PCoIP solutions SSL

We have users that connect different remote sites to our mobile security servers. Some remote sites using a firewall that blocks the PCoIP Protocol (4172). The firewall on the remote sites has port 443 open. Anyone has experience with PCoIP on port 443 and possible solutions?

PCoIP is mainly a UDP, and SSL is a TCP protocol. PCoIP running via a TCP-based protocol is not a good solution.

If TCP 443 is the only option, and then to view clients that support the RDP Protocol, this can be used in tunnel mode where the RDP connection is encapsulated in the SSL 443 connection. This is fully supported by the view and can be used if PCoIP is really stuck.

The best solution, if possible, is to get the port 4172 (TCP and UDP) open.

Mark

Tags: VMware

Similar Questions

  • What software should install for pcoip solution

    I want to deploy pcoip solution in a LAN, as I know, I need to install the domain controller and the view connection server, do I need to install other software to complete the deployment?

    Hello

    I'm not 100% sure that it is, but it looks like you want to deploy a display Solution?

    While AD and DNS to start

    You would need

    -ESXi host (virtual offices)

    -vCenter (facing View Manager can connect to)

    -VIEW manager

    -Agent VIEW (on your virtual machine template)

    -Customer VIEW (to connect via vDesktops VIEW Manager and access)

    PCOIP you activate as long as the physical legacy support it. Some Thin Clients don't.

    I hope I've understood you

    Please allow points if it's useful/correct

  • Choosing the thin client just for our solution! (health care)

    Hello community,

    I can't try to define the best thin client PCOIP solution so that I work at the hospital.

    We are currently working with Vmware view 4.5 with Oracle sunray thin clients/broker

    It works very well with smart card authentication, but we want to feature implend instead of RDP PCOIP

    and get rid of the sunray broker because he dousent enters our landscape.

    Now that we're about to go upscaling (from 100vm to 1000vms) as possible, we are looking for the right thin client

    We tried the new dell Fx130 & 170 with the dell Detos reference edition

    However, we feel its underdeveloped and it can not handle the Pre-os how smart card authentication

    customers current sunray are skillfully to (follow me desktop) and lacks a disconnect button.

    Ideally:

    1. We do not want a built-in windows machine since it's patching/security on the thin client
    2. It's a simple thin/zero client that we can manage a centralized management point.
    3. who has PCOIP functionality
    4. A biometric capability / card smartcard/proximity (if necessary with another agent of connection)
    5. and has a material disconnect as button
    6. Follow me / roaming Office

    Can someone help me in the forest of solutions and thin clients or push me in the right direction?

    Any help is appreciated!

    This can be done with the power button. Push, little time to disconnect it take longer to power off of NC

  • All light Emily let me (security certificate expired) and an error in what is the ssl solution

    All light Emily let me (security certificate expired) and an error in what is the ssl solution

    Hello

    ·         What is you receive the exact error message?

    ·         When you receive the security error certificate expired?

    You can also visit the link of the article of Microsoft that will guide you on how to ask questions below.

    How to ask a question

    http://support.Microsoft.com/kb/555375

  • 38.1.0, getting new mail is no longer works. Bug CAUSE deadlock/weak Diffie-Hellman for key 1185060 SOLUTION mitigation requires the TLS/SSL security key length > = 1024

    That's about all. After the upgrade, I can no longer receive mail. I can send, but it does not put a copy in the "sent" folder and I get an error.

    "There was an error saving message in sent. Try again? »

    But the message on the other end.

    I checked the same email on my phone and Webmail accounts. No problem.

    I deleted the account and tried to add it back, but get an error:

    "Invalid username or password"
    "Setup could not be verified - is the name of user or wrong password?

    The user name and password are correct. Yet once, nothing changed with the account mail and it market in Webmail and on my iPhone.

    Any help would be greatly appreciated!

    Same problem here. In my case, I control the server. So I had my software update server admins and install a 2048-bit key instead of the old key of 768 bits. (By the way, for those who have their own server faced with this problem, you must switch to cPanel/WHM 11.5 to be able to upgrade the key. Older versions store more 768 bit keys for SSH.)

    Now, most of my accounts work. However, one account is always the error.

    When I check the error console, I find the following:

    Timestamp: 22/07/2015 08:44:35
    Error: An error occurred during a connection to [domain]: 143.

    Cannot communicate securely with counterpart: no common encryption algorithm.

