After changing the VMWARE vCenter certificate the XenDesktop fail to connect to the vCenter server due to a certificate error. A small update on the Citrix Virtual Desktop is required otherwise the clients won’t be able to connect, and you will get a lot of errors related to the SSL connection.
The Problem
On the Director, you will notice a sudden increase of the Unavailable Capacity error, with a failure reason, No Machine Available.
Opening the Studio –> Machine Catalog, you will notice that the Power State for the VMs is Unknown.
You can also check by using Powershell Command
Add-PSSnapin Citrix*
Get-BrokerMachine -MachineName 'DomainName\VMName' -AdminAddress "DeliveryControllerServer Name" | select MachineName,Powerstate
The Output will be similar to this
MachineName PowerState
----------- ----------
DomainName\VMName Unknown
On The Studio, Click on the Site name (The Top root Tree)
Then select any Machine Catalog and click on Test Catalog
After the test is complete, Click on Show Report to see the result and you will notice that most of the errors are similar to this one:
The VM ‘VMName’ was not found in the Hypervisor because of error ‘Attempting to connect to the server https://192.168.100.100/sdk failed as the remote certificate is not trusted on this host (Delivery Controller Name);Base64Certificate=XXXXXXXXXXXXXX……;Thumbprint=F85A265EE1689778E7E37296D52A81B700606C0B’.
You can use https://www.sslshopper.com/certificate-decoder.html to decode the certificate from the error message.
The Fix
Based on Update the XenDesktop database with the thumbprint of the new certificate
First, we need to build the Connection URL (which will be used later). Open Citrix Studio, and navigate to Configuration \ Hosting
Write down the Hosting Name as we will need it later.
We also need the Certificate Thumb Print of the newly renewed certificate on the vCenter.
we can get this by simply browsing the vCenter hostname, and check the certificate information from the Browser
UPDATE: make sure that the certificate THUMBPRINT is all in CAPS, otherwise, the PS command will fail. Also, restart the CitrixHostService service
Write the certificate Thumbprint down, make sure to remove any white spaces
The PowerShell command we need to run is $cred = Get-Credential
.
Make sure to type the Username and Password exactly as in the Hosting connection settings.
In the same PowerShell window, run the following code
Add-PSSnapin Citrix*
Set-Item -LiteralPath "xdhyp://connections/VxRail" -username $cred.username -Securepassword $cred.password -SslThumbprint "Certificate Thumb Print From vCenter Browser in CAPS" -hypervisorAddress https://MyvCenter.domain.local/sdk
Make sure to replace the xdhyp://connections/VxRail with the name from your environment as explained before, probably the thing you need to change only is the last part of the URL
That’s all, you can test the Catalog again and you will notice that all up and fine. Hope this helps you.
Another post you may like