Why do I receive a "Not Authenticated" error when connecting a PCoIP Client to Cloud Access Software or VMware Horizon through a load balancer?

The PCoIP Zero Client and PCoIP Software Client will use multiple seperate TCP 443 connections to the PCoIP Connection Manager and VMware Horizon Connection Server during the session authentication and resource selection stages. Depending on the load balancer configuration, these connections maybe balanced over multiple servers. If this occurs, the PCoIP Zero Client will send a request to a server that it is not authenticated against.

Resolution

Change the load balancer Affinity/Stickiness setting to one of the following:

Source IP address based:

• Is the simplest to configure.
• Is not suitable in environments when clients are behind a pool of proxy servers that translate their source IP address.

HTTP cookies and headers:

• Can only be used when the load balancer is able to see the HTTP headers (i.e. it requires the ACE to terminate the HTTPS/TLS) connection.

SSL session ID based:

• Stickiness is supported with ACE 2.x versions of software.
• Possible issues when the SSL session ID changes mid-session.

Definitions

Affinity - Client affinity can be configured in Network Load Balancing (NLB) which helps in maintaining application sessions. Client affinity uses a combination of the source IP address and source and destination ports to direct multiple requests from a single client to the same server.

Stickiness - Session stickiness, a.k.a., session persistence, is a process in which a load balancer creates an affinity between a client and a specific network server for the duration of a session, (i.e., the time a specific IP spends on a website). Using sticky sessions can help improve user experience and optimize network resource usage.
 

See also:

Troubleshooting out of order packets impacting the PCoIP protocol?