Hi Justin,

I've just upgrade to vCenter server 6 in my lab environment and now I'm not anymore able to access the vSphere Web Client 6 behind my apache reverse proxy. Looks like the flash web client has the internal URL "hard coded" somewhere... I'm able to download the flash content behind the reverse proxy but then it redirects me to the internal URL / websso address (so actually it's working using the reverse proxy from LAN but not from outside since the internal DNS is not resolved...)

I've tried to look for any vmrc conf file but where not able to find any...

Any idea where this vmrc could be in vSphere 6 ?

Thanks in advance !

Hello,

No one else here facing the same issue with vSphere 6 ?

Any chance you updated to vCenter 6 and know the workaround for that version as well ?

Cheers,

Yes, I have the same issue. My workaround has been change the hostname file that is located at /etc/vmware-sso/ with the external hostname of the server and change the reverse proxy to point to https://server_ip/  (In 5.5 I had https://server_ip:9443)

Can you provide some more detail on how you configured your reverse proxy? Did you also have to configure any portforwarding, except for to your proxyserver?

I have the following configuration in Apache on Ubuntu where 192.168.1.195 is my vCenter Appliance 6:

SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off


ProxyPass /vmware https://192.168.1.195
ProxyPassReverse /vmware https://192.168.1.195

Hi, this is mi configuration:

<VirtualHost _default_:443>
        ServerAdmin xxx
        ServerName xxx
        SSLEngine on
        SSLCertificateFile    xxx
        SSLCertificateKeyFile xxx
        
        SSLProxyEngine on
        SSLProxyVerify none 
        SSLProxyCheckPeerCN off
        SSLProxyCheckPeerName off
        SSLProxyCheckPeerExpire off

        RewriteEngine On
        ProxyPreserveHost On
        
        
        DocumentRoot /var/www/html

        ErrorLog ${APACHE_LOG_DIR}/xxx.log
        CustomLog ${APACHE_LOG_DIR}/xxx_access.log combined

        
        <Location />            
            ProxyPass https://xxx/
            ProxyPassReverse https://xxx/
            SSLRequireSSL
            
            RedirectMatch permanent ^/$ https://xxx/vsphere-client/?csp
            RedirectMatch permanent ^/admin$ https://xxx/admin/
            RedirectMatch permanent ^/vami$ https://xxx/vami/
            RedirectMatch permanent ^/websso$ https://xxx/websso/
            RedirectMatch permanent ^/psc$ https://xxx/psc/
        </Location>

        <Location /vsphere-client/>
            ProxyPass https://yyy:9443/vsphere-client/
            ProxyPassReverse https://yyy:9443/vsphere-client/
            SSLRequireSSL
        </Location>
        
        <Location /admin/>
            ProxyPass https://yyy:5480/
            ProxyPassReverse https://yyy:5480/
            SSLRequireSSL
        </Location>
        
        <Location /vami/>
            ProxyPass https://yyy:5480/vami/
            ProxyPassReverse https://yyy:5480/vami/
            SSLRequireSSL
        </Location>
        
            
        BrowserMatch "MSIE [2-6]" \
                nokeepalive ssl-unclean-shutdown \
                downgrade-1.0 force-response-1.0
        # MSIE 7 and newer should be able to use keepalive
        BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown

    </VirtualHost>

Best Regards

Came across this thread today and seems to be similar to the issue I am having. I'm running ESX 6.0 update 2 and am trying to run the ESXi Embedded client behind an IIS reverse proxy (https://esx-host/ui/). With the reverse proxy, all is well, except that the Console functionality does not work, I receive a "failed to connect" notice. If I try to run the VMRC client instead, I get a 404 error. I'm thinking that a solution like the one "justin007" proposed would work for me, but I cannot find where the vrmc settings would be on the ESXi host. The console works fine if I access the embedded client by IP. Again, I'm running just the ESX embedded host, not vCenter. Anybody know where or what setting I need to adjust on the ESX host to get Console working in the Embedded client?

I attached what I'm seeing. Any thoughts would be appreciated.

seems from the Logs it's   making  "GET /vsphere-client/"   and once trying to login it's doing "POST /websso/SAML2/SSO/vsphere.local"

need maybe special handle for POST Actions?

downloaded now the latest Apache Proxy Source Code 2.4.20 and changed the worker names to 2000.

After "Log in to vSphere Webclient"    > i get Status 400 Error.  Now it's not related anymore regarding the long websso Link. now getting other error.

once placing the websso link into the passproxy as a test getting:

HTTP Status 500 - Request processing failed; nested exception is java.lang.IllegalStateException: Failed to return authentication policy object: for tenant vsphere.local?

org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.IllegalStateException: Failed to return authentication policy object: for tenant vsphere.local?SAMLRequest

Special Module Missing?

Wondering if that is Just Issues once using vCenter on Windows?!  As seeing someone got it working with Appliance Version.

But anyway. maybe anyone have a Clue for this error?

Best regards

Max