losangeleslaha.blogg.se

On the Certificate Authority machine, from Start Menu, run Certification Authority.Or wait several hours for group policy to update. If you just built a new Certificate Authority server then True SSO won’t work until you run gpupdate /force on all of your Domain Controllers and Horizon Agent machines. Otherwise, you need at least one Root CA in your environment.Īfter Microsoft CA is installed, run the following commands: certutil -setreg DBFlags +DBFLAGS_ENABLEVOLATILEREQUESTSĬertutil -setreg ca\CRLFlags +CRLF_REVCHECK_IGNORE_OFFLINE In the CA Type page, if you already have a Root CA, then you can select Subordinate CA.In the Setup Type page, select Enterprise CA.After role installation, click the flag icon and then click the link to Configure Active Directory Certificate Services.The Microsoft Certificate Authority must be an Enterprise CA. The only Role Service needed for True SSO is Certification Authority.Select Active Directory Certificate Services.Install Microsoft Certificate Authority from Server Manager > Manage > Add Roles and Features.If you have two Enrollment Servers, then install Microsoft Certificate Authority on both of the servers. Or you can install Microsoft Certificate Authority on the Horizon Enrollment Servers. Horizon Enrollment Servers can use a Microsoft Certificate Authority that already exists. If the user locks the desktop then the user will need to know the local Active Directory password to unlock it.After sign-in, the browser will then prompt the user to open VMware Horizon Client.If the user is already signed in then the user won’t see any sign-in prompt. It opens the default browser and prompts the user to sign into your SAML Identity Provider.

When you use Horizon Client to connect to a UAG that is SAML-enabled: