VMware View 5 Security Server
Hey guys,.
There is no requirement for a security to a member of the domain server, these controls was only for the connection to the server or replica server role when you run the Setup program. You will need various open ports for connection server that you are to match, those that are detailed in the documentation under https://www.vmware.com/support/pubs/view_pubs.html
Tags: VMware
Similar Questions
-
Authentication of a client with token in VMware view 4 secure server
Hi all
I'm looking to design a solution vmware view 4 using secure server (dmz to the internet) by using a connection with smart (chip) cards... can work?
Kind regards
Por don't favor no olvides calificar las responses that you were should o ayuda valiosos.Please, do not forget the points of call of the "useful" or "correct" answers
Best wishes / Saludos
________________________________________
ING. Diego Quintana
VCP 410 - VCP 310 - VAC - VTSP
Join the Virtualizacion en Español group in LinkedIn
! http://feeds.feedburner.com/WetcomGroup.1.gif!
Hello
We also using Token RSA for external workers.
Works like a charm.
MCP, VCP
-
Disable the protocols and encryption algorithms in VMware View connection server and security
Hello
In my recent deployment, I had a customer request to disable some protocols and encryption at the Server VMware View connection and security. I read some articles and found that this has been achieved by editing the locked.properties file. But when we have edited and replaced the file, users could not connect to the virtual desktop, so came back to us backwards and desktop computers worked fine.
I found a few articles that we don't need to edit the locked.properties file in VMware view Horizon 6. If someone has done this please guide me through. Here are the details of the protocols and encryption algorithms that should be disabled
Diffie-Hellman key
Enable SSL v2/V3 and TLS 1.1 and 1.2
Disable the RC4 encryption algorithm
Select the secret of transfer (if possible)
VMware view 6 is the connection to the server and security server.
Thank you.
Hello
I implemented the following steps (from the manual):
1. update the JCE policy files to take in charge the high-strength Cipher Suites
You can add some cipher suites of high resistance for greater assurance, but first you must update the local_policy.jar and US_export_policy.jar files to each server instance and the security strategy for JRE 7 see connection to the server. You update these policy files by downloading the files to extend JCE (Java Cryptography) unlimited strength political jurisdiction from the Oracle Java SE download site 7.
If you include some high-strength cipher suites in the list and you do not replace the policy files, you cannot restart the VMware view Horizon connection to the Server service.
Policy files are located in the directory C:\Program View\Server\jre\lib\security from VMware.
For more information on the download of the JCE unlimited strength jurisdiction policy 7 files, see the Oracle Java SE download site: http://www.oracle.com/technetwork/java/javase/downloads/index.html.
After you update the policy files, you need to create backups of the files. If you upgrade the instance of the view connection server or security server, any changes you have made to these files can be replaced, and you may need to restore the backup files.
2. the changes that policies of global acceptance with ADSI Edit
- Start the ADSI utility on your computer see connection to the server.
- In the console tree, select Connect to
- In the selection or type a unique name text box or a naming context, type the unique name
DC, DC = vdi is vmware, DC = int. - In the type or select a text field or the server box, select or type localhost: 389 or the name of a fully qualified domain (FQDN) of the server computer to connect to port 389 followed view.
For example: localhost: 389 or mycomputer.mydomain.com:389
- Expand the tree of the ADSI Editor, OU = properties, select OU = Global, then select OU = common in the right pane.
- On the object CN = common, Global = UO, UO = properties, select each attribute that you want to change and enter the new list of security protocols or cipher suites.
I used the following settings:
EAP-ServerSSLCipherSuites: \LIST:TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256
EAP-ServerSSLSecureProtocols_ \LIST:TLSv1.1,TLSv1.2
It is not the highest possible, but they work with all the features of our customers.
- Restart the service of VMware view Horizon connection server (server connection and security).
This is not Activate secret transfer (if possible) , but other points are covered.
If anyone can give a tip to activate the transfer secret, I would be grateful.
-
I'm a little confused on what view "Security Server" is...
I configured a test of internal company environment VMware View 5.1 to access pooled VMs dedicated and linked clone of iPads.
