I’ve been working on a complex automation solution recently in lab, and one task was to import a certificate to be used by VMware Horizon.
Those familiar with Horizon will know that any certificate used will need to have its corresponding private key which will also need to be exportable. The certificate also needs to have a friendly name of “vdm”.
My face when I figured out what was happening
All of the above is perfectly achievable in PowerShell, which is my chosen scripting language of choice for this task.
It appears that when my script was run as LocalSystem, the certificate and key were successfully imported – but the private key was immediately deleted. Anyone viewing the certificate in the Certificates MMC snapin would be blissfully unaware of this “feature”:
Yup… all good here!
However, post-script I began to notice problems. Some Horizon services would start but not all of them. The HTML and Flex admin pages became unavailable, complaining about protocol errors.
To get around this I modified my script so that PowerShell used the certutil command instead of Import-PFXCertificate.
To successfully import the certificate and key, and set the friendly name, I use the following:
When adding extensibility to your vRealize Automation platform, it’s important to get the basics right first. All too often it’s tempting to rush off and build complex blueprints whilst forgetting about the building blocks of good infrastructure, like naming and IPAM. Here I’m going to demonstrate how I do custom naming for workloads in my environment. Continue reading
Recently I upgraded my AppVolumes 2.18 and 4.0 installations to the latest version. The event log on each server showed the installation as sucessful, returning “code 0” accordingly. To add to this, all services started as you would expect.
Unfortunately, both applications Continue reading
A long time ago I decided I was done with manual builds, and that my desktop images had to be automated. I had a lot of success with that solution, and wrote about it here.
Recently I made the decision to automate my server builds too, also using HashiCorp Packer. Whilst I used VMware Code Stream to Continue reading
I’ve decided that whilst it’s great to provision a Kubernetes blueprint with a standard network overlay to the vRealize Automation catalog, offering one that leverages NSX-T is even better. So a few days ago I started creating Continue reading
I’m currently working on a lab project which enables cloud consumers to request a full VMware Horizon environment straight from my vRealize Automation catalog. This will provision Connection Servers, a Composer server, UAGs – all load-balanced using VMware NSX. Exciting, but not without its challenges. The first being… Horizon wouldn’t install. Continue reading
Recently I’ve been working on improving HobbitCloud’s DevOps practices, specifically around committing code to version control and documenting it. Once a developer checks code in, this should compile, and if successful be deployed to the test environment. Once here it will undergo automated testing before progressing to staging for unit and integration tests. Continue reading
A few months ago a client asked me to create an NSX application load-balancer programmatically, and then make it available to their vRealize Automation consumers in through the self-service catalog. In building-block fashion, they requested that this wasn’t a composite blueprint, but rather through XaaS. While the former would definitely take less time, the latter was not that difficult either once I got started. Continue reading
Securing your Horizon Universal Access Gateway (UAG) with a genuine SSL certificate from a recognised vendor is an important process. It enables your users to be sure they’re connecting to the correct VDI infrastructure, and that the communications between their endpoint and remote desktop are secure. Continue reading