Hi all,
There are 2 UAG directly connected to a 1-1 Connection server. The certificate on UAG will expire shortly. The Cert exchange went smoothly, however, to our greatest surprise, the Certificate check mode in the Horizon client had to be changed from the previously used Thumbprint verification to PKI verification. If I leave it on the Thumbprint verification used so far, the client receives the following error message after entering the credentials: "The Horizon server authentication failed. The tunnel server presented a certificate that doesn't match the expected certificate."
However, if I switch it to PKI verification, it will work again. Has anyone encountered this? What can cause this, that the certificate verification must be changed after the cert replace? The same server is signing the cert as before. We do not understand. Could the previous thumbprint be stuck somewhere, for example in ADAM?
The error also occurs through the load balancer and bypassing the load balancer, so the error may not be in the load balancer. The error does not appear when connecting directly to the connection server.
Thanks for commenting,
Mark