증상
- 연결된 클론, 전체 클론, 수동 풀에서 에이전트를 쌍으로 구성할 수 없습니다.
- 관리 UI에서 “No network communication between the View Agent and Connection Server”을 볼 수 있습니다.
원인
이 문제는 CS에 설치된 에이전트가 FIPs가 아닌 경우 또는 그 반대로 인해 발생합니다.
CS는 FIPs 그리고 에이전트는 non-FIPs
In this case, agent sends the CHANGEKEY request, but the CS rejects the request. In the agent logs at <DriveLetter>\ProgramData\Vmware\VDM\logs-- DEBUG (10A4-24BC) <Thread-3> [BrokerUpdateUtility] Published CHANGEKEY request DEBUG (10A4-24BC) <Thread-3> [BrokerUpdateUtility] Timeout waiting for success response And in the CS logs we see CHANGEKEY request got rejected because of which agent timed out waiting -- DEBUG (1608-1BF4) <DesktopControlJMS> [JMSMessageSecurity] Identity validation failure trace com.vmware.vdi.logger.Logger.debug(Logger.java:44) java.lang.Exception: Identity validation failed: UNKNOWN is not known identity for: agent/1828b6d1-201c-4e1d-a6c7-1f325b209dd6 at com.vmware.vdi.messagesecurity.JMSMessageSecurity.a(SourceFile:577) at com.vmware.vdi.messagesecurity.JMSMessageSecurity.validateAndCheckWithHandler(SourceFile:451) at com.vmware.vdi.desktoptracker.DesktopTracker.a(SourceFile:1879) at com.vmware.vdi.desktoptracker.DesktopTracker.a(SourceFile:925) at com.vmware.vdi.desktoptracker.DesktopTracker$1.run(SourceFile:805) at java.base/java.lang.Thread.run(Unknown Source) WARN (1608-1BF4) <DesktopControlJMS> [DesktopTracker] CHANGEKEY message from agent/1828b6d1-201c-4e1d-a6c7-1f325b209dd6 is discarded as it cannot be validated
에이전트는 FIPs 그리고 CS는 non-FIPs
In this case, CHANGEKEY is successful, but agent cannot connect later to port 4002 for secure communication with the CS. We see this in the agent logs at \ProgramData\Vmware\VDM\logs--
2021-05-13T16:19:56.791+05:30 DEBUG (0474-0EBC) [JmsManager] Unable to connect to JMS server xxxxxxxxxxxxx
com.vmware.vdi.logger.Logger.debug(Logger.java:44)
javax.net.ssl.SSLHandshakeException: Remote host terminated the handshake
at java.base/sun.security.ssl.SSLSocketImpl.handleEOF(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.decode(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.readHandshakeRecord(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
at java.base/sun.security.ssl.SSLSocketImpl.startHandshake(Unknown Source)
해결
Horizon은 혼합 모드(FIPs 및 non-FIPs)를 지원하지 않습니다. CS와 에이전트가 모두 FIPS 모드로 설치되었는지 또는 그 반대로 설치되었는지 확인해야 합니다.
출처 : https://kb.vmware.com/s/article/84198