I am running Horizon 7.8
1 person found this helpful
I suggest using the diagnostic fling to troubleshoot. There are a lot of moving components with TrueSSO so triple check you have anything setup correctly. One little thing off will break everything. Took me a few tries to get it working perfectly.
This is your friend:
VMware Fling for TrueSSO Diagnostics
Setup TrueSSO Documentation
Techguy, thank you for those articles and fling.
The problem im getting is when adding the connector. Im getting Cannot create on the primary enrollment server with a template with UNSUITABLE status.
When i ran the diag tool on the ES i got the following under Capability Notes: Unsuitable for Cert-SSO, Certificate is stored in the CA database
Looked like an issue with Cert-SSO, fixed the certificate template with correct settings.
Thank you for the tool.
Internal SSO is working, external with Workspace One IDM and IDM Connector is not.
I have filed a ticket with VMWare, and will update this article of what transpired.
It looks like the user is using VMWare SSO User when trying to access TrueSSO from Workspace One IDM
Will update soon.
I had that problem. Took me ages to find an answer.
You need to take the issuing and root CA and place them into the NTAuthCA, RootCA and SubCA stores in AD. This feeds down to the desktops using GP Client Side Extensions and provides the complete chain for your enrolling certificate. That error is usually caused my TrueSSO pushing down the certificate correctly but your desktop need trusting it as it doesn't have all the chain to validate it.
Run these commands on your AD Controller, then waiting for GP to update on its own (or refresh your desktops)
CERTUTIL -f -dspublish <cert file name> SubCA
CERTUTIL -f -dspublish <cert file name> NTAuthCA
CERTUTIL -f -dspublish <cert file name> RootCA