Hi Guys,
we want to switch from VMware security server to VMware UAG 3.0, but we are unable to get the Radius Authentication working.
In the authbroker.log we could see following....
08/01 16:18:08,293[localhost-startStop-1]ERROR rsaaaAdapter.RSAAAIdpAdapter: Failed to parse hostname.
08/01 16:19:10,451[Timer-8]WARN sockjs.SockJSService: Failed to fetch connector for 1@AP. May retry later.
08/01 16:20:10,453[Timer-9]WARN sockjs.SockJSService: Failed to fetch connector for 1@AP. May retry later.
Can this be an ssue?
Hello,
What are the errors when connecting to the desktop through radius authentications?
here is a extract of esmanager.log.
I changed the domain name and public ip address.
************************************
08/04 14:57:13,966[nioEventLoopGroup-36-1]DEBUG request.DoSubmitAuthenticationRequestProcessor[processXmlString: 115][69acfd6e-4cc9-402e-9549-8294d15fd8fc]: current auth method:radius-auth
08/04 14:57:13,966[nioEventLoopGroup-36-1]DEBUG request.RadiusAuthentication[doSubmit: 129][69acfd6e-4cc9-402e-9549-8294d15fd8fc]: Doing Radius authentication
08/04 14:57:13,966[nioEventLoopGroup-36-1]INFO request.BaseAuthentication[checkSendSamlAssertion: 106][69acfd6e-4cc9-402e-9549-8294d15fd8fc]: The samlSP name: null
08/04 14:57:13,966[nioEventLoopGroup-36-1]DEBUG request.RadiusAuthentication[doSubmit: 148][69acfd6e-4cc9-402e-9549-8294d15fd8fc]: Attempt #0
08/04 14:57:13,967[nioEventLoopGroup-36-1]DEBUG authbrokerclient.AuthBrokerClient[login: 326][69acfd6e-4cc9-402e-9549-8294d15fd8fc]: submitting urn:vmware:names:ac:classes:radius request to authbroker for SP null
08/04 14:57:24,832[QueryBroker]DEBUG client.HttpClient[sendWithRetry: 282][]: Send with max retries count:3
08/04 14:57:24,833[nioEventLoopGroup-4-1]DEBUG client.HttpClient[operationComplete: 260][]: Connect succeeded
08/04 14:57:24,916[nioEventLoopGroup-4-1]DEBUG view.ViewEdgeService[updateBrokerInfo: 271][]: information from HORIZON broker: version=14.0, GUID=df56fa79-e322-426d-927c-e791fe8770f0, domains=[mydomain], gssDomain=VIEWCBR3$@mydomain.de
08/04 14:57:56,497[Monitoring]DEBUG manager.EdgeServiceManager[getStats: 377][]: Running edge services: {VIEW=com.vmware.euc.gateway.products.view.ViewEdgeService@1f980545}
08/04 14:57:56,500[Monitoring]DEBUG view.ViewEdgeService[getStats: 424][]: calling get stats for VIEW
08/04 14:57:56,500[Monitoring]DEBUG view.ViewEdgeService[getStats: 435][]: calling get stats for PSG
08/04 14:57:56,500[Monitoring]DEBUG psg.PsgManager[getStats: 704][]: Client connected
08/04 14:57:56,500[Monitoring]DEBUG psg.PsgManager[attemptToSendMsgAsync: 570][]: Sending GetCountersRequest with id 4264 to server
08/04 14:57:56,500[nioEventLoopGroup-32-1]DEBUG psg.PsgManager[operationComplete: 576][]: Successfully wrote GetCountersRequest with id 4264 to server
08/04 14:57:56,501[nioEventLoopGroup-32-1]DEBUG handler.PsgResponseHandler[channelRead0: 41][]: Received response of type GetCountersResponse for request id 4264
08/04 14:57:56,501[nioEventLoopGroup-32-1]DEBUG psg.PsgManager[onSuccess: 713][]: response for getMaxSessionCountSinceReset =0
08/04 14:57:56,502[nioEventLoopGroup-32-1]DEBUG psg.PsgManager[onSuccess: 715][]: response for getSessionsCount =0
08/04 14:57:56,502[Monitoring]DEBUG view.ViewEdgeService[getStats: 442][]: Got response for PSG with status RUNNING
08/04 14:57:56,502[Monitoring]DEBUG view.ViewEdgeService[getStats: 435][]: calling get stats for BSG
