bjosoren's IT-Tech blog

IT-Tech blog about different tried and tested solutions based on vmware, microsoft, linux and more tips and tricks

VMware True SSO – Install and Set Up the Enrollment Server

Release date: December 13th 2020

Welcome to my VMware True SSO (single sign-on) series. In this sub-section I will describe how I installed and set up the VMware Horizon Enrollment server. In short terms, I run the VMware Horizon Connection server installer on a stand alone server. According to the official VMware documentation, I could have installed this on my CA server, but I have chosen to install a stand alone server for this purpose, as I have my CA on a domain controller, and that is NOT recommenced. In a production environment I would recommend to read the documentation carefully in order to assure High-Availability on this service. Before I start my installation I adhere to the the following prerequisites for my True SSO Server:

A domain joined MS Windows server without any other VMware Horizon components installed and at least 4 GB memory. I give this server a static IPv4 address and log with a user that has local administrative permissions. Before I continue I make sure the Windows Time service is correctly configured and set, as this is critical for this servers purpose.

Before I start my installation, I must request a new certificate from my CA using the Enrollment Agent (Computer) template I created in my previous session. I start MMC, add Certificates Snap-In…(This can also be done by running certlm.msc)

I start by requesting a new certificate from the Enrollment Agent template…

Next, I install Enrollment Server using the install media I downloaded from My VMware

I launch the Installation Wizard, Next

I Accept the license terms, Next

I accept the default destination folder, Next

I select Horizon Enrollment Server from the Installation Options, Next

I will let the installer configure the Windows Firewall automatically for me, Next

Install

Once the installer finishes successfully, Finish.

That completes the installation of my Enrollment Server and I can continue with Exporting the Enrollment Service Client Certificate from the Connection server and import this on my Enrollment Server, this I have covered here:  Export and import of the Enrollment Service Client Certificate

My VMware True SSO Lab Set Up

VMware Horizon (2006) documentation: Setting Up True SSO

VMware Workspace ONE and VMware Horizon Reference Architecture

Disclaimer: Every tips/tricks/posting I have published here, is tried and tested in different it-solutions. It is not guaranteed to work everywhere, but is meant as a tip for other users out there. Remember, Google is your friend and don’t be afraid to steal with pride! Feel free to comment below as needed.

%d bloggers like this: