error using VMWAre horizon Application via WSSA
search cancel

error using VMWAre horizon Application via WSSA


Article ID: 233914


Updated On:


Cloud Secure Web Gateway - Cloud SWG


Users running WSS Agent on Windows cannot run VMWare Horizon client

"The Connection Server Authentication failed. The tunnel server presented a certificate that didn;t match the expected certificate" error visible after running the Application as shown below


Disabling WSS Agent allows the Application to run successfully


WSS Agent (all versions)

VMWare Horizon


VMWAre Horizon client enables Certificate pinning 

If WSS intercepts the SSL traffic and adds an emulated certificate, Application will fail. 


All an SSL inspection bypass for the VMWare horizon domain or IP address the Application is accessing e.g. 

Additional Information

From the PCAP, we can see that as soon as the SSL certificate is sent back (6685 below) that is issued by WSS, the client does not complete the key exchange process but sends a TCP FIN instead (6689 below).