Hi,
I've configured AD authentication on my vCenter appliance.
I can login with user and password from AD on the web client manualy, but if i choose "Use Windows session authentication" i get this error:
The authentication server returned an unexpected error: ns0:RequestFailed: IDM threw unexpected error during authentication :: Native platform error [code: 9234][null][null]. The error may be caused by a malfunctioning identity source.
I can login to vSphere traditional client with windows session authentication without problems.
I've already tried the info on this KB: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=205823... but no luck
Anyone knows how to fix this?
I have the same issue ... I can use Windows Logon credentials in the vSphere Client, if I try that in the Webclient i get the same error. And the kb-article didnt help.
EDIT: And I cant login to vSphere Client and Webclient by manually typing my credentials?! It only works if I activate "use windows logon credentials).
Ah found a solution ...
It seems that vCenter 5.5 SSO cant deal with german "umlaute" (DomÄnen Benutzer). Because of this, logon didnt worked for me ...
After I followed the kb article and appended the line of code, I now can login on both vSphere Client and vSphere Webclient by entering credentials manually or by using "use windows session credentials"
I've tried that, but no luck for me.
This is what i get on the /var/log/vmware/vsphere-client/logs/vsphere_client_virgo.log :
[2013-10-24 16:32:47.198] [INFO ] http-bio-9443-exec-1 | 70000102 100005 ###### com.vmware.vise.util.i18n.I18nFilter | The preferred locale for session 100005 is set to: en_US |
[2013-10-24 16:32:47.198] [INFO ] http-bio-9443-exec-1 | 70000102 100005 ###### com.vmware.vise.security.DefaultAuthenticationProvider | Authenticating user: sspi using authentication handler: com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler@549e1de4 |
[2013-10-24 16:32:47.199] [INFO ] http-bio-9443-exec-1 | 70000102 100005 ###### com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler Logging in using SSPI. Token | |
[2013-10-24 16:32:47.199] [INFO ] http-bio-9443-exec-1 | 70000102 100005 ###### com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler Creating gss client to initiate sspi token negotiation. | |
[2013-10-24 16:32:47.486] [WARN ] http-bio-9443-exec-1 | 70000102 100005 ###### com.vmware.vim.sso.client.impl.GssNegotiationClientImpl | No token has been acquired. The negotiation should continue |
[2013-10-24 16:32:47.486] [INFO ] http-bio-9443-exec-1 | 70000102 100005 ###### com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler SSO server returned a SSPI challenge. Challenge token: TlRMTVNTUAACAAAACAAIADgAAAA1AongNsrRiPf9wRUAAAAAAAAAAFYAVgBAAAAABQCTCAAAAA9B |
AFoAQQBSAAIACABBAFoAQQBSAAEADgBWAEMARQBOAFQARQBSAAQADgBBAFoAQQBSAC4AUABUAAMA
HgB2AGMAZQBuAHQAZQByAC4AYQB6AGEAcgAuAHAAdAAAAAAA
[2013-10-24 16:32:47.561] [INFO ] http-bio-9443-exec-1 | 70000103 100005 ###### com.vmware.vise.util.i18n.I18nFilter | The preferred locale for session 100005 is set to: en_US |
[2013-10-24 16:32:47.562] [INFO ] http-bio-9443-exec-1 | 70000103 100005 ###### com.vmware.vise.security.DefaultAuthenticationProvider | Authenticating user: sspi using authentication handler: com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler@549e1de4 |
[2013-10-24 16:32:47.562] [INFO ] http-bio-9443-exec-1 | 70000103 100005 ###### com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler Logging in using SSPI. Token | |
[2013-10-24 16:32:47.562] [INFO ] http-bio-9443-exec-1 | 70000103 100005 ###### com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler Found gss client in session, will continue sspi token negotiation. | |
[2013-10-24 16:32:47.854] [ERROR] http-bio-9443-exec-1 | 70000103 100005 ###### com.vmware.vim.sso.client.impl.SoapBindingImpl | SOAP fault javax.xml.ws.soap.SOAPFaultException: IDM threw unexpected error during authentication :: Native platform error [code: 9234][null][null] |
at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(Unknown Source)
at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(Unknown Source)
at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.doInvoke(Unknown Source)
at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.invoke(Unknown Source)
at com.vmware.vim.sso.client.impl.SoapBindingImpl.sendMessage(SoapBindingImpl.java:131)
at com.vmware.vim.sso.client.impl.SoapBindingImpl.sendMessage(SoapBindingImpl.java:82)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.sendRequest(SecurityTokenServiceImpl.java:677)
