One of the basic tasks in the XenDesktop configuration is to integrate the infrastructure of existing customers, such as virtualization platform. Below you can find a screenshot of the respective assistant:
When integrating with XenDesktop vSphere or vCenter respectively, you may encounter the message following error:.
"Unable to connect to the vCenter server because of a certificate error Make sure that the appropriate certificates are installed on the vCenter server, and install the appropriate certificates on the same machine contains all instances of the host service. "
As the error message indicates, XenDesktop can not connect to vCenter because he did not trust the server certificate in use. This usually happens in the POC environments where the customer has not replaced the self-signed server certificate, which is added to the vCenter Server at installation, with a certificate signed by an external / internal Certificate Authority trust
According XenDesktop administrator's Guide Citrix eDocs (http://support.citrix.com/proddocs/topic/xendesktop-7/cds-vmware-rho.html) a simple solution to this problem is to connect to vCenter using IE, accept the security warning, click the certificate warning and install the server certificate on the XenDesktop broker. Unfortunately, it does not work in all cases. Fortunately, there is another option to make it work:
Update vCenter / vSphere 6: With vCenter 6 the file structure on the vCenter server was changed and the approach described in the blog does not work any longer. Please follow the steps outlined in eDocs - Prepare the virtualization environment: VMware to import and trust the certificate by default. In my lab environment vCenter import the certificate directly from Internet Explorer worked perfectly. Be sure to import it to the local machine and the store People trust.
vCenter / vSphere 5.5
1. Log in to your vCenter server and navigate to "C: ProgramData VMware VMware VirtualCenter SSL"
2. Copy the file to your XenDesktop cacert.pem broker (the C: Temp for example)
3. Open the Microsoft Management Console (mmc.exe by running the command) as an administrator
4. Add the certificates snap-in and select to manage certificates on behalf of the local computer.
5. Locate "Trusted Root Certification Authorities" and select Import
6. Import the file cacert .pem. (You must select "All Files" from the dropdown menu in the lower right corner to be able to see it)
7. Now you should be able to see vCenter certificate in certificate trust list and XenDesktop must connect to vCenter with no error message.
Of course, there are good reasons for not using self-signed certificates in production environments, so you must use the technique mentioned above for POC environments only. For all other cases go and get an appropriate server certificate.
-Thomas
Follow me on Twitter @ tberger80
0 Komentar