Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

After importing an internal Active Directory signed SSL certificate into the View Connection Server, the View Administrator portal fails to load (2043736)

Symptoms

  • After importing a third party SSL certificate, the View Administrator portal does not load
  • The VMware View Security Gateway Component service starts, but stops later
  • In the Connection Server's Event logs, you see this message:

    The VMware View Security Gateway Component service terminated unexpectedly

Cause

This issue can occur if your Active Directory signed certificate is generated without an exportable Private Key. 
 
To verify if the certificate's Private Key is exportable:
  1. Open the Connection Server's local certificate store console (MMC snap-in).
  2. Navigate to Personal > Certificate store.
  3. Double-click the certificate with the issue.
  4. Click the Details tab.
  5. Click Copy to file.
  6. Click Next.

    The next page prompts if you want to export the Private Key.  If the Yes option is greyed out, the certificate was created without an exportable Private Key.

Resolution

To resolve this issue, you must request a new certificate and explicitly specify an exportable Private Key.
 
To request a new certificate and to explicitly specify an exportable Private Key:
  1. Open the Connection Server's Personal certificate store.
  2. In the right pane, under Certificates, click More Actions > All Tasks > Request New Certificate.
  3. Click Next.
  4. In the next page, ensure you have selected the Active directory Enrollment Policy option and then click Next.
  5. Select the appropriate Active Directory Enrollment Policy.
  6. Click Details > Properties.
  7. Re-enter all applicable information in the General and Subject tabs.
  8. Click the Private Key tab.
  9. Click Key options.
  10. Select the Make private key exportable option and then click Apply.
  11. After entering all required data, click OK.
  12. Click Enroll.
  13. Ensure to change the friendly name of any existing certificate to anything other than vdm.
  14. Restart the View Connection Server service.

Additional Information

For Certificate Authority (CA) signed certificates, you may need to specify an exportable private key in your CSR, or during the CA's enrollment process.  Some CA certificates have an exportable private key by default. Consult your CA if you are unsure.

Tags

SSL, certificate, Connection Server, Active Directory

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 1 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 1 Ratings
Actions
KB: