During the implementation of Horizon Workspace at a customer I’ve experienced a quite challenging situation last week. While the installation was a pretty straight forward process if you stick to our install guide we weren’t able to reach Horizon from outside the company network. After typing the external web address in the browser it always went to the internal address which of course wasn’t reachable from outside. The setup was exactly our reference architecture shown in the picture below with a loadbalancer in the DMZ that points to the Horizon Gateway appliance on the internal network.
After some troubleshooting we found a very easy solution, but it was not that obvious or very well documented. When the OVA has been deployed you have to check the DNS resolution for all internal and external names and make sure the PTR record (reverse resolution) is working. It’s critical that no aliases for the names are configured, the reverse resolution is working fine and no other records (MX,etc.) are configured. Now comes the important part: while completing the console-based configurator menu after starting the vApp it’s absolutely important to enter – when asked by the wizard – the EXTERNAL name, i.e. horizon.yourcompany.com as the Horizon FQDN and NOT the internal name, i.e. horizon.justforinternal.local. In other words enter the name which points to the loadbalancer and not the name of the Horizon gateway-ca.
Once that configuration was done, it worked like a charm!
