Scenario 1

When connecting from PCoIP Zero Clients running firmware 4.0.0  or newer up to 5.5.1 to virtual desktops using VMware Horizon View 5.3 or newer up to 6.2.0 and you are not able to connect.  A session connection error is displayed on the PCoIP Zero Client  "Session negotiation failed. The Zero Client may not be compatible with the host session negotiation cipher setting."

This can be identified in the PCoIP Zero Client logs:

07/19/2012, 11:16:15> LVL:2 RC:   0       MGMT_SSIG :Initiating session with: (192.168.63.197)
07/19/2012, 11:16:15> LVL:1 RC: 0 MGMT_SCHAN :SCNET: conn_tcp_pending(2155977852): Failed tera_mgmt_ssl_open_connection
07/19/2012, 11:16:15> LVL:3 RC: 0 MGMT_SSIG :(schan_client_cback): queuing TERA_MGMT_SCHAN_EVENT_SSL_OPEN_FAILED
07/19/2012, 11:16:15> LVL:2 RC:-500       MGMT_SSIG :Handshake failure (192.168.63.197)!
07/19/2012, 11:16:15> LVL:3 RC: 0 MGMT_SESS :(ssig_cback): event: 0x4, PRI: 0, cause: 0x0 - queuing EVENT_SSIG_SSL_OPEN_FAILED
07/19/2012, 11:16:15> LVL:3 RC: 0 MGMT_SESS :SIGNALING_CHANNEL: transition 16 into TEARDOWN (PRI: 0)
07/19/2012, 11:16:15> LVL:3 RC: 0 MGMT_SESS :No controlled manager channels reset, queuing EVENT_TEARDOWN_DONE
07/19/2012, 11:16:15> LVL:3 RC: 0 MGMT_SYS :(sess_cback): event mask: 0x4, cause: 0x0
07/19/2012, 11:16:15> LVL:3 RC:-500 MGMT_SYS :(sess_cback): queuing TERA_MGMT_SESS_EVENT_SSL_OPEN_FAILED
07/19/2012, 11:16:15> LVL:3 RC: 0 MGMT_SYS :SESSION_LAUNCH: transition 15 into TEARDOWN (SESS_OPEN_HANDSHAKE_FAILURE & no more IPs)
07/19/2012, 11:16:15> LVL:3 RC: 0 MGMT_SYS :Session channel in INIT, posting EVENT_TEARDOWN_SESSION_DONE
07/19/2012, 11:16:15> LVL:2 RC: 0  MGMT_SYS :SSL protocol version mismatch
07/19/2012, 11:16:15> LVL:2 RC:   0        MGMT_SYS :Session unavailable reason: 0x00001003

Cause

This may be caused by having an incompatible Session Negotiation Cipher setting. VMware Horizon do not support TLS 1.2 with Suite-B 192-bit elliptic curve encryption. PCoIP zero clients support TLS 1.0, TLS 1.2 and TLS 1.2 up to firmware release 5.5.1. Teradici dropped support of TLS 1.0 in firmware release 6.0.0. VMware did not add support for TLS 1.1 and TLS 1.2 until Horizon View 6.2.1

Resolution

Set the Session Negotiation Cipher to TLS 1.0.  From the Administrative Web Interface (AWI)

  1. Enter the PCoIP Zero Client IP address in a supported browser
  2. Log in
  3. Navigate to the Configuration tab
  4. Select Session
  5. Click Show Advanced Options
  6. Select "Maximum Compatibility: TLS 1.0 with RSA keys and AES-256 or AES-128 encryption" in the Session Negotiation Cipher
  7. Click Apply,


Scenario 2:

When connecting from a TERA1 PCoIP zero client running firmware prior to 4.8.0 to a new VMware Horizon View 6.2.1 or newer installation the PCoIP Zero Client displays the following error:
 
Session negotiation failed. The Zero Client may not be compatible with the host session negotiation cipher setting.

Cause

The Tera1 PCoIP zero clients only support TLS 1.0. VMware Horizon 6.2.1 added support for TLS 1.1 and TLS 1.2. This causes a session negotiation error with Tera1 PCoIP Zero Clients using pre 4.8.0 firmware and Horizon 6.2.1(+).

Resolution

In order to use a PCoIP Zero Client with VMware Horizon 6.2.1 or greater, please use one of the following options below.
  • Upgrade the Tera1 PCoIP zero client to a Tera2 PCoIP zero client
  • Change the security protocol settings in VMware Horizon 6.2.1 to allow TLS 1.0
  • For more information on how to change the security protocol please refer to VMware KB 2130798 
Note: From firmware version 6.0 and newer, TLS 1.0 is not supported to initiate PCOIP connections. VMware added support for TLS 1.1 & 1.2 in View release 6.2.1. If you are using old version of VMware View then you can either upgrade your VMware View environment to 6.2.1 (or higher) or downgrade your firmware to 5.5.1
 

Scenario 3:

When connecting from a PCoIP zero client running firmware 6.0.0 or newer to VMware Horizon View 7.5.0 or newer the PCoIP Zero Client displays the following error:
 
Session negotiation failed. The Zero Client may not be compatible with the host session negotiation cipher setting.

Cause

We suspect this issue may be caused by a certificate issue. All log files investigated to-date indicate an issue with certificates however the message in the zero client logs is vague.

Resolution

Some customers have reported the following directions in the VMware Horizon 7 Product Documentation has resolved the issue. Please see VMware document:
https://docs.vmware.com/en/VMware-Horizon-7/7.4/horizon-installation/GUID-47C80EAE-7734-4DF1-98B7-E3CFE08D4427.html#GUID-47C80EAE-7734-4DF1-98B7-E3CFE08D4427
NOTE: Teradici cannot confirm this fix as we have not been able to reproduce the issue.