Use this information to troubleshoot the VMware Horizon configuration in Workspace ONE Access.

Users Unable to Launch Horizon Applications or Desktops

Users are unable to launch Horizon applications or desktops from the Workspace ONE Access Intelligent Hub app or portal and the following error appears in the user interface:.

Error launching resource. Please contact your IT Administrator.

This error might occur if the SAML metadata on the Horizon Connection Server instances expired after the last sync. This error might also occur if you added or updated network ranges or policies.

Solution

  1. In the Workspace ONE Access console, select the Catalog > Virtual Apps Collections tab.
  2. Select the Horizon virtual apps collection and click Sync > Sync with safeguards or Sync > Sync without safeguards to sync Horizon resources to VMware Workspace ONE Access again.
  3. Click Edit to edit the virtual apps collection, click Next in the wizard until the last page appears, then click Save.
    Important: This step is important if you added or updated network ranges or policies. You must save the virtual apps collection again for the changes to take effect.

Horizon Virtual Apps Collection Certificate Error

With Workspace ONE Access connector 21.08, when you try to add a Horizon pod or sync the Horizon virtual apps collection in the Workspace ONE Access console, you might get the following error:

Enterprise service connectorFQDN(EIS) response: Unable to get certificate from the URL: https://FQDN/SAML/metadata/sp.xml

The log file contains an SSLHandshakeException error, such as:

javax.net.ssl.SSLHandshakeException: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target

or

javax.net.ssl.SSLHandshakeException: No subject alternative DNS name matching Server found.

Solution: This error occurs because the Virtual App service does not trust the certificate presented by Horizon. Ensure that the Horizon Connection Servers have valid certificates signed by a trusted Certificate Authority (CA).

If the Horizon Connection Servers have self-signed certificates, you must upload the certificate chain to the Workspace ONE Access connector instances on which the Virtual App service is installed to establish trust between the connectors and the Horizon Connection servers. This is a new requirement beginning with Workspace ONE Access connector 21.08. You upload the certificates using the connector installer. See Installing VMware Workspace ONE Access Connector for more information.

If you still get an error after adding the certificates using the connector installer, the certificates might not have uploaded correctly. You can upload the certificates manually.

Follow these steps to upload the certificates manually.

  1. Log in to the Workspace ONE Access connector server.
  2. Copy the Horizon Connection Server's certificate to the connector server.
  3. Open a Command Prompt window.
  4. Run the following command to go to the Workspace ONE Access folder.

    cd C:\Program Files\Workspace ONE Access

  5. Run the following command to install the certificate.

    .\Support\scripts\installRootCa.bat -ca "root-ca-file" -trustStore ".\Virtual App Service\conf\certs\cacerts" -trustStorePwdFile ".\Virtual App Service\conf\certs\cakeystore.pass"

  6. Restart the service VMware Virtual App Service.