Why am I getting a message "Failed to Connect" when the certificate check mode is set to "Warn before connecting to untrusted servers"?

Rate this Article
Average: 1 (1 vote)

August 3, 2018

Last modified: 09/25/2023, 10:45 am

Knowledge Base Article Troubleshooting Security Zero Clients

Problem

When connecting to a VMware View Connection Server you get the error.

Failed to Connect. The server provided a certificate that does not match the certificate that the server previously used. Contact your administrator for more details.

 

Cause

If the PCoIP Zero Client is configured for "Warn before connecting to untrusted servers", the first time you connect to a View Connection Server (VCS) you will be prompted with.

Cannot verify the identity of the server you have contacted. Your credentials will not be secure. Contact your administrator to ask if this server can be trusted.

If you click continue then that View Connection Server's certificate is cached in the Trusted View Connection Server cache. When you connect to that server in the future, the certificate presented will be compared to the certificate in the PCoIP Zero Client cache. If the certificate presented by the server does not match that of the cache, you will get the error message. This typically occurs when the old certificate expires and a new self signed certificate is used. Or the self signed certificate is replaced with one signed by a Certificate Authority.

Failed to Connect. The server provided a certificate that does not match the certificate that the server previously used. Contact your administrator for more details.

 

Resolution

Notice in my screenshot below my View Connection Server is gssvcs72.terase.local and I also show a cached connection for the VCS, that means that at some point the server was connected to and certificate cached. (PCoIP Zero Client AWI - Configuration \u2192 Session. Show Advanced Options)

There are a number of ways around this issue:

  • Ensure correct valid certificate for the View Connection Server is uploaded into the zero client certificate store - Recommended
  • Clear the Trusted View Connection Server and retry
  • Change the certificate check mode to - Do Not Verify Server Identity Certificates - Not Recommended, defeats the whole purpose of trusting connections.
  • Restore the zero client to a factory condition.