EUC Blogs

VMware Horizon Connection Server HTTP 421 Error

Postdate 06-10-2023

I have written a new blog about VMware Horizon connection Error 421.

If you consider updating to Horizon version 2306, 2111.2, or 2212.1 you may encounter this problem.

What causes this problem, The default value of the security configuration setting allowUnexpectedHost has changed from true to false. According to VMware, connections using the name or IP address of a proxy, gateway, or load balancer that is not defined in locked.properties will fail, even if checkOrigin and enableCORS are both set to false.

Client Error:

Client log shows the following warning:

2023-10-04T07:30:35.215+02:00 WARN  (1E14-1A70) <SimpleDeamonThread> [SimpleAJPService] (broker:Request1015) Rejecting request: Unexpected Host header: Loadbalancer-address:443

How can you solve this problem?

Create or edit the locked.properties file you can find this at the following location:
“c:\program files\vmware\VMware View\Server\sslgateway\conf”.

Edit the file with Notepad and enter the following information:

portalHost.1 = VDI-Address.YourDomain.com
portalHost.2 = IP address
portalHost.3 = ETC

There are two keywords for extending the known origins list, balancedHost and portalHost.
balancedHost = LB-Address.YourDomain.com.

  • There can only be one entry for balancedHost and only https is allowed.
  • The purpose of balanced host is primarily for the load balancer between connection servers and internal clients.

portalHost.x = Address like VDI-Address.YourDomain.com.

  • There is no limit on the amount of portal host entries
  • The purpose of portalHost is primarily for alternative routes and names.

Note 1: You don’t set a URL on these, just the hostname.
Note 2:
Both are designed to extend the list of known origins.

Please validate the extension of the locked.properties file to ensure it is saved as
.properties and not .properties.txt.

You will need to do this at every Horizon Connection server and restart each server to ensure the change takes effect.

VMware has written about it in their release note number 3183262 under the known issues Connection Server section, Release Note you can find here.

If someone is going to upgrade to one of the discussed Horizon versions, make sure that the LB  addresses have been added to the locked.properties.

Additional information about VMware Horizon Error 421 look here.

For additional information about locked.properties look here.

Thank you for reading if you have a question, or remarks please let me know!