Tag Archives: zero client

VMware Horizon View Error: SSL Session Negotiation Failed or The Zero Client may not be compatible with the host session negotiation cipher settings.

I just did a Horizon View Upgrade from 5.2 to Horizon 7 for a large customer who uses Zero Clients for every employee. The customer is using Dell Wise P25 Zero Clients for most employees, but still have the older P20 for a select few. Both the P20 and P25 uses chipsets from Teradici, but the firmware on each is slightly different.
After the upgrade, employees using the older P20 Zero Clients would get the following error when trying to connect to their View session:

SSL Session Negotiation Failed or The Zero Client may not be compatible with the host session negotiation cipher settings.

After much research, I found a few KBs and Posts with the apparent “fix”, but none of them worked as they claimed – at least not in this environment. After spending many hours trying to resolve this, I found a solution that worked for this client. I hope this helps someone else.

This issue affects Horizon View 6.2 and 7.0. The root cause of this is due to VMware disabling support for the less secure TLS 1.0 protocol. The P25 Zero Clients need the latest 4.8 Firmware, which addresses the problem, but the P20 Zero Client’s only support firmware up to 4.5, which does not address this issue, so a workaround is needed. After following some blogs about importing a Group Policy, I found it to be a waste of time.  So here is what actually works.

On each virtual desktop (or gold image), you’ll need to add the following Registry Key:

HKLM\Software\Teradici\PCoIP\pcoip_admin
Name: pcoip.ssl_protocol
Type: REG_SZ
Value: TLS1.0:TLS1.1:TLS1.2

Or download and import this .reg file I created with these settings: Regedit File Download
This allows TLS 1.0 connections via the installed agent.

On the Connection Server, edit the Connection Server Settings and uncheck Secure Tunnel
View Configuration – Servers – Connection Servers – Edit

This will allow connections to Authenticate through the Connection Server and then connect directly to the Virtual Desktop.

This fixed the issue for the customer until they can replace their older Zero Clients.