Certificate issues on a Horizon 7 server prevent you from connecting to Horizon Administrator or cause a red health indicator to be displayed for a server.
You cannot connect to Horizon Administrator on the Connection Server instance with the problem. When you connect to Horizon Administrator on another Connection Server instance in the same pod, you see that the dashboard health indicator is red for the problem Connection Server instance.
From the other Connection Server instance, clicking the red health indicator displays SSL Certificate: Invalid and Status: (blank), indicating that a valid certificate could not be found. The Horizon 7 log file contains a log entry of type ERROR with the following error text: No qualifying certificates in keystore.
The Horizon 7 log data is located in C:\ProgramData\VMware\VDM\logs\log-*.txt on the Connection Server instance.
A certificate might not be installed successfully on a Horizon 7 server for any of the following reasons:
- The certificate is not in the Personal folder in the Windows local computer certificate store.
- The certificate store does not have a private key for the certificate.
- The certificate does not have a friendly name of vdm.
- The certificate was generated from a v3 certificate template, for a Windows Server 2008 or later server. Horizon 7 cannot detect a private key, but if you use the Certificate snap-in to examine the Windows certificate store, the store indicates that there is a private key.
- Verify that the certificate is imported into the Personal folder in the Windows local computer certificate store.
- Verify that the certificate contains a private key.
- Verify that the certificate has a friendly name of vdm.
- If the certificate was generated from a v3 certificate template, obtain a valid, signed certificate from a CA that does not use a v3 template.