A security server or a Connection Server instance that is used for secure Horizon Client connections might show as red in View Administrator if certificate revocation checking cannot be performed on the server's TLS certificate.

Problem

A security server or Connection Server icon is red on the Horizon Administrator dashboard. The Horizon 7 server's status shows the following message: Server's certificate cannot be checked.

Cause

Certificate revocation checking might fail if your organization uses a proxy server for Internet access, or if a Connection Server instance cannot reach the servers that provide revocation checking because of firewalls or other controls.

A Connection Server instance performs certificate revocation checking on its own certificate and on those of the security servers paired to it. By default, the VMware Horizon View Connection Server service is started with the LocalSystem account. When it runs under LocalSystem, a Connection Server instance cannot use the proxy settings configured in Internet Explorer to access the CRL DP URL or OCSP responder to determine the revocation status of the certificate.

You can use Microsoft Netshell commands to import the proxy settings to the Connection Server instance so that the server can access the certificate revocation checking sites on the Internet.

Solution

  1. On the Connection Server computer, open a command-line window with the Run as administrator setting.
    For example, click Start, type cmd, right-click the cmd.exe icon, and select Run as administrator.
  2. Type netsh and press Enter.
  3. Type winhttp and press Enter.
  4. Type show proxy and press Enter.
    Netshell shows that the proxy was set to DIRECT connection. With this setting, the Connection Server computer cannot connect to the Internet if a proxy is in use in your organization.
  5. Configure the proxy settings.
    For example, at the netsh winhttp> prompt, type import proxy source=ie.
    The proxy settings are imported to the Connection Server computer.
  6. Verify the proxy settings by typing show proxy.
  7. Restart the VMware Horizon View Connection Server service.
  8. On the Horizon Administrator dashboard, verify that the security server or Connection Server icon is green.