Now, one of the users involved in the test environment wants to access his VM dedicated outside of the office... But I want to be sure to provide a secure connection.
I was a little confused with the VMware documentation, because I understand that VMware View 4 had another product/device to view security server to act as a gateway, secure to operate into DMZ network and enable access to the view connection server... I think so... But I find no such beast in VMware not downloads section called 'VMware View Security Server 5.1.'
I'm in a bit of mess. My understanding on Internet clients see how external access to the server of company internal connection through the DMZ must be leaves much to be desired unless 5.1 view connection server itself has absorbed the activities of the Server VMware View 4 security and he is riding on the area demilitarized or well... Oh hell... I'm just confused
Little help or a point in the right direction would be greatly appreciated!
See you soon!
Keegan
To install the Security server that you use the same installer regarding the Connection Broker, its an option during the installation process.
Linjo
-
VMware view connection failed with status 502 code
2014 01-20 T 12: 14:40.545 - 03:00 INFO (1248-128 C) < 4748 > [MessageFrameWork] program "wswc - VMware View Client" started, version = 5.4.0 build-1219906, pid = 0 x 1248, buildtype = release, usethread = 1, closeafterwrite = 0
2014 01-20 T 12: 14:40.576 - 03:00 (1248-1080) INFO < logloaded > [MessageFrameWork] Plugin "wswc_command - VMware View Manager of server connection commands" load, version = 5.4.0 build-1219906, buildtype = output
2014 01-20 T 12: 14:40.576 - 03:00 INFO (1248-0F68) < logloaded > [MessageFrameWork] 'wswc_http - VMware View Client HTTP Handler' Plugin loaded, version = 5.4.0 build-1219906, buildtype = output
2014 01-20 T 12: 14:40.576 - 03:00 INFO (1248 - 16 B 4) < logloaded > [MessageFrameWork] 'wswc_pcoip - VMware View Client PCoIP Interaction Handler' Plugin support, version = 5.4.0 build-1219906, buildtype = output
2014 01-20 T 12: 14:40.576 - 03:00 INFO (1248 - 16 B 8) < logloaded > [MessageFrameWork] "wswc_rdp - VMware View RDP Manager" Plugin support, version = 5.4.0 build-1219906, buildtype = output
2014 01-20 T 12: 14:40.592 - 03:00 INFO (1248-16BC) < logloaded > [MessageFrameWork] "wswc_tunnel - Secure Tunnel of VMware View Client" Plugin loaded, version = 5.4.0 build-1219906, buildtype = output
2014 01-20 T 12: 14:40.592 - 03:00 (1248-1698) INFO < logloaded > [MessageFrameWork] 'wswc_rsa - VMware View Manager RSA' Plugin support, version = 5.4.0 build-1219906, buildtype = output
2014 01-20 T 12: 14:40.592 - 03:00 INFO (1248-062 C) < logloaded > [MessageFrameWork] Plugin "wswc_ui - Manager of user interface of the VMware View Client", version = 5.4.0 build-1219906, buildtype = output
2014 01-20 T 12: 14:40.592 - 03:00 INFO (1248-07F8) < logloaded > [MessageFrameWork] 'wssm_uimanager - VMware View Host UI Framework' Plugin loaded, version = 5.4.0 build-1219906, buildtype = output
2014 01-20 T 12: 14:40.592 - 03:00 INFO (1248 - B 17, 0) < logloaded > [MessageFrameWork] Plugin 'ws_winauth - support for VMware View infrastructure Windows Authentication' support, version = 5.4.0 build-1219906, buildtype = output
2014 01-20 T 12: 14:40.592 - 03:00 (1248-128 C) INFO < main Thread > [wswc] Option 'ServerURL' set by GPO
2014 01-20 T 12: 14:40.592 - 03:00 (1248-128 C) INFO < main Thread > [wswc] Option "Domain_name" set by GPO
2014 01-20 T 12: 14:40.592 - 03:00 (1248-128 C) INFO < main Thread > [wswc] Option "DesktopLayout" set by GPO
2014 01-20 T 12: 14:40.592 - 03:00 (1248-128 C) INFO < main Thread > [wswc] Windows Client started
2014 01-20 T 12: 14:42.919 - 03:00 (1248-1024) < MessageFrameWorkDispatch > [wswc_command] year HTTP error error: status code = 502.
