You attempt to upgrade your existing VMware Horizon View 6.0.1 infrastructure to 6.2.1 but noticed that after upgrading your View Connection and Security servers you receive the following error message when connecting to a virtual desktop:
Unable to connect to desktop: There is no available gateway for the display protocol. Try again, or contact your administrator if this problem persists.
Attempting to connect from an older VMware View client throws the following error:
The View Connection Server connection failed. The handle is in the wrong state for the requested operation.
Reviewing the Events log in th View Manager displays the following error message:
Severity: Audit failure
Message: Unable to launch from Pool <poolID> for user <domain\userID>: No co-management availability for protocol PCoIP
This isn’t the first VMware Horizon View 6.2.1 upgrade I’ve done but it is the first that I had to jump from 6.0.1 to 6.2.1 and because I worked on this upgrade during a small window and was unable to get connectivity to work even though I tried upgrading the View agent to a newer version, I ended up rolling back to 6.0.1 then opened up a ticket with VMware.
What I learned from the VMware support engineer was that older agents would not work with 6.2 or later versions because TLS 1.0 is disabled and since I had the View Connection and Security servers at 6.2.1 and the agents still at 6.0.1 FP2, these error messages were thrown (I’m not sure why the initial test I did when upgrading the agent didn’t work during the first window).
The following is what I learned after scheduling a second window to test performing the upgrade again:
1. Attempting to use the following KB to configure TLS 1.0 did not work for me: http://kb.vmware.com/kb/2130798
2. Disabling Use PCoIP Secure Gateway for PCoIP connects to machine fixed the issue:
This solution wasn’t practical for me as it would allow internal connections but external connections through the View Security Server would not work.
3. Upgrading the View Agent from 126.96.36.1991487:
… to 6.2 or higher would correct the issue:
4. If you have any View clients older than Horizon 3.3 (either on Windows, Windows Embedded, or any thin/zero client OS such as HP ThinPro) then you’ll also need to upgrade them or they won’t be able to connect to the desktop.
Update – January 6, 2015
I’m not sure if this was added at a later time because i did not see this note when I downloaded 6.2.1 in December but the Notes section on the download product page explains the potential issues you may face if you’re using an older Horizon Client:
To improve security, by default, View 6.2.1 does not support SSLv3 and does not accept incoming connections that use security protocol TLS 1.0. This will affect Horizon Client 3.3 and earlier versions, which can only use TLS 1.0. For instructions on how to enable TLS 1.0, see the View 6.2.1 release notes.
Here is an example of what happens if you connect with an older VMware View 5.0.0 build-481677 client externally through a security server:
The View Connection Server connection failed. A security error occurrred.
Another symptom I’ve noticed when attempting to connect with an older unsupported VMware Horizon View 3.1.0 build-285638 client internally through a connection server is that the authentication works and you are able to initiate the connection to the desktop but you are then quickly kicked off with the message:
The connection to the remote computer ended.
Update – January 14, 2015
I’ve managed to do tests with the registry keys that enable TLS 1.0 and the results can be found here:
Enabling TLS 1.0 for VMware Horizon View 6.2.1 to allow Horizon View 3.3 or older clients to connect