VMware Unified Access Gateway – Upgrade to v. 2207

Release date: August 30th 2022

Welcome to my VMware Unified Access Gateway series. The new version of Unified Access Gateway, 2207, was GA on July 14th 2022. In this section I will describe how I upgraded my UAG’s to v. 2207. According to VMware’s official documentation, this should be done as step 8 in the supported update sequence.

To check out all the new features and changes with VMware Unified Access Gateway 2207, read the release notes from VMware posted here: Unified Access Gateway 2207 Release Notes. Below are some of the most important changes.

First, I download the necessary installation media and Powershell scripts from VMware Customer Connect to my deployment server.

Next, I export the settings before I start upgrading.

I copy the new OVA-file and the updated uagdeploy Powershell files to my working directory

Next, I edit the ini-files with new ova filename

In my previous upgrades, I have reconfigured the SSL Certificates after deployment. This time, I will use the ini-file to configure the SSL Certificate. I first export the certificates from the HAProxy server as described here: HAProxy Export certificates. Next, I need to encrypt my key with RSA, running the command documented by VMware here: Convert Certificate Files to One-Line PEM Format.

openssl rsa -in c:\cert\desktop\privkey.pem -check -out c:\cert\desktop\privkey_rsa.pem

I copy the “privkey_rsa.pem”-file to my working folder and adjust the SSLCert section in the ini-file

Finally, I deploy the UAG’s with the new ova-file using the existing ini-files. As we can see from the screenshot below, the script automatically shuts down the existing UAG’s and deletes them, before deploying the new UAG’s using the settings I defined in the ini-files. NOTE: When executing the uagdeploy.ps1 script, I previously used PASSWORD PASSWORD false false no as parameters, but these no longer works. I replaced PASSWORD with the passwords I wanted to use instead, which works flawlessly. For details see: Using PowerShell to Deploy the Unified Access Gateway Appliance

It is also important to check out the new demands due to the “Re-Write Origin Header” property, as documented by VMware here: Configure Horizon Settings

Reference: Cross-Origin Resource Sharing (CORS) with Horizon 8 and loadbalanced HTML5 access. (85801)

I adjust my locked.properties file as shown below and restart my Connection Servers

When the upgrade is complete, I log in and check that all my settings are correct, I also login to VMware Horizon Administrator, where I can see that the Gateways are up and running the new version

This completes the UAG upgrade, and I do a test by logging in through the HAProxy and UAG’s. With this done, I can now proceed with upgrading the MDT OSOT components prior to upgrading agents within the Horizon Desktops, covered here: VMware Horizon – Upgrade OSOT MDT Plugin to v. 2206

VMware Unified Access Gateway – Upgrades

VMware Unified Access Gateway planning, deployment etc.

Disclaimer: Every tips/tricks/posting I have published here, is tried and tested in different it-solutions. It is not guaranteed to work everywhere, but is meant as a tip for other users out there. Remember, Google is your friend and don’t be afraid to steal with pride! Feel free to comment below as needed.

%d bloggers like this: