Operational Defect Database
BugZero updated this defect 51 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
VMware | 93115
Horizon OCSP based revocation check doesn't work in FIPS installation
Last update date:
3/29/2024
Affected products:
Horizon
Affected releases:
No affected releases provided.
Fixed releases:
No fixed releases provided.
Description:
Symptoms
Connection Server is installed in FIPS modeAfter configuring OCSP certificate revocation checking on the Connection Server via the locked.properties file and restarting services, the Horizon View Security Gateway Component service crashes and fails to start.Connection Server logs show the following: Location of Horizon View log files (1027744) 2023-03-07T20:55:55.421+05:30 TRACE (1188-17FC) <Thread-1> [bi] Found property "enableRevocationChecking" in: locked.properties 2023-03-07T20:55:55.422+05:30 DEBUG (1188-17FC) <Thread-1> [x] Initialising Revocation checker 2023-03-07T20:55:55.439+05:30 TRACE (1188-17FC) <Thread-1> [JCA] ! CertificateFactory(X.509) -> BCFIPS 2023-03-07T20:55:55.441+05:30 DEBUG (1188-17FC) <Thread-1> [RevocationCheck] Revocation checking: setting useCertCRLs = true 2023-03-07T20:55:55.441+05:30 TRACE (1188-17FC) <Thread-1> [bi] Found property "enableOCSP" in: locked.properties 2023-03-07T20:55:55.452+05:30 ERROR (1188-17FC) <Thread-1> [Ice] ICE start com.vmware.vdi.logger.Logger.fatal(Logger.java:104) java.lang.NoClassDefFoundError: org/bouncycastle/jce/provider/BouncyCastleProvider 2023-03-07T20:55:55.466+05:30 ERROR (1188-17FC) <Thread-1> [JMXServer] Could not start the Ice Server MBean com.vmware.vdi.logger.Logger.fatal(Logger.java:104) javax.management.MBeanException: java.lang.Exception: ICE Start: org/bouncycastle/jce/provider/BouncyCastleProvider
Cause
The check for FIPS mode is missing while loading the BouncyCastleProvider causing the service to crash.
Resolution
The issue has been resolved in Horizon 2303 (8.9)
