Fixed: VMware Horizon UAG "Unrecognized Request Detected" Warning

Fixed: VMware Horizon UAG "Unrecognized Request Detected" Warning

Horizon UAG: Solving the 'Unrecognized Request Detected' Mystery

Published: May 5, 2026 | Category: VDI Infrastructure & Security

Overview of the Symptom

In a VMware Horizon environment, administrators often encounter a yellow warning on the Unified Access Gateway (UAG) stating: "Unrecognized request detected." Curiously, the Connection Server remains healthy (Green), and the event often vanishes from the Horizon Console after a few minutes.

1. Root Cause Analysis

This alert is a result of the UAG’s built-in security filtering. It triggers when the UAG receives traffic that does not conform to the expected Horizon protocol or HTTP standards.

  • External Bot Scanning: As an edge device, the UAG is frequently hit by automated scanners (e.g., Shodan, masscan). When these bots send malformed packets, the UAG drops the request and logs a warning.
  • Misconfigured Load Balancer Health Checks: If your L4/L7 Load Balancer is sending generic TCP pings or incorrect HTTP GET requests to the UAG's port 443, the UAG will flag these as unrecognized.
  • Intermittent Connection Drops: Brief network instability can cause truncated HTTP headers, which the UAG security logic interprets as a potential threat.
  • Why it disappears: The Horizon Dashboard displays the current state. If the unrecognized traffic stops, the UAG clears the status, and the event is moved to the historical logs.

2. Technical Solutions

A. Optimize Load Balancer Health Checks

Ensure your Load Balancer uses the dedicated UAG health check endpoints instead of generic probes. Using the correct path prevents false positives.

  • Recommended Path: /favicon.ico or /rest/v1/config/shared/health
  • Expected Response: HTTP 200 OK

B. Deep Log Inspection

To identify the source IP and the nature of the "Unrecognized Request," you must analyze the UAG's internal logs:

# Log Location: /opt/vmware/gateway/logs/esmanager.log
# Search Query:
grep "Unrecognized request" esmanager.log

Look for the Source IP in the log entry. If the IP is external and unknown, the UAG is simply doing its job by blocking a scan.

C. Geo-Fencing & IP Whitelisting

If the alerts are constant due to external scans, consider implementing Geo-Blocking at your external firewall level to allow only specific regions or known VPN IPs.

3. Monitoring Strategy

Efficient monitoring focuses on distinguishing between operational noise and actual threats.

Metric / Point Tool Criticality
UAG esmanager.log Syslog / Splunk High (Identifies attack patterns)
HTTP 400/403 Errors Load Balancer Analytics Medium (Check for LB misconfigs)
Horizon Event Database SQL Management Studio Low (Used for historical audit)

Final Summary

Verdict: The 'Unrecognized Request' alert on a Horizon UAG is usually a sign of healthy edge protection. It indicates that the UAG successfully blocked non-standard traffic before it could reach your internal Connection Servers. Unless user connectivity is impacted, this is typically a "monitor and ignore" event, provided your Load Balancer health checks are correctly configured.

Comments

Post a Comment

Popular posts from this blog

Troubleshooting VMware Horizon Client vdpConnect_Failure Issue

  Introduction VMware Horizon Client is a widely used solution for virtual desktop infrastructure (VDI). However, users may encounter various connection issues, one of which is the vdpConnect_Failure error. This error often results in a black screen followed by a disconnection, preventing users from accessing their virtual desktop. In this article, we will explore the possible causes of this issue and provide step-by-step solutions to resolve it. Common Causes of vdpConnect_Failure 1. RPC Server Unavailable One of the most common reasons for vdpConnect_Failure is the unavailability of the Remote Procedure Call (RPC) server . This can occur due to: The RPC service being stopped or disabled Network issues preventing communication with the server Firewall blocking required ports 2. Display Protocol Issues (Blast/PCoIP/RDP) Horizon Client uses different display protocols such as Blast, PCoIP, or RDP . If there are misconfigurations or compatibility issues with the selected protocol, ...
Read more

VMware Horizon Agent “Protocol Error” — Fixed by Windows Firewall Configuration

  🖥️ VMware Horizon Agent “Protocol Error” — Fixed by Windows Firewall Configuration Overview Recently, I encountered an issue where several Horizon Agent–based virtual desktops in our environment showed the status “Starting other services” or “Protocol Error” in the Horizon Administrator console. Even after reinstalling the Agent (version 2206 ), the problem persisted. Symptoms Horizon Agent status: “Starting other services” → “Protocol error” Horizon main services appeared to be running normally Event Viewer showed Event ID 7000 for services such as: PASVC – failed to start LUFAV – not installed Reinstalling the Agent (even using Repair mode ) did not solve the issue Root Cause After deeper inspection, we discovered that on the affected VMs: Windows Defender Firewall (Domain Profile) → “Block all incoming connections, including those in the list of allowed apps” was checked (enabled). This setting silently blocks all inbound traffic , ev...
Read more

VMware / Omnissa Horizon Agent Unreachable – Causes and Fixes (Complete Troubleshooting Guide)

  Keywords: VMware Horizon Agent Unreachable, Omnissa Horizon Agent unreachable, Horizon View troubleshooting, Blast service issue, Horizon Agent not responding, VDI connectivity problem In VMware Horizon (now branded as Omnissa Horizon ), administrators frequently encounter the “Agent Unreachable” state in the Horizon Console. While a simple reboot often resolves the issue, persistent cases indicate deeper infrastructure, service, or network-layer problems. This guide provides a structured root-cause analysis and remediation checklist suitable for production VDI environments. What Does “Agent Unreachable” Mean? When a desktop shows Agent Unreachable , the Horizon Agent inside the VM cannot communicate with the Connection Server . The failure typically occurs in one of these control paths: Horizon Agent → Horizon Connection Server Blast Secure Gateway (BSG) → Agent Windows OS services → Horizon Agent service Firewall or network layer blocking agent heartbeat ...
Read more