Here is our setup: Z90D7 WES7 clients running VMWare Horizon View. We have an internal Certificate authority that has issued a server certificate to the horizon view server.
We logged into the Z90D7 as administrator and installed our CA's certificate into the WES7's trusted root certificates using mmc.
When we run vmware horizon view client as administrator, then we get a green https indicating that the client trusts the vmware horizon view server. This makes it all seem good to go. We installed the certificate into the local computer accounts certificate store and the administrator's certificate store.
However, when I reboot the Z90D7 allowing it to auto login as "User", then vmware view horizon gives me a RED https indicating that the client does NOT trust the wmare horizon view server.
The Z90D7 doesn't let me run mmc as User so I can install certificates to "User's" trusted root certificate store.
How do I install the trusted root certificate so that "User" will trust our horizon view server? Ultimately I want to build this into a package so push out via WDM 5.5.
Here is how we done it:
(I assume you are familiar with WDM scripts)
1. create a .bat file
2. Put the bellow line/lines in it:
certutil -addstore -f -enterprise Root c:\TEMP\ROOT.cer
certutil -addstore -f -enterprise CA c:\TEMP\SUB.cer
3. Save the .bat file (e.g. AddCerts.bat)
4. Create a RSP script (WDM script) in which you will (this is just one example):
Important - User to which store you want to add certificate has to be logged in!
LU (lockout user)
XC "<regroot>\*" "C:\TEMP" (copies files from script folder to C:\TEMP folder - creates TEMP if it does not exists)
EL (Release user)
LU (Lockout user)
When the Script is created, don't forget to copy .bat file to created Script folder
Hope it will help.
first copy the .cer files to
Thank you very much for the information. This looks very similar to what we have but I will compare line by line.
Do you run VMWware View in Kiosk mode? The Dell support guy said we might be hitting a trusted certificate bug related to kiosk mode.
How do you ensure the WES7 user called "user" is logged on? I'm thinking of when I connect a Z90D7 to the network and WyseDM automatically pushes packages to the device with no human intervention.
1. We ar running Citrix in a bit different configuration of KIOSK mode since we did not manage to use it in native kiosk mode from WDM configuration.
2. Bug ??? Then that has to be addressed to DELL/WYSE to resolve it, I suppouse.
3. We have configured AUTOLOGON option for our "default user" to logon. You can script even that for your user during script pushing (before "Certificate" script). It is a registry hack or setting which you can merge through WDM.
4. In my script the script is "executed" after reboot and LU that ensures that "default user" is logged in while script is executed, or you can add a "shortcut" to STARTUP folder of your user (Shortcut would point to that bat file you previously copied, log it offt, log him on, script will run, WAIT for e.g. 15 sec (to allow script to finish) , then delete the "SORTCUT (or you will end in loop of running bat file at every startup again) , log off the user, reboot, end script.
Hope that make sense :)
That is how we add the personal certificate to our user (the only way you can automate that task).