Connection Server Options for Horizon View iApp

Hello

Here are the answers to your questions,

1) The VMware Horizon Web Server that manages the connection servers, look at that name for proxying connections. even if you have a wildcard certificate and change that name to something that doesnt fit the wildcard the proxy errors out. so when the services are running those fields determine how the connection server will proxy. When using Connection Servers as a Direct Connect not Tunnel Customers would use Specific CN Named certificates myconnect.domain.org, and if it was set to server1.domain.local the connection server would actually error out against the cert providing a bad cert reference to the client. by checking the box fixing the name, saving it as myconnect.domain.org then going back and unchecking it allowed it to work appropriately. At least this was what happened a lot when i worked at VMware's GSS (Global Support Solutions) area way back in the day :)

2) So when the boxes are checked on a connection server that means that the connection servers are tunneling all traffic, for HTTPs its (443) for PCoIP its (4172 TCP/UDP) For Blast its (22443 TCP/UDP)... Usually when a direct connect fails and a tunnel works there is a firewall between Client and Agent preventing the 22443 Traffic from connecting directly.. however there is a path for the connection servers to get to that subnet, Typically that is the cause of the issue, if you want to get deeper you could also install the Direct Connect Agent on the VMware Agent to see if you can connect Directly to the machine and remove the authentication of the broker out of the equation.

Hope that helps.