    (Error code: ssl_error_no_cypher_overlap)

  • Internal untrusted clients directed to the external IP address for traffic PCoIP

    I have a network segment disable my firewall for some untrusted clients. When untrusted clients connect to view (5.3), they use a DNS name that resolves to a DMZ (view Security Server) host. That's where I think the problem is: it seems that security server responds with its external IP address, and then all the PCoIP traffic is routed to my router (where the external IP address can be found), then back into view and the customer. Traffic of SSL connection works fine, the traffic remains inside and does not get directed to the external IP address. It is only the PCoIP traffic that gets invited to use the external IP address.

    It seems that DNS is not enough - Security Server seems to respond and connect using only the external IP address configured in the external URL field PCoIP - is this correct? If so, then to do a substitution for the external URL so that internal untrusted traffic doesn't get routed the external IP address - this creates a lot of unnecessary traffic, mess with QoS, etc..

    Another idea would be to allow untrusted clients to connect directly to a login server instead of sending them on the Security Server, but I don't think that it is a best practice...?

    Mike

    As Linjo says the simplest solution is to set up a server for additional security to point these clients (no need of another server connection, you can pair it with the existing one). Today, you are required to provide an IP address for PSG, so if you need to send it to another, you will need a second server.

    Of course, if they are completely not reliable customers, then you can force through the external access point still but looks like you need avoid the cost of additional traffic from this approach.

    Mike

  • Discover 5 PCOIP affected by black screen

    Hi all

    I meet the famous black screen when trying to access a desktop through PCOIP session. RDP connections work fine. I followed (I think) the document referring to the 3 steps to fix this problem without success. I am unable to get through PCOIP connections work properly via the server connection (internal) or security (external)

    Any help would be appreciated. The Setup is as follows

    1 VC (vsphere 5)

    1 connection to the server - view 5 install (windows firewall disabled)

    1 security server - part 5 install (windows firewall disabled).

    Virtual desktop Windows 7 (windows firewall disabled)

    Server Config connection

    Secure HTTPS tunnel is configured with the URL of the login server with the connection to the active desktop

    PCOIP gateway is configured with the IP address of the server connection with this gateway secure to use verified pcoip Desktop connections

    Server Security Configuration

    Secure HTTPS tunnel is configured with the connectable external URL

    PCOIP external gateway is configured with the connectable external IP address (same IP address which resolves the url for the above secure tunnel)

    While trying to connect to pcoip session from the local network, receive a black screen for about 10 seconds then a disconnection without error.

    While trying to connect via external, the same behavior occurs.

    To facilitate the troubleshooting of this problem, I allowed all traffic between subnets. I see not all packages being removed through the firewall.

    See you soon

    Journal of security server (PCOIP Secure Gateway newspapers) have the following entry

    [12:36:03.771304 28-Dec-2011]: connected to the server PCoIP
    [12:36:05.303531 28-Dec-2011]: SSL handshake completed with client PCoIP
    [12:36:05.332828 28-Dec-2011]: Configure a client PCoIP to Server UDP [1903182396-0] tunnel: 10.10.50.50:4172
    [12:36:05.332828 28-Dec-2011]: set up a PCoIP server to client UDP [1218755094-0] tunnel: 0.0.0.0:4172
    [2011 dec-28 12:36:05.367007]: connection error client SSGI during playback of SSGIS APDU header: a request to send or receive data not permitted because the socket had already arrested in this direction with a previous shutdown call
    [12:36:06.336734 2011 dec-28]: error reading of SSGIS PCoIP server header: a request to send or receive data not permitted because the socket had already arrested in this direction with a previous shutdown call
    [12:36:09.805484 28-Dec-2011]: received header
    [12:36:09.805484 28-Dec-2011]: PCOIP-SG/1.0
    [12:36:09.805484 28-Dec-2011]: XML
    [2011 dec-28 12:36:09.805484]: PSGC27-1781
    [12:36:09.805484 28-Dec-2011]: 93
    [12:36:09.805484 28-Dec-2011]: 93 93 received xml
    [12:36:09.805484 2011 dec-28]: received the command: get-counter

    Justin

    This is certainly not the right display driver.

    Have you tried the simple solution of uninstalling the agent, uninstall Vmware tools, then reinstall the tools, then reinstall the Agent.

    In this exact order.  Based on your screenshot you have might have just a pilot get trampled by something else.

    Gunnar

  • Firefox does not load SSL or menu or scroll bards

    Hello. First of all, I will enumerate all the difficulties that I tried to get that out of the way.

