VMware Horizon Community
kenobi79
Enthusiast
Enthusiast
‎09-02-2022 06:12 AM

Horizon Cloud Pod Architecture - remote pods connection servers is offline

Hi

i updated the connection servers to latest version. 

After the update on all connection servers (in CPA - 2 CS on site and 2 CS on other site) i found this problem on dashboard:

Remote Pods - Error-The connection server is offline.
I investigated on logs and I discovered this:
 
2022-09-02T00:02:36.115+02:00 WARN (02F8-12E0) <pool-19-thread-2> [NatterServer] (Channel-15346-/10.152.0.136:56698) Connection failed, closing channel: 0.0.0.0/0.0.0.0:8472: io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown com.vmware.vdi.logger.Logger.warn(Logger.java:56)
io.netty.handler.codec.DecoderException: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:477)
at io.netty.handler.codec.ByteToMessageDecoder.channelRead(ByteToMessageDecoder.java:276)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.AbstractChannelHandlerContext.fireChannelRead(AbstractChannelHandlerContext.java:357)
at io.netty.channel.DefaultChannelPipeline$HeadContext.channelRead(DefaultChannelPipeline.java:1410)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:379)
at io.netty.channel.AbstractChannelHandlerContext.invokeChannelRead(AbstractChannelHandlerContext.java:365)
at io.netty.channel.DefaultChannelPipeline.fireChannelRead(DefaultChannelPipeline.java:919)
at io.netty.channel.nio.AbstractNioByteChannel$NioByteUnsafe.read(AbstractNioByteChannel.java:166)
at io.netty.channel.nio.NioEventLoop.processSelectedKey(NioEventLoop.java:719)
at io.netty.channel.nio.NioEventLoop.processSelectedKeysOptimized(NioEventLoop.java:655)
at io.netty.channel.nio.NioEventLoop.processSelectedKeys(NioEventLoop.java:581)
at io.netty.channel.nio.NioEventLoop.run(NioEventLoop.java:493)
at io.netty.util.concurrent.SingleThreadEventExecutor$4.run(SingleThreadEventExecutor.java:986)
at io.netty.util.internal.ThreadExecutorMap$2.run(ThreadExecutorMap.java:74)
at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.base/java.lang.Thread.run(Unknown Source)
Caused by: javax.net.ssl.SSLHandshakeException: Received fatal alert: certificate_unknown
at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
at java.base/sun.security.ssl.Alert.createSSLException(Unknown Source)
at java.base/sun.security.ssl.TransportContext.fatal(Unknown Source)
at java.base/sun.security.ssl.Alert$AlertConsumer.consume(Unknown Source)
at java.base/sun.security.ssl.TransportContext.dispatch(Unknown Source)
at java.base/sun.security.ssl.SSLTransport.decode(Unknown Source)
at java.base/sun.security.ssl.SSLEngineImpl.decode(Unknown Source)
at java.base/sun.security.ssl.SSLEngineImpl.readRecord(Unknown Source)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source)
at java.base/sun.security.ssl.SSLEngineImpl.unwrap(Unknown Source)
at java.base/javax.net.ssl.SSLEngine.unwrap(Unknown Source)
at io.netty.handler.ssl.SslHandler$SslEngineType$3.unwrap(SslHandler.java:296)
at io.netty.handler.ssl.SslHandler.unwrap(SslHandler.java:1342)
at io.netty.handler.ssl.SslHandler.decodeJdkCompatible(SslHandler.java:1235)
at io.netty.handler.ssl.SslHandler.decode(SslHandler.java:1284)
at io.netty.handler.codec.ByteToMessageDecoder.decodeRemovalReentryProtection(ByteToMessageDecoder.java:507)
at io.netty.handler.codec.ByteToMessageDecoder.callDecode(ByteToMessageDecoder.java:446)
... 18 more
 
In previous version of horizon the Certificates was with a Microsoft CA and worked correctly
I verified the network and the FW and all communications are ok (all the ports required for CPA are allowed and there isn't any drop or deny)
From site A i have this error for site B
From site B i have this error for site A
Locally everything work fine.. and the certificates are trusted with CA
 
Any idea?
Thank you 
Bye - Riccardo Panzieri
https://www.i3piccioni.it
0 Kudos
2 Replies
vigneshbal32
Contributor
Contributor
‎01-09-2023 06:30 PM

Hi there, 

I too face the same issue. Was this issue resolved at your end? 

 

0 Kudos
kenobi79
Enthusiast
Enthusiast
‎01-10-2023 04:44 AM

hi

I opened a SR to GSS and we resolved the issue

 

Here the KB:

https://kb.vmware.com/s/article/1021805

 

My issue was resolved with this command:

repadmin /options localhost:22389 -DISABLE_OUTBOUND_REPL -DISABLE_INBOUND_REPL which ensured that the replication was not disabled

 

 

Bye - Riccardo Panzieri
https://www.i3piccioni.it
0 Kudos