• Jitendra Singh.

TLS1.0 is disabled by default in VMware Identity Manager 2.6 and later. Do we have any workaround f


Issue :

This may be one of the reason when you upgrade Workspace One to latest version and it stops working on Internet Explorer 10

Root Cause :

Internet Explorer 10 be dfault Uses TLS1.0 as communication protocol and TLS1.0 is disabled in Workspace One be defauult .

This may be some reason that few users cant upgrade to latest IE version , My be some application or work dependency.

External product issues are known to occur when TLS 1.0 is disabled. If your implementation of Horizon, Horizon Air, Citrix, or the load balancer in VMware Identity Manager has a dependency on TLS 1.0, or if you are using Office 365 active flow, follow the below solution /instructions to enable TLS 1.0.

Solution :

We can fix this both client and server end.

Client /User End: We can enable TLS1.1 or TLS1.2 in IE or any other Product in use.

Open internet option in Internet Explorer and Navigate to Advanced tab

We can see TLS1.1 and TLS1.2 on the left we can simply select TLS1.2 and configure the same by clicking apply.

This option is what we can do from user end to make sure your browser is using latest protocols.

This make sure that both client and server end are using latest protocols thus minimized security risks.

Workspace One /server End :

This may be a case that you do not want to do this on a browser due to some dependency or any other reason, in that case you may enable TLS1.0 back in Workspace One connectors and fix this.

log in to Workspace One connectors/appliance with root user, one by one and follow below steps:

nevigate to /opt/vmware/horizon/workspace/conf put ls command to list all files and folders.

We have server.xml file there that we have to edit to enable TLS1.0 as well.

type vi server.xml to open this file in vi editor and navigate to sslEnabledProtocols entry below will be entry by default

sslEnabledProtocols="TLSv1.1,TLSv1.2”

hit i (insert to go to input mode in ) and add TLSv1 and make sure entry is as below.

sslEnabledProtocols=“TLSv1,TLSv1.1,TLSv1.2"

Note: This entry appears in two places. Therefore, change in both the places.

Type :wq! to save this file and then we have to restart horizon-workspace service.

navigate to /etc/init.d and type service horizon-workspace restart

So these are two ways we can fix TLS1.0 related issue but i would personally go head with first one to enable latest protocol on my browser. It is always recommended to use latest security protocols.

-----------------------------------------xxxx---------------------------------------------------

#workspaceone

208 views

Tel: +91-8879374285

 Bangalore INDIA 560076

© 2017-18 Xtra-V!rtual