    1: complete the new installation of the operating system with the new recent firefox installation, don't add on or extensions.
    2: complete uninstall of firefox, including protected and hidden files and folders, as well as the registry entries.
    3: Firefox reset or refresh.
    4: many anti-virus and evil/spyware scans (none detected).
    5: effects Windows XP, 7, 8.x and linux including dists Mint and ubuntu.
    6: tested on different computers.
    7: worked in the subject: settings by scanning (any difficulty).
    8: tested with and without firewwall or AV.
    9: tested to the same problems with Internet EXPLORER, CHROME, OPERA and several browsers, linux, never had a problem.
    10: checked and updated the player adobe flash, shockwave and java script, no solution.

    The problem:

    A: no matter if a direct link to click or open in new tab or window new. Firefox won't load the bottom side of the page scroll bars, nor will it load the menu "file, edit, history, e.t.c." bar, bar none of bookmarks, the BACKSPACE key is disabled, no back or forward arrows.

    B: the only thing that works is the top down arrows on the keyboard, not even the keys pgup/dn num pad work. My scroll down mouse button does not work. I can move the mouse around as usual, however if I right click on an empty part of the locked page I get a window pop up with back arrows, record, info page options, however the previous and next arrows are greyed out most of the time.

    C: the SSL lock does not appear on locked pages / stalled, it is a security issue.

    D: I often have to right-click on the link and open in new tab or window again several times before that firefox doesn't actually load the page correctly.

    In conclusion, the only way I could get was to go back to firefox v29.x and lock the auto update.

    Hi terratracks, the change was not on purpose - whatever ' one just made a mistake. The pool of test must have too few people using this combination of features (private windows, tabs navigation) for picking up before publication.

  • How can I get my outgoing mail to work using Network Solutions e-mail

    I use Network Solutions to host my URL and email. I got the job of Thunderbird, but my computer crashed. I had to reinstall Windows and Thunderbird. Now, I can't have my outgoing email to work. I tried different settings of SSL and Port authentication without success. Does anyone know how to set up Network Solutions e-mail in Thunderbird?

    Did you ask to Network Solutions on the correct server settings?
    No doubt they'd change a support web site.

  • Open C ZTE Email SSL/STARTTLS [bad-security] - unable to establish a secure connection

    I just got the open C of ZTE in mail Friday. I run through the configuration of my phone.

    I can't get my email because of the [bad security] error SSL/STARTTLS. I guess that it is my ISP because of a self-signed certificate. A solution to this been created yet? Will be he never fixed. If this isn't the case, I can send my phone to them right away and get my money back.

    DreamHost has valid certificates. However, the certificates that they are for *. mail.DreamHost.com and will not cover your area of vanity. The correct server to use for dreamhost will be one of:

    For my "asutherland.org" vanity domain which is hosted at dreamhost, I use the command "digging" to avoid having to go to their panel interface.

    I type: dig mail.asutherland.org
    This translates into:

    SECTION OF THE ANSWER:

    mail.asutherland.org. 14400 IN a 69.163.253.135

    Then I type: dig - x 69.163.253.135
    which translates into:

    SECTION OF THE ANSWER:

    135.253.163.69.in - addr.arpa. 14400 IN PTR sub4.mail.dreamhost.com.

    Which is how I know to use sub4.mail.dreamhost.com.

    We do not want to improve the Setup autoconfig for dreamhost. Unfortunately, it will take a new development from us unless dreamhost implements proxying IMAP so that only one IMAP server can be used.

  • The e-mail application does not connect to the Dreamhost servers. Perhaps because of how they configure their SSL certificate for their subdomains.

    http://wiki.DreamHost.com/Certificate_Domain_Mismatch_Error

    Certificate SSL of Dreamhost for their mail servers only at one level of subdomain while many of their clusters of e-mail exist on a second level subdomain. In my view, this translates into an error message 'bad security' of the e-mail application.

    I contacted DreamHost and they say they are unable to solve this problem, or that they will allow me to install an SSL certificate on my virtual domain pointing to my cluster e-mail (even if I had to buy a).

    I understand, it is possible to manually add certificates via adb in a way similar to this: http://www.pending.io/add-cacert-root-certificate-to-firefox-os/

    However what I read this: 1. does not work on the ZTE Open 2. Can only fix only navigation not the web mail client.

    Is there any option that is available to me short of switching hosts?

    Fabian,

    Are you familiar with Firefox OS? The reason why I say this is because the e-mail client cannot create an excaption certificate. In fact, it's design. It's design: https://wiki.mozilla.org/Gaia/Email/Features#Security

    This request for support to Mozilla was placed specifically for the product Firefox OS, for which there is only a single mail client.

    That said many people in the Mozilla Bugzilla, have been able to show me how to find another alias for those servers that actually works and in fact corresponds to SSL certificates. Although Dreamhost support could not provide me with any such information, and such information is not actually in the DreamHost wiki.

