Jan 062018

Last night I updated my VMware VDI envionrment to VMware Horizon 7.4.0. For the most part the upgrade went smooth, however I discovered an issue (probably unrelated to the upgrade itself, and more so just previously overlooked). When connecting with Google Chrome to  VMware Horizon HTML Access via the UAG (Unified Access Gateway), an error pops up after pressing the button saying “Failed to connected to the connection server”.

The Problem:

This error pops up ONLY when using Chrome, and ONLY when connecting through the UAG. If you use a different browser (Firefox, IE), this issue will not occur. If you connect using Chrome to the connection server itself, this issue will not occur. It took me hours to find out what was causing this as virtually nothing popped up when searching for a solution.

Finally I stumbled across a VMware document that mentions on View Connection Server instances and security servers that reside behind a gateway (such as a UAG, or Access Point), the instance must be aware of the address in which browsers will connect to the gateway for HTML access.

The VMware document is here: https://docs.vmware.com/en/VMware-Horizon-7/7.0/com.vmware.horizon-view.installation.doc/GUID-FE26A9DE-E344-42EC-A1EE-E1389299B793.html

To resolve this:

On the view connection server, create a file called “locked.properties” in “install_directory\VMware\VMware View\Server\sslgateway\conf\”.

If you have a single UAG/Access Point, populate this file with:


If you have multiple UAG/Access Points, populate the file with:


Restart the server

The issue should now be resolved!

On a side note, I also deleted my VMware Unified Access Gateways VMs and deployed the updated version that ship with Horizon 7.4.0. This means I deployed VMware Unified Access Gateway 3.2.0. There was an issue importing the configuration from the export backup I took from the previous version, so I had to configure from scratch (installing certificates, configuring URLs, etc…), be aware of this issue importing configuration.


  7 Responses to “Failed to connect to the connection server – Using Chrome on VMware Horizon 7.4 via HTML client”

  1. Saved me a lot of searching. Worked perfectly. Thanks

  2. Hi,
    Thanks for your blog its really helpful. I came across another issue I am not using UAG but security servers. I was getting Failed to communicate with connection server when I was trying to connect using html client. After adding my external url to locked.properties file on security server resolved the issue. I hope this will help if some one else is having similar issue.

    Stephen quick question about UAG. I am bit confused about setting up three nic. not sure how to setup network profiles for three nics. please can you confirm what network IP do I need to define when using three nic scenario. one NIC I am assuming will be for DMZ subnet. 2nd NIC for internal network connection servers using. for internet do I need to define whole subnet when creating network profile? I am not able to find any documentation link which clearly defines this scenario all exaples are using one nic setup.


  3. Hi Nadeem,

    First, thank you very much for posting your findings on the security server, that information will for sure help others! 🙂

    As for UAG deployment, in my test environments I’ve only used a one NIC deployment (one subnet). I’m not saying it’s best practice, but from what I’ve read lots of other people are doing this as well.

    For a 2 NIC (two network interface) deployment, 1 is for external WAN, and 1 is for internal LAN.

    For a 3 NIC (three network interface) deployment which is the most secure, 1 is for external WAN, 1 is for internal LAN, and 1 is for management.

    As for profiles, I’m not sure what you mean. Are you referring to the IP addressing, or something more specific?


  4. Hi Stephen,

    much appreciated for quick reply.

    I was referring to Network Protocol Profiles where you need to define IP address / IP Pools. for WAN nic do I need to define my external address subnet / IP address or I can simply define my DMZ IP address?


  5. I believe you’ll configure the actual IP address that your UAG will have on the network it’s connected to.

    So for the interface in your DMZ, you’ll specify the IP and subnet for that specific network.

  6. thanks Stephen,

    much appreciated your help 🙂


  7. Hello Stephan,

    Concerning the locked.properties information you found in a 7.0 version of the documentation. Here are the links to the 7.4 version:

    Allow HTML Access Through a Load Balancer:

    Allow HTML Access Through a Gateway:

 Leave a Reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>