Skip to content
vJAL.nl
  • Partners
    • Vembu
  • About me
  • Home
  • Search Icon
VMware Horizon View Blast Secure Gateway service is Paused

VMware Horizon View Blast Secure Gateway service is Paused

24 August 2020 Jesper Alberts Comments 11 comments

** Update December 2020 **
The link to the KB article is working again.

Last week a customer raised a support ticket who had an issue with their Connection Servers. They would end up with the VMware Horizon View Blast Secure Gateway service in a Paused state. This behavior occurred after replacing their current certificate, which was about to expire, for a new one.
Changing back to the original certificate solved the issue and everything would end up in a Running state again.

After getting access to the environment I started checking a couple of things:

  • The customer confirmed they used the right procedure when replacing a certificate
  • Remove the newly added certificate and added it again
  • Compared the old certificate with the new one and found no differences
  • Confirmed the private key was exportable, it was

I checked the Blast Secure Gateway logs (absg.log) located in C:\ \ProgramData\VMware\VDM\logs\Blast Secure Gateway\ which showed several lines with the following message:

keystoreutil.exe failed to load certificate from  [ 'windows-local-machine', 'MY', 'vdm' ] 1 Failed to acquire private key handle (error 2148073492)

Checked for any existing VMware KB articles… and bingo! VMware has a KB article online which has the title VMware Horizon View Blast Secure Gateway is in Paused status, so we’re done right?

Following the steps in the article should fill the newly created absg-stderr.log, but that remained empty even after a couple of reboots.
So I did what anyone would do at this point, reverse engineer the solution. Which meant checking if C:\Windows\System32 was available in the PATH environment variable, which unfortunately, it already was.

Due to time constraints, on both my end, the customers and a soon to be expired certificate, we decided to follow up VMware’s advice and contact VMware technical support.

VMware support to the rescue!

VMware technical support came back shortly after opening a support case and recommended to generate a new certificate based on the following KB article. My former colleague Jan Willem followed up on VMware’s advice, as I wasn’t available at that moment.

Generating a new certificate from scratch and replacing the expiring one now worked without any issues. In hindsight It’s hard to tell if something went wrong, or if someone made a mistake during the first attempt, but at least we made the deadline this time.

Just make sure you always start replacing/renewing certificates with plenty of time to spare, as you never know what unexpected issues you might experience!

Please follow and like us:
Tweet

Horizon
Certificates, Horizon, ITQ, Troubleshooting

Post navigation

PREVIOUS
Using the new Elevated Task feature in DEM to manage registry keys in HKLM
NEXT
September recap

11 thoughts on “VMware Horizon View Blast Secure Gateway service is Paused”

  1. Joey Ketels says:
    1 October 2020 at 10:44

    Certificates are always a joy to work with 😉

    Reply
    1. Jesper Alberts says:
      1 October 2020 at 19:32

      They sure are!

      Reply
  2. Nick says:
    15 October 2020 at 14:37

    Just a heads up, the link seems to go to a kb article that doesn’t exist and when doing a kb search for 2068666 it just says invalid page

    Reply
    1. Jesper Alberts says:
      15 October 2020 at 14:42

      Thanks for the heads up! It appears they pulled the article, even though other KB articles still refer to it.

      I’ll keep my eyes open and see if I can find an updated article.

      Reply
    2. Jesper Alberts says:
      28 December 2020 at 10:46

      Hi Nick, the KB article has been restored!

      Reply
  3. Tristan Kekermans says:
    2 February 2021 at 12:30

    Hi,

    Thanks for your blog post.
    It was probably the first certificate that didn’t had the “Make private key exportable” checked.

    Reply
    1. Jesper Alberts says:
      2 February 2021 at 14:51

      Glad it was of use to you!

      Reply
  4. another Nick says:
    23 October 2021 at 19:32

    Tristan Kekermans was correct. When I updated the certificate, I didn’t tick that checkbox…results in a “paused” state after I restarted the service.

    Taking the hint, I re-imported the same certificate, this time ticked the checkbox, and the service came up!

    Reply
    1. Jesper Alberts says:
      23 October 2021 at 19:34

      Glad you’re up and running again!

      Reply
  5. Morgan Foust says:
    23 November 2021 at 21:35

    The VMware documentation on certificate replacement leaves out an important wrinkle. When you create a CSR from a Microsoft Windows server you must select “Legacy key.” The default choice when Windows presents the certificate request dialog box is “CNG key,” which is not compatible with Horizon.

