Certificate for View Connection Servers especially for Blast Protocol

This is a short post on configuring SSL certificate for View Connection Server. Look, there are millions of posts on how to do it but what is unique in this post how I arrived at this conclusion and What I learnt.

Do not use a template with “Key Storage Provider” it doesn’t work.

One of the primary symptoms you will face is below

“Unable to connect to desktop: There is no available gateway for the display protocol”

If you search above string on google, you will quickly realize there is a whole lot of issues which can cause this error. For me, the issue was bit weird. I got the below error was only faced when I used Blast protocol. While using PCoIP Protocol everything went fine. I played with firewall rules, tried to find out if there is any firewall rule it is blocking. None was. In fact, View Connection Servers plays a neat role in opening up firewall rule.

Just to show you how it looks below is the image. If my preferred protocol was VMware Blast it won’t work but when my preferred protocol was PCoIP it did worked. It was strange.

I looked into the Blast logs. By the way, blast logs are here

“C:\ProgramData\VMware\VDM\logs\Blast Secure Gateway”. Look for absg.log file. While searching for some hint inside this file I say below string.

[2018-05-20 16:44:00.432] [ERROR]    4968 [absg-master] – keystoreutil.exe failed to load certificate from [ ‘windows-local-machine’, ‘MY’, ‘vdm’ ] 1 Failed to acquire private key handle (error 2148073492)

Failed to acquire private key was enlightening but based on my previous experience I knew I have got the right certificate. Then I read this thread and it instantly blinked to what has happened. I created CSR based on today’s security standards but VMware Horizon engineering team is still using outdated standards. They are still using the legacy key. Ah!! The moment for me. But in all probabilities follow this KB Article -> https://kb.vmware.com/s/article/2068666. It is must and will save a lot of your trouble.

 

What did I learn?

  1. when you playing in the lab, always welcome problems. Problems are unique opportunities to learn new things e.g. I learned where the Blast logs are stored.
  2. I found why Private export was failing.
  3. I took the problem head-on and kept talking to myself “It is going to be a long day” but in the end, you will crack it.
  4. Google search can lead to some hints but sometimes more spread solution. Think of something else. e.g. I kept searching for the Display protocol string, after some time it going nowhere, the next day I checked Blast logs and found the solution in another 1 minute