Horizon 7 and later components have the TLSv1.0 security protocol disabled by default. If your deployment includes an older version of vCenter Server that supports only TLSv1.0, you might need to enable TLSv1.0 for Connection Server connections after installing or upgrading to Connection Server 7.0 or a later release.

Some earlier maintenance releases of vCenter Server 5.1, and 5.5 support only TLSv1.0, which is no longer enabled by default in Horizon 7 and later releases. If it is not possible to upgrade vCenter Server to a version that supports TLSv1.1 or TLSv1.2, you can enable TLSv1.0 for Connection Server connections.


  • If you are upgrading to Horizon 7, perform this procedure before you upgrade to minimize the number of times you must restart the service. During an upgrade the Connection Server service is restarted, and a restart is required to apply the configuration changes described in this procedure. If you upgrade before you perform this procedure, you will need to restart the service a second time.
  • See the Microsoft TechNet Web site for information on how to use the ADSI Edit utility on your Windows operating system version.


  1. Start the ADSI Edit utility on your Connection Server host.
  2. In the console tree, select Connect to.
  3. In the Select or type a Distinguished Name or Naming Context text box, type the distinguished name DC=vdi, DC=vmware, DC=int.
  4. In the Computer pane, select or type localhost:389 or the fully qualified domain name (FQDN) of the Connection Server host followed by port 389.
    For example: localhost:389 or mycomputer.example.com:389
  5. Expand the ADSI Edit tree, expand OU=Properties, select OU=Global, and double-click CN=Common in the right pane.
  6. In the Properties dialog box, edit the pae-ClientSSLSecureProtocols attribute to add the following value

    Be sure to include the back slash at the beginning of the line.

  7. Click OK.
  8. If this is a fresh installation, to apply the configuration change, restart the Connection Server service on each connection server instance.
    If you plan to perform an upgrade, you do not need to restart the service because the process of upgrading automatically restarts the service.