Xendesktop 7.5 – cannot connect to the vcenter server due to a certificate error

This is a repeat of one of my previous blog. The intention to re-write the blog is for following reasons:
The issue still persists with the latest version of XenDesktop Edition i.e. 7.5 with Windows Server 2012 R2 environment.
The error report has been improved in the latest version. The error clearly states where the problem lies, which is good. But I would like to see it as a pre-requisite checklist when you run the XenDesktop installer at the beginning. 
Lastly, to make you familiar with the new look/options and error of the certificate issue.
Scenario
After installing XenDesktop 7.5 (Studio and other components) on the server (usually known as controller, broker server), the first step in the setup/configuration phase is Adding a Site i.e. ‘Site Setup’.
xd6
Once the Site Setup window opens, follow the instructions, fill the appropriate values, hit Next and you reach the ‘Connection’ wizard. You select Connection Type ‘VMware vSphere’ and you see the fields specific to adding vSphere hosting infrastructure for your X A/X D environment.
xd7
xd25
 
 
 
 
 
 
 
 
 
When you enter the Connection address as https://<vCenterServerIPorFQDNaddress>/sdk followed by your vCenter Server Administrative Username/password (the one that you use to login to your vCenter environment using vSphere Client or vSphere Web Client, you may encounter the following error:
xd8
Cause
This error occurs because the XenDesktop Controller (broker) server does not authenticate/allow the vCenter Server certificate (usually when vCenter Server is using default self-signed certificate). 
 
Resolution
To resolve, you need to export the vCenter Server certificate and import it into the Trusted People/Local Machine of the XenDesktop Controller server. Two step process:
1) Export vCenter Server Certifiate
2) Import vCenter Server Certificate into X D controller certificate store
 
1) Export vCenter Server Certifiate
On the X D controller server, open the vCenter Server URL in a web browser. You’ll get the Certificate Warning page. On the address bar, depdending on the browser you’re using, below is example from chrome/IE:
xd26
 
If IE, click on View Certificates and if Chrome, click on hyperlink Certificate information, you’ll see the certificate window from where you can export the certificate. (Note: Sometimes you may see the Install Certificate button is missing. In that case, just try opening the vCenter Server URL using browser from a different server (2008 ) or a client machine (Windows 7) instead of the X D broker/controller server)
Click on Install Certificate
xd9      xd10
Right-click the certificate > All Tasks > Export…
xd11
 Click Next
xd12
 Leave the default format (DER encoded / .CER), click Next
xd13
 Browse to a location from where the X D Controller server has access to import into its certificate store.
xd14
 Click Finish
xd15
 
2) Import vCenter Server Certificate into X D controller certificate store
 Once the vCenter Server certificate is successfully exported on a shared location. Go back to your XenDesktop controller server. Go to run > type mmc > hit Enter > Add the Certificate Console using the Add/remove Snap-in option. Expand the Certificates console tree > Right-click Trusted People > All Tasks > Import…
xd16         xd17
 Ensure Local Machine is selected, click Next
 xd18
 Browse & Select to the shared location where you saved the vCenter Server certificate, Click Next
xd19
 Select the Option “Place all certificates in the following store”, Navigate & Select Trusted People, Click Next
xd20
 Ensure all ok and click Finish
xd21
 You should see the following message which pops up in 1-2 seconds.
xd22
Verify it works:
Go to the Xendesktop studio, type in all the vCenter Server information under Hosting Connection wizard. Click Next and you should see the following screens which means it worked.
xd23         xd24
Advertisements

About cloudray

Predominantly based around Virtualization, but will include other technology related information and anything else I find interesting and feel the need to share with you. I also use this Blog as both a place to store useful information that I think that will come in handy to me at some point in the future, and also a place to help aid my learning. I find a great way to learn about something is to research about it and then write it up in my own words. I'm Pushpal Ray, from India. As a certified VCP3/4/5 professional, I am currently working as an Independent Consultant. Over 10 years of IT-industry experience, currently focused around the Desktop Virtualization(End-User Computing). I also have extensive experience in Windows Administration, Datacenter Migration, Workload profiling & benchmarking. At my leisure, I enjoy hiking, running, photography, spend hours in my fav coffee shop & spend quality time with my wife. Occasionally, catch up with few friends for a drink!
This entry was posted in Desktop Virtualization, vSphere, Windows Server 2012, XenDesktop and tagged , , . Bookmark the permalink.

3 Responses to Xendesktop 7.5 – cannot connect to the vcenter server due to a certificate error

  1. You can cut this down to two simple steps.
    1)On the DDC, go to https://vsphereserverhostname, click “continue anyway” and then “certificate error” will appear on the address bar. click that. You get a window showing the certificate.
    2)Click “Install Certificate” and choose “Local computer” and select the “trusted people” location in the datastore as to where to put it.

    You’re done.

  2. cloudray says:

    Agree, Kevin! Just the baby steps for first timers or beginners. Cheers

  3. Naresh says:

    Hi,

    I tried this in my home lab, but its the same error. Any thoughts ?

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s