The View Agent reports that this desktop source is unable to accept connections.

Last week I was exposing my VMware Horizon environment externally. Of course I wanted the single sign on experience.

So enrolled the Workspace One Access tennant, deployed the sync server.. configured directory sync, authentication rules, next Virtual Apps etc . On the connector SAML to required, configured SAML authenticator to Access, connector in Workspace One mode, deployed enrollment server, created TrueSSO template, configured TrueSSO, deployed UAGS etc etc and let the experience begin..

Logging in, seeing my pool, starting the session..

sadly... computer says no..(actually Error)

Error: The View Agent reports that this desktop source is unable to accept connections. Please contact your system administrator.

Lets check the environment again:

Connection server all green:

UAG:

Hmm. Check the log on the agent

CertSSO: Algorithm name is missing

Hey, Algorithm name is missing… little mistake on my side? Lets check the template:

Ah yes found the mistake in my template and lets fix this one, change te Provider Category and the Algorith name on the TrueSSO template:

Lets try to login again… same error again… Check the Horizon Agent log… still the same error… Algorithm name is missing.. but… I fixed this..

Next step, take a look with the TrueSSO Diagnostic Utility

· https://flings.vmware.com/true-sso-diagnostic-utility

request certificate and safe it to file (to use it in the next login test).. all ok…:

Login test with this generated certificate

All ok..

After numerous checking, rechecking, logon attempts, recheck all involved components, spitting numerous log files...

This is getting frustrating… (Expressing words not suitable for blog…)

But victory! Finally the fix! :

You need to disable and re enable TrueSSO on the authenticator with vdmutil to let the changed template apply..

(change the * to you’re environment)

vdmUtil --authAs ***** --authDomain **** --authPassword ***** --truesso --edit --authenticator --name Access --truessoMode disabled

vdmUtil --authAs ***** --authDomain *** --authPassword ***** --truesso --edit --authenticator --name Access --truessoMode enabled

Conclusion:

- Famous words of my collegue Henry Heres : “het is niet het spulleke maar het knulleke” (something like its not the product but the guy controlling it..) sadly true in this case cause I made the booboo on the cryptography tab of the template.

- Remember to disable and enable the TrueSSO when need to change the template.