Session negotiation failed while connecting from Zero client to VMware view . The Zero Client may not be compatible with the host session negotiation cipher setting

Scenario 1

When connecting from PCoIP Zero Clients running firmware 4.0.0  or newer up to 5.5.1 to virtual desktops using VMware Horizon View 5.3 or newer up to 6.2.0 and you are not able to connect.  A session connection error is displayed on the PCoIP Zero Client  "Session negotiation failed. The Zero Client may not be compatible with the host session negotiation cipher setting."

This can be identified in the PCoIP Zero Client logs:

07/19/2012, 11:16:15> LVL:2 RC:   0       MGMT_SSIG :Initiating session with: (192.168.63.197)
07/19/2012, 11:16:15> LVL:1 RC:   0      MGMT_SCHAN :SCNET: conn_tcp_pending(2155977852): Failed tera_mgmt_ssl_open_connection
07/19/2012, 11:16:15> LVL:3 RC:   0       MGMT_SSIG :(schan_client_cback): queuing TERA_MGMT_SCHAN_EVENT_SSL_OPEN_FAILED
07/19/2012, 11:16:15> LVL:2 RC:-500       MGMT_SSIG :Handshake failure (192.168.63.197)!
07/19/2012, 11:16:15> LVL:3 RC:   0       MGMT_SESS :(ssig_cback): event: 0x4, PRI: 0, cause: 0x0 - queuing EVENT_SSIG_SSL_OPEN_FAILED
07/19/2012, 11:16:15> LVL:3 RC:   0       MGMT_SESS :SIGNALING_CHANNEL: transition 16 into TEARDOWN (PRI: 0)
07/19/2012, 11:16:15> LVL:3 RC:   0       MGMT_SESS :No controlled manager channels reset, queuing EVENT_TEARDOWN_DONE
07/19/2012, 11:16:15> LVL:3 RC:   0        MGMT_SYS :(sess_cback): event mask: 0x4, cause: 0x0
07/19/2012, 11:16:15> LVL:3 RC:-500        MGMT_SYS :(sess_cback): queuing TERA_MGMT_SESS_EVENT_SSL_OPEN_FAILED
07/19/2012, 11:16:15> LVL:3 RC:   0        MGMT_SYS :SESSION_LAUNCH: transition 15 into TEARDOWN (SESS_OPEN_HANDSHAKE_FAILURE & no more IPs)
07/19/2012, 11:16:15> LVL:3 RC:   0        MGMT_SYS :Session channel in INIT, posting EVENT_TEARDOWN_SESSION_DONE
07/19/2012, 11:16:15> LVL:2 RC:   0        MGMT_SYS :SSL protocol version mismatch
07/19/2012, 11:16:15> LVL:2 RC:   0        MGMT_SYS :Session unavailable reason: 0x00001003

Cause

This may be caused by having an incompatible Session Negotiation Cipher setting. VMware Horizon do not support TLS 1.2 with Suite-B 192-bit elliptic curve encryption. PCoIP zero clients support TLS 1.0, TLS 1.2 and TLS 1.2 up to firmware release 5.5.1. HP Anyware dropped support of TLS 1.0 in firmware release 6.0.0. VMware did not add support for TLS 1.1 and TLS 1.2 until Horizon View 6.2.1

Resolution

Set the Session Negotiation Cipher to TLS 1.0.  From the Administrative Web Interface (AWI)

1. Enter the PCoIP Zero Client IP address in a supported browser
2. Log in
3. Navigate to the Configuration tab
4. Select Session
5. Click Show Advanced Options
6. Select "Maximum Compatibility: TLS 1.0 with RSA keys and AES-256 or AES-128 encryption" in the Session Negotiation Cipher
7. Click Apply,

Scenario 2:

Cause

The Tera1 PCoIP zero clients only support TLS 1.0. VMware Horizon 6.2.1 added support for TLS 1.1 and TLS 1.2. This causes a session negotiation error with Tera1 PCoIP Zero Clients using pre 4.8.0 firmware and Horizon 6.2.1(+).

Resolution

In order to use a PCoIP Zero Client with VMware Horizon 6.2.1 or greater, please use one of the following options below.

• Upgrade the Tera1 PCoIP zero client to a Tera2 PCoIP zero client
• Change the security protocol settings in VMware Horizon 6.2.1 to allow TLS 1.0
• For more information on how to change the security protocol please refer to VMware KB 2130798 

Note: From firmware version 6.0 and newer, TLS 1.0 is not supported to initiate PCOIP connections. VMware added support for TLS 1.1 & 1.2 in View release 6.2.1. If you are using old version of VMware View then you can either upgrade your VMware View environment to 6.2.1 (or higher) or downgrade your firmware to 5.5.1

Scenario 3:

NOTE: HP Anyware cannot confirm this fix as we have not been able to reproduce the issue.