    If you attempt to use a CNG key, Horizon will throw the same error in absg.log as it does if your private key is nonexportable (Failed to acquire private key handle error 2148073492). It will also throw that error if the Horizon Blast Secure Gateway does not have permissions to the private key, but that’s a less common failure condition.

    Reply
  6. Stephen says:
    1 December 2021 at 17:20

    Thanks for the post. This helped solve my issue with the service being paused.

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Let’s stay in touch!

Twitter
LinkedIn

Blog sponsors

Recent Posts

  • Renewing your NVIDIA licenses on the DLS appliance
  • What’s new in Vembu BDRSuite 5.3 [sponsored]
  • Using BDRSuite to restore your on-premises virtual machines to Azure [sponsored]
Retweet on Twitter Jesper Alberts Retweeted
itq ITQ @itq ·
16 Aug

Remember these shirts we gave away at #VMworld?

In the coming days we will reveal the 2022 @VMwareExplore shirt our EUC team has been working on! Be sure to follow us to get a chance to receive one!

@VMware @WorkspaceONE
#ITQlife
#TheYearOfVDI
#StorageThings
#WorkspaceONE

Reply on Twitter 1559481406979448834 Retweet on Twitter 1559481406979448834 9 Like on Twitter 1559481406979448834 19 Twitter 1559481406979448834
jesperalberts Jesper Alberts @jesperalberts ·
16 Aug

I might be biased, but you don't want to miss: Tales From the Trenches: How the VMware Anywhere Workspace Exceeds Employees' Expectations [EUSB2407EUR]
A birdie told me the speakers are awesome! #vExpert #ITQlife

Maarten Van Driessen @mvandriessen

The @VMwareExplore content catalog for Europe is online now! Make sure you go through all the sessions! https://event.vmware.com/flow/vmware/explore2022eu/content/page/catalog #vExpert

Reply on Twitter 1559437182984749057 Retweet on Twitter 1559437182984749057 2 Like on Twitter 1559437182984749057 6 Twitter 1559437182984749057
Retweet on Twitter Jesper Alberts Retweeted
vhojan Johan van Amersfoort (prepping for VMware Explore) @vhojan ·
15 Aug

Want to know which EUC session to attend at @VMwareExplore US?
Check out my latest blogpost about Anywhere Workspace and check the sessions that you don't want to miss!

@VMware @vmwarehorizon @WorkspaceONE @VMwareSASE
#ITQlife #VmwareExplore

https://vhojan.nl/vmware-anywhere-workspace-at-vmware-explore/

Reply on Twitter 1559075171168038912 Retweet on Twitter 1559075171168038912 10 Like on Twitter 1559075171168038912 16 Twitter 1559075171168038912
jesperalberts Jesper Alberts @jesperalberts ·
11 Aug

Watch this lightboard video with @D_Sigmond and me to learn more about Multi-Instance Management with App Volumes and what it can provide you for your environment! #vExpert #vExpertEUC #ITQlife

ITQ @ITQ

Watch our new Lightboard video with @jesperalberts and @D_Sigmond!

In this video, Dennis and Jesper explain how you can scale your App Volumes environment using the latest features available. And even more!

https://lnkd.in/eG9wAg7P

#VMware #AppVolumes #StorageGroups

Reply on Twitter 1557641056270925824 Retweet on Twitter 1557641056270925824 6 Like on Twitter 1557641056270925824 10 Twitter 1557641056270925824
Retweet on Twitter Jesper Alberts Retweeted
virtualquebec Allan Trambouze @virtualquebec ·
9 Aug

How VMware can Secure Mobile Endpoints with Threat Defense (MTD) https://dy.si/h1uXtJ

Reply on Twitter 1557003756881195010 Retweet on Twitter 1557003756881195010 1 Like on Twitter 1557003756881195010 1 Twitter 1557003756881195010
Load More

Archives

  • August 2022
  • July 2022
  • June 2022
  • March 2022
  • August 2021
  • January 2021
  • October 2020
  • August 2020

Categories

  • BCDR
  • Certification
  • Dynamic Environment Manager
  • Horizon
  • NVIDIA vGPU
  • Partners
  • Personal
  • PowerCLI
  • Secure Email Gateway
  • UAG
  • Uncategorized

Tags

Back-up BCDR Certificates Certification DEM Dynamic Environment Manager Horizon Identity Manager ITQ Job Licensing Microsoft 365 NVIDIA Personal PowerCLI Replication SEG SEGv2 SSL SSLLABS Troubleshooting True SSO UAG Upgrading VCAP VCIX Vembu vGPU VMware Tools VMware vSphere Workspace One Access
© 2022   All Rights Reserved.