Rebuilding your XenDesktop lab environment, everybody does it and everybody runs into that issue when you configure the vCenter connection from Citrix Studio with a self-signed certificate.
After my initial installation of XenDesktop I configured XenDesktop to point at my vCenter appliance which has a self signed SSL certificate.. which resulted in:
Citrix has posted a procedure to configure this properly:
| According to the XenDesktop Admin Guide in Citrix eDocs (http://support.citrix.com/proddocs/topic/xendesktop-7/cds-vmware-rho.html) a simple solution to this challenge is to connect to vCenter using IE, accept the security warning, click on the certificate warning and install the server certificate on the XenDesktop Broker.Unfortunately this does not work in all cases. But luckily there is another option to make it work:1. Connect to your vCenter server and browse to „C:\ProgramData\VMware\VMware VirtualCenter\SSL“2. Copy the cacert.pem file to your XenDesktop Broker (to the C:\Temp directory for example)3. Open a Microsoft Management Console (by running the mmc.exe command) as an Administrator4. Add the Certificates Snap-In and select to manage certificates for the local computer account.
5. Browse to „Trusted Root Certification Authorities“ and select Import
6. Import the cacert.pem file. (You need to select „All Files“ from the dropdown menu in the lower right hand corner, to be able to see it) 7. Now you should be able to see the vCenter certificate in the list of trusted certificates and XenDesktop should connect to vCenter without any error message. Obviously there are good reasons for not using self-signed certificates in production environments, so you should use the aforementioned technique for POC environments only. For all other cases go and get a proper server certificate. |
As I was configuring multiple XenDesktop Delivery Controllers I didn’t want to follow this procedure multiple times so I wrote a small PoSH script to walk you through these steps:
1) Ask you for the vCenter IP address
2) Ask you for the vCenter FQDN
3) Will check if the vCenter FQDN is reachable
4) If it is it will proceed with step 6
5) If it’s not reachable it will put the vCenter IP address and vCenter FQDN in your local HOSTS file
6) It will get the SSL Certificate from your vCenter and import it into the “Trusted People” Computer store.
You can get your copy of the script here:
The XenDesktop SSL script version 1 (signed) can be downloaded here:[download id=”7″]
The XenDesktop SSL script version 1 (unsigned) can be downloaded here:[download id=”8″]
Thanks to Andrew Morgan for the sanity check of my attempt to script and Carl Webster for his endless work on his PoSH scripts (which I took as an example for this script).
Kees Baggerman
Latest posts by Kees Baggerman (see all)
- Nutanix AHV and Citrix MCS: Adding a persistent disk via Powershell – v2 - November 19, 2019
- Recovering a Protection Domain snapshot to a VM - September 13, 2019
- Checking power settings on VMs using powershell - September 11, 2019
- Updated: VM Reporting Script for Nutanix with Powershell - July 3, 2019
- Updated (again!): VM Reporting Script for Nutanix AHV/vSphere with Powershell - June 17, 2019
Kees,
Thanks for this info. The path changed in vCenter 6. I had to use IE, browse to my vCenter FQDN and import the cert into Trusted People in order to get Studio to create the Connection.
Webster
[…] on my earlier script to import the SSL certificate for vCenter I decided to do the same for the Nutanix PRISM interface, the previous script could be easily reused […]