Launching soon: The world's first vendor agnostic bug scrubLearn more & join waitlist
OPERATIONAL DEFECT DATABASE
...
...
The Connection Server unable to accept vCenter thumbprint with an error "There was an error identifying the validity of the server"Unable to edit desktop pool with VC error.vCenter status shows red in View admin dashboardUnable to verify vCenter certificate. Logs from the Connection server will contain error messages similar to the below:For additional information on these logs , please see: Location of Horizon View log files (1027744)Collecting VMware Horizon View log bundles (1017939) 2019-03-06T08:28:14.843-06:00 DEBUG (0FC0-184C) <VirtualCenterDriver-8785064c-ad09-4db8-9b98-fd9696610b53> [CertMatchingTrustManager] invalid certificate (and no trusted thumbprint) for vcenterfqdn.com:443 InvalidCertificateException[reasons:notTrusted; subject:'C=US, CN=vcenterfqdn.com' message:'ValidateCertificateChain Result: FAIL, EndEntityReasons: , ChainReasons: partialChain, noTrust'] 2019-03-06T08:28:14.844-06:00 ERROR (0FC0-184C) <VirtualCenterDriver-8785064c-ad09-4db8-9b98-fd9696610b53> [ServiceConnection25] Problem connecting to VirtualCenter at https://vcenterfqdn.com:443/sdk 2019-03-06T08:28:14.844-06:00 WARN (0FC0-184C) <VirtualCenterDriver-8785064c-ad09-4db8-9b98-fd9696610b53> [VirtualCenterDriver] Unable to establish a connection with VC <https://vcenterfqdn.com:443/sdk> using VIM 2.5 binding
If there are self-signed certificates on the vcenter - for instance - if the cert present on the vcenter admin page says untrusted or windows cannot verify - the connection server will likely have the same response. If the vCenter certificate is added to the trusted root of one or more connection server but not on all. This can also happen if only the root CA of vcenter is added to the trusted store of Connection Server but not the complete chain
Both Provisioning and new/existing client sessions will not be available during connection server reboot. This work is best scheduled during a maintenance window.
The recommended and preferred method is to ensure your vCenter server has a ca signed cert. Please refer to Replacing default certificates with CA signed SSL certificates in vSphere 6.x (2111219) or the latest documentation for your edition of vCenter. 1. Please download a copy of your vCenter root certificate using the following guide: How to download and install vCenter Server root certificates to avoid Web Browser certificate warnings (2108294)2. Import the vCenter certificate along with the root certificates to Connection Server trusted root folder in all the connection server ( this is the windows certificate store.Procedure : On the Windows Server computer, click Start and type mmc.exe.In the MMC window, go to File > Add/Remove Snap-in.In the Add or Remove Snap-ins window, select Certificates and click Add.In the Certificates snap-in window, select Computer account, click Next, select Local computer, and click Finish.In the Add or Remove snap-in window, click OK.Navigate to the trusted root folder 7. Import the vcenter certificate here - one method is with the actions option (more actions-> all tasks- > import ) Restart Services to bind the Certificate: Restart the Connection Server service to load the new certificate. For more information, see Stopping, starting, or restarting VMware View services (1026026). If you experience issues while starting the Connection Server service after installing the new certificate, please check Troubleshooting SSL certificate issues in VMware Horizon (2082408)