Horizon Cloud – TrueSSO – Where to check to resolve configuration errors ?

How to setup True SSO is already discussed in detail here but most of the times the pairing fails or else even after True SSO pairing succeeded the auto sign-in won’t work . I would like to present few of useful steps which will help administrators to resolve some of the configuration issues .

Note: – The steps will be useful while working with Horizon Cloud on Azure only and not useful for Horizon 7/8 (on-prem)

  • First thing is to check whether CRL’s & Volatile requests are configured properly in CA servers




    In the above command you can see DBFLAGS_ENABLEVOLATILEREQUESTS are configured but CRL revocation is not showing
    there is no harm in running the commands again to set the reg because it shows old value and changed value like below



    If you run the above commands restart the cert services

    certutil –setreg DBFlags +DBFLAGS_ENABLEVOLATILEREQUESTS
    certutil –setreg ca\CRLFlags +CRLF_REVCHECK_IGNORE_OFFLINE
    net stop certsvc
    net start certsvc
  • See whether Enrollment Agent (Computer) cert template & True SSO team templates are added to Certificate templates of CA server

  • In the True SSO template that we have created make sure “Do not include revocation information in issued certificates” is unchecked

  • The security group that we have added to to the True SSO template needs to have Enroll permissions


  • Check whether Enrollment Agent (Computer) was added to Active Directory Enrollment Policy


  • The node vms communicate to the Enrollment server on 32111 port so we have to check if that is working

    Login to the Azure console and follow the below steps shown in the picture

  • Check whether Paring bundle certificate downloaded was uploaded into – Vmware Horizon View Enrollment Server Trusted Roots folder only