Part 6 in a series
In previous posts I covered the configuration of the NetScaler VPX Express for use as an intelligent reverse proxy, allowing the use of a single public IP address with multiple interior hosts.In recent days, I've been working on adding Horizon View to my home lab; in addition to requisite Connection Servers, I'm using the EUC Access Point virtual appliance as a security gateway instead of Security Servers paired with dedicated Connection Servers.
The procedure I outline for the creation of a content-switching configuration works as you'd expect...to a point.
I found that I kept getting "Tunnel reconnection is not permitted" errors when trying to login using the dedicated Horizon Client; this was extremely frustrating because HTML access (using nothing but an HTML5-compatible browser) was working flawlessly.
Upon reviewing the client logs, I noticed that the response from the tunnel connection (HTTP/1.1 404 Not Found) was from IIS, not a Linux or other non-Windows webserver. In my configuration, my content-switching plan uses a Windows IIS server as the fall-through (default/no-match).
Theory: for whatever reason, while the registration process for the Horizon Client was being properly switched to the Access Point, login via tunnel was not.
By capturing a trace (including SSL decoding) at the NetScaler and reviewing it in Wireshark, I was able to see that the client is using two different host strings, one during the initial login followed by a second one during tunnel creation.
What's the difference? The initial login doesn't include the port number in the host string; the tunnel request includes it...
Login: vdi.corp.comThe fix is to add an additional match criteria for your content switching policy:
Tunnel: vdi.corp.com:433
Before:You can also create an additional policy with the "fqdn:443" match, but editing the policy was faster to implement.HTTP.REQ.HOSTNAME.EQ("vdi.corp.com")
After:HTTP.REQ.HOSTNAME.EQ("vdi.corp.com")||HTTP.REQ.HOSTNAME.EQ("vdi.corp.com:443")
UPDATE: I've done some more digging, and there are additional arguments/functions that would also work—and would've worked transparently had I used them in the first place—instead of the EQ("") expression:
HTTP.REQ.HOSTNAME.CONTAINS("vdi.corp.com")
HTTP.REQ.HOSTNAME.SERVER=="vdi.corp.com"
HTTP.REQ.HOSTNAME.STARTSWITH("vdi.corp.com")
HTTP.REQ.HOSTNAME.PREFIX('.',0).EQ("vdi")
Excellent post shared Liquiweb Coupon
ReplyDeleteThank you for a really awesome blog. It was actually very helpful. I am so happy I found this
ReplyDeleteporhub videos
porhub
videos porhub
x video hd
videos x hd
x video full hd
www x video hd
free hd x video
x video desi
x videos desi
desi mms x video
x desi video
desi sex x video
desi girl x video
desi aunty x video
desi indian x video
desi x video hd
desi hot x video
Aw, this was a really good post. Taking the time and actual effort to produce a top notch article… but what can I say… Canon EOS M100 I put things off a lot and never seem to get anything done.
ReplyDeletehttps://www.freakoutdaily.com
ReplyDeletehttps://www.freakoutdaily.com
https://www.webtargetedtraffic.com
ReplyDeletehttps://www.webtargetedtraffic.com