Citrix Xen Desktop (DDC) / Provisioning Server (PVS) & vSphere SDK

I’m sure many of you have run into an issue with setting up Citrix Xen Desktop (DDC). As i was setting up a new “Desktop Group” I ran into a problem when trying to configure the vCenter SDK address. The configuration wizard show you an example that looks say ‘For example, https://VirtualCetner.example.com/sdk” which is what you would expect to use and you would also expect it to work. Think again. When you try to setup your vCenter SDK address you will be presented with and error “The hosting infrastructure could not be reached at the specified address.” Citrix takes security serious so unless you plan on replacing the default SSL certificate on your vCenter server you will need to hack out a work around. Now I would agree that in production you should replace the default SSL but if your just trying to spin up a demo or test environment it can be a hassle.

So I searched the web over and over and found a number of threads with many of ways to resolve the issue only none of them seemed to work for me. However a combination of a number of things that I found did. So I’m here to save you the trouble of finding all of various pages with partial solutions. Below you will find exactly what you need to do to make this work.

First things first. You need to import the vCenter SSL certificate. You can do this by pointing your web browser to http://vcenterserver and installing the certificate. This is done differently for each browser. For IE you will receive a certificate error up to the right of the address bar and it will be highlighted Red. Click on it and choose to view the certificate and then choose to install it.

Then once you have completed that you will need to edit the c:Documents and SettingsAll UsersApplication DataVMwareVMware VirtualCenterproxy.xml on your vcenter server. Use wordpad not notepad when editing this pile to keep it properly formatted. In the proxy.xml file you will find a number of tags that look like the following:

httpsWithRedirect

These will need to be replaced with tags that look like the following, make sure you replace them all:

httpAndHttps

This will prevent the vCenter web interface from forcing http connections to redirect to https. Once you have completed these steps open internet explorer from your Xen Desktop (DDC) server and point your browser to http://vcenterserver/ and check to see if you can get to the vCenter web interface. Once you verified that it works now you can use this for the Hypervisor login information when creating a Desktop Group. You would use http://vCenerserver/sdk. I know what your thinking. If you disabled the forced usage of SSL and you are pointing to http when do you need to import the SSL certificate? I still have the same questions and I can only assume it has something to do with the way the SDK is accessed because without performing all of these steps I was unsuccessful in getting it to work.

I hope this helps a wayward XenDesktop admin trying to create a Desktop Group. If this saves you even 10 minutes you are well ahead of the game. I can across posting that said I had to copy the SDK folder, some said I needed to add an alias on the loca hosts file on the DDC server that aliased vmware to the vcenter server and that I needed to point to http://vmware/sdk, and a number of other crazy elaborate workarounds. Through trial and error as well as many snapshots I worked it out and this definitely works.

12 Replies to “Citrix Xen Desktop (DDC) / Provisioning Server (PVS) & vSphere SDK”

  1. Thanks A LOT, Sid. This worked like a charm. Side note (if it’s not already obvious), just remember to recycle your vCenter Services after making the change to the proxy.xml.

  2. Hi,

    This solution doesn’t work for my case. I have a Citrix DDC, Windows XP SP3 in a VMware ESX 3.5 server. when i try to create a desktop group it gives me the same error although abovementioned workaround already been tried for few times. Unintall and reinstall DDC and ESX servers still doesn’t go well.

    The only different is DDC is connecting to ESX 3.5 server directly without vCenter.

    Could you please help out?

  3. A simpler approach would be to import the cert into the Trusted People store. That’s all I had to do and it’s still using SSL as recommended.

Leave a Reply