5 Replies Latest reply: Oct 5, 2013 5:00 AM by kmount RSS

    OVDC over VPN Fails

    MisterB

      Hi

      Ive installed the 64bit version of OVDC, V36439-01, on a Windows7 Laptop.

       

      I can connect to our SunRay server when connected to the company network via ethernet.

       

      but when working from home over a VPN (using Cisco AnyConnect VPN Client V2.4.1012) I cannot connect. OVDC hangs at the hourglass, 'Connecting to xx.xx.xx.xx' I click on details and the box is blank.

       

      I have enabled logging, and pasted the end of the output below.

       

      I can ping the server and have set the MTU as per the instructions at 18.5. Oracle Virtual Desktop Client Troubleshooting which gives me 1378 bytes, 1386MTU setting.

      I have tried to re-install the software.

       

      I would appreciate any help or tips.

       

      Regards

       

      MrB

       

       

      NETWORK(b24/428.169): lread:-1 get last err:10060
      NETWORK(b24/428.169): timedout
      SMARTCARD(1d64/428.357): alpSmartCardCheckStatus: Check for updates
      SMARTCARD(1d64/428.357): alpSmartCardCheckStatus: New list has "Mobile Broadband SIM Card Reader 0" reader
      SMARTCARD(1d64/428.357): alpSmartCardCheckStatus: New list has "O2Micro CCID SC Reader 0" reader
      SMARTCARD(1d64/428.357): alpSmartCardCheckStatus: New list was 2 entries
      NETWORK(b24/428.770): lread:-1 get last err:10060
      NETWORK(b24/428.770): timedout
      SMARTCARD(1d64/428.859): alpSmartCardCheckStatus: Check for updates
      SMARTCARD(1d64/428.861): alpSmartCardCheckStatus: New list has "Mobile Broadband SIM Card Reader 0" reader
      SMARTCARD(1d64/428.861): alpSmartCardCheckStatus: New list has "O2Micro CCID SC Reader 0" reader
      SMARTCARD(1d64/428.861): alpSmartCardCheckStatus: New list was 2 entries
      SMARTCARD(1d64/429.366): alpSmartCardCheckStatus: Check for updates
      SMARTCARD(1d64/429.368): alpSmartCardCheckStatus: New list has "Mobile Broadband SIM Card Reader 0" reader
      SMARTCARD(1d64/429.368): alpSmartCardCheckStatus: New list has "O2Micro CCID SC Reader 0" reader
      SMARTCARD(1d64/429.368): alpSmartCardCheckStatus: New list was 2 entries
      NETWORK(b24/429.371): lread:-1 get last err:10060
      NETWORK(b24/429.371): timedout
      SMARTCARD(1d64/429.870): alpSmartCardCheckStatus: Check for updates
      SMARTCARD(1d64/429.870): alpSmartCardCheckStatus: New list has "Mobile Broadband SIM Card Reader 0" reader
      SMARTCARD(1d64/429.870): alpSmartCardCheckStatus: New list has "O2Micro CCID SC Reader 0" reader
      SMARTCARD(1d64/429.870): alpSmartCardCheckStatus: New list was 2 entries
      NETWORK(b24/429.972): lread:-1 get last err:10060
      NETWORK(b24/429.972): timedout
      SMARTCARD(1d64/430.375): alpSmartCardCheckStatus: Check for updates
      SMARTCARD(1d64/430.377): alpSmartCardCheckStatus: New list has "Mobile Broadband SIM Card Reader 0" reader
      SMARTCARD(1d64/430.377): alpSmartCardCheckStatus: New list has "O2Micro CCID SC Reader 0" reader
      SMARTCARD(1d64/430.377): alpSmartCardCheckStatus: New list was 2 entries
      NETWORK(b24/430.573): lread:-1 get last err:10060
      NETWORK(b24/430.573): timedout
      SMARTCARD(1d64/430.880): alpSmartCardCheckStatus: Check for updates
      SMARTCARD(1d64/430.881): alpSmartCardCheckStatus: New list has "Mobile Broadband SIM Card Reader 0" reader
      SMARTCARD(1d64/430.881): alpSmartCardCheckStatus: New list has "O2Micro CCID SC Reader 0" reader
      SMARTCARD(1d64/430.881): alpSmartCardCheckStatus: New list was 2 entries
      INPUT(12b8/431.156):

      alpInputOnDisconnect

      INPUT(12b8/431.156): Deleting Keyboard Hook thread
      INPUT(12b8/431.156):

      In alpUnhookKeyboard!!

      NETWORK(b24/431.174): lread:-1 get last err:10060
      NETWORK(b24/431.175): timedout
      SMARTCARD(1d64/431.386): alpSmartCardCheckStatus: Check for updates
      SMARTCARD(1d64/431.388): alpSmartCardCheckStatus: New list has "Mobile Broadband SIM Card Reader 0" reader
      SMARTCARD(1d64/431.388): alpSmartCardCheckStatus: New list has "O2Micro CCID SC Reader 0" reader
      SMARTCARD(1d64/431.388): alpSmartCardCheckStatus: New list was 2 entries
      SESSION(1e44/431.481): alpSessionSetState: connected -> disconnected
      SESSION(1e44/431.482): Writing: discReq _=1 cause=bye sw=Oracle:SunRayS1:MINGW32_NT-5.1:3.2.0 hw=SunRayS1 pn=46353 sn=6858e6fcedbe4d079acee6275aae3e00 SCHD=2 namespace=MD5 state=disconnected type=unknown

