Unable to verify certificate for vCenter on Horizon View Connection Server

-
Recently during an outage of my host during to hardware issue in my home lab where my vCenter 6.0 sit on it, resulted some strange behaviour on my View Connection Server 6.1.  I encounter the below error message:

When I go to my Horizon View Dashboard, it looks fine.

When I try to remove the vCenter entry under the Server options and adding it back I end up with another error when trying to add the View Composer.
However this is not related to the strange behaviour above.  But rather this is due to my login did not contain a domain\username but instead of use just username.

Back to the strange behaviour.  It seems my connection to my vCenter via Connection Server has a sudden slowness and the certificate seems to be corrupted.  I tried to find a solution to replace the self-signed (in my case) certificate on my View Connection Server however in vain.  I tried removing the vCenter and re-adding it back, that does not help.

So I chanced upon some steps by our internal team and use it to resolve my problem and it works.

In summary, this is what was done.  First we backup the ADAM database and then we invalid the entry of the vCenter in View Connection Server.  Then we try to add the existing vCenter again.  So now we have two entry of the vCenter where oneis an invalid entry.  Taking from the valid entry certificate thumbprint, we overwrite the invalid ones and remove the latter vCenter entry.  Next revert back the entry to previous valid entry.

Here are the detailed steps that help me resolved my issues.


To manually regenerate data:

Note: Back up the ADAM database before proceeding. For more information, see Performing an end-to-end backup and restore for View Manager (1008046).
  1. Log in to the machine hosting your View Connection Server. If there is a cluster of View Connection Servers, this step can be done on any of the servers.
  2. Click Start > Run, type cmd, and click OK. The command prompt opens.
  3. Run this command, substituting a name for your back up file.

    vdmexport > ViewBackupFilename.ldf

  4. Connect to the ADAM database. For more information, see Connecting to the View ADAM Database (2012377).
  5. Expand OU=Properties > OU=VirtualCenter.
    Note the entry is is after expanding the OU=VirtualCenter.
  6. Document the first four characters of the vCenter Server entry, for example CN=f030. Right-click the vCenter Server entry and click Properties.
  7. Document these three values:

    • pae-NameValuePair. Note the entry here and then remove it.
    • pae-SVIURL. Note the entry and set to a value similar to https://OFFvComposer.domain.com:18443
    • pae-VCURL. Note the entry and set to a value similar to https://OFFvCenter.domain.com:443/sdk
  8. In the View Administrator portal, refresh the dashboard to confirm the name change you made.
    Do note that changes are reflected at two different location.
  9. In View Configuration > Servers > vCenter Server, add an entry for the proper
  10. Open the properties page for each vCenter Server entry.
  11. Manually copy these values from the new vCenter Server entry to the old vCenter Server entry:

    Note: Take a note of the entries before copying. When copying these values, copy and paste directly between properties sheets or copy to a plain text editor that does not add any formatting such as Windows Notepad.exe.

    • pae-SVISslCertThumbprint
    • pae-SVISslCertThumbprintAlgorithm
    • pae-SVIUserName
    • pae-SVIUserPassword
    • pae-VCSslCertThumbprint
    • pae-VCSslCertThumbprintAlgorithm
    • pae-VCUserName
    • pae-VCUserPassword
  12. Remove the new vCenter Server entry from the View Administrator webpage.
  13. Undo the three changes you made at the beginning of the process, including adding the UNIQUEID=XX value back into pae-NameValuePair and rename the pae-SVIURL and pae-VCURL.
  14. Reboot all Connection Servers in the replicated group.
  15. In the View Administrator webpage, refresh the Dashboard page again and confirm vCenter Server and Composer are both shown correctly and are now showing as green status.
  16. Proceed with testing provisioning and recomposing, as well as login functionality.



Comments

Anonymous said…
Your steps works!!! Previously I have renewed the vCenter6.5 certificate and then my Horizon7.5 failed. I tried to import all the new vcenter certificates into the Horizon7 Certificate store but the View Admin still does not allow me to do any provisioning or "accept the TLS certificate" due to an error identifying the validity of the server.

March 14, 2021 at 12:48 PM
Post a Comment

Popular posts from this blog

Why VMware or Why Not after Broadcom?

-
The Truth Yes, the news of VMware acquired by Broadcom has come to a realization. We cannot denied the truth since 22nd Nov 2023. Prior the acquisition, if you have made a multi-year purchase before that, you will have whatever you can consume after the acquisition. VMware after the acquisition has release new bundle of all their offerings and end the perpetual licensing offer to the market. The individual products are not make available and cannot be purchase as a standalone. But are offered via two bundle namely; VMware vSphere Foundation (VVF), VMware Cloud Foundation (VCF). Both of which are all subscription licenses. It also ends all sales and renewal of any perpetual licenses. Honestly, VMware has been trying to end its perpetual license and into subscription for the longest time. With the Broadcom acquisition, VMware has been one of the last major player that has moved to subscription license. Customer who are on VMware, has been enjoying the great pricing with no limit of cores
Read more

VMware by Broadcom, A New Chapter Forward

-
With Broadcom acquisition of VMware completing in 22nd Nov, there have been lots of assumption made by many sources what will become of the business direction. Here are some of the updates that are publicly announced if you have not catch up on the news. To start with, VMware is now known as VMware by Broadcom and all originally VMware software will remain to be branded under VMware. The first announcement 27th November, Carbon Black is  now  an autonomous unit within Broadcom. In my opinion this is good news. I have seen not much integration on Carbon Black ever since acquired by VMware so with that move, it allows Carbon Black to innovate and do what they do best in Cyber security landscape. Next from the acquisition completion, there are many speculation on after the acquisition what will end up of End User Computing? With the  announcement  on 8th December, The End User Computing (EUC) division will be a diverse business. With that understanding, EUC division will operate on their
Read more

VMware vExpert 2024 Application is Now Open!

-
I believe many would have wonder if the vExpert Program will continue since VMware has been acquired by Broadcom recently. I am glad to announce that Corey Romero the program manager for VMware vExpert is continuing the support for the program and this is also Broadcom is supportive of it community recognition. Just for information, VMware User Group is here to stay! For those who are not aware, the VMware vExpert 2024 application is now open. You can follow the post here . There are calls and multiple resources to help you out with your applications and explanation to the different path. Do take note you can fill in the form and save it and submit before 15 Dec 2023 closing date. So take your time to collect your thoughts on your contribution to the VMware community. There is no rush to fill it up at one go. If you need any advice or help, and need to talk to someone, go to the vExpert Pro directory and find someone near you. I am honoured to be part of this directory. Personally I
Read more