A security server or a Connection Server instance that is used for secure Horizon Client connections might show as red in View Administrator if certificate revocation checking cannot be performed on the server's TLS certificate.
Problem
A security server or Connection Server icon is red on the Horizon Administrator dashboard. The Horizon 7 server's status shows the following message: Server's certificate cannot be checked.
Cause
Certificate revocation checking might fail if your organization uses a proxy server for Internet access, or if a Connection Server instance cannot reach the servers that provide revocation checking because of firewalls or other controls.
A Connection Server instance performs certificate revocation checking on its own certificate and on those of the security servers paired to it. By default, the VMware Horizon View Connection Server service is started with the LocalSystem account. When it runs under LocalSystem, a Connection Server instance cannot use the proxy settings configured in Internet Explorer to access the CRL DP URL or OCSP responder to determine the revocation status of the certificate.
You can use Microsoft Netshell commands to import the proxy settings to the Connection Server instance so that the server can access the certificate revocation checking sites on the Internet.