OPERATIONAL DEFECT DATABASE
...
...
While accessing the onboarding page, you experience this symptom:A 502 gateway error comes due to which the expected page is not displayed in browser.
This article explains how to identify root cause the connectivity issues for Horizon Cloud Connector.
This issue may occur due to proxy / firewall configurations in your network.
To resolve this issue: Pre-Check Script Execute the pre-check script (/opt/vmware/bin/precheck.sh) to see if the Cloud Proxy Service component shows failure. Failure would mean that there is out-bound connectivity issue.For example:/opt/vmware/bin/precheck.sh <CS IP/FQDN> HTTP Proxy Configuration Check the Proxy configuration is valid by running this command: cat /opt/container-data/cc-settings/proxy.conf Ensure that the proxyHost / proxyPort / proxySsl are set and valid as per customer's proxy settings.If proxy configuration is invalid, update the proxy configuration. For more information, see Modifying Proxy Settings for Horizon 7 Cloud Connector 1.6 or Later. Check Horizon Cloud CA connectivity from Appliance For this step, get the Horizon Cloud CA information by accessing URL https://cloud.horizon.vmware.com in a browser and looking at information of the certificate.For example:Notes: Further sections will display the URLs from the above certificate information. The response code must be 200 or 301. Other responses indicate that the proxy/firewall configured on network is not allowing OCSP/CRL calls to Horizon Cloud Certificate Authority.Omit optional proxy configuration if Cloud Connector is not configured with proxy. curl [--proxy proxyHost:proxyPort] -i http://ocsp.digicert.com/HTTP/1.1 200 OKAccept-Ranges: bytesAge: 567Cache-Control: public, max-age=300Content-Type: application/ocsp-response curl [--proxy proxyHost:proxyPort] -i http://crl3.digicert.com/HTTP/1.1 200 OKAccept-Ranges: bytesCache-Control: max-age=604800Content-Type: text/html curl [--proxy proxyHost:proxyPort] -i http://crl4.digicert.com/HTTP/1.1 200 OKAccept-Ranges: bytesAge: 3Cache-Control: max-age=604800Content-Type: text/html curl [--proxy proxyHost:proxyPort] -i https://www.digicert.com/CPSHTTP/1.1 301 Moved PermanentlyServer: nginx Check VMware Horizon Cloud Connectivity from Appliance The response code must be 200. Other responses indicate that proxy/firewall configured on network is not allowing calls to VMware Horizon Cloud.curl [--proxy proxyHost:proxyPort] -I https://cloud.horizon.vmware.com/view-onboarding/HTTP/1.1 200Server: nginxDate: Wed, 24 Jun 2020 14:26:57 GMTContent-Type: text/htmlContent-Length: 1220 curl [--proxy proxyHost:proxyPort] -I https://cloud.horizon.vmware.com/api/loginHTTP/1.1 200Server: nginxDate: Wed, 24 Jun 2020 14:27:21 GMTContent-Type: application/json;charset=UTF-8Content-Length: 231 Check connectivity to Horizon cloud via Cloud Connector Proxy Service The response code must be 200. Other responses indicate that proxy/firewall configured on network is not allowing calls to VMware Horizon cloud via Horizon Cloud Connector.Note: For the next section, do not specify proxy parameter even if HTTP proxy is configured.For Horizon Cloud Connector versions upto 1.10 curl -I 'http://localhost:8080/api/login'HTTP/1.1 200Server: Cloud ConnectorDate: Wed, 24 Jun 2020 14:36:12 GMTStrict-Transport-Security: max-age=7776000; includeSubDomainsX-Frame-Options: SAMEORIGIN # NOTE: PORT=443 for Cloud Connector versions below 1.7. Otherwise PORT=11443 curl -Ik 'https://localhost:PORT/view-onboarding/'HTTP/1.1 200Server: nginxDate: Wed, 24 Jun 2020 14:36:46 GMTContent-Type: text/htmlContent-Length: 1025 curl -I 'http://localhost:8080/view-onboarding/'HTTP/1.1 200Server: Cloud ConnectorDate: Wed, 24 Jun 2020 14:37:50 GMTAccept-Ranges: bytesFor Horizon Cloud Connector 2.0 and above versions: 1) SERVICEIP=$(kubectl get service hze-hydraproxy -n hze-system -o jsonpath='{ .spec.clusterIP }') curl -I "http://$SERVICEIP:8080/api/login"HTTP/1.1 200 OK curl -I "http://$SERVICEIP:8080/view-onboarding/"HTTP/1.1 200 OK curl -Ik "https://localhost/view-onboarding/"HTTP/1.1 200 OK 2) NGINXIP=$(kubectl get service hze-nginx -n hze-system -o jsonpath='{ .spec.clusterIP }') curl -Ik "https://$NGINXIP:11443/view-onboarding/"HTTP/1.1 200 OK Check Horizon Connection Server Connectivity from Appliance The response code must be 200. Other responses indicate that proxy/firewall configured on network is not allowing calls to Horizon CS Pod.curl -ik https://{CS-HOST-NAME}/view-vlsi/rest/v1/domain/listHTTP/1.1 200 OKCache-Control: no-cache, no-store, must-revalidateVary: Accept-EncodingContent-Type: application/json;charset=UTF-8Note: In Horizon Cloud connectors 1.7 and above versions, browser traffic ( https ) is internally routed to port 11443. However, all inbound and outbound communications from the network interface of cloud connector happens via port 443 itself.
Click on a version to see all relevant bugs
VMware Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
