We have a View 5.1 Environment that was built with 2 Security Servers (using DNS Round Robin for external access to cloud.abc.com); paired with 2 Internal Connection Broker Server and all originally deployed with self signed certs. We recently replaced the Security Server Certifictes (with a wildcard cert - *.abc.com) and completed all the required View Changes to deploy the Certs onto the Security Server and verified Cert working working using https://cloud.abc.com. View clients all working and SSl shown as green in View client when accessing (cloud.abc.com). We also replaced the Internal Connection Server Certificates (with a Cert "cloud.abc.pri" from our Internal CA and again made the View Changes to deploy the Certs onto the Conenction Broker Servers all working nicely.
Finally to resolve the View Admin Health Reports we changed the Security Server External URL (from the Public IP address to cloud.abc.com) and also changed the Connection Broker External URL (from the Private IP Address to cloud.abc.pri) and tested that external access was working.
Now the strange bit, 24 hrs later a few users reported they could connect to the View Server (and complete the intial 2F Authentication) but when prompted for the Network Login and password received an error SSL INITIALLSATION FAILED (or words to that effect), given the only changes made
from when everything was working was changin the External URL for the Security Servers from Public IP to FQDN this was changed back and everything started working.
Researching the issue on the communities lead me to the following post - https://communities.vmware.com/message/1549700, which is over 4 yrs old. This related to the SSL Handshake being split into 2 TCP Segments and this causing the problem and a new View Client only requestable via VMWare Support was required to fix the issue. I wondered before I start making all the changes to the config and using Wireshark to verify if this is the problem we have it anyone could advise if they have a similar issue. Problem occurrs on View Client 2.3.0 and 2.3.3 (possibly other earlier clients but these are un-tested atm