After changing the VMWARE vCenter certificate the XenDesktop fail to connect to the vCenter server due to a certificate error. A small update on the Citrix Virtual Desktop is required otherwise the clients won’t be able to connect, and you will get a lot of errors related to the SSL connection.

The Problem

On the Director, you will notice a sudden increase of the Unavailable Capacity error, with a failure reason, No Machine Available.

Opening the Studio –> Machine Catalog, you will notice that the Power State for the VMs is Unknown.

You can also check by using Powershell Command

Add-PSSnapin Citrix*
Get-BrokerMachine -MachineName 'DomainName\VMName' -AdminAddress "DeliveryControllerServer Name" | select MachineName,Powerstate

The Output will be similar to this

MachineName          PowerState
-----------          ----------
DomainName\VMName        Unknown

On The Studio, Click on the Site name (The Top root Tree)

Site Name

Then select any Machine Catalog and click on Test Catalog

Test Catalog

After the test is complete, Click on Show Report to see the result and you will notice that most of the errors are similar to this one:

The VM ‘VMName’ was not found in the Hypervisor because of error ‘Attempting to connect to the server https://192.168.100.100/sdk failed as the remote certificate is not trusted on this host (Delivery Controller Name);Base64Certificate=XXXXXXXXXXXXXX……;Thumbprint=F85A265EE1689778E7E37296D52A81B700606C0B’.

You can use https://www.sslshopper.com/certificate-decoder.html to decode the certificate from the error message.

The Fix

Based on Update the XenDesktop database with the thumbprint of the new certificate

First, we need to build the Connection URL (which will be used later). Open Citrix Studio, and navigate to Configuration \ Hosting

Connection Name

Write down the Hosting Name as we will need it later.

We also need the Certificate Thumb Print of the newly renewed certificate on the vCenter.

we can get this by simply browsing the vCenter hostname, and check the certificate information from the Browser

Certificate Thumb Print

UPDATE: make sure that the certificate THUMBPRINT is all in CAPS, otherwise, the PS command will fail. Also, restart the CitrixHostService service

Write the certificate Thumbprint down, make sure to remove any white spaces

The PowerShell command we need to run is $cred = Get-Credential.

Make sure to type the Username and Password exactly as in the Hosting connection settings.

Hosting Username

In the same PowerShell window, run the following code

Add-PSSnapin Citrix*
Set-Item -LiteralPath "xdhyp://connections/VxRail" -username $cred.username -Securepassword $cred.password -SslThumbprint "Certificate Thumb Print From vCenter Browser in CAPS" -hypervisorAddress https://MyvCenter.domain.local/sdk

Make sure to replace the xdhyp://connections/VxRail with the name from your environment as explained before, probably the thing you need to change only is the last part of the URL

That’s all, you can test the Catalog again and you will notice that all up and fine. Hope this helps you.

Another post you may like

5/5 - (3 votes)