Use the instructions in this KB: KB VMware: VMware View Client configuration to work around the Internet Explorer proxy settings
-
Requirements VMware View 5.1 Security Server RAM
Hi all
I understand that the view connection Server 5.1 needed at least 10 GB of RAM for the deployment of desktop 50 + and I also received this tip of the engineer to Support VMware to use at least 10 GB of RAM when installing the CS for the first time, then we later, the performance problem.
Now, my question is how on the Security Server?
Based on the VM docs, they all (CS, transfer, SS) must have the same hardware configuration, but I don't know about the Security Server why would he needs 10 GB of RAM. The CS needs a grand RAM size due to the Virtual Machine Java 2 GB but is SS has a JVM too?
According to your experience, will be a 4 GB enough RAM for SS?
Thanks for the comments!
Server security uses the JVM too.
At least 10 GB is recommended for the connection to the server (including the lines connect to the server and security server). See table 1-1 on page 8 here http://pubs.vmware.com/view-51/topic/com.vmware.ICbase/PDF/view-51-installation.pdf
Mark
-
VMware View Security Server DMZ
Hello!
We are currently developing a small installation of VMware View in our office as a CEP and I have a question about the server security and the need for the ports against customers.
Our facility:
(Active Directory and RADIUS) 2-factor authentication
Front End FW
Security on the DMZ server
Backend FW
Connection to the server
The question I have is:
4172TCP/UDP port 3389 be open from the Security server to customers?
Is there no way of this tunnel since the Security server through the connection to the server on the inside?
Thank you
Kenth
Hej Kenta.
You are right, there is currently no way to tunnel on the dry-server and the connection broker using PCoIP, you can only create a tunnel through one.
So that means you need to open TCP/UDP 4172 between dry-server and desktop computers-view.
Joel
-
VMware View 5.1.1 Security Server LDAP errors
Im having a serious amount of errors on my VMware View (5.1.1) security server
Log debugging shows a large amount of LDAP errors, see below.
2012-09 - 06T 10: 46:49.075 + 02:00 ERROR (0610-0940) < WSAdminDomainTimerThread > [ws_admin] cannot bind to LDAP://rootDSE
2012-09 - 06T 11: 01:50.102 + 02:00 ERROR (0610-0CB8) < WSAdminDomainTimerThread > [ws_admin] cannot bind to LDAP://rootDSE
2012-09 - 06T 11: 16:50.109 + 02:00 ERROR (0610-0FE8) < WSAdminDomainTimerThread > [ws_admin] cannot bind to LDAP://rootDSE
2012-09 - 06T 11: 31:51.120 + 02:00 ERROR (0610-0DD8) < WSAdminDomainTimerThread > [ws_admin] cannot bind to LDAP://rootDSE
2012-09 - 06T 11: 46:51.132 + 02:00 ERROR (0610-0244) < WSAdminDomainTimerThread > [ws_admin] cannot bind to LDAP://rootDSE
2012-09 - 06T 12: 01:52.159 + 02:00 ERROR (0610-0F3C) < WSAdminDomainTimerThread > [ws_admin] cannot bind to LDAP://rootDSE
2012-09 - 06T 12: 16:52.155 + 02:00 ERROR (0610-0E5C) < WSAdminDomainTimerThread > [ws_admin] cannot bind to LDAP://rootDSE
2012-09 - 06T 12: 31:53.182 + 02:00 ERROR (0610-0F68) < WSAdminDomainTimerThread > [ws_admin] cannot bind to LDAP://rootDSE
2012-09 - 06T 12: 46:53.194 + 02:00 ERROR (0610-092 C) < WSAdminDomainTimerThread > [ws_admin] cannot bind to LDAP://rootDSE
2012-09 - 06T 13: 01:54.217 + 02:00 ERROR (0610-08E4) < WSAdminDomainTimerThread > [ws_admin] cannot bind to LDAP://rootDSE
2012-09 - 06T 13: 16:54.227 + 02:00 ERROR (0610-0504) < WSAdminDomainTimerThread > [ws_admin] cannot bind to LDAP://rootDSEAnyone got any suggestions?