08/04 14:57:56,503[Monitoring]DEBUG bsg.BsgManager[lambda$getStats$1: 814][]: key values = <num_sessions>0</num_sessions>
08/04 14:57:56,503[Monitoring]DEBUG bsg.BsgManager[lambda$getStats$1: 814][]: key values = <num_active_sessions>0</num_active_sessions>
08/04 14:57:56,503[Monitoring]DEBUG view.ViewEdgeService[getStats: 442][]: Got response for BSG with status RUNNING
08/04 14:57:56,503[Monitoring]DEBUG view.ViewEdgeService[getStats: 435][]: calling get stats for tunnel
08/04 14:57:56,506[Monitoring]DEBUG view.ViewEdgeService[getStats: 442][]: Got response for tunnel with status RUNNING
08/04 14:57:56,506[Monitoring]DEBUG view.ViewEdgeService[getStats: 435][]: calling get stats for UTServer
08/04 14:57:56,506[Monitoring]DEBUG view.ViewEdgeService[getStats: 442][]: Got response for UTServer with status RUNNING
08/04 14:57:56,506[Monitoring]DEBUG view.ViewEdgeService[healthCheckBroker: 217][]: Backend Host:https://view.mydomain.de:443
08/04 14:57:56,673[Monitoring]DEBUG manager.EdgeServiceManager[lambda$getStats$4: 400][]: Edge service status:VIEW, with status:RUNNING, with backend status:RUNNING
08/04 14:58:19,036[jersey-client-async-executor-8]DEBUG request.DoSubmitAuthenticationRequestProcessor[onPartialSuccess: 136][69acfd6e-4cc9-402e-9549-8294d15fd8fc]: Partial success
08/04 14:58:19,038[nioEventLoopGroup-36-1]DEBUG proxy.HttpsProxyInterceptorHandler[processResponseCookies: 376][69acfd6e-4cc9-402e-9549-8294d15fd8fc]: cookiesToBeCached:[none]
08/04 14:58:19,038[nioEventLoopGroup-36-1]DEBUG proxy.HttpsProxyInterceptorHandler[processResponseCookies: 378][69acfd6e-4cc9-402e-9549-8294d15fd8fc]: Not processing response cookies as cookiesToBeCached contains none :[]
08/04 14:58:19,038[nioEventLoopGroup-36-1]DEBUG proxy.HttpsProxyInterceptorHandler[processInterceptor: 147][69acfd6e-4cc9-402e-9549-8294d15fd8fc]: Processing full http response:DefaultFullHttpResponse(decodeResult: success, version: HTTP/1.1, content: UnpooledUnsafeHeapByteBuf(ridx: 0, widx: 363, cap: 512))
HTTP/1.1 200 OK
Content-Length: 363
Content-Type: text/xml;charset=UTF-8
08/04 14:58:19,039[nioEventLoopGroup-36-1]DEBUG proxy.HttpsProxyInterceptorHandler[log: 54][69acfd6e-4cc9-402e-9549-8294d15fd8fc]: ResponseWrite: 200 OK
08/04 14:58:19,039[nioEventLoopGroup-36-1]DEBUG proxy.HttpsProxyInterceptorHandler[logByteBufHolder: 81][69acfd6e-4cc9-402e-9549-8294d15fd8fc]: ResponseWrite: 363 bytes
|<?xml version="1.0" encoding="UTF-8" standalone="no"?>.<broker version="11.0">.<submit-authentication>.<result>error</result>.<error-code>AU|
|THENTICATION_FAILED</error-code>.<error-message>Fehler bei der Authentifizierung</error-message>.<user-message>Die maximale Anzahl an Anmeld|
|eversuchen wurde ..berschritten.</user-message>.</submit-authentication>.</broker>. |
08/04 14:58:19,040[nioEventLoopGroup-36-1]DEBUG proxy.HttpsProxyInterceptorHandler[operationComplete: 225][69acfd6e-4cc9-402e-9549-8294d15fd8fc]: ResponseWrite: Successfully wrote response to client, closing=false
08/04 14:58:41,110[nioEventLoopGroup-36-1]DEBUG session.SessionRequestHandler[getSession: 77][69acfd6e-4cc9-402e-9549-8294d15fd8fc]: Request cookie header CID=AgAAADMMInhofnUomtMQs4ZtAE8=; JSESSIONID=0930****************************; clientInfo=eyJhY2NlcHRMYW5ndWFnZSI6ImRlLURFLGRlO3E9MC44LGVuLVVTO3E9MC42LGVuO3E9MC40IiwiY2xpZW50VmVyc2lvbiI6IjQuNS4wIiwibG9nTGV2ZWwiOiIyIiwiY2xpZW50SVBBZGRyZXNzIjoiODAuMTg3LjExNC4xMjYiLCJjb250ZXh0UGF0aCI6Ii9wb3J0YWwiLCJvcyI6IndpbjY0IiwiaW5zdGFsbGVyTGluayI6Imh0dHBzOi8vd3d3LnZtd2FyZS5jb20vZ28vdmlld2NsaWVudHMjd2luNjQifQ%3D%3D; ACCESSPOINTSESSIONID=69acfd6e-4cc9-402e-9549-8294d15fd8fc