at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.executeRoundtrip(SecurityTokenServiceImpl.java:611)
at com.vmware.vim.sso.client.impl.GssNegotiationClientImpl.negotiateToken(GssNegotiationClientImpl.java:102)
at com.vmware.vise.vim.security.sso.impl.SsoUtilInternal.negotiateToken(SsoUtilInternal.java:602)
at com.vmware.vise.vim.security.sso.impl.SsoServiceImpl.negotiateToken(SsoServiceImpl.java:266)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319)
at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:56)
at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:60)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.eclipse.gemini.blueprint.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:57)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at com.sun.proxy.$Proxy153.negotiateToken(Unknown Source)
at com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler.acquireTokenBySSPI(SsoAuthenticationHandler.java:238)
at com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler.authenticate(SsoAuthenticationHandler.java:107)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)
at java.lang.reflect.Method.invoke(Unknown Source)
at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319)
at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:56)
at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:60)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.eclipse.gemini.blueprint.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:57)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)
at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)
at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)
at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)
at com.sun.proxy.$Proxy229.authenticate(Unknown Source)
at com.vmware.vise.security.DefaultAuthenticationProvider.authenticate(DefaultAuthenticationProvider.java:176)
at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)
at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)
at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)
at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)
at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)
at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)
at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.vmware.vise.security.FlexLoginFilter.doFilterInternal(FlexLoginFilter.java:47)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.vmware.vise.util.i18n.I18nFilter.doFilterInternal(I18nFilter.java:45)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.vmware.vise.security.SessionManagementFilter.doFilterInternal(SessionManagementFilter.java:57)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.vmware.vsphere.client.logging.MDCLogFilter.doFilterInternal(MDCLogFilter.java:41)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at com.vmware.vise.util.jsp.JspFilter.doFilterInternal(JspFilter.java:34)
at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)
at org.eclipse.virgo.web.tomcat.support.ApplicationNameTrackingValve.invoke(ApplicationNameTrackingValve.java:33)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)
at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
at java.lang.Thread.run(Unknown Source)
[2013-10-24 16:32:47.855] [INFO ] http-bio-9443-exec-1 | 70000103 100005 ###### c.v.v.s.c.impl.SecurityTokenServiceImpl$RequestResponseProcessor Failed trying to retrieve token: ns0:RequestFailed: IDM threw unexpected error during authentication :: Native platform error [code: 9234][null][null] |
Hi,
I logged a support ticket about this a couple of weeks ago. The resolution was that this was a known feature, and was to be fixed in an update due in early Nov. Here's hoping.
Locky_ wrote, in Oct 2013 (one year ago):
I logged a support ticket about this a couple of weeks ago. The resolution was that this was a known feature, and was to be fixed in an update due in early Nov. Here's hoping.
Hmm, did they say WHICH November? I have the exact same error one year later, "IDM threw unexpected error during authentication :: Native platform error [code: 9234][null][null]" when using login with Windows session creds in the Web Client only. Manually typing creds for the same domain user account works. Session creds works in the C# client
vSphere 5.5 U2 has all critical and non-critical patches. VCSA 5.5 U2b, same deal, all patched.
I am experiencing this problem as well. The problem must be with the Client Integration Plug-in itself as using the same credentials manually works. But Uninstalling/reinstalling the plug-in does not help. The plug-in was working fine for me until my last password change.