To accomplish pairing, you can use the MMC Certificates snap-in to export automatically generated, self-signed Enrollment Service Client certificate from one connection server in the cluster. This certificate is called a client certificate because the connection server is a client of the Enrollment Service provided by the enrollment server.
Enrollment Service must trust the VMware Horizon Connection Server when it prompts the Enrollment Servers to issue the short lived certificates for Active Directory users. Hence, the VMware Horizon Connection Server clusters or pods must be paired with Enrollment Servers.
The Enrollment Service Client certificate is automatically created when a Horizon 7 or later Connection Server is installed and the VMware Horizon Connection Server service starts. The certificate is distributed through View LDAP to other Horizon 7 Connection Servers that get added to the cluster later. The certificate is then stored in a custom container (VMware Horizon View Certificates\Certificates) in the Windows Certificate Store on the computer.
Verify that you have a Horizon 7 or later Connection Server. For installation instructions, see Horizon 7 Installation. For upgrade instructions, see Horizon 7 Upgrades.
Customers can use their own certificates for pairing, rather than using the self-generated certificate created by the connection server. To do so, place the preferred certificate (and the associated private key) in the custom container (VMware Horizon View Certificates\Certificates) in the Windows Certificate Store on the connection server machine. You must then set the friendly name of the certificate to vdm.ec.new, and restart the server. The other servers in the cluster will fetch this certificate from LDAP. You can then perform the steps in this procedure.
- On one of the Connection Server machines in the cluster, add the Certificates snap-in to MMC:
- Open the MMC console and select
- Under Available snap-ins, select Certificates and click Add.
- In the Certificates snap-in window, select Computer account, click Next, and click Finish.
- In the Add or Remove Snap-in window, click OK.
- In the MMC console, in the left pane, expand the VMware Horizon View Certificates folder and select the Certificates folder.
- In the right pane, right-click the certificate file with the friendly name vdm.ec, and select .
- In the Certificate Export wizard, accept the defaults, including leaving the No, do not export the private key radio button selected.
- When you are prompted to name the file, type a file name such as EnrollClient, for Enrollment Service Client certificate, and follow the prompts to finish exporting the certificate.
What to do next
Import the certificate into the enrollment server. See Import the Enrollment Service Client Certificate on the Enrollment Server.