A Connection Server instance that is used for secure Horizon Client connections might show as red in Horizon Console if certificate revocation checking cannot be performed on the server's TLS certificate.

Problem

A Connection Server icon is red on the Horizon Console dashboard. The Connection Server's status shows the following message: Server's certificate cannot be checked.

Cause

Certificate revocation checking might fail if your organization uses a proxy server for Internet access, or if a Connection Server instance cannot reach the servers that provide revocation checking because of firewalls or other controls.

A Connection Server instance performs certificate revocation checking on its own certificate. By default, the VMware Horizon Connection Server service is started with the LocalSystem account. When it runs under LocalSystem, a Connection Server instance cannot use the proxy settings configured in Internet Explorer to access the CRL DP URL or OCSP responder to determine the revocation status of the certificate.

You can use Microsoft Netshell commands to import the proxy settings to the Connection Server instance so that the server can access the certificate revocation checking sites on the Internet.

Solution

  1. On the Connection Server computer, open a command-line window with the Run as administrator setting.
    For example, click Start, type cmd, right-click the cmd.exe icon, and select Run as administrator.
  2. Type netsh and press Enter.
  3. Type winhttp and press Enter.
  4. Type show proxy and press Enter.
    Netshell shows that the proxy was set to DIRECT connection. With this setting, the Connection Server computer cannot connect to the Internet if a proxy is in use in your organization.
  5. Configure the proxy settings.
    For example, at the netsh winhttp> prompt, type import proxy source=ie.
    The proxy settings are imported to the Connection Server computer.
  6. Verify the proxy settings by typing show proxy.
  7. Restart the VMware Horizon Connection Server service.
  8. On the Horizon Console dashboard, verify that the Connection Server icon is green.