I recently had an issue with a customer where TrueSSO had expired certificates and Horizon was not seamlessly logging on to the users within their desktop.
Their horizon administration had an error and indicated that their existing CA certificate was expired and needed to be renewed (unfortunately, I forgot to screenshot the admin console).
When logging onto the enrollment servers we could clearly see that they were indeed expired (the screenshot was taken a couple of days after expiry) .
So I requested a new certificate through the certificate mmc and got a very strange error…
The error was stating it was unable to communicate with the CA server and was unable to submit the request.
It was saying: An error occurred while enrolling for a certificate. The certificate request could not be submitted to the certificate authority.
This was quite bizarre, as the CA server was online, and I could see the enrollment server certificate template that was issued only on that specific CA server.
After checking the event logs on the CA server, no additional insights were found as everything looked in order.
So after looking at system info, I noticed that the amount of Windows updates was quite low compared to the other machines.
And indeed the machine had some older updates missing from the device, after looking the machines were not correctly pushed into the right WSUS collection.
So this seemed to me to be the ideal next step to continue with the troubleshooting of the issue.
After waiting 20min the machine installed all its missing updates and we did a reboot just to be sure.
This time the certificate renewal did go through without any issues!
After the renewal, the horizon console also stopped complaining and an external session logged onto the Windows 10 VDI without any issue.
I hope this blog has helped you in any way, and the key takeaway of this issue is “keep your environments patched from a security and an operational point of view”.
Hope this one helped you in any way!
More blogs: Optimizing Microsoft O365 Licensing on RDS/VDI using PWA