Certificate issues on a Connection Server server prevent you from connecting to Horizon Console or cause a red health indicator to be displayed for a server.

Problem

You cannot connect to Horizon Console on the Connection Server instance with the problem. When you connect to Horizon Console on another Connection Server instance in the same pod, you see that the dashboard health indicator is red for the problem Connection Server instance.

From the other Connection Server instance, clicking the red health indicator displays SSL Certificate: Invalid and Status: (blank), indicating that a valid certificate could not be found. The VMware Horizon log file contains a log entry of type ERROR with the following error text: No qualifying certificates in keystore.

The VMware Horizon log data is in <Drive Letter>:\ProgramData\VMware\log\ConnectionServer on the Connection Server instance.
Note: This file path is a symbolic link that redirects to the actual location of the log files, which is <Drive Letter>:\ProgramData\VMware\VDM\logs.

Cause

A certificate might not be installed successfully on a VMware Horizon server for any of the following reasons:

  • The certificate is not in the Personal folder in the Windows local computer certificate store.
  • The certificate store does not have a private key for the certificate.
  • The certificate does not have a friendly name of vdm.
  • The certificate was generated from a v3 certificate template, for a Windows Server 2008 or later server. VMware Horizon cannot detect a private key, but if you use the Certificate snap-in to examine the Windows certificate store, the store indicates that there is a private key.

Solution