08/04 14:58:41,110[nioEventLoopGroup-36-1]DEBUG session.SessionRequestHandler[channelRead: 71][69acfd6e-4cc9-402e-9549-8294d15fd8fc]: Using session 69acfd6e-4cc9-402e-9549-8294d15fd8fc
08/04 14:58:41,110[nioEventLoopGroup-36-1]DEBUG networkcore.HttpsRequestRouter[log: 47][69acfd6e-4cc9-402e-9549-8294d15fd8fc]: RequestRead: POST /broker/xml
08/04 14:58:41,110[nioEventLoopGroup-36-1]DEBUG networkcore.HttpsRequestRouter[logRequestHeaders: 73][69acfd6e-4cc9-402e-9549-8294d15fd8fc]: RequestRead: Headers->headerName:Host headerValue:138.28.253.60/headerName:Connection headerValue:keep-alive/headerName:Content-Length headerValue:362/headerName:Accept headerValue:*/*/headerName:Origin headerValue:https://138.28.253.60/headerName:X-Requested-With headerValue:XMLHttpRequest/headerName:User-Agent headerValue:Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/59.0.3071.115 Safari/537.36/headerName:Content-Type headerValue:application/x-www-form-urlencoded; charset=UTF-8/headerName:Referer headerValue:https://138.28.253.60/portal/webclient/index.html/headerName:Accept-Encoding headerValue:gzip, deflate, br/headerName:Accept-Language headerValue:de-DE,de;q=0.8,en-US;q=0.6,en;q=0.4/headerName:Cookie headerValue:CID=AgAAADMMInhofnUomtMQs4ZtAE8=; JSESSIONID=09308EBB6F80F869D65D8CEDFD2C935E; clientInfo=eyJhY2NlcHRMYW5ndWFnZSI6ImRlLURFLGRlO3E9MC44LGVuLVVTO3E9MC42LGVuO3E9MC40IiwiY2xpZW50VmVyc2lvbiI6IjQuNS4wIiwibG9nTGV2ZWwiOiIyIiwiY2xpZW50SVBBZGRyZXNzIjoiODAuMTg3LjExNC4xMjYiLCJjb250ZXh0UGF0aCI6Ii9wb3J0YWwiLCJvcyI6IndpbjY0IiwiaW5zdGFsbGVyTGluayI6Imh0dHBzOi8vd3d3LnZtd2FyZS5jb20vZ28vdmlld2NsaWVudHMjd2luNjQifQ%3D%3D; ACCESSPOINTSESSIONID=69acfd6e-4cc9-402e-9549-8294d15fd8fc/
08/04 14:58:41,110[nioEventLoopGroup-36-1]DEBUG networkcore.HttpsRequestRouter[initializeProxyChannel: 165][69acfd6e-4cc9-402e-9549-8294d15fd8fc]: Reusing proxy interceptor channel
08/04 14:58:41,111[nioEventLoopGroup-36-1]DEBUG networkcore.HttpsRequestRouter[write: 265][69acfd6e-4cc9-402e-9549-8294d15fd8fc]: Proxying request from /broker/xml to /broker/xml to host view.mydomain.de:443
08/04 14:58:41,111[nioEventLoopGroup-36-1]DEBUG session.SessionRequestHandler[channelRead: 71][69acfd6e-4cc9-402e-9549-8294d15fd8fc]: Using session 69acfd6e-4cc9-402e-9549-8294d15fd8fc
08/04 14:58:41,111[nioEventLoopGroup-36-1]DEBUG networkcore.HttpsRequestRouter[logByteBufHolder: 81][69acfd6e-4cc9-402e-9549-8294d15fd8fc]: RequestRead: 362 bytes
|<?xml version='1.0' encoding='UTF-8'?><broker version='11.0'><set-locale><locale>de</locale></set-locale><get-configuration><supported-featu|
|res><feature>lastUserActivity</feature><feature>reauthentication</feature><feature>nameResolution</feature><feature>redirection</feature><fe|
|ature>workspaceOneMode</feature></supported-features></get-configuration></broker>
************************************
The error message in englisch is: Error durring authentication. The maximum number of login attempts has been reached.
We cannot see any error on the radius or rsa server. We configured radius on the UAG the same way as we did on the old vmware security servers.