We have recently run into a problem with our BYOD users connecting to the Virtual Desktop environment and I thought I would share the symptoms of this issue.
All of our BYOD devices connect via our wireless guest network and terminate on an anchor controller in our DMZ. From here, there are firewall policies that permit ports 443tcp, 4172tcp, & 4172udp in both directions.
Symtoms:
- Users from guest wireless would connect but get black screen (not painting) - iPad users would get the message “Desktop Loading Warning. Your desktop is loading too slowly” - XP users were not able to get a desktop at all
- Users from Internet were able to connect with no issues (these users would traverse the same firewall policy as guest users)
I found an article here that recommends the PCoIP MTU size to be at least 1300 bytes to avoid fragmentation. As you may already know, the GRE tunnels by default between Aruba controllers are 1100.
Fixes:
- Adjust the GRE tunnels between the local controller and DMZ controller to 1400, or something greater than 1300 + overhead. This would be a more temporary solution as it is not the default setting.
- Adjust the MTU size on the Virtual Desktop side to something lower than 1100-overhead.
Has anyone else ran into this issue? Fixes?