-
1. Re: Connection Server's certificate is not trusted
nzorn Jun 12, 2013 3:30 PM (in response to nzorn)A reboot did not fix the issue, but disabling the certificate revocation checking turned the status to green.
[HKEY_LOCAL_MACHINE\SOFTWARE\VMware, Inc.\VMware VDM\Security]
"CertificateRevocationCheckType"="1"
I did not have to reboot or restart any services after applying this registry entry.
-
2. Re: Connection Server's certificate is not trusted
Linjo Jun 13, 2013 1:45 AM (in response to nzorn)Can the Connection-broker reach the CRL-url?
-
3. Re: Connection Server's certificate is not trusted
nzorn Jun 13, 2013 5:59 AM (in response to Linjo)Not sure exactly what you mean...how would I go about testing that?
-
4. Re: Connection Server's certificate is not trusted
Linjo Jun 13, 2013 9:56 AM (in response to nzorn)The easiest would be to put the CRL in a browser from the View connection server and try to see if it can reach it.
// Linjo
-
5. Re: Connection Server's certificate is not trusted
DaveatWin Aug 1, 2013 8:49 AM (in response to nzorn)Yep, got the same error this morning, out of the blue it seems.
I did a fresh install of all the Horizon View pieces last month and all were set up with CA signed certs and I used the certificate automation tool to make sure everything was minted and trusted. Everything was green until this morning. It appears I have the exact same symptoms that you do. I verified the Composer and Vcenter server and they went green. Working now to turn the View server green again. Thanks for the post.
-
6. Re: Connection Server's certificate is not trusted
nzorn Aug 1, 2013 8:52 AM (in response to DaveatWin)I have not be able to confirm what caused my problem though. I ended up powering on my ROOT CA, and then I removed the registry key I listed above and they are still green.
Does your ROOTCA happen to be offline? If so try bringing it online.
-
7. Re: Connection Server's certificate is not trusted
DaveatWin Aug 1, 2013 9:09 AM (in response to nzorn)Our root CA stays online. I created that string on the View server and it is good to go. Thanks!
I don't really like disabling CRL checking and would like to figure out the cause too but I don't have the time to mess with it. I just need this stuff to work so I can support my users and not have to fettle with the Infrastructure at random and inconvenient times! Post was a lifesaver for me and saved me a call to Vmware, thanks again!
-
8. Re: Connection Server's certificate is not trusted
nzorn Aug 1, 2013 9:11 AM (in response to DaveatWin)Very interesting, please post if you find anything else out.
Thanks!
-
9. Re: Connection Server's certificate is not trusted
rooster147 Jan 13, 2014 9:15 AM (in response to nzorn)Has anybody gotten to the bottom of this yet? I had the same thing happen this weekend in my env. All the certs became untrusted, once I verified them in the Admin console they started working again but the connection brokers are still red with an "invalid cert" error. Nothing had changed before this outage and these certs have been working for over 8 months. Just strange out of the blue this happened.