You might experience connection problems between Horizon Client and a security server or Horizon Connection Server host when the PCoIP Secure Gateway is configured to authenticate external users that communicate over PCoIP.

Problem

Clients that use PCoIP cannot connect to or display Horizon 7 desktops. The initial login to a security server or Connection Server instance succeeds, but the connection fails when the user selects a Horizon 7 desktop. This issue occurs when the PCoIP Secure Gateway is configured on a security server or Connection Server host.

Note:

Typically, the PCoIP Secure Gateway is leveraged on a security server. In a network configuration in which external clients connect directly to a Horizon Connection Server host, the PCoIP Secure Gateway can also be configured on Connection Server.

Cause

Problems connecting to the PCoIP Secure Gateway can occur for different reasons.

  • Windows Firewall has closed a port that is required for the PCoIP Secure Gateway.

  • The PCoIP Secure Gateway is not enabled on the security server or Horizon Connection Server instance.

  • The PCoIP External URL setting is configured incorrectly. You must specify this setting as the external IP address that clients can access over the Internet.

  • The PCoIP External URL, secure tunnel External URL, Blast External URL, or another address is configured to point to a different security server or Connection Server host. When you configure these addresses on a security server or Connection Server host, all addresses must allow client systems to reach the current host.

  • The client is connecting through an external web proxy that has closed a port required for the PCoIP Secure Gateway. For example, a web proxy in a hotel network or public wireless connection might block the required ports.

  • The Connection Server instance that is paired with the security server on which the PCoIP Secure Gateway is configured is version View 4.5 or earlier. The security server and paired Connection Server instance must be View 4.6 or later.

Procedure

  • Check that the following network ports are opened on the firewall for the security server or Connection Server host.

    Port

    Description

    TCP 4172

    From Horizon Client to the security server or Connection Server host.

    UDP 4172

    Between Horizon Client and the security server or Connection Server host, in both directions.

    TCP 4172

    From the security server or Connection Server host to the Horizon 7 desktop.

    UDP 4172

    Between the security server or Connection Server host and the Horizon 7 desktop, in both directions.

  • In Horizon Administrator, make sure that the PCoIP Secure Gateway is enabled.
    1. Click View Configuration > Servers.
    2. Select the Connection Server instance on the Connection Servers tab and click Edit.
    3. Select Use PCoIP Secure Gateway for PCoIP connections to machine.

      The PCoIP Secure Gateway is disabled by default.

    4. Click OK.
  • In Horizon Administrator, make sure that the PCoIP External URL is configured correctly.
    1. Click View Configuration > Servers.
    2. Select the host to configure.
      • If your users connect to the PCoIP Secure Gateway on a security server, select the security server on the Security Servers tab.

      • If your users connect to the PCoIP Secure Gateway on a Connection Server instance, select that instance on the Connection Servers tab.

    3. Click Edit.
    4. In the PCoIP External URL text box, make sure that the URL contains the external IP address for the security server or Connection Server host that clients can access over the Internet.

      Specify port 4172. Do not include a protocol name.

      For example: 10.20.30.40:4172

    5. Make sure that all addresses in this dialog allow client systems to reach this host.

      All addresses in the Edit Security Server Settings dialog must allow client systems to reach this security server host. All addresses in the Edit Connection Server Settings dialog must allow client systems to reach this Connection Server instance.

    6. Click OK.

    Repeat these steps for each security server and Connection Server instance on which users connect to the PCoIP Secure Gateway.

  • If the user is connecting through a web proxy that is outside of your network, and the proxy is blocking a required port, direct the user to connect from a different network location.