Hi Mark,
I just experienced something similar.
This is what we have.
OUTSIDE FIREWALL - DMZ
Security server:
- External URL: my.view.com
- certificate for my.view.com issued by GoDaddy
- PCoIP External URL: Public IP: 4172
INSIDE FIREWALL
Internal Connection server:
- HTTPS Secure Channel - External URL: https://external-cs.domain.local:443
- certificate for external-cs.domain.local issued by local Active Directory CA
- PCoIP Secure Gateway - External URL: external-cs Internal IP:4172
Firewall has been set correctly to for traffic from Security --> Connection Server.
With this configuration the external client will not connect.
It'll get to the Username and Password section.
Establishing Secure Connection...
And then gave me the error:
The View Connection Server authentication failed. A secure connection to the server '(null)' cannot be established.
What's weird is that the configuration above is exactly the same as the one that I have on the View 5.0.1 environment and it worked there.
The only I can think of is the SSL certificate.
On the View 5.0.1, back then I was able to add internal host name on the GoDaddy certificate but since they have a new policy now, they no longer allowed anyone to include internal host name to the certificate. So it needs to be an external name only listed on the certificate.
Just for a kick, I try changing the connection server "HTTPS Secure Channel - External URL" to match the Security server which my.view.com and it worked for a session. I was able to connect to the desktop.
After about 10-15 minutes, I disconnect.
Then tried it again, and it failed.
I checked the View Administrator, it says that mismatch certificate on the connection server.
My question is do I need to revoke the internal certificate that was authenticated by local CA and install the external certificate that matched the security server?
So both the security server and internal CS will use the same certificate or I just need to make the internal CS to have an external name and issue its own cert from GoDaddy?
Will that be the solution on this?
Remember, they don't allow anyone to use internal name server and domain name on SSL cert.
Much appreciate your input.
Thanks.