mvrk
Enthusiast
Enthusiast

vCenter Server Appliance 5.5 - Web Client - Windows session authentication

Hi,

I've configured AD authentication on my vCenter appliance.

I can login with user and password from AD on the web client manualy, but if i choose "Use Windows session authentication" i get this error:

The authentication server returned an unexpected error: ns0:RequestFailed: IDM threw unexpected error during authentication :: Native platform error [code: 9234][null][null]. The error may be caused by a malfunctioning identity source.

I can login to vSphere traditional client with windows session authentication without problems.

I've already tried the info on this KB: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=205823... but no luck Smiley Sad

Anyone knows how to fix this?

0 Kudos
6 Replies
JoDo23
Contributor
Contributor

I have the same issue ... I can use Windows Logon credentials in the vSphere Client, if I try that in the Webclient i get the same error. And the kb-article didnt help.

EDIT: And I cant login to vSphere Client and Webclient by manually typing my credentials?! It only works if I activate "use windows logon credentials).

0 Kudos
JoDo23
Contributor
Contributor

Ah found a solution ...

It seems that vCenter 5.5 SSO cant deal with german "umlaute" (DomÄnen Benutzer). Because of this, logon didnt worked for me ...

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=206087...

After I followed the kb article and appended the line of code, I now can login on both vSphere Client and vSphere Webclient by entering credentials manually or by using "use windows session credentials" Smiley Happy

0 Kudos
mvrk
Enthusiast
Enthusiast

I've tried that, but no luck for me.

This is what i get on the /var/log/vmware/vsphere-client/logs/vsphere_client_virgo.log :

[2013-10-24 16:32:47.198] [INFO ] http-bio-9443-exec-1    

70000102 100005 ###### com.vmware.vise.util.i18n.I18nFilter                          The preferred locale for session 100005 is set to: en_US
[2013-10-24 16:32:47.198] [INFO ] http-bio-9443-exec-1     70000102 100005 ###### com.vmware.vise.security.DefaultAuthenticationProvider        Authenticating user: sspi using authentication handler: com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler@549e1de4
[2013-10-24 16:32:47.199] [INFO ] http-bio-9443-exec-1     70000102 100005 ###### com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler   Logging in using SSPI. Token
[2013-10-24 16:32:47.199] [INFO ] http-bio-9443-exec-1     70000102 100005 ###### com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler   Creating gss client to initiate sspi token negotiation.
[2013-10-24 16:32:47.486] [WARN ] http-bio-9443-exec-1     70000102 100005 ###### com.vmware.vim.sso.client.impl.GssNegotiationClientImpl       No token has been acquired. The negotiation should continue
[2013-10-24 16:32:47.486] [INFO ] http-bio-9443-exec-1     70000102 100005 ###### com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler   SSO server returned a SSPI challenge. Challenge token: TlRMTVNTUAACAAAACAAIADgAAAA1AongNsrRiPf9wRUAAAAAAAAAAFYAVgBAAAAABQCTCAAAAA9B

AFoAQQBSAAIACABBAFoAQQBSAAEADgBWAEMARQBOAFQARQBSAAQADgBBAFoAQQBSAC4AUABUAAMA

HgB2AGMAZQBuAHQAZQByAC4AYQB6AGEAcgAuAHAAdAAAAAAA

[2013-10-24 16:32:47.561] [INFO ] http-bio-9443-exec-1     70000103 100005 ###### com.vmware.vise.util.i18n.I18nFilter                          The preferred locale for session 100005 is set to: en_US
[2013-10-24 16:32:47.562] [INFO ] http-bio-9443-exec-1     70000103 100005 ###### com.vmware.vise.security.DefaultAuthenticationProvider        Authenticating user: sspi using authentication handler: com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler@549e1de4
[2013-10-24 16:32:47.562] [INFO ] http-bio-9443-exec-1     70000103 100005 ###### com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler   Logging in using SSPI. Token
[2013-10-24 16:32:47.562] [INFO ] http-bio-9443-exec-1     70000103 100005 ###### com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler   Found gss client in session, will continue sspi token negotiation.
[2013-10-24 16:32:47.854] [ERROR] http-bio-9443-exec-1     70000103 100005 ###### com.vmware.vim.sso.client.impl.SoapBindingImpl                SOAP fault javax.xml.ws.soap.SOAPFaultException: IDM threw unexpected error during authentication :: Native platform error [code: 9234][null][null]

    at com.sun.xml.internal.ws.fault.SOAP11Fault.getProtocolException(Unknown Source)

    at com.sun.xml.internal.ws.fault.SOAPFaultBuilder.createException(Unknown Source)

    at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.doInvