I’ve been working on a complex automation solution recently in lab, and one task was to import a certificate to be used by VMware Horizon.
Those familiar with Horizon will know that any certificate used will need to have its corresponding private key which will also need to be exportable. The certificate also needs to have a friendly name of “vdm”.
My face when I figured out what was happening
All of the above is perfectly achievable in PowerShell, which is my chosen scripting language of choice for this task.
It appears that when my script was run as LocalSystem, the certificate and key were successfully imported – but the private key was immediately deleted. Anyone viewing the certificate in the Certificates MMC snapin would be blissfully unaware of this “feature”:
Yup… all good here!
However, post-script I began to notice problems. Some Horizon services would start but not all of them. The HTML and Flex admin pages became unavailable, complaining about protocol errors.
To get around this I modified my script so that PowerShell used the certutil command instead of Import-PFXCertificate.
To successfully import the certificate and key, and set the friendly name, I use the following:
I’m currently working on a lab project which enables cloud consumers to request a full VMware Horizon environment straight from my vRealize Automation catalog. This will provision Connection Servers, a Composer server, UAGs – all load-balanced using VMware NSX. Exciting, but not without its challenges. The first being… Horizon wouldn’t install. Continue reading
Securing your Horizon Universal Access Gateway (UAG) with a genuine SSL certificate from a recognised vendor is an important process. It enables your users to be sure they’re connecting to the correct VDI infrastructure, and that the communications between their endpoint and remote desktop are secure. Continue reading
Continuously entering connection details to cloud systems can quickly become boring. However, if you’re connecting to Azure and from a secure system, then there is an easier way.
Download and install Continue reading
Recently I migrated back to Mac OS X after many years in the Microsoft wilderness. Whilst I’ve definitely not looked back, there is the (very) odd application I miss, and have not yet had time to find a replacement. Two of these are Microsoft Project and Visio, and both are integral to my day-to-day work. Continue reading
Yesterday I decided it was time to patch my VMware vCenter 5.5 hosts to the recently released Update 3. As I make use of properly configured SSL certificates, each component (SSO, Web Client, Inventory and vCenter Server) has to be installed separately. However when I came to install the last one, I ran into an issue. Continue reading
A few days ago I found I was unable to add reservations to my vRealize Automation installation. After finding VMware knowledge base article 2089503, I realised it was because I’d forgotten to configure the Microsoft Distributed Transaction Co-ordinator (MSDTC) on my new SQL cluster. Continue reading
Recently I built a Windows Server 2012 R2 Failover Cluster to run my SQL, file services and Certificate Authority workloads. For a number of reasons (mentioned in the article) I decided to build it on the Server Core edition of Windows.
Whilst this offers numerous advantages, simplicity isn’t always one of them. One example of this is patching. Continue reading
In part 6 we installed and configured a vCenter Server Appliance in the lab. This will manage the various components, plus serve as an endpoint for vRealize Automation.
In this post we replace the default SSL certificates from the vCSA with trusted certificates from our in-house certificate authority. Continue reading
In part 4 of this series we configured two ESXi hosts to host our lab. In this part we will setup a Windows Server 2012 R2 Core virtual machine and configure it as a domain controller in a separate root domain. We will then configure a forest trust to our production domain so that our users can authenticate. Continue reading