View Client Certificate authentication phenomenon and fix

Situation:
Deployment of View Client 5.4.x in production environment.
Issue:
Massive delay on connection to connection server from client.

Background & Troubleshooting:
TEST FROM ALT HARDWARE – DIRECT CONNECT LAN
"2014-06-27","11:03:40","ComputerName" / Latency "1.37 ms", / WRITE "453.5648800", /READ "Mbps","205.2395120","Mbps”
Connection to VIEW CONNECTION SERVER is 5 seconds from alt hardware (My laptop) using on floor network cable and port.

NOTE ON NETWORK:
Speed tests on alternate hardware showed  a connection at over 400 Mbps (10 test AVERAGE)


TEST FROM LOCAL HARDWARE – DIRECT CONNECT LAN

NOTE ON NETWORK:
Testing the local system again shows surprisingly fast results with transfer times @ 1/10th of a second per 1MB. (10 test AVERAGE)
Connection to VIEW CONNECTION SERVER is 60+ seconds from production hardware using on floor netowork cable and port.

At this point it looks like the client and not the wire are having problems.

Re-ran setup batch file to remove and reinstall View client.
Testing with a direct connection to the server IP not using Citrix load balancer.
-       -    No effect on delay

NOTE:
Trouble appears to be at connection to connection server post connection View maintains good functional speed.

Troubleshooting local hardware View Client:
-          Disabled auto connection
o   No effect
-          Enabled auto connection
-          Disabled All unused protocols
o   No effect
-          Enabled unused protocols
-          Installed different version of View Client
o   No effect
-          Reran default install scripts
-          Test for UDP connections with Citrix load balancer VIP and connection server passed
-          Check local PC certificate config
o   All required root certificates already installed (Validated)


SSolution / Workaround:
-          Disabled certificate validation in View Client
o   Resolved connection hang
-          Tested on three workstations all showed significant speed increase at connection to connection server

Dropped connection time from 60+ seconds to an average of 6 seconds.

Connection bottleneck identified as View Certificate security checks initiated by client:
Proposed current resolution:
Modify installation batch file to add reg DWORD value to local workstation:
HKEY_LOCAL_MACHINE\Software\VMware, Inc.\VMware VDM\Client\Security DWORD Value: CertCheckMode Value: 0

CODE:
 reg add "HKEY_LOCAL_MACHINE\Software\VMware, Inc.\VMware VDM\Client\Security" /v CertCheckMode /t reg_dword /d 0 /f
\CODE


Proposed long term resolution:
Use VMWARE VIEW ADM template to create View GPO policy applying this setting from the domain to the workstations running View.
Will allow for seamless upgrades of the View Client software.



Hopefully this will save someone a bit of troubleshooting time and hair pulling.
I will be working at a root issue but as of right now I am comfortable with this temp work around.
We are currently automating access to our View environment using Imprivata's SSO OneSign.
The connection to the View Connection Server's URL is enforced by policy and users can not modify any settings on the endpoints.

Additional Info:
SILENT / NO SHORTCUT / NO Start Menu / INSTALL OF VIEW CLIENT FROM COMMAND LINE:

CODE:
\\sharelocation\viewclient.exe /s /v"/qn REBOOT=ReallySuppress DESKTOP_SHORTCUT=0 QUICKLAUNCH_SHORTCUT=0 STARTMENU_SHORTCUT=0 VDM_SERVER=desktop.lakehealth.org ADDLOCAL=ALL"
\CODE:

(All on one line)

PLEASE NOTE:
All of the described is a workaround and not a true solution to the issue. Disabling certificate checking can leave endpoints vulnerable to man-in-the-middle attacks and prevents the View client from behaving in a secure manner. Use at your own risk.





Comments

Popular posts from this blog

VMWARE vSphere Client Direct Downloads

VMware Horizon Client - Ubuntu 16.04 / Elementary OS Loki

VMware Tools on Linux