Attaching some screenshots to help clarify





Again, this works perfectly fine as long as we're inside the firewall but fails outside the firewall. It definitely appears to be a firewall issue but just not sure what other ports to open.

Hi, sorry for the long delay, here's what we know in regards to your points;

#1 - As far as we know we're not running anything other than our standard Anti-Virus which is NODs ESET

#2 - Again, not as far as we know, we check the Windows Firewall in Control Panel and it's turned off

#3 - We tried the Security Server both inside the DMZ and inside our network with pretty much the same results. Truth be told we only installed security server in an attempt to get the whole thing going and don't really feel we want it.

- pinging connection server from security server is fine

- telnet appears to work correctly, I don't get any kind of prompt but telnet appears to connect correctly in that it doesn't complain about not being able to connect; tried from security server to connection server on ports 4001 and 8009 and from security server to desktop on port 3389....NOTE it's not a virtual desktop but a physical desktop.

#4 - Yep, tested using nslookup and all components appear to resolve correctly

#5 - Not 100% sure, we have a Linksys WRT310N and as mentioned previously ports 80 and 443 are forwarded to the security server. We really don't have a second firewall setup and we only installed security server in an attempt to get this going. My original understanding and intent was simply to use connection server directly from the Internet as per the attached picture.

In other words we were originally forwarding internet traffic directly to the connection server and had the exact same problem in that we could connect to the connection server but not the desktop.

In reply:

1 - Yes, but obviously the ip addresses are different internally and externally.

2 - Yes, it's https://server.domain.com:443

3 - See #2.

Some questions that may help clarify some things...

1 - Once connection server makes a connection to an agent/desktop, does it then let the client and desktop handle the session themselves or is the session still managed by connection server?

2 - What is the "Direct Connection to Desktop" setting on the server settings dialog?

Thanks for all the help but we're about ready to give up on this and go with LogMeIn or similar service.

Our trial is about to expire not to mention the cost factor.

Hrm....

Re #1:  I'm almost 99% positive for external connections, the session is managed by the security server.  So the client communicates with the security server and the security server then talks to the connection server and/or desktop.  The security server basically acts like a bridge between the desktop and the client (since firewall rules etc prevent direct communication.)

Re #2: I believe (although I'm not positive) that for external connections, the "Direct Connection to Desktop" setting has no effect (b/c of the firewall rules etc.)  It's my understanding, that option is only applicable on a LAN/WAN were the client could bypass the connection broker (after the connection was made) preventing the need for the connection broker to bridge the traffic (as the security server does for external traffic.)

I think I'm almost out of ideas for things to test.....  It would be interesting to see what you would see if you ran Wireshark on both the client PC and the security server.  You might see on one or both a TCP reset (which would indicate a security device someplace between the two resetting the connection.)

Also, from your first set of screen shots, it looked like your client was running from within a VM.  To ensure its not something on the client (like the Windows Firewall or antivirus software), have you used that same VM to connect to View internally?

Finally, the fact View recognizes when the desktop is in use just indicates that both the security server and connection server are aware the status of the desktop.  I still have a feeling that the reason for the failure lies in either the DNS or NAT translation.  If you wanted to private message me with all the IP addresses and hostnames and a login, I would be happy to take a quick peak at it from here.