cancel
Showing results for 
Search instead for 
Did you mean: 

Problems with VDI clients connecting from behind a NAT firewall with a single public IP

New Member

Problems with VDI clients connecting from behind a NAT firewall with a single public IP

Hello..

 

I have searched the forums and KB articles and have not found a solution to the problem for one of our clients.

 

The client has a VDI pool located within a DMZ network puddle on their end, so the desktops are not domain joined, which means everyone logs into the multiple desktops with the same account credentials. Only one person per desktop. The desktops are sitting behind a firewall that is providing a single NAT IP address to the WWW for all desktops in this VDI pool.

 

Starting point is assume none of the VDI desktops in the pool have anyone logged into them.

 

The first person logs into a VDI desktop using a defined/common username/password pair. They then fire up the Pulse client and enter their Office365 username, password and MFA string ending up with a sucessful connection, for this first person!

 

Then another person logs into a different VDI desktop, with same username/password the first person used and fires up the Pulse client on this 2nd desktop and uses their own/different Office365 username, password and MFA string. The result is that the first person that connected up is booted off of their session and this second person is connected up.

 

If the first person reconnects up using their own Pulse connection creds the second person is booted off their connection and the first person remains connected. Until someone else comes along.

 

They can only get one Pulse connection active at any given time from the VDI pool.

 

They have tried different Windows creds to log into the different VDI desktops and that made no difference.

 

They have deleted all browser cookies before initiating the Pulse connection and that made no difference.

 

What would cause this type of single connection problem and what is needed to allow multiple, concurrent, connections fo rthis type of configuration?

 

My thanks for your thoughts and time on this.

 

pdc

1 REPLY 1
Moderator

Re: Problems with VDI clients connecting from behind a NAT firewall with a single public IP

Are they hosted on the same server?
Are they created from a template that has Pulse already installed? If yes, was the installation created so that the GUID is not created at install time but at run-time?
It sounds like they may all have the same GUID installed for the Pulse client (which is not allowed and will cause what you are seeing)