Hello
The plugin ws_admin trying to make field checks every 15 minutes, but given that your security server is not on the field these checks fail. It is completely harmless, but they should not run in first place, I raised this in their own country.
Mike
Edit:
There is a simple solution for this in 5.1.x:
Under the current registry key HKLM\Software\VMware, Inc. \VMware VDM\plugins\wsnm\admin, create a new key named Params, and under that a new DWORD value named InitiateDomainChecks with 0 data. Once set, you will need to restart the VMware View Security Server service for the change to take effect.
-
Unable to connect to the host via VMWare View Security Server 4
I have installed and configured the VMWare View connection server and can connect to the virtual machine (Windows XP Pro) shareed via the customer to view without a problem. The problem Im having is that I have configured the Security server in my zone demilitarized and authorized the appropriate DMZ ports and the port 80 and 443 to the outside on my DMZ. Access the public URL and he invites me to authenticate what I do and it then publishes my office pool. I click to connect to the shared pool and it says connection for about 5 drops of s and then just my connection. Now, if I go to my security on my DMZ server, I can connect to the thin desktop via RDP.
Thank you
eeg3 is correct if you have a direct connection enabled on the broker for connections paired with security server then you would be forced to open 3389 to the outside world since the workstations would try to connect directly to the desktop. The right way to go forward is to create the replica with disabled direct connection and combine security with this box server.
If you have found this device or any other useful post please consider the use of buttons useful/correct to award points
-
What NAT ports in the firewall for VMware View Server Security?
We have a Cisco ASA and I wonder what are the ports I need NAT from the outside to the Security Server? I'm assuming that port 443, but don't know if this is correct or if maybe other ports must be open.
Thank you!
Brian
This KB should help you, http://kb.vmware.com/kb/1027217.
-
How to fix VMware View Server certificate revocation check connection error?
Dear community,
For about 2 weeks, I feel a revocation of the certificate check error in our environment Horizon see 6.2. The strange thing is that, within 12 hours about two (replication) connection servers and the vCenter Server / server of composer (on the same machine) are considered as having invalid certificates, even if, in fact, they are valid (CA certificates). We use no security servers.
The view admin console shows the following for servers connection:
The server certificate is not approved.
The server certificate cannot be verified.
For the vCenter, he said (that I have validated manually the certificate):
No problems found.
Certificate is not approved, but the thumbprint of the certificate is accepted.
With the connection series on 'full', States that the login server logs for the vCenter server:
TRACE (B 17-0 - 0E98) < VCHealthUpdate > [NativeKeyVault] validateCertificateChain response: {result = FAIL, EndEntityReasons = cantCheckRevoked, ChainReasons = invalid, SelfSigned = false, EndErrorCode = 16777280, EndInfoCode = 258, ChainErrorCode = 16777280, ChainInfoCode = 256, PolicyErrorCode =-2146885613}
As far as I can see there no similar entries for login server certificates in the newspaper.
At the moment I am under the environment with composer and vCenter certificates manually valid and invalid connection (red) server certificates (as view clients and browsers are not disabled).
I already checked that I am able to do everything 'green' again via setting the registry key 'CertificateRevocationCheckType'2 (as described here Configure the server certificates certificate revocation check). This brings me to the conclusion that one of the intermediate certificates cannot be validated. So, I had the information a "version" of an intermediate (intermediate certification authority) certificate has been revoked. There seems to be no coincidence - like the time point is as well, but this particular version does not appear to be used in the servers of my connection.
However, even with full logging enabled, I can't information which (intermediate) certificate cannot be validated and why. I expected to see something like 'OCSP verification' or 'check the CRL' but I can't find it in the newspapers. However, I noticed that one of the intermediate certificates lacked the OCSP URL (even if the field "Authority Information Access" existed). Of course I updated the certificate with a version that contains the OCSP URL, but it has not changed anything.
