Rebuilding your XenDesktop lab environment, everybody does it and everybody runs into that issue when you configure the vCenter connection from Citrix Studio with a self-signed certificate.
After my initial installation of XenDesktop I configured XenDesktop to point at my vCenter appliance which has a self signed SSL certificate.. which resulted in:
Citrix has posted a procedure to configure this properly:
|According to the XenDesktop Admin Guide in Citrix eDocs (http://support.citrix.com/proddocs/topic/xendesktop-7/cds-vmware-rho.html) a simple solution to this challenge is to connect to vCenter using IE, accept the security warning, click on the certificate warning and install the server certificate on the XenDesktop Broker.Unfortunately this does not work in all cases. But luckily there is another option to make it work:1. Connect to your vCenter server and browse to „C:\ProgramData\VMware\VMware VirtualCenter\SSL“2. Copy the cacert.pem file to your XenDesktop Broker (to the C:\Temp directory for example)3. Open a Microsoft Management Console (by running the mmc.exe command) as an Administrator4. Add the Certificates Snap-In and select to manage certificates for the local computer account.
5. Browse to „Trusted Root Certification Authorities“ and select Import
6. Import the cacert.pem file. (You need to select „All Files“ from the dropdown menu in the lower right hand corner, to be able to see it)
7. Now you should be able to see the vCenter certificate in the list of trusted certificates and XenDesktop should connect to vCenter without any error message.
Obviously there are good reasons for not using self-signed certificates in production environments, so you should use the aforementioned technique for POC environments only. For all other cases go and get a proper server certificate.
As I was configuring multiple XenDesktop Delivery Controllers I didn’t want to follow this procedure multiple times so I wrote a small PoSH script to walk you through these steps:
1) Ask you for the vCenter IP address
2) Ask you for the vCenter FQDN
3) Will check if the vCenter FQDN is reachable
4) If it is it will proceed with step 6
5) If it’s not reachable it will put the vCenter IP address and vCenter FQDN in your local HOSTS file
6) It will get the SSL Certificate from your vCenter and import it into the “Trusted People” Computer store.
You can get your copy of the script here:
The XenDesktop SSL script version 1 (signed) can be downloaded here:XenDesktop SSL Config (Signed) (579)
The XenDesktop SSL script version 1 (unsigned) can be downloaded here:XenDesktop SSL Config (Unsigned) (579)
Latest posts by Kees Baggerman (see all)
- XenServer and Nutanix: Insights on the how - September 7, 2017
- Making sure your Citrix Desktops are utilized with Powershell v2 - September 6, 2017
- Protecting your Citrix desktops on Nutanix using powershell - August 4, 2017
- Citrix Provisioning on Nutanix AHV [Updated with PVS support for AHV] - June 28, 2017
- Microsoft SCVMM and Citrix PVS, exporting retries to a CSV - June 19, 2017