       

       

      NETWORK(12b8/431.483): Stopping net thread
      NETWORK(193c/431.578): DISCONNECT - clean up
      USB(1b5c/431.580): alpRDDServiceThread exit returns -39
      NETWORK(b24/431.775): lread:-1 get last err:10060
      NETWORK(b24/431.776): timedout
      SMARTCARD(1d64/431.892): alpSmartCardCheckStatus: Check for updates
      SMARTCARD(1d64/431.894): alpSmartCardCheckStatus: New list has "Mobile Broadband SIM Card Reader 0" reader
      SMARTCARD(1d64/431.894): alpSmartCardCheckStatus: New list has "O2Micro CCID SC Reader 0" reader
      SMARTCARD(1d64/431.894): alpSmartCardCheckStatus: New list was 2 entries
      NETWORK(b24/432.376): lread:-1 get last err:10060
      NETWORK(b24/432.377): timedout
      SMARTCARD(1d64/432.398): alpSmartCardCheckStatus: Check for updates
      SMARTCARD(1d64/432.400): alpSmartCardCheckStatus: New list has "Mobile Broadband SIM Card Reader 0" reader
      SMARTCARD(1d64/432.400): alpSmartCardCheckStatus: New list has "O2Micro CCID SC Reader 0" reader
      SMARTCARD(1d64/432.400): alpSmartCardCheckStatus: New list was 2 entries
      DEVICE(15a8/432.868): dm_in: connection is closed.
      DEVICE(193c/432.869): alpRDDStop: Stopped all threads
      NETWORK(12b8/432.870): Stopping net thread
      SMARTCARD(1d64/432.904): alpSmartCardCheckStatus: Check for updates
      SMARTCARD(1d64/432.906): alpSmartCardCheckStatus: New list has "Mobile Broadband SIM Card Reader 0" reader
      SMARTCARD(1d64/432.906): alpSmartCardCheckStatus: New list has "O2Micro CCID SC Reader 0" reader
      SMARTCARD(1d64/432.906): alpSmartCardCheckStatus: New list was 2 entries
      NETWORK(b24/432.977): lread:-1 get last err:10060
      NETWORK(b24/432.978): timedout
      NETWORK(b24/432.978): DISCONNECT - clean up
      AUDIO(12b8/432.979): alpAudioClose: close error 5
        • 1. Re: OVDC over VPN Fails
          kmount

          Hi there,

           

          I've seen similar with odd network blocks in the past, out of interest to see if this is the same thing ...

           

          When you're sitting on this screen on OVDC do you see anything on the server side?

           

          I'm particularly interested to see whether you see your ovdc token id being issued with a session, and whether you can see the session and associated processes in utsession -p.

           

          In my experience a lot of the time this actually fell down to the Windows 7 firewall when moving 'away' from Domain rules over to Public for example that could help explain why moving from the trusted domain subnet etc where things work to a 'foreign' network could change things.

           

          Cheers,

           

          Kim

          • 2. Re: OVDC over VPN Fails
            MisterB

            Many thanks for your reply Kim,

             

            Yes, I believe that I am seeing a Login/Idle Session in my Sunray Admin.

            The token is issued and has an associated process.

             

            A funny thing happened when I terminated the session from Sunray Admin, the OVDC client Connecting to <IP> window seemed to wake up and reported:

            26 Disconnected

            26 Disconnected

            26 Uninitialized

            1 Getting server info

            24 Using DNS for name lookup

            24 Connecting to server using TCP

            24 Disconnected

            26 Connected to Auth Manager

             

            Seems to remain stuck @ this point? as before. So is the server rejecting the connection?

            • 3. Re: OVDC over VPN Fails
              kmount

              Hi there,

               

              Ah yes, this sounds like exactly what I had been seeing. (I confirmed by checking on the server itself to see if the server had created a kiosk session and was running processes for me, to rule out the server configuration blocking the client connection). So on Solaris I checked in utwho -c for my VPN IP, then found the session and looked in utsession -p for the kiosk user and ran ptree against the kiosk user to see if he had stuff.

               

              In the end we added a Windows firewall rule to allow access to/from the Sun Ray server VLAN on any ports from the machine we were connected to. (quick, dirty hack needed for testing only).

               

              I vaguely remember something about OVDC itself not being blocked, but Java not having access to the Public zone on the windows firewall which it was picking up on and blocking.

               

              Sorry it's a bit vague, if you don't get anywhere I'll set up the scenario again here and dig into it properly.

               

              Cheers,

               

              Kim

              • 4. Re: OVDC over VPN Fails
                MisterB

                Hello Kim

                I cant see any windows firewall rules blocking the software, in fact I think its turned off for this connection.

                I dont fully understand why this should be different for VPN when compared to wired connection?

                 

                very frustrating!!!

                 

                Thanks again

                G

                • 5. Re: OVDC over VPN Fails
                  kmount

                  Hi there,

                   

                  Yes, it is quite odd though I have seen stuff like this in the past where even on a VPN some packets go out over the internet (in the end we compensated for this with iptables rules on the vpn side but heyho).

                   

                  I'd suggest we rule in/out OVDC/Windows ... do you have a Sun Ray you can connect to the same VPN and see if that works? (if that works we at least know fundamentally all is fine on the network/vpn link)