Symptoms
The Horizon Console UI reports that "Certificate Validation Failed" for the vCenter serverIn the Horizon Connection Server debug logs the following log lines may be observed:
2021-08-17T05:13:08.197-07:00 ERROR (1B74-2450) <ajp-nio-0.0.0.0-8009-exec-1> [FaultUtilBase] UnexpectedFault: Unexpected failure during certificate validation
2021-08-17T05:13:08.197-07:00 ERROR (1B74-2450) <ajp-nio-0.0.0.0-8009-exec-1> [RestApiServlet] Unexpected fault:(vdi.fault.UnexpectedFault) {
errorMessage = Unexpected failure during certificate validation.,
causeString = null,
causeStackTrace = null,
errorCode = CERTIFICATE_VALIDATION_FAILED,
errorAttributes = null
2021-08-17T05:28:05.367-07:00 ERROR (1B74-2358) <VirtualCenterDriver-86a75309-e8f6-7d5b-bf3b-ff0b986db753> [ServiceConnection25] Problem connecting to VirtualCenter at https://vcenter.sddc-86-753-098-675.vmwarevmc.com:443/sdk
2021-08-17T05:28:05.367-07:00 WARN (1B74-2358) <VirtualCenterDriver-86a75309-e8f6-7d5b-bf3b-ff0b986db753> [VirtualCenterDriver] Unable to establish a connection with VC <https://vcenter.sddc-86-753-098-675.vmwarevmc.com:443/sdk> using VIM 2.5 binding
Cause
This issue occurs when, after maintenance, the Horizon Connection Server can no longer access vCenter.Logically if vCenter is inaccessible the certificate cannot be validated, and the last error listed in the Symptoms indicates the issue.There will be many instances of this error in the debug logs on the Connection Server.
This can occur for a number of reasons. For example:
Network maintenance was performed resulting in no path between the Connection Server(s) and vCenter.Network Security policies are preventing access.Permissions have been modified in the AWS console prior to a platform upgrade, resulting in network IDs failing to update successfully (modifying AWS console permissions, for example in VMC environments, is not supported). This results in no route between the Connection Server instances and vCenter.
This can be verified by attempting to access the web interface of the vCenter Server from the Connection Server. In some cases, ping or telnet can also be used depending on environmental network configuration.
Resolution
Restore network accessibility between the Connection Server(s) and vCenter Server. Since this can happen for a multitude of environmental reasons the resolution will depend on troubleshooting why there is no network connectivity between the appliances and is outside of the scope of this article.
