You might experience difficulty when you deploy Unified Access Gateway in your environment. You can use various procedures for diagnosing and fixing problems with your deployment.

Security Warning When Running Scripts Downloaded from Internet

Verify that the PowerShell script is the script you intend to run, and then from the PowerShell console, run the following command:

unblock-file .\uagdeploy.ps1

ovftool command not found

Verify that you have installed the OVF Tool software on your Windows machine and that it is installed in the location expected by the script.

Invalid Network in Property netmask1

The message might state netmask0, netmask1, or netmask2. Check that a value has been set in the INI file for each of the three networks netInternet, netManagementNetwork, and netBackendNetwork.

Warning Message About the Operating System Identifier Being Not Supported

The warning message displays that the specified operating system identifier SUSE Linux Enterprise Server 12.0 64-bit (id: 85) is not supported on the selected host. It is mapped to the following OS identifier: Other Linux (64-bit).

Ignore this warning message. It is mapped to a supported operating system automatically.

Locator does not refer to an object error

The error notifies that the target= value that is used by vSphere OVF Tool is not correct for your vCenter Server environment. Use the table listed in https://communities.vmware.com/docs/DOC-30835 for examples of the target format used to refer to a vCenter host or cluster. The top level object is specified as follows:

target=vi://administrator@vsphere.local:PASSWORD@192.168.0.21/

The object now lists the possible names to use at the next level.

target=vi://administrator@vsphere.local:PASSWORD@192.168.0.21/Datacenter1/
target=vi://administrator@vsphere.local:PASSWORD@192.168.0.21/Datacenter1/host
target=vi://administrator@vsphere.local:PASSWORD@192.168.0.21/Datacenter1/host/Cluster1/
or
target=vi://administrator@vsphere.local:PASSWORD@192.168.0.21/Datacenter1/host/esxhost1

The folder names, hostnames, and cluster names used in the target are case-sensitive.

Error message: Unable to retrieve client certificate from session: sessionId

  • Check that the user certificate is installed properly in the browser.

  • Check that the default TLS protocol versions 1.1 and 1.2 are enabled on the browser and on Unified Access Gateway.

Unable to Deploy the Unified Access Gateway ova Using VMware vSphere Web Client Launched on the Chrome Browser

You must install the client integration plugin on the browser you use to deploy an ova file on the vSphere Web Client. After installing the plugin on the Chrome browser, an error message displays indicating that the browser is not installed and will not allow you to enter the ova file URL in the source location. This is a problem with the Chrome browser and is not related to the Unified Access Gateway ova. It is recommended that you use a different browser to deploy the Unified Access Gateway ova.

Unable to Deploy the Unified Access Gateway ova Using VMware vSphere HTML4/5 Web Client

You might run into errors such as Invalid value specified for property. This problem is not related to the Unified Access Gateway ova. It is recommended that you use the vSphere FLEX client instead to deploy the ova.

Unable to Deploy the Unified Access Gateway ova Using VMware vSphere 6.7 HTML5 Web Client

You may find that there are missing fields on the Deployment Properties page in the VMware vSphere 6.7 HTML5 Web Client. This problem is not related to the Unified Access Gateway ova. It is recommended that you use the vSphere FLEX client instead to deploy the ova.

Cannot Launch XenApp from Chrome From VMware Identity Manager

After deploying Unified Access Gateway as a web reverse proxy from VMware Identity Manager, you may not be able to launch XenApp from the Chrome Browser.

Follow the steps below to resolve this issue.

  1. Use the following REST API to disable the feature flag orgUseNonNPAPIForCitrixLaunch from VMware Identity Manager service.

    PUT https://fqdn/SAAS/jersey/manager/api/tenants/settings?tenantId=tenantname
    { "items":[ {"name":"orgUseNonNPAPIForCitrixLaunch","value": "false"} ] }
    with the following two headers:
    Content-Type application/vnd.vmware.horizon.manager.tenants.tenant.config.list+json
    Authorization HZN value_of_HZN_cookie_for_admin_user
  2. Wait for 24 hours for the change to take effect or restart the VMware Identity Manager service.

    • To restart the service on Linux, log in to the virtual appliance and run the following command: service horizon-workspace restart.

    • To restart the service on Windows, run the following script: install_dir\usr\local\horizon\scripts\horizonService.bat restart .