settings.
Warning message about the operating system identifier being not supported
The warning message displays that the specified operating system identifier SUSE Linux Enterprise Server 12.0 64-bit (id:85) is not supported on the selected host. It is mapped to the following OS identifier: Other Linux (64-bit).
Ignore this warning message. It is mapped to a supported operating system automatically.
Configure Unified Access Gateway for RSA SecurID authentication
Add the following lines to the Horizon section of the .INI file.
authMethods=securid-auth && sp-auth matchWindowsUserName=true
Add a new section at the bottom of you .INI file.
[SecurIDAuth] serverConfigFile=C:\temp\sdconf.rec externalHostName=192.168.0.90 internalHostName=192.168.0.90
The IP addresses should both be set to the IP address of Unified Access Gateway. The sdconf.rec file is obtained from RSA Authentication Manager which must be fully configured. Verify that you are using Access Point 2.5 or later (or Unified Access Gateway 3.0 or later) and that the RSA Authentication Manager server is accessible on the network from Unified Access Gateway. Rerun the apdeploy Powershell command to redeploy the Unified Access Gateway configured for RSA SecurID.
Locator does not refer to an object error
The error notifies that the target= value that is used by vSphere OVF Tool is not correct for your vCenter environment. Use the table listed in https://communities.vmware.com/docs/DOC-30835 for examples of the target format used to refer to a vCenter host or cluster. The top level object is specified as follows:
The object now lists the possible names to use at the next level.
target=vi://email@example.com:PASSWORD@192.168.0.21/Datacenter1/ target=vi://firstname.lastname@example.org:PASSWORD@192.168.0.21/Datacenter1/host target=vi://email@example.com:PASSWORD@192.168.0.21/Datacenter1/host/Cluster1/ or target=vi://firstname.lastname@example.org:PASSWORD@192.168.0.21/Datacenter1/host/esxhost1
The folder names, hostnames, and cluster names used in the target are case sensitive.
Error message: "Unable to retrieve client certificate from session: sessionId"
Check that the user certificate is installed properly in the browser.
Check that the default TLS protocol versions 1.1 and 1.2 are enabled on the browser and on Unified Access Gateway.
Unable to deploy the Unified Access Gateway ova using VMware vSphere Web Client launched on the Chrome browser
You must install the client integration plugin on the browser you use to deploy an ova file on the vSphere Web Client. After installing the plugin on the Chrome browser, an error message displays indicating that the browser is not installed and and will not allow you to enter the ova file URL in the source location. This is a problem with the Chrome browser and is not related to the Unified Access Gateway ova. Please use a different browser to deploy the Unified Access Gateway ova.