Users running WSS Agent on Windows cannot run VMWare Horizon client
"The Connection Server Authentication failed. The tunnel server presented a certificate that didn;t match the expected certificate" error visible after running the Application as shown below
Disabling WSS Agent allows the Application to run successfully
WSS Agent (all versions)
VMWAre Horizon client enables Certificate pinning
If WSS intercepts the SSL traffic and adds an emulated certificate, Application will fail.
All an SSL inspection bypass for the VMWare horizon domain or IP address the Application is accessing e.g. https://horizon.broadcom.com
From the PCAP, we can see that as soon as the SSL certificate is sent back (6685 below) that is issued by WSS, the client does not complete the key exchange process but sends a TCP FIN instead (6689 below).