Skip to content
vJAL.nl
  • Partners
    • BDRSuite by Vembu
  • About me
  • Home
  • Search Icon
VMware Horizon View Blast Secure Gateway service is Paused

VMware Horizon View Blast Secure Gateway service is Paused

24 August 2020 Jesper Alberts Comments 11 comments

** Update December 2020 **
The link to the KB article is working again.

Last week a customer raised a support ticket who had an issue with their Connection Servers. They would end up with the VMware Horizon View Blast Secure Gateway service in a Paused state. This behavior occurred after replacing their current certificate, which was about to expire, for a new one.
Changing back to the original certificate solved the issue and everything would end up in a Running state again.

After getting access to the environment I started checking a couple of things:

  • The customer confirmed they used the right procedure when replacing a certificate
  • Remove the newly added certificate and added it again
  • Compared the old certificate with the new one and found no differences
  • Confirmed the private key was exportable, it was

I checked the Blast Secure Gateway logs (absg.log) located in C:\ \ProgramData\VMware\VDM\logs\Blast Secure Gateway\ which showed several lines with the following message:

keystoreutil.exe failed to load certificate from  [ 'windows-local-machine', 'MY', 'vdm' ] 1 Failed to acquire private key handle (error 2148073492)

Checked for any existing VMware KB articles… and bingo! VMware has a KB article online which has the title VMware Horizon View Blast Secure Gateway is in Paused status, so we’re done right?

Following the steps in the article should fill the newly created absg-stderr.log, but that remained empty even after a couple of reboots.
So I did what anyone would do at this point, reverse engineer the solution. Which meant checking if C:\Windows\System32 was available in the PATH environment variable, which unfortunately, it already was.

Due to time constraints, on both my end, the customers and a soon to be expired certificate, we decided to follow up VMware’s advice and contact VMware technical support.

VMware support to the rescue!

VMware technical support came back shortly after opening a support case and recommended to generate a new certificate based on the following KB article. My former colleague Jan Willem followed up on VMware’s advice, as I wasn’t available at that moment.

Generating a new certificate from scratch and replacing the expiring one now worked without any issues. In hindsight It’s hard to tell if something went wrong, or if someone made a mistake during the first attempt, but at least we made the deadline this time.

Just make sure you always start replacing/renewing certificates with plenty of time to spare, as you never know what unexpected issues you might experience!

Please follow and like us:
Tweet

Horizon
Certificates, Horizon, ITQ, Troubleshooting

Post navigation

PREVIOUS
Using the new Elevated Task feature in DEM to manage registry keys in HKLM
NEXT
September recap

11 thoughts on “VMware Horizon View Blast Secure Gateway service is Paused”

  1. Joey Ketels says:
    1 October 2020 at 10:44

    Certificates are always a joy to work with 😉

    Reply
    1. Jesper Alberts says:
      1 October 2020 at 19:32

      They sure are!

      Reply
  2. Nick says:
    15 October 2020 at 14:37

    Just a heads up, the link seems to go to a kb article that doesn’t exist and when doing a kb search for 2068666 it just says invalid page

    Reply
    1. Jesper Alberts says:
      15 October 2020 at 14:42

      Thanks for the heads up! It appears they pulled the article, even though other KB articles still refer to it.

      I’ll keep my eyes open and see if I can find an updated article.

      Reply
    2. Jesper Alberts says:
      28 December 2020 at 10:46

      Hi Nick, the KB article has been restored!

      Reply
  3. Tristan Kekermans says:
    2 February 2021 at 12:30

    Hi,

    Thanks for your blog post.
    It was probably the first certificate that didn’t had the “Make private key exportable” checked.

    Reply
    1. Jesper Alberts says:
      2 February 2021 at 14:51

      Glad it was of use to you!

      Reply
  4. another Nick says:
    23 October 2021 at 19:32

    Tristan Kekermans was correct. When I updated the certificate, I didn’t tick that checkbox…results in a “paused” state after I restarted the service.

    Taking the hint, I re-imported the same certificate, this time ticked the checkbox, and the service came up!

    Reply
    1. Jesper Alberts says:
      23 October 2021 at 19:34

      Glad you’re up and running again!

      Reply
  5. Morgan Foust says:
    23 November 2021 at 21:35

    The VMware documentation on certificate replacement leaves out an important wrinkle. When you create a CSR from a Microsoft Windows server you must select “Legacy key.” The default choice when Windows presents the certificate request dialog box is “CNG key,” which is not compatible with Horizon.

