Hello,
I'm working at a company where we use horizon client to access a VDI
I have a user (only one) who had access without any problem, then his computer ran into some troubles, he performed a gpupdate, and since then he has an SSL error message whenever he connects
I have tried many things, including: (none of them worked)
changing SSL vertifiacte parameters in horizon
importing gpos from horizon gpo bundle and configure the following:
Ignore Certificate Revocation Problems - Enabled
Certificate verification mode - Enabled (No Security)
Same still doesnt work
I tried this too
Try adding the following registry on the client machine:
[HKEY_LOCAL_MACHINE \ SOFTWARE \ Policies \ VMware, Inc. \ VMware VDM \ Client \ Security]
"SSLCipherList" = "SSLv3: TLSv1: TLSv1.1: AES: RC4-SHA:! ANULL: @STRENGTH"
Nothing worked
Maybe I did it wrong but Im pretty sure I did it properly, for instance I can see the registry keys being created when I set up the GPOs
Does anyone has any idea?
Regards,
Are you directly connecting to your VDI or do you use a Gateway (either Connection Server or UAG) accessing it?
Hello,
Im unsure about the answer, we connect to a VDI which has a name like https://vdi-internal."company name".net
It works for everyone except that one user
Xelany,
What version is the Horizon client? Have you tried upgrading to a newer version?
Lars
It is version 5.4.2, I took it from the internet, I think it is the last one
Personally I have version 5.3.0, does it change anything?
The reason why I am asking is to understand where between your Horizon Client and the VDI the SSL handshake happen?
Could be the VDI (direct connection), the Connection Server (acting as Gateway) or a UAG (again Gateway).
Can anybody else access exact the same VDI? Is the certificate trusted by the device where you launch Horizon Client?
I understand that you can logon to Horizon but the connection to the VDI is failing - correct?
The reason why I am asking is to understand where between your Horizon Client and the VDI the SSL handshake happen?
Could be the VDI (direct connection), the Connection Server (acting as Gateway) or a UAG (again Gateway).
Can anybody else access exact the same VDI? Is the certificate trusted by the device where you launch Horizon Client?
I don't know if it is direct connection, connection server or a UAG, I could maybe ask the team in charge if really needed, I just know we access to the VDI via a link and we connect to a desktop pool
Yes many people can access the same VDI, me included, how could I check if the certificate is trusted? In the MMC console?
I understand that you can logon to Horizon but the connection to the VDI is failing - correct?
Well I can launch the application, the user is then requested for a link (https...) then we click connect and we immediately have the SSL error, so I can't really logon to horizon, just launch it, and I'll say this happen before the real connection to the VDI
We don't access to the pool of desktop where we can choose the VDI to connect to, it fails during the conenction just before that
Hope that's clear enough
Any ideas?
Thanks situation is now more clear.
If you connect via Browser to https://vdi-internal."company name".net do you see any certificate errors (next to the URL on the left hand side)?
In case yes, can you click there on more details and paste a screenshot of the "Certificate Path"-Tab?
I guess AlexAskin might be on the right track here. Perhaps your internal root certificate isn't trusted by the client computer?
Lars
Hello again,
Thank you so much for pointing out that we can connect using internet browser, I wasn't aware of that functionality! Now the user was able to connect to the VDI using HTML connection, and he can finally work normally, which was very important for his daily job!
Now I still would like the main application to work, I'll provide the details of the certificate next week, but I wonder, are some informations too confidential to be unveiled on the internet or can I post them with no problem in this forum?
Thanks again, it was a real annoyance, now he can work normally!
Regards,
Hello again,
No answer since last time, I still would like to fix the issue for the main app
Can I post the screenshot here?
Regards,
Sure. Lets see if we can find the root-cause.
Here is the screenshot, I just hid the company name in case
Not much infromation here it seems, please tell me if you need more
Regards,
Hi
As you are using Corporate certificates, insure this user have root CA and intermediate certificates in the trusted store, and check any as expired
Eric
Hello again,
I checked the "companyname"corporateRootCA in MMC and it is valid until 2024, it seems that it is the same as the one used with IE
There are actually a lot of certificates in those 2 folders, not sure what I should look for
Do you guys have any clue on what i should do next?
Any idea? Im glad I have a workaround but I would like the main app to work
In case you need more infos I can provide them
Anyone?
Xelany,
If the advices given here so far didn't work I would recommend you to file an SR with VMware support. I'm sure they will help you find the best soution.
Lars
Hello,
Ok I'll have a look at this
In the meantime I tried to copy the certificates from IE to MMC console but it didn't work either 😕