Part 6 in a series
In previous posts I covered the configuration of the NetScaler VPX Express for use as an intelligent reverse proxy, allowing the use of a single public IP address with multiple interior hosts.In recent days, I've been working on adding Horizon View to my home lab; in addition to requisite Connection Servers, I'm using the EUC Access Point virtual appliance as a security gateway instead of Security Servers paired with dedicated Connection Servers.
The procedure I outline for the creation of a content-switching configuration works as you'd expect...to a point.
I found that I kept getting "Tunnel reconnection is not permitted" errors when trying to login using the dedicated Horizon Client; this was extremely frustrating because HTML access (using nothing but an HTML5-compatible browser) was working flawlessly.
Upon reviewing the client logs, I noticed that the response from the tunnel connection (HTTP/1.1 404 Not Found) was from IIS, not a Linux or other non-Windows webserver. In my configuration, my content-switching plan uses a Windows IIS server as the fall-through (default/no-match).
Theory: for whatever reason, while the registration process for the Horizon Client was being properly switched to the Access Point, login via tunnel was not.
By capturing a trace (including SSL decoding) at the NetScaler and reviewing it in Wireshark, I was able to see that the client is using two different host strings, one during the initial login followed by a second one during tunnel creation.
What's the difference? The initial login doesn't include the port number in the host string; the tunnel request includes it...
Login: vdi.corp.comThe fix is to add an additional match criteria for your content switching policy:
Tunnel: vdi.corp.com:433
Before:You can also create an additional policy with the "fqdn:443" match, but editing the policy was faster to implement.HTTP.REQ.HOSTNAME.EQ("vdi.corp.com")
After:HTTP.REQ.HOSTNAME.EQ("vdi.corp.com")||HTTP.REQ.HOSTNAME.EQ("vdi.corp.com:443")
UPDATE: I've done some more digging, and there are additional arguments/functions that would also work—and would've worked transparently had I used them in the first place—instead of the EQ("") expression:
HTTP.REQ.HOSTNAME.CONTAINS("vdi.corp.com")
HTTP.REQ.HOSTNAME.SERVER=="vdi.corp.com"
HTTP.REQ.HOSTNAME.STARTSWITH("vdi.corp.com")
HTTP.REQ.HOSTNAME.PREFIX('.',0).EQ("vdi")
https://www.webtargetedtraffic.com
ReplyDeletehttps://www.webtargetedtraffic.com
Best place for Tyre Repair Canning Vale
ReplyDeleteProviding services for Hybrid App Development
ReplyDeleteRenniks Party Hire Adelaide is an Adelaide owned Party Hire Company
ReplyDeleteWhat an amazing work.. Thank you for this work.. The UK citizens traveling to Azerbaijan can apply for online Azerbaijan visa for UK citizens. Get visa just in 3 steps apply online, upload document, and make payment.
ReplyDeletemecidiyeköy
ReplyDeleteçeşme
muğla
afyon
uşak
W3Aİ