VMware Horizon View 7 – TLSv1


VMware Horizon View 7 – TLSv1

Just a quick heads up to make sure people are not facing the same issues a customer had after upgrading to VMware Horizon View 7. Just got of the phone with a customer that did the upgrade of the VMware Horizon View environment without our help. It was a small site just for a remote office and a handful of desktops running, no composer no security server just simple and dirty desktops for a remote employee.

The upgrade went fine, desktops worked,  employee was happy, license accepted and while he asked me to check some settings we get the error.

“The vCenter server certificate is invalid, make sure you have a CA signed certificate or accept the self signed  in the dashboard”.

We got this message while trying to edit the desktop pool.

So we headed to the dashboard, clicked on the vCenter server and saw the message “invalid”. Simple, just click on Verify and accept the self signed. In the mean time I checked the validation period of the certificate but that was good until 2023. I couldn’t verify, it wouldn’t do anything just sit there and look stupid.

TLSv1

Than it hit me, there was something with older vCenter servers and TLSv1.

TLSv1

VMware horizon View

This customer because it was a quick and dirty upgrade waiting for the real project to start, had an old vCenter version. We have a project starting soon to upgrade and design a new environment so this was  “don’t look, don’t ask just install” View environment.

TLSv1 has to be enabled on the connection server and if you have one, the composer. Here we just have a connection server so let’s dive into ADSI Edit and change it.

From the VMware installation guid of VMware Horizon View 7:

  1. In the console tree, select Connect to.
  2. In the Select or type a Distinguished Name or Naming Context text box, type the distinguished name DC=vdi, DC=vmware, DC=int.
  3. In the Computer pane, select or type localhost:389 or the fully qualified domain name (FQDN) of the View Connection Server host followed by port 389.

    For example: localhost:389 or mycomputer.example.com:389

  4. Expand the ADSI Edit tree, expand OU=Properties, select OU=Global, and double-click CN=Common

    in the right pane.

  5. In the Properties dialog box, edit the pae-ClientSSLSecureProtocols attribute to add the following value
                \LIST:TLSv1.2,TLSv1.1,TLSv1
    

    Be sure to include the back slash at the beginning of the line.

  6. Click OK.
  7. Restart the VMware Connection server service

Now you will see that the vCenter server is greenish again and you can edit the desktop pool. It’s a simple solution but one you need to be aware of. See the installation guide for more information, the link is – here


1 Response

  1. May 25, 2016

    […] This Fix is provided by Rob Beekmans! […]

Leave a Reply

This is a demo store for testing purposes — no orders shall be fulfilled. Dismiss

https://tracking.cirrusinsight.com/869c29e2-3a9b-48c5-9232-0b95e7993ae8/controlup-com-pixel-php