Please reload

Recent Posts

I'm busy working on my blog posts. Watch this space!

Please reload

Featured Posts

TLS1.0 is disabled by default in VMware Identity Manager 2.6 and later. Do we have any workaround for this ?

January 18, 2017

Issue : 

 

This may be one of the reason when you upgrade Workspace One  to latest version and it stops working on  Internet Explorer 10 

 

Root Cause :

 

Internet Explorer 10 be dfault Uses TLS1.0 as communication protocol and TLS1.0 is disabled in Workspace One be defauult . 

 

 

This may be some reason that few users cant upgrade to latest IE version , My be some application or work dependency.

 

External product issues are known to occur when TLS 1.0 is disabled. If your implementation of Horizon, Horizon Air, Citrix, or the load balancer in VMware Identity Manager has a dependency on TLS 1.0, or if you are using Office 365 active flow, follow the below solution /instructions  to enable TLS 1.0.

 

Solution :

 

We can fix this both client and server end.

 

Client /User End:  We can enable TLS1.1 or TLS1.2 in IE or any other Product in use.

 

Open internet option in Internet Explorer and Navigate to Advanced tab

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

We can see TLS1.1 and TLS1.2 on the left we can simply select TLS1.2  and configure the same by clicking apply.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

This option is what we can do from user end to make sure your browser is using latest protocols.

 

This make sure that both client and server end are using latest protocols thus minimized security risks.

 

Workspace One /server End :

 

This may be a case that you do not want to do this on a browser due to some dependency or any other reason, in that case you may enable TLS1.0 back in Workspace One connectors and fix this.

 

log in to Workspace One connectors/appliance with root user, one by one and follow below steps:

 nevigate to /opt/vmware/horizon/workspace/conf put ls command to list all files and folders.

 

 We have server.xml file there that we  have to edit to enable TLS1.0 as well.

 

type vi server.xml to open this file in vi editor and  navigate to sslEnabledProtocols entry below will be entry by default 

 

sslEnabledProtocols="TLSv1.1,TLSv1.2”

 

 hit i (insert to go to input mode in ) and add TLSv1 and make sure entry is as below.

 

  sslEnabledProtocols=“TLSv1,TLSv1.1,TLSv1.2"

 

Note: This entry appears in two places. Therefore, change in both the places.

 

Type :wq! to save this file and then we have to restart horizon-workspace service.

 

 

 

navigate to /etc/init.d and type service horizon-workspace restart

 

So these are two ways we can fix TLS1.0 related issue but i would personally go head with first one to enable latest protocol on my browser.  It is always recommended to use latest security protocols.

 

-----------------------------------------xxxx---------------------------------------------------

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Share on Facebook
Share on Twitter
Please reload

Follow Us
Please reload

Search By Tags
  • Facebook Basic Square
  • Twitter Basic Square
  • Google+ Basic Square

Tel: +91-8879374285

 Bangalore INDIA 560076

© 2017-18 Xtra-V!rtual