    I have a repeated insistence of Dreamhost possibility I should just live with the exceptions of SSL certificate, when there is real existing valid server names to match the certificates in question, silly.

    The fact that you post this solution for one product, so that it is not yet applicable beyond useless. It serves to muddy waters.

  • How can I get Firefox re - check the websites ssl certificate? It gives me a message saying that my site's ssl certificate is expired at the time where it is not.

    My side ssl certificate has expired, but it was renewed a few days later. For more than a month it was renewed, but I still have Firefox users, the error of statement.

    This connection is Untrusted
    Technical details:
    Eng.fanpageengine.com uses an invalid security certificate.
    The certificate expired on 31/01/2013 15:59.

    This is a link to a 3rd party site that verifies that the ssl certificate is current.
    http://www.Networking4all.com/en/support/tools/site+check/report/?FQDN=HTTPS%3A%2f%2Feng.fanpageengine.com & Protocol = https

    I need the steps they will need to do Firefix update of its registration.

    Additional information.
    This isn't the effect everyone visiting my website using Firefox. It does seem that effect people who visited the site, although the ssl certificate has expired. However the clearing the cache and cookies have no effect.

    Thanks for the help.

    Thanks for all the help. I found a solution. =)

    https://support.Mozilla.org/en-us/KB/reset-Firefox-easily-fix-most-problems

  • is there a work around for the connection with https. the ssl/tls security patch prevents us to connect to a known trusted site

    I made the mistake of updating to Firefox yesterday and with the ssl security fix find I can most connect to a web site in a data center which is protected by a fortigate appliance.

    I know the correct answer is to get the updated device updated or replaced, but in the meantime, I'm desperately need a workaround solution. It would be nice if there was an archive of old versions of Firefox.

    I changed the configuration settings to allow the renegotiation, but I think that the problem is more fundamental than that it does not appear that older versions of ssl are more provided.

    The error message "the connection was reset" can be caused by a bug for the attack of the BEAST fix (browser exploit against SSL/TLS) that the server does not support.

    See comment 60 in this bug report for workaround, but be aware that this makes you vulnerable to the attack of the BEAST.

    • bug 702111 - intolerant servers to record split of 1: n-1. "The connection was reset".

  • Impossible to update SSL certificate for Mail account

    My SSl certificate has expired. I bought a new one installed and all other mail client works fine... except this junk called Mac Mail. Now, I can't check my email at all.

    I have 14 accounts on the same server. One account was asked to accept the new certificate (hostname mismatch). All other accounts are now with one! and "taking into accounts online" does nothing. Remove the SSL account does nothing. Remove the old certificate to keychain does nothing.

    It is a valid, rather than a self-signed certificate.

    So while I'm reconfigure everything on a real email client, anyone happen to know how to solve this problem? Every solution proposed elsewhere (other discussions, forums) do not work. Short to delete all accounts and recreate them will work hoping, this seems to be a lost cause...

    Apple, why do they hate you us so much?

    Fixed by wiping the mailbox completely...

  • Adding Exception Certificate SSL in Firefox 4

    I recently installed Firefox 4 beta 11 and now can't access some Web pages provided by my University that use SSL encryption.

    The error message I get (in a pop-up box) is:

    evasys. Urz.Uni-halle.de uses an invalid security certificate.

    The certificate is not approved, because no sender string has been provided.

    (Error code: sec_error_unknown_issuer)

    It has been a known issue that somehow Firefox does not handle the issuer of the certificate chain correctly (this is what the it Department) and the solution so far was to add an exception for this site in Firefox 3.x.x

    It would be nice for me for Firefox 4, too, but I can't find a way to add this exception. As soon as I reject the error message box by clicking 'OK' nothing happens, don't "this connection is not approved" - page (http://support.mozilla.com/en-US/kb/This%20connection%20is%20untrusted#w_certificates-and-identification) is open or anything equivalent.

    Thanks in advance for any help.

    Nothing has changed about adding exceptions in Firefox 4 AFAIK.

    If you can not add an exception, but get a pop-up with the error message, you can go the pref browser.xul.error_pages.enabled on the topic: config page and make sure that the value is set to true (the default).

    You can retrieve the certificate and the control that has issued the certificate.

    • Click on the link at the bottom of the error page: "I understand the risks".

    Let Firefox recover the certificate: "Add Exception"-> "get certificate".

    • Click on the "view..." button. "to inspect the certificate and the Coachman, who is the sender.

    Only leave the brand in the box at the bottom to "permanently store this exception' If you trust this certificate.

    • Click on "Confirm the Security Exception" to enter the site if you still want to go to this site.

Maybe you are looking for