Change the Global Acceptance and Proposal Policies

To change the global acceptance and proposal policies for security protocols and cipher suites, you use the ADSI Edit utility to edit Horizon LDAP attributes.

Note: The pae-ServerSSLSecureProtocols and pae-ClientSSLSecureProtocols do not exist until you create them yourself.

Prerequisites

Familiarize yourself with the Horizon LDAP attributes that define the acceptance and proposal policies. See Global Acceptance and Proposal Policies Defined in Horizon LDAP.
See the Microsoft TechNet Web site for information on how to use the ADSI Edit utility on your Windows Server operating system version.

Procedure

Start the ADSI Edit utility on your Connection Server computer.
In the console tree, select Connect to.
In the Select or type a Distinguished Name or Naming Context text box, enter the distinguished name DC=vdi, DC=vmware, DC=int.
In the Select or type a domain or server text box, select or enter localhost:389 or the fully qualified domain name (FQDN) of the Connection Server computer followed by port 389.
For example: localhost:389 or mycomputer.mydomain.com:389
Expand the ADSI Edit tree, expand OU=Properties, select OU=Global, and select CN=Common in the right pane.
On the object CN=Common, OU=Global, OU=Properties, select each attribute that you want to change and enter the new list of security protocols or cipher suites.
Restart the Windows service VMware Horizon Security Gateway Component on each Connection Server instance if you modified pae-ServerSSLSecureProtocols.
You do not need to restart any service after modifying pae-ClientSSLSecureProtocols.