VMware Horizon Community
emark07
Contributor
Contributor
‎04-26-2022 01:01 PM

Certificate didn't match the expected certificate

The Connection Server authentication failed. The tunnel server presented a certificate that didn't match the expected certificate. Contact your administrator.

User gets this message from their desktop. if I move them to another desktop they can connect successfully. If they return to the previous desktop it fails. So it would appear to be something corrupted in the users windows profile.

I deleted the windows profile and the user logged back in and was able to connect. Problem is, this puts the user down a few hours while they reset up their desktop environment. In the last year it has occurred two times.  I am at a loss on how to further trouble shoot this problem

I am faced with it again. I would prefer to fix it somehow instead of blowing away the windows profile.

 

Any thoughts?

0 Kudos
3 Replies
fabio1975
Commander
Commander
‎04-27-2022 02:07 PM

CIao 

It could be a Truster Root CA problem present on the profile/computer you have the problem on.

Is access to the Horizon infrastructure done using the UAG (Unified Access Gateway) or by connecting directly to the connection Servers?
Is the certificate used issued by a Private CA (Microsoft Private CA, with rootca and possibly a subca inside your network) or by a public CA?
Is the OS on which the problem occurs joining the domain where the connection servers are located or are it out of domain / in another domain?
Do you have multiple Horizon connection servers?

Fabio

Visit vmvirtual.blog
If you're satisfied give me a kudos

0 Kudos
emark07
Contributor
Contributor
‎04-29-2022 07:28 AM

Is access to the Horizon infrastructure done using the UAG (Unified Access Gateway) or by connecting directly to the connection Servers? Yes
Is the certificate used issued by a Private CA (Microsoft Private CA, with rootca and possibly a subca inside your network) or by a public CA?  We use a 3rd party signed certificate
Is the OS on which the problem occurs joining the domain where the connection servers are located or are it out of domain / in another domain? The Workstation is part of the same domain
Do you have multiple Horizon connection servers? Yes 

 

The curious thing is it fails for the user. We go into the system and delete the user profile, User logs back into the workstation and is able to connect. So, it would appear that something has gotten corrupted under the user's windows profile.

 

0 Kudos
fabio1975
Commander
Commander
‎05-03-2022 02:25 PM

Ciao 

It is not clear to me from your answer whether the connection is made through UAG or by connecting directly to the connection servers.

You should check if indeed the horizon client fails to validate the certificate and understand what it is that does not validate it.

For example, trying to access via the web the FQDN address used to access the Horizon infrastructure (obviously when the problem arises and testing access from the location that has the problem) and checking the certificate where it is invalid ... it could be a RootCA or CRL issue that is not contacted.

Or trivially it is that on a connection server there are incorrect certificates, and by changing the workstation the user can connect because on that station the validation chain of the certificate is ok or uses another connection server.

Fabio

Visit vmvirtual.blog
If you're satisfied give me a kudos

0 Kudos