You might experience connection problems between Horizon Client and a security server or Horizon Connection Server host when the PCoIP Secure Gateway is configured to authenticate external users that communicate over PCoIP.

Procedure

  • Check that the following network ports are opened on the firewall for the security server or Connection Server host.

    Port

    Description

    TCP 4172

    From Horizon Client to the security server or Connection Server host.

    UDP 4172

    Between Horizon Client and the security server or Connection Server host, in both directions.

    TCP 4172

    From the security server or Connection Server host to the Horizon 7 desktop.

    UDP 4172

    Between the security server or Connection Server host and the Horizon 7 desktop, in both directions.

  • In Horizon Administrator, make sure that the PCoIP Secure Gateway is enabled.
    1. Click View Configuration > Servers.
    2. Select the Connection Server instance on the Connection Servers tab and click Edit.
    3. Select Use PCoIP Secure Gateway for PCoIP connections to machine.

      The PCoIP Secure Gateway is disabled by default.

    4. Click OK.
  • In Horizon Administrator, make sure that the PCoIP External URL is configured correctly.
    1. Click View Configuration > Servers.
    2. Select the host to configure.
      • If your users connect to the PCoIP Secure Gateway on a security server, select the security server on the Security Servers tab.

      • If your users connect to the PCoIP Secure Gateway on a Connection Server instance, select that instance on the Connection Servers tab.

    3. Click Edit.
    4. In the PCoIP External URL text box, make sure that the URL contains the external IP address for the security server or Connection Server host that clients can access over the Internet.

      Specify port 4172. Do not include a protocol name.

      For example: 10.20.30.40:4172

    5. Make sure that all addresses in this dialog allow client systems to reach this host.

      All addresses in the Edit Security Server Settings dialog must allow client systems to reach this security server host. All addresses in the Edit Connection Server Settings dialog must allow client systems to reach this Connection Server instance.

    6. Click OK.

    Repeat these steps for each security server and Connection Server instance on which users connect to the PCoIP Secure Gateway.

  • If the user is connecting through a web proxy that is outside of your network, and the proxy is blocking a required port, direct the user to connect from a different network location.