    If you attempt to use a CNG key, Horizon will throw the same error in absg.log as it does if your private key is nonexportable (Failed to acquire private key handle error 2148073492). It will also throw that error if the Horizon Blast Secure Gateway does not have permissions to the private key, but that’s a less common failure condition.

    Reply
  6. Stephen says:
    1 December 2021 at 17:20

    Thanks for the post. This helped solve my issue with the service being paused.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Let’s stay in touch!

Twitter
LinkedIn

Blog sponsors

Recent Posts

  • Introducing BDRSuite v5.5.0 [sponsored]
  • Vembu Backup for Endpoints [sponsored]
  • Renewing your NVIDIA licenses on the DLS appliance
Avatar Jesper Alberts @jesperalberts ·
19h

De volgende editie van de #vEUCTechCon komt snel dichterbij! De CfP is de gehele maand april geopend, zodat je tijdig weet of je op dit te gekke event mag presenteren. Zo heb je voldoende tijd om een kickass sessie voor te bereiden! 😉

vEUC TechCon @vEUCtechcon

Nu we een nieuwe look hebben, zijn we ook op zoek naar nieuwe content voor de volgende editie van de #vEUCTechCon! De CfP is geopend en we hopen ook dit jaar weer te gekke content te ontvangen. Jouw sessie indienen? Dat kan hier: https://www.papercall.io/veuctechcon2023 #vExpert #EUC

Reply on Twitter 1641015191725912064 Retweet on Twitter 1641015191725912064 Like on Twitter 1641015191725912064 3 Twitter 1641015191725912064
Avatar Jesper Alberts @jesperalberts ·
27 Mar

My website was being nuked with sign in attempts for the past couple of days. Time to up its security posture and move everything to @Cloudflare. Thanks to @technicalvguy for the help! #vExpert

Reply on Twitter 1640416061680959500 Retweet on Twitter 1640416061680959500 Like on Twitter 1640416061680959500 6 Twitter 1640416061680959500
Avatar Jesper Alberts @jesperalberts ·
24 Mar

I hate the feeling of going into the weekend without having solved an issue on which I’ve spent the last two days.

Reply on Twitter 1639317298669404193 Retweet on Twitter 1639317298669404193 Like on Twitter 1639317298669404193 4 Twitter 1639317298669404193
Avatar Jesper Alberts @jesperalberts ·
11 Mar

This nightly #VCDX thing isn't my thing. I had only one cup of coffee, and my eyes finally adapted to the brightness. My mind hasn't, if I type branch officers instead of offices one more time, I swear I'll start screaming. #OneNightofVCDX

Reply on Twitter 1634425824358150144 Retweet on Twitter 1634425824358150144 Like on Twitter 1634425824358150144 14 Twitter 1634425824358150144
Avatar Jesper Alberts @jesperalberts ·
11 Mar

I was planning on upping my #VCDX game to a whole new level for the coming weeks. Though I wasn't sure this meant sitting behind my computer at 4:30 in the night.

Reply on Twitter 1634401730396815361 Retweet on Twitter 1634401730396815361 Like on Twitter 1634401730396815361 7 Twitter 1634401730396815361
Load More

Archives

  • December 2022
  • October 2022
  • August 2022
  • July 2022
  • June 2022
  • March 2022
  • August 2021
  • January 2021
  • October 2020
  • August 2020

Categories

  • BCDR
  • Certification
  • Dynamic Environment Manager
  • Horizon
  • NVIDIA vGPU
  • Partners
  • Personal
  • PowerCLI
  • Secure Email Gateway
  • UAG
  • Uncategorized

Tags

Back-up BCDR Certificates Certification DEM Dynamic Environment Manager Horizon Identity Manager ITQ Job Licensing Microsoft 365 NVIDIA Personal PowerCLI Replication SEG SEGv2 SSL SSLLABS Troubleshooting True SSO UAG Upgrading VCAP VCIX Vembu vGPU VMware Tools VMware vSphere Workspace One Access
© 2023   All Rights Reserved.
Manage Cookie Consent
To provide the best experiences, we use technologies like cookies to store and/or access device information. Consenting to these technologies will allow us to process data such as browsing behavior or unique IDs on this site. Not consenting or withdrawing consent, may adversely affect certain features and functions.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
Preferences
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
Statistics
The technical storage or access that is used exclusively for statistical purposes. The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
Marketing
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.
Manage options Manage services Manage vendors Read more about these purposes
View preferences
{title} {title} {title}