error using VMWAre horizon Application via WSSA
search cancel

error using VMWAre horizon Application via WSSA

book

Article ID: 233914

calendar_today

Updated On:

Products

Cloud Secure Web Gateway - Cloud SWG

Issue/Introduction

Users running WSS Agent on Windows cannot run VMWare Horizon client

"The Connection Server Authentication failed. The tunnel server presented a certificate that didn;t match the expected certificate" error visible after running the Application as shown below

 

Disabling WSS Agent allows the Application to run successfully

Environment

WSS Agent (all versions)

VMWare Horizon

Cause

VMWAre Horizon client enables Certificate pinning 

If WSS intercepts the SSL traffic and adds an emulated certificate, Application will fail. 

Resolution

All an SSL inspection bypass for the VMWare horizon domain or IP address the Application is accessing e.g. https://horizon.broadcom.com 

Additional Information

From the PCAP, we can see that as soon as the SSL certificate is sent back (6685 below) that is issued by WSS, the client does not complete the key exchange process but sends a TCP FIN instead (6689 below).

Powered by Wolken Software