vCenter 6.5 Enhanced Authentication Plugin Not Working

Hi all – a new issue has cropped up in the latest (or later) versions of Chrome involving the vCenter Server Enhanced Authentication Plugin.  When navigating to your vCenter Web Client (Flash) page, the browser no longer allows you to check the “Use Windows session authentication” box.  This is, of course, with the assumption that you’ve already installed the plugin and it was previously working.

See the image below:


This turns out to be an issue with self-signed certificates involved with the plugin service itself.  If you press your F12 key while on the https://[vcenter]/vsphere-client/?csp site, you’ll find that behind the scenes Chrome is complaining about a bad cert:

To fix this, you just need to navigate to https://vmware-plugin:8094 and Advanced and then Proceed.

Note:  For this who are interested, the reason your machine is able to resolve https://vmware-plugin is because during the installation of the plugin your hosts file is manipulated to point vmware-plugin to 127.0.0.1

Once you’ve done this, you’ll be able to check the Use Windows session authentication box and carry on as you had previously.  I am not which release of Chrome broke this functionality (for the better, honestly) but I noticed it around Version 58.0.3029.110.

The truth is VMware needs to reissue a certificate that is valid and I am sure they’ll be doing that with the next vCenter announcement.

Let me know if you guys have any issues performing these steps!

Thanks for reading!

Author: Jon

Share This Post On

19 Comments

  1. Some feedback on Webclient running vcsa 6.0 :
    The only browser capable of using Weblclient for vcsa 6.0 , including integrated windows authentication is google chrome.

    I’ve read that NPAPI was dropped on all three mainstream navigators and as Webclient 6.0 was not written in html 5, some NPAPI (to display web/audio content) does not function.
    Installing flash player (with NPAPI support) is a requirement though.

    Post a Reply
    • That’s not even close to accurate. I use it on Firefox all the time.

      Post a Reply
  2. Thanks for this post. There was an additional item to do for FireFox Quantum (version 60) – go to the vCenter’s FQDN in the browser and click the link at the bottom right “Download trusted root CA certificates”. Install the 2 CRT files in the Local Machine in the Trusted Root Certificate Authorities store. Then following your instructions finally got the integration plugin to work.

    Post a Reply
  3. worked like charm 🙂

    Post a Reply
  4. Great spot. Thank you do much for this, Firefox now working, yay!!

    Post a Reply
  5. Thanks.
    Helped in Chrome and in Firefox.

    Post a Reply
  6. This does not work for me.. I have the lines in my host file but when i try to goto the url with or without the port it fails to load page.. doesnt matter if it is firefox or chrome. So not sure what else to try.. Any suggestions? I have confirmed it is installed so it just isnt working as you state it should

    Post a Reply
    • I think I figured out my issue with not being able to goto the url is that when I checked the VMware CIP Message Service was not running even though it was set to automatic. I switched it to auto(delayed) and started it and was able to goto the URL and approve the SSL..

      Post a Reply
      • Hello

        I have done everything that has been suggested here but I still got “This site can’t be reached”.
        Anyone that have some ideas ?

        Post a Reply
        • Have you tried different browsers?

          Post a Reply
          • Absolutely – just in a sort of broken state with all the support for plugins dropping lately.

        • i can’t connect either

          if i look at `netstat -at` i only see an (IPv6) entry for “[::1]:8094”; no “*:8094” nor “127.0.0.1:8094”

          i can point my browser to “[::1]:8094” and accept the certificate, but that doesn’t seem to help anything

          Post a Reply
      • How do I check to see if this is running or not?

        Post a Reply
        • I was just working on this issue and found this site with the URL https://vmware-plugin. It pointed me into the right direction and checked if I have the issue with or without my proxy activated. We use a pac file for the Proxy-Config and it’s working fine now since I added this line: shExpMatch(host, “vmware-plugin”)) { return DIRECT; }

          Maybe it help somebody…

          Post a Reply
  7. Very useful. Thank you.

    Post a Reply

Trackbacks/Pingbacks

  1. vCenter 6.5 Enhanced Authentication Plugin not working – $bLOG - […] www.jonkensy.com Author FabianPosted on 2017-08-09Categories VMwareTags cip, eap, vcenter, […]

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.