The Enrollment Server (ES) is a Horizon Cloud component that you install on a Windows Server machine as the last step in setting up infrastructure for True SSO. By deploying the Enrollment Agent (Computer) certificate onto the server, you are authorizing this ES to act as an Enrollment Agent and generate certificates on behalf of users.


  1. Install the Enrollment Server.
    1. Download the Enrollment Server.exe file from the My VMware site. The file name should be similar to VMware-HorizonCloud-TruessoEnrollmentServer-x86_64-7.3.0-xxxxx.exe.
    2. Confirm that the system is running Windows Server 2008 R2, 2012 R2, or 2016, and that it has a minimum of 4GB memory.
    3. Run the installer and follow the wizard.
  2. Deploy the Enrollment Agent (Computer) Certificate.
    1. Open the Microsoft Management Console (MMC).
    2. On the File menu, click Add/Remove Snap-in.
    3. Under Available snap-ins, double-click Certificates.
    4. Select Computer account and click Next.
    5. Select Local computer and click Finish.
    6. On the Add or Remove Snap-ins dialog, click OK.
    7. In the MMC, right-click the Personal folder under Certificates and select All Tasks > Request New Certificates.
    8. In the Certificate Enrollment dialog, select the check box for the Enrollment Agent (Computer) and click Enroll.
  3. Import the pods' certificate CRT files extracted from the pairing_bundle.7z file, for those pods with which you want to configure True SSO.
    The pairing bundle contains a certificate file for each pod in your environment. Each CRT file name follow the pattern podID_truesso.crt, where podID is the pod's ID value.
    1. In the MMC, right-click the Certificates sub-folder under the VMware Horizon Cloud Enrollments Server Trusted Roots folder and select All Tasks > Import.
    2. Click Next.
    3. Navigate to the location where you extracted the certificate files from the pairing_bundle.7z bundle.
      When you have only one pod, the bundle contains only one CRT file. When you have more than one pod, the bundle contains a CRT file for each pod.
    4. Import the certificate file or files, depending on how many pods you are configuring.
    5. Click Next, then click Finish.
  4. Complete the remaining configuration steps described in Complete Configuring True SSO for your Horizon Cloud Environment.