Posted August 1, 2024Aug 1 I'm using the Horizon client to direct attach to a Linux Ubuntu 20.04 workstation (no firewall), using the VDAC plugin. these are the versions installed VMware-horizonagent-linux-vadc-x86_64-2206-8.6.0-20072671.tar.gz VMware-horizonagent-linux-x86_64-2206-8.6.0-20072671.tar.gz This has been working well over 18 months with no issues, and then just stopped working with Authentication Failed - Error HTTP error 502, it does not even ask for username and password, if you ignore the certificate warning, it results in the above error. Tried re-installing, rebooting, it did not seem to appear to stop working after an Ubuntu 20.04 update, no change in IP Address, tried new different clients from different workstations all the same. Re-installed nginx the error log is from /var/log/nginx/nginx.vadc.error.log 2024/08/01 11:28:26 [crit] 1194#1194: *83 SSL_do_handshake() failed (SSL: error:0407E085:rsa routines:RSA_verify_PKCS1_PSS_mgf1:first octet invalid error:1416D07B:SSL routines:tls_process_key_exchange:bad signature) while SSL handshaking to upstream, client: 171.245.136.95, server: , request: "POST /broker/xml HTTP/1.1", upstream: "https://127.0.0.1:8443/broker/xml", host: "171.245.136.50" access .log 171.245.136.95 - - [01/Aug/2024:11:38:05 +0000] "POST /broker/xml HTTP/1.1" 502 166 "-" "VMware-client" Any ideas, where to start troubleshooting
August 2, 2024Aug 2 This could be because of the self signed certificate. Please check if this is helpful: https://docs.vmware.com/en/VMware-Horizon/2203/view-agent-direct-connection-plugin-administration/GUID-6A9B8274-D92C-4DA0-B0A6-5967E8EAADC4.html
August 5, 2024Aug 5 Author Thanks for this, checked today, its actually connecting via https:// so as far as I can see, it's not a certificate issue, I also copied the from a working Linux workstation server { listen 443 ssl; listen [::]:443 ssl; ###Enable https ssl_certificate /etc/vmware/ssl/rui.crt; ssl_certificate_key /etc/vmware/ssl/rui.key; ssl_protocols TLSv1.1 TLSv1.2; ssl_ciphers !aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES; access_log /var/log/nginx/nginx.vadc.access.log; error_log /var/log/nginx/nginx.vadc.error.log; ###Add security settings proxy_cookie_path / "/; SameSite=Lax; HTTPOnly; Secure"; add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; add_header X-XSS-Protection "1; mode=block"; ###Enable user certificate(smartcard) authentication #ssl_verify_client optional; #ssl_client_certificate /etc/vmware/ssl/trustCerts.pem; location /broker { ###Forward user certificate #proxy_hide_header SSL-CLIENT-VERIFY; #proxy_hide_header X-SSL-CERT; #proxy_set_header SSL-CLIENT-VERIFY $ssl_client_verify; #proxy_set_header X-SSL-CERT $ssl_client_cert; proxy_pass https://localhost:8443; proxy_ssl_certificate /etc/vmware/ssl/rui.crt; proxy_ssl_certificate_key /etc/vmware/ssl/rui.key; proxy_set_header Host $host:$server_port; proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; } ###Enable Web Client #location /portal/webclient { #proxy_pass http://localhost:8080/portal/webclient; #proxy_redirect http://$host:$server_port/ https://$host:$server_port/; #proxy_set_header Host $host:$server_port; #proxy_set_header X-Real-IP $remote_addr; #proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; #add_header Content-Security-Policy "default-src 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval' data:;style-src 'self' 'unsafe-inline';font-src 'self' data:;img-src 'self' data: blob:;media-src 'self' blob:;connect-src 'self' wss:;frame-src 'self' blob:;child-src 'self' blob:;object-src 'self' blob:;frame-ancestors 'self'"; #} ###Set Web Client as default page #location =/ { #rewrite / /portal/webclient; #} }
August 8, 2024Aug 8 Solution What the horizon client version ? Could you try the latest horizon linux agent such as https://customerconnect.omnissa.com/downloads/details?downloadGroup=HZN-2312.1-LINUX&productId=1504&rPId=118192
August 11, 2024Aug 11 Another workaround is to delete /etc/vmware/jms/vadc.agent file , then restart VM.
August 15, 2024Aug 15 Author I've tried different client versions, it does not seem to be the client version, and it does connect, but something is wrong with the nginx proxy.
August 15, 2024Aug 15 Author Well Thank You Sir! I didn't think that upgrading using the latest agent and vadc would work, as I use these on another Ubuntu build and they work find, I suspect something must have changed with Ubuntu making them not compatible! So Thanks again and Kudos!
_community.png.fc103fd33135c37173c833e0668f98ef_8b6b64.png)
_community.png.fc103fd33135c37173c833e0668f98ef_852a12.png)
Create an account or sign in to comment