At work, we recently upgraded our vSphere environment to vSphere 6.5 Update 2. We had been using Horizon 7.4 since GA without much issue. Immediately after the upgrade to 6.5U2, we began to experience strange behaviors in Horizon. Some of those behaviors as follows:
- Newly provisioned Linked Clones from an existing Desktop Pool appeared as “Available (missing)” in Horizon Administrator.
- When adding a full clone to a Manual Desktop Pool, the full clone VM did not appear in the inventory presented in Horizon Administrator when adding to an existing pool.
- The aforementioned full clone appeared in the Horizon Administrator inventory when attempting to create a Linked Clone pool from the same VM.
- A new Linked Clone desktop pool would fail to successfully provision desktops indicating that Horizon was unable to locate the VM folder specified in the wizard. Recent Events in vCenter showed the service account creating the folder successfully.
My coworker found a thread on reddit which suggested that restarting vCenter Server was a quick fix and that VMware recognized the issue and was working to release a hotfix. A Support Request opened with VMware was less than fruitful for receiving said hotfix. After the reboot of vCenter didn’t solve the problem, I opted to upgrade to 7.5.1.
Upgrading Horizon Composer was straight forward and successful. Upgrading of my first Horizon Connection Server was successful… or so I thought. The installation completed with relative ease.
…except Horizon Administrator never started.
I quickly jumped into
C:\ProgramData\VMware\VDM\logs to check out the most recent debug log. There were some interesting things in there, but what I found most interesting was the error message
[ClientSSLSocketFactory] Failed to set enabled cipher suites: Cannot support TLS_ECDHE_RSA_WITH_AES_!@*_CBC_SHA256 with currently installed providers.
I found this interesting specifically because I had selected my usual friendly-named certificate (vdm) which is a CA-signed certificate. A quick search online found what I suspected – someone else had the same issue.
As indicated in the link above, I reset my vdm certificate to be the original self-signed certificate. I uninstalled and reinstalled Horizon Connection Server and chose to use the existing ADAM database. A few minutes of waiting later, Horizon Administrator was running and I could access the system again.
Resetting my CA-signed certificate to be the vdm certificate and issuing a restart of the Horizon Connection Server service brought the system back to its normal state. Replication to a replica server was successful and Horizon Administrator showed an all-green status.
The Second Problem and Solution:
I ran into the EXACT same behavior on the replica server. An uninstall and reinstall of the replica server brought me back into business.
The upgrade to Horizon 7.5.1 resolved all of the issues I was experiencing when using Horizon 7.4 on vSphere 6.5 U2. I was not able to recreate any of the above-listed issues.
Following the minor troubles I had with the upgrade, I made sure to again review the Release Notes for Horizon 7.5.1 for any Known Issues. This issue was not listed (that I could find, at least) in the Release Notes.