BIG-IP v13 native RDP - VDI connection failure
We have a problem where the user clicks on a link in a webtop which is a native RDP link, their application opens but the connection fails. Tcpdumps show for failed connections client traffic arrives at the F5 but never leaves it. For successful connections they stay up for a long time. We cannot see why they are failing when the backend resource is available and accessible. VDI debug logs ~ https://gist.github.com/rtfmoz/58d82b0887146ea3a2310eb32fea1428 The failed connections just sit there until they time out with the error "Your computer cannot connect to the Remote Desktop Gateway server. Contact your network administrator for assistance."Solved1.9KViews0likes14CommentsVMware Horizon View iAPP VDI + HTML5
Greetings! This is my first post and I am not an F5 guru but I am wondering if anyone has gotten all the ports working for VMware Horizon View and the latest iApp for Horizon View. I am specifically wondering if anyone has gotten HTML5 to the desktop working in their environment. We have 4 brokers all running View 5.2. Accessing the individual servers works fine using HTML5. When trying to add 8443 it appears like it will work but it looks like it failing on the connection to the Broker after Authentication. From a Network trace it appears we connect on 443 (authentication) to one broker and then when we try to connect to 8443 (HTML 5 access to the desktop) it fails. If I disable 3 of the 4 pool members it works every time. If I enable 2 of the 4 pool members if fails 50% of the time.... Any advice? Thanks!1.5KViews0likes28CommentsChange Webtop Remote Desktop Icon
I have an access policy for VMware VDI and I can't seem to change the icons for my webtop/remote desktop links. The default icon is "terminal_service.png" located in /var/sam/www/webtop/public/images/full_wt I have changed this to an icon with the same dimensions (32px) in Access Policy>Customization>Basic>Remote Desktop and General>Branding>Remote Desktops but still the old icon is dispayed. Any ideas?682Views0likes7CommentsMultiple remote desktop (VMware View and RDP) on APM webtop
Hello, We use the F5 APM to present an portalaccess that present an RDP remote desktop to connect users to their RDP session for entreprise user's that need to do home office. We have now an new VDI VMware environement that going to replace the RDP environnement. So my question is : Can we present on the webtop portal both RDP remote desktop and VMware View remote desktop ? I trying to do that but if I present the RDP remote dektop the second VMware view desktop doesn't appear on my webtop ?? but if I present only the VMware view remote desktop it's appear on my webtop ?? Let my know if my question is not clear...my English is very bad. Thank you guys Regards,440Views0likes1CommentF5 VMware VDI-VIEW without webtop
Hello, We are trying to deploy vdi-view on F5 using LTM and APM with the iAPP and it works as expected with AD authentication only. The problem is when we are using DUO for 2FA. When you launch the connection to the VDI desktop from the webtop directly it works as expected for both HTML5 and the client. The problem is when you try to launch it directly from the VDI Horizon client the authentication does not work. Is there a way to eliminate the Webtop from the equation and authenticate on the connection servers directly. In other words we would like no to have the webtop but the users to only be able to connect using the VDI Horizon client.331Views0likes0CommentsRSA SecurID pin reset vmware view horizon
hi, we have deployed apm as a full proxy for Vmware VDI infrastructure. We are using APM for authentication with AD + SecurID. Everything works great except the RSA Securid pin reset. when a user is asked to reset the pin, he gets the window to accept (no/yes), then nothing...just a window freezing. any hint ? thanks. om450Views0likes1CommentRemove the Select Client popup from VMware Horizon iApp
Due to security controls, we must have all users use web based HTML (BLAST) access to VDI sessions. The iApp works great, except when you launch a desktop it show a popup to requesting the user select a client (either VMware Horizon or HTML5 Client). I have gone though the iApp template () and cannot find any reference to the popup. I have looked through the APM policy, session-policy and Webtops to see if it there, but I can't seem to find it. Any ideas how to disable this popup?441Views0likes1CommentF5 Remote Desktop Gateway and MS Azure Multifactor Authentication
With Microsofts own Remote Desktop Gateway (2012r2) it is now possible to require 2-factor authentication for RDP clients. It is done by configuring the RD Gateway to use a NPS/Radius server which in turn uses MS Azure Multifactor Authentication server (MFA) to add the second factor. The configuration is described here: http://www.rdsgurus.com/step-by-step-using-windows-server-2012-r2-rd-gateway-with-azure-multifactor-authentication/ 2-factor authentication for RDP clients is a long-awaited feature, and I hoped and believed that it was possible to make this work also with the F5 RD Gateway. After hours and hours trying I have realized that its not straight forward, if possible at all. The challenge/problem seems to be that the only place to put in a NPS/Radius server in the F5 solution is in the access profile (VPE), but if you do the NPS/Radius responds with access_reject (unknown username or password). I suspect this is because the access profile doesn't really participate in the NTLM authentication (challenge/response), that part is handled before the access profile - in the vdi profile. So the access profile doesn't have any valid "password" to send to the NPS/Radius server. I guess this might have worked if Radius was an option in the vdi profile, but the only option there is a NTLM Auth Configuration (Big IP Machine Account in a Windows domain). My questions are: Has anyone had better luck than me setting up F5 RD Gateway with Azure MFA? Is it possible, via tmsh maybe, to make a vdi profile use Radius instead of a NTLM Auth Configuration?801Views0likes3CommentsVmware View F5 APM KCD limitations
Before I start banging around in the lab, I figured I'd post something on dev to see if anyone has tried doing authentication delegation with vmware view. I know you can tie vmware view in with active directory so I assume that you can use kerberos for authentication purposes. Now, since you can do that, can you do Kerberos Constrained Delegation? I would assume so, and if so, can you setup a Kerberos Constrained Delegation configuration with F5 APM and vmware view? Ultimately what I am trying to achieve is 2 factor auth with a smart card that is related to an active directory user. I am not a VDI expert by any means. I only know the F5 side of the house. Any knowledge on this subject and the limitations that come with it would be awesome! Thanks!343Views0likes3CommentsHorizon View "This Page is Not Secure"
I have a connection to my VDI desktops via F5 (build using the iApp) and it essentially works i.e. I can get a virtual desktop although with a slight issue. To start with I enter the URL e.g. https://myvdi.mydomain.com Then after authenticating on the connection server and making my choice of desktop, the URL in the address bar changes to an IP in the range of the private LAN for the virtual desktops e.g. https://10.180.0.80:22443/d/DE841123-FE72-4C6D-A9F3-2E6B7072D7E1/certAccept.html?numPages=3 This results in a typical "this site is not secure" page in IE which I have to manually press on "go on to the webpage." Once I manually continue everything is fine as the URL is then https://myvdi.mydomain.com/portal/webclient/index.html/desktop and I get my authenticated, secure desktop. Does anyone know how I can stop this behaviour?2.1KViews0likes11Comments