You can replace the default HTTP ports or NICs for a Connection Server instance or security server by editing the locked.properties file on the server computer. Your organization might require you to perform these tasks to comply with organization policies or to avoid contention.
About this task
The default SSL port is 443. The default non-SSL port is 80.
The port that is specified in the secure tunnel External URL does not change as a result of changes that you make to ports in this procedure. Depending on your network configuration, you might have to change the secure tunnel External URL port as well.
If the server computer has multiple NICs, the computer listens on all NICs by default. You can select one NIC to listen on the configured port by specifying the IP address that is bound to that NIC.
During installation, Horizon 7 configures the Windows firewall to open the required default ports. If you change a port number or the NIC on which it listens, you must manually reconfigure your Windows firewall to open the updated ports so that client devices can connect to the server.
If you change the SSL port number and you need HTTP redirection to continue working, you must also change the port number for HTTP redirection. See Change the Port Number for HTTP Redirection to Connection Server.
Verify that the port that is specified in the External URL for this Connection Server instance or security server will continue to be valid after you change ports in this procedure.
- Create or edit the locked.properties file in the SSL gateway configuration folder on the Connection Server or security server computer.
For example: install_directory\VMware\VMware View\Server\sslgateway\conf\locked.properties
The properties in the locked.properties file are case sensitive.
- Add the serverPort or serverPortNonSsl property, or both properties, to the locked.properties file.
- (Optional) If the server computer has multiple NICs, select one NIC to listen on the configured ports.
Add the serverHost and serverHostNonSsl properties to specify the IP address that is bound to the designated NIC.
Typically, both the SSL and non-SSL listeners are configured to use the same NIC. However, if you use the serverProtocol=http property to off-load SSL for client connections, you can set the serverHost property to a separate NIC to provide SSL connections to systems that are used to launch Horizon Administrator.
If you configure SSL and non-SSL connections to use the same NIC, the SSL and non-SSL ports must not be the same.
- Restart the Connection Server service or security server service to make your changes take effect.
What to do next
If necessary, manually configure your Windows firewall to open the updated ports.