I'm having trouble configuring TrueSSO and thus far VMware support is stumped. I have a working TrueSSO environment that I'm rebuilding with a CPA environment. The existing (working) and new environment will be using the same Enterprise CA server.
I have successfully requested the enrollment agent cert from the CA server as well as successful import of the Horizon connection server cert into the "VMware Horizon View Enrollment Server Trusted Roots". I've retried this many times to confirm everything is correct.
I have successfully added the enrollment server (see cert state below).
Name: domain.com
Enrollment CertState: VALID
Template(s):
Name: TrueSSO
Minimum key length: 2048
Hash algorithm: SHA256
Certificate Authority(s):
Name: Domain-CA
When I try to add the connector with the following command, I get the error below. Server and domain names have been changed for this posting.
vdmUtil --authAs "domainaccount" --authDomain domain.com --authPassword password --truesso --create --connector --domain domain.com --template TrueSSO --primaryEnrollmentServer esserver.domain.com –certificateServer CAservername --mode enabled
Failed to create connector
Connector certificate servers [CAservername] are not present on the primary enrollment server
Has this happened to anyone? I can't find what the issues is, and VMware has been of no help even after uploading debug logs.
Did you solve this?
We got the same issue.
We have not. I'm picking this back up soon to try to complete. My last question from VMware suggested that I needed to validate that the connection servers can access the CRL on the web. I don't think they really know.
I have this exact same issue. Any updates on the case?
I had this issue.
The reason i ran into this was I was putting the FQDN instead of Certificate authority name.
If you run:
vdmUtil --authAs admin-username --authDomain domain-name --authPassword admin-user-password --truesso --environment --list --enrollmentServer enroll-server-fqdn --domain domain-fqdn
it will display the names you need to add to the command. Mine was slightly different from fqdn.
Credit:
VMware Horizon True SSO with UAG SAML – Carl Stalhood