Horizon View "This Page is Not Secure"
I have a connection to my VDI desktops via F5 (build using the iApp) and it essentially works i.e. I can get a virtual desktop although with a slight issue. To start with I enter the URL e.g. https://myvdi.mydomain.com Then after authenticating on the connection server and making my choice of desktop, the URL in the address bar changes to an IP in the range of the private LAN for the virtual desktops e.g. https://10.180.0.80:22443/d/DE841123-FE72-4C6D-A9F3-2E6B7072D7E1/certAccept.html?numPages=3 This results in a typical "this site is not secure" page in IE which I have to manually press on "go on to the webpage." Once I manually continue everything is fine as the URL is then https://myvdi.mydomain.com/portal/webclient/index.html/desktop and I get my authenticated, secure desktop. Does anyone know how I can stop this behaviour?
VMware Horizon View iAPP VDI + HTML5
Greetings! This is my first post and I am not an F5 guru but I am wondering if anyone has gotten all the ports working for VMware Horizon View and the latest iApp for Horizon View. I am specifically wondering if anyone has gotten HTML5 to the desktop working in their environment. We have 4 brokers all running View 5.2. Accessing the individual servers works fine using HTML5. When trying to add 8443 it appears like it will work but it looks like it failing on the connection to the Broker after Authentication. From a Network trace it appears we connect on 443 (authentication) to one broker and then when we try to connect to 8443 (HTML 5 access to the desktop) it fails. If I disable 3 of the 4 pool members it works every time. If I enable 2 of the 4 pool members if fails 50% of the time.... Any advice? Thanks!F5 Remote Desktop Gateway and MS Azure Multifactor Authentication
With Microsofts own Remote Desktop Gateway (2012r2) it is now possible to require 2-factor authentication for RDP clients. It is done by configuring the RD Gateway to use a NPS/Radius server which in turn uses MS Azure Multifactor Authentication server (MFA) to add the second factor. The configuration is described here: http://www.rdsgurus.com/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ 2-factor authentication for RDP clients is a long-awaited feature, and I hoped and believed that it was possible to make this work also with the F5 RD Gateway. After hours and hours trying I have realized that its not straight forward, if possible at all. The challenge/problem seems to be that the only place to put in a NPS/Radius server in the F5 solution is in the access profile (VPE), but if you do the NPS/Radius responds with access_reject (unknown username or password). I suspect this is because the access profile doesn't really participate in the NTLM authentication (challenge/response), that part is handled before the access profile - in the vdi profile. So the access profile doesn't have any valid "password" to send to the NPS/Radius server. I guess this might have worked if Radius was an option in the vdi profile, but the only option there is a NTLM Auth Configuration (Big IP Machine Account in a Windows domain). My questions are: Has anyone had better luck than me setting up F5 RD Gateway with Azure MFA? Is it possible, via tmsh maybe, to make a vdi profile use Radius instead of a NTLM Auth Configuration?Change Webtop Remote Desktop Icon
I have an access policy for VMware VDI and I can't seem to change the icons for my webtop/remote desktop links. The default icon is "terminal_service.png" located in /var/sam/www/webtop/public/images/full_wt I have changed this to an icon with the same dimensions (32px) in Access Policy>Customization>Basic>Remote Desktop and General>Branding>Remote Desktops but still the old icon is dispayed. Any ideas?
RSA SecurID pin reset vmware view horizon
hi, we have deployed apm as a full proxy for Vmware VDI infrastructure. We are using APM for authentication with AD + SecurID. Everything works great except the RSA Securid pin reset. when a user is asked to reset the pin, he gets the window to accept (no/yes), then nothing...just a window freezing. any hint ? thanks. om
Multiple remote desktop (VMware View and RDP) on APM webtop
Hello, We use the F5 APM to present an portalaccess that present an RDP remote desktop to connect users to their RDP session for entreprise user's that need to do home office. We have now an new VDI VMware environement that going to replace the RDP environnement. So my question is : Can we present on the webtop portal both RDP remote desktop and VMware View remote desktop ? I trying to do that but if I present the RDP remote dektop the second VMware view desktop doesn't appear on my webtop ?? but if I present only the VMware view remote desktop it's appear on my webtop ?? Let my know if my question is not clear...my English is very bad. Thank you guys Regards,
Remove the Select Client popup from VMware Horizon iApp
Due to security controls, we must have all users use web based HTML (BLAST) access to VDI sessions. The iApp works great, except when you launch a desktop it show a popup to requesting the user select a client (either VMware Horizon or HTML5 Client). I have gone though the iApp template () and cannot find any reference to the popup. I have looked through the APM policy, session-policy and Webtops to see if it there, but I can't seem to find it. Any ideas how to disable this popup?Connection Server Options for Horizon View iApp
I have used the iApp to build a VDI solution with the following basic configuration: Yes, deploy APM Yes, support HTML 5 clientless connections SSL bridging One IP defined for untrusted clients A different IP defined for local clients Of course I've also defined the SSL certificate, pool members, FQDN, etc Reading the deployment guide for the View Connection servers (we're not using security servers) under the heading "Modifying your Connection Servers to support HTML 5 clients" it states: Modify the Connection Servers to remove the Use Secure Tunnel connection to desktop and use Blast Secure Gateway for HTML. a. From the View Configuration tab, select Servers, and then click Connection Servers. b. Highlight one of the Connections servers and then click Edit. c. Modify the HTTP External URL and BLAST External URL to match the URL of your SSL certificates. d. Clear the check from Use Blast Secure Gateway for HTML access to desktop. Important: If using a BIG-IP version prior to 12.1 only: Clear the check from Use Secure Tunnel connection to desktop after modifying the External URLs. If using a BIG-IP version 12.1 and later only: If using v12.1 or later, you can leave this box checked if necessary (for example, this box must be checked if using USB redirection). If anyone can help my questions are as follows: 1) Why does it tell you populate the blast gateway and external URL fields only to then clear the checkboxes for thier use? 2) When testing from my internal network why can I only get a successful VDI desktop when the blast gateway field is ticked - going against what the deployment guide states?
