VMware Cloud Community
Michael_Rudloff
Enthusiast
Enthusiast

vRA 6.2.1 Using Identity Appliance: "Use Windows session authentication" // Not working

I think this is happening since the early days and I thought I read that this has been fixed already, but it doesn't seem to be the case.

I read through some of the threads here and it seem people experience different problems with this, so please excuse me if this has been covered already.

This particular vRA infrastructure uses the Identity Appliance for SSO rather than the vCenter one.

When browsing to the vRA interface you can see the neat tickbox to use the Windows credentials

winca_79.jpg

When you tick it though, User name and Password remain empty, which as a result causes the login to fail

winca_80.jpg

I had a look at both VMware KBs: 2090617 & 2058298

KB2090617 seem to be the one coming closest to the problem although my environment does not use any CNAME records.


Just to confirm, the Identity Appliance is indeed in AD


winca_85.jpg

So I created two SPNs, not just for HTTP as mentioned in the KB, but for HTTPS as well

setspn -S HTTP/vra621-ident.vspherelab.co.uk VRA621-IDENT

setspn -S HTTPS/vra621-ident.vspherelab.co.uk VRA621-IDENT

Which are "in"

winca_86.jpg

None of it makes a difference. Ticking the Windows Credentials still ends up with empty User name and Password boxes with failed logins.

Using the credentials manually works and the Client Integration Plugin is enabled as well.

I tried several different values to no avail.

Could someone please point me into the right direction ?

Thanks.

___ My own knowledge base made public: http://open902.com
Reply
0 Kudos
3 Replies
admin
Immortal
Immortal

I am using the identity appliance 2.2.1.0 Build 2496259 and the VMware client integration plugin works with vRA 6.2.1. When I first installed the plugin, there was a pop up that asked me to allow the plugin to run and I had to select 'allow',. I am wondering the plugin is being blocked somehow in the web browser, or there are some security settings in the browser that stopped the popup asking you to allow it to talk back to the identity appliance.

You could try to uninstall the VMware client integration plugin from add remove programs, remove any VMware plugins used in the browser and check that there is nothing blocking popups in the browser. Then, re-install the VMware client integration plugin and see if this helps.


Or you could try another browser - I am using Firefox. I've never had to configure any SPN's for the identity appliance.

Oli

Reply
0 Kudos
Michael_Rudloff
Enthusiast
Enthusiast

The pop-up did show up and is allowed. I tried multiple browsers (IE, Chrome, FF) to no avail.

So the tick-box works for you then ?

___ My own knowledge base made public: http://open902.com
Reply
0 Kudos
crawfordm
Expert
Expert

Which version of the client integration plugin do you have installed?  I ran into the same issue.  I had the 5.5 version installed.  I installed the 6.0 version and everything worked good in IE & Firefox.  In chrome you have to enable NPAPI Chrome 42 breaks the vSphere Web Client Integration Plugin

------------------------------------------------------------------ If you found this answer useful please consider the use of the Helpful or Correct buttons to award points. Thanks, Marc Crawford CCNA, MCSE, MCTS, A+, Net+, Sec +, VCA-WM, VCA-DCV, VCA-Cloud, VCA-NV, VCP-NV, VCP-DCV, VCP, VCAP5-DCA http://gplus.to/marccrawford http://blog.marccrawford.com @uber_tech_geek
Reply
0 Kudos