In addition, I checked manually all of the certificates in the chain with openssl (for OCSP) and CRLs as well, but everything seems to be OK (all URLS are accessible and no opportunity of certificate has been revoked). Actually, I do not interpret the error as "that the connection to the server is an invalid certificate because it has been revoked", but "it cannot check if it has been revoked. The servers do not need a proxy and nothing configured, so (I checked the proxy settings system context, also).
For now, the problem is not critical, such as 'red' status connection server has no effect on our customers and so I could turn off certificate revocation check (or switch to check that the certificate of the server (2)). But of course, I would really solve the problem.
Is there someone who can give me a hint on what to check, for example, how do I know which certificate cannot be controlled and why? Someone had the same or a similar problem? Support VMware is working on the problem as well, but they seem don't know is not the problem, either.
I appreciate the thoughts and responses! Thank you!
Best regards
Fabian
Dear community,
During this time, I was able to correct the error described at the beginning of this thread. Jump to the end to see what could probably help you...
- At first, I installed an additional standalone VMware View Server connection in order to check the following related certificates:
- VMware support always told me to renew my certificates because they "were not valid" etc. - even if in fact they were (like external URL calls and attested manual verification and tests).
- That's why I created new additional certificates for the login server and configured to include the vCenter even as my production environment - only difference was I didn't inlcude the composer who runs the server vCenter himself.
- The result was that the server was "green" including both the vCenter Server certificate which could be 'not reliable' by the environment of production - strange, huh?
- After I reset the additional server to a turned wink where connection to the server was not yet installed (before that, I uninstalled the connection to the server in case there is information in vCenter thereon) and reinstalled as a replica of the production environment server. Somehow I expected this, but still quite strange the vCenter Server (and composer) now again was considered "invalid", even if the certificate of the server connection itself considered still valid and green. For test purposes, so I put certifice revocation checking on '2' (only one server certificate check) - but only on the 'old' production servers' and 'magical' everything has been considered valid. So as I see it, there seems to be some sort of information stored on the 'old' connection servers that makes them believe that invalid certificates and that the information is replicated on the third server unless I lower the revocation of the certificate controls on these servers. Altervative explanation could be that VMware View does not accept certificates with aliases that do not include the 'real' server name - that is / was in fact certificates the old servers connection. The new server certificate connection included the real name and the alias. I understand if this is the case, but then I expect that it be documented somewhere (I have not found this information) and also wouldn't understand why it worked without problem for several years before.
- After finding that out, I created new certificates for the 'old' connection servers, including aliases and real names and replaced the certificate on one of the servers (and restarted the login server) - only a few successfully. Once I put the revocation checking on '4' again on this server, the login server certificate was still considered valid, but not the vCenter and certificate of composer.
- Now, I've uninstalled the old login server (removed from the view) and reinstalled completely (including an update of the 2008 R2 2012 R2 OS) and after I have it reintegrated into the environment, everything remained green - as long I have will activate revocation checking on the second login server "old." This is why I did the same with this (completely reinstalled and reinstated it) and now everything is green with the revocation checking enabled on all replicas of server connection.
- The next step I uninstall the additional replica because I created only for troubleshooting purposes.
So what will no doubt help in similar cases:
- Reinstall the servers of connection one by one, including:
- Uninstalling html access (if used), uninstall the login server to view, uninstall 'VMware' AD LDS Instance.
- Removal of the connection to the server of replication group: run "s - r s uninstalled_ vdmadmin.exeservername" on one of the servers connection remaining.
- Reinstall/Update OS (may not be necessary, but I did not test that)
- Reininstall, return to the login server replica. If you used the certificates which included only the alias of the server I recommend you to create new ones, including the name of the server as well, but maybe it's not necessary as well. If you want to keep the certificates which only inlcude the alias it will be necessary to install this certificate after the first replication of the servers (see below).
My question for technicians of VMware/developers: It is supported to use certificates include only the server alias. Otherwise why it worked before and where is it documented? Where are certificate cached information so that simply replace the certificate was only some, and not a complete success (see above). FYI - when I paired initially replicas that I had to install the CA (including only the pseudonym) after the first replication - now with certificates (including the server name and the alias), I could install the certificate before you replicate (= the login server installation).
- At first, I installed an additional standalone VMware View Server connection in order to check the following related certificates:
-
javaw.exe missing on view Security Server - view 6.2.1
Hello
I'm trying to associate a view Security Server with a connection to the server (point 6.2.1). Both servers run Windows 2012 r2 and ran into a new error (for me anyway).
I have install the matching password, and when I go to install the Security Server component, I get an error of coupling
. I can access the server from the server security with https connection and think that other DMZ Firewall rules are configured correctly.Looking through the papers, I find a mistake on not being javaw.exe is not a recognized command. I drill down to the path of the log entry and find that javaw.exe is not where it seems expected. It seems to be a dynamic path created by the installation process
serverInstUtil : 18/12/15 10:15:11 lancement « « C:\Users\ADMINA~1\AppData\Local\Temp\{E9740BB3-641F-492D-8B76-802FA34C778F}~setup\unpack\program files\VMware View\Server\jre\bin\javaw.exe »-Dcom.vmware.vdi.orchestratorj.nativelib=ws_java_nativeNODEP-Djava.net.preferIPv4Stack=true-Djava.library.path="C:\Users\ADMINA~1\AppData\Local\Temp\{E9740BB3-641F-492D-8B76-802FA34C778F}~setup\unpack\program files\VMware View\Server\bin » -cp « C:\Users\ADMINA~1\AppData\Local\Temp\{E9740BB3-641F-492D-8B76-802FA34C778F}~setup\unpack\program files\VMware View\Server\sslgateway\lib\ * » ; «C:\Users\ADMINA~1\AppData\Local\Temp\{E9740BB3-641F-492D-8B76-802FA34C778F}~setup\unpack\program files\VMware View\Server\lib\ * «;» check the 8009 "C:\Users\ADMINA~1\AppData\Local\Temp\{E9740BB3-641F-492D-8B76-802FA34C778F}~setup\cache" com.vmware.vdi.tunnelpairing.XmlAjpClientNew 10.97.1.129 ".
serverInstUtil: 18/12/15 10:15:11 Matching of Java SS returned cheque ' ' C:\Users\ADMINA~1\AppData\Local\Temp\{E9740BB3-641F-492D-8B76-802FA34C778F}~setup\unpack\program files\VMware View\Server\jre\bin\javaw.exe "' is not recognized as an internal or external command ".
serverInstUtil: 18/12/15 10:15:11 ERROR: an unexpected error occurred while determining if advanced Security Server matching is supported
I used this binary installer to install the server of connection corresponding without problem I've noticed so far. I just downloaded the 6.2.1 installers yesterday (17/12/15) and the files are dated 08/12/15. I have not found any related to the release notes for this version, or in the installation guide.
I can certainly install java runtime and copy the files in place (although I do not know what version).
Any suggestions or ideas?
File this one, by virtue of be sure to double check...
I have disabled UAC, re-directed the installer - the same error.
I saw the event log and has detected an error (event ID 11335) MSIInstaller
Product: VMware Horizon 6 connection Server - Error 1335. The file ' Replic ~ 1.cab ' required for this installation is damaged and cannot be used. This may indicate a network error, an error reading from the CD-ROM, or a problem with this package.
It turns out that it was the MSI. When I have re-uploaded the file, it works beautifully. I had just used this file 10 minutes before. Will show measure twice... really does matter
Save this here for others to avoid my mistake ;-)
-
View customer Horizon | Unable to login via the Security Server
Hello people,
We strive to deploy VMware View 5.3. Everything is complete we are able to access desktop of customer view through connection to the server. But when we try to connect to the desktop via security server, authentication of the user position get us the attached error.
Can someone please help me to understand and resolve the error?
Thank you!
Hari.
Thank you for your response. Issues was DNS resolution external URL referred to the client device. We decided. Thank you.
Hari.
-
Completely remove sdconf.rec connection server VMware view Horizon 6
Greetings,
I want to completely remove the sdconf.rec file downloaded from my connection to the server VMWare View Horizon 6.0.1. In previous versions, it was that I had to delete the Sdconf.Rec of C:\Windows\System32 and set the attribute to EAP-SecureIDConf under CN = < servername >, OU = server, OU = propriΘtΘs, DC = vdi, DC = VMWare, DC = int '0' but this attribute does not exist in version 6!
Just deleting the Sdconf.REC file does not work, after doing that (even after a reboot) it always says "a Sdconf.REC file has been downloaded" when I check the settings of the connection to the server.
Does anyone know how to delete this file in version 6? I'm this close just removed the server connection and security together and do a complete reinstall.
Thanks in advance!
Bram
bverm wrote:
Haha, Yes, it seems I was typing the variable wrong, changing the attribute now works, but I still see "an sdconf.rec file is already downloaded" even after change to the attribute and remove the sdconf.rec file in system32, even after a reboot of the connection to the server.
This should be OK. What you did is invalidated the sdconf.rec file. It probably will always exist, but watch to see if it has been invalidated. that is, it should now be much smaller than your original and so not usable, which I think is what you wanted to achieve.
If you want to just disable the RSA SecurID authentication, which can be made in view administrator.
Please confirm.
Mark
-
With VMware View Server using LDAPS (port 636)
I've been responsible for something that seems impossible/not supported.
VMware View Server uses port 389 for LDAP. My task is to do view to use instead the port 636 (LDAP over SSL). The accusation is that the replicated servers in VMware View data not encrypted between other on port 389.
So far in my quest, I did no progress in this project. However, I was able to test that manual connections can now be performed (with ADSI Edit) with port port SSL 636 other replicated servers view. Problem is that the view seems to have hard-coded to use port 389 and cannot be moved to use LDAPS.
There are instructions to do something like this in vCenter (http://www.vstable.com/2012/01/27/vcenter-5-active-directory-web-services-error-1209/) (Security Virtual Lab: & amp; nbsp;) Architecture - Blog - proSauce), but nothing related to the sight of the surfaces in a Google search.
Someone at - it have a Yes or whinny if possible?
EDIT: Moved to the correct community.
It is not easy being responsible for something impossible!
Connection view servers have an AD LDS instance, and replication between servers using the AD LDS replication. This is a replication mechanism secure by using the replication RPC, LDAP and Kerberos and secure without having to implement LDAP over SSL on 636.
The articles you refer to are actually on the definition of a port number unused LDAPS access of Web Active Directory Services with vCenter Server to get rid of an event without danger. It does nothing to do with replication between LDAP servers. View prevents remote access Active Directory Web services anyway with a specific firewall rule so that remote users have no access to it.
The only reason why you can use LDAPS with AD LDS is if you support simple LDAP connections. The use of SSL would mean that the simple bind passwords are not sent in the clear. In the case of the view, simple LDAP connections are not enabled in any case.
In summary, what you're trying to do is useless.
Mark
Maybe you are looking for
-
Is available for download from McAfee a part of download of Mozilla Firefox?
Quite quickly after downloading Mozill, a McAfee icon appeared on my home page and in my hard drive program files. I tried to uninstall that I saw nothing about this when I downloaded the program. A window appeared asking me my social security and a
-
Satellite C850D-104 - no boot HDD, no WEIRD boot, black screen
Hi all I had a laptop Toshiba C850D-140, purchased approximately one to two years. I decided to reinstall Windows 7 and I started the whole process. Everything was good, the "expanding windows files" ball, completed successfully, then the laptop rest
-
ThinPro with VMware View USB Redirection
Hi all: I'm trying to configure my workstation (t620 ThinPro 5.1 running) to start required services necessary for USB with VMware View forwarding at startup. I tried to add the command to /etc/rc.local and created my own init.d script, but none of
-
Aspire E1 - 522: no image when I put a DVD in. Where can I download graphics driver?
When I put a DVD in no image shows upward, there is still audio and I can still click on options, but I don't see that I select. I also tried to play a video on youtube that appeared like a green screen. Ive looked and it says I have to update my gra
-
MSE has disabled windows Defender. I can't use both?
When I click on windows Defender, a popup says WD off .i try to turn it on, but it just repeats. the popup may be difficult to remove. If I have mse but no WD is that a problem?