vCenter 6.5 Enhanced Authentication Plugin Not Working

Hi all – a new issue has cropped up in the latest (or later) versions of Chrome involving the vCenter Server Enhanced Authentication Plugin.  When navigating to your vCenter Web Client (Flash) page, the browser no longer allows you to check the “Use Windows session authentication” box.  This is, of course, with the assumption that you’ve already installed the plugin and it was previously working.

See the image below:


This turns out to be an issue with self-signed certificates involved with the plugin service itself.  If you press your F12 key while on the https://[vcenter]/vsphere-client/?csp site, you’ll find that behind the scenes Chrome is complaining about a bad cert:

To fix this, you just need to navigate to https://vmware-plugin:8094 and Advanced and then Proceed.

Note:  For this who are interested, the reason your machine is able to resolve https://vmware-plugin is because during the installation of the plugin your hosts file is manipulated to point vmware-plugin to 127.0.0.1

Once you’ve done this, you’ll be able to check the Use Windows session authentication box and carry on as you had previously.  I am not which release of Chrome broke this functionality (for the better, honestly) but I noticed it around Version 58.0.3029.110.

The truth is VMware needs to reissue a certificate that is valid and I am sure they’ll be doing that with the next vCenter announcement.

Let me know if you guys have any issues performing these steps!

Thanks for reading!

Author: Jon

Share This Post On

6 Comments

  1. Great spot. Thank you do much for this, Firefox now working, yay!!

    Post a Reply
  2. Thanks.
    Helped in Chrome and in Firefox.

    Post a Reply
  3. This does not work for me.. I have the lines in my host file but when i try to goto the url with or without the port it fails to load page.. doesnt matter if it is firefox or chrome. So not sure what else to try.. Any suggestions? I have confirmed it is installed so it just isnt working as you state it should

    Post a Reply
    • I think I figured out my issue with not being able to goto the url is that when I checked the VMware CIP Message Service was not running even though it was set to automatic. I switched it to auto(delayed) and started it and was able to goto the URL and approve the SSL..

      Post a Reply
  4. Very useful. Thank you.

    Post a Reply

Trackbacks/Pingbacks

  1. vCenter 6.5 Enhanced Authentication Plugin not working – $bLOG - […] www.jonkensy.com Author FabianPosted on 2017-08-09Categories VMwareTags cip, eap, vcenter, […]

Submit a Comment

Your email address will not be published. Required fields are marked *

Share This
%d bloggers like this: