Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
The Horizon Destination Server status is red in the admin page Unified Access Gateway should resolve the FQDN of the backend Horizon Connection address.UAG Gateway appears as "n/a" within the horizon admin page.Backend Destination Servers are not reachable from Unified Access Gateway using FQDN but IP address works as expected. Unable to resolve hostnames that have a .local suffix Note: Industry recommendations are to only use .local for multicast DNS as stated in the RFC..local is defined for a specific multicast use and not for general DNS. It is covered by RFC6762 & Microsoft recommendations (see caution section when selecting suffix) Cnames can be employed to allow alternate names if you have a .local server that you need to alias.Example : Connection Broker is CON1.constoso.local. You can create a new DNS zone with a supported suffix - for instance, CON1.contoso.int and use this new FQDN for your destination server.
To facilitate troubleshooting DNS related issues that can occur during a deployment of a Unified Access Gateway.
If DNS was omitted during deployment or DNS servers decommisioned, you may experience issues like the above.
Please refer to the following for general network troubleshooting on the appliance :Host Entries can be seen within the /etc/hosts file:As the UAG is an appliance based on photon o/s, never edit resolve.conf or the host file manually.Please update DNS entries with redeployment or in the admin user interface - note any manual changes to the file will get overridden by admin user interface entries or by a reboot.On the shell on a UAG appliance, here are some common commands to aid with troubleshooting CommandDescription netmgr dns_servers --getDisplay the currently configured entries systemd-resolve --statuslists connection properties Tracepath DNSIPFollow the connection path to the configured server.Ping FQDNConfirm you can reach another device such as the connection server Nslookup FQDNVerify the Resolution of devices such as the backend connection server. Advanced Troubleshooting will involve the usage of a network trace, tcpdump is not installed by default on a UAG. Complete Installation instructions can be found hereThe following command is run on the command line of the appliance: /etc/vmware/gss-support/install.sh Note: /etc/resolv.conf will point to 127.0.0.53 which is as designed with SystemD in control of resolution.Please see here for more background. With tcpdump, this traffic will appear in a trace and can be discounted as normal.Sample Command: tcpdump -i any -n -v udp port 53 Command Explanation: The above command performs a tcpdump The "-i any" option means that it will capture traffic from all network interfaces on the systemBy default, TCPDump converts host addresses to names, but this can be disabled using the "-n" option.The "-v" option enables verbose output, which provides more detailed information about the captured packets.The UDP port 53 option captures all UDP traffic on port 53. DNS queries and responses are typically sent over UDP port 53. The command can be altered to a specific interface, a TCP port and can be used to test various firewall and connection issues.More Sample Commands in the documentation and detailed explanations are available by running 'man tcpdump' on a terminal.
As a temporary measure, IP addresses can be used in place of FQDN in the admin UI to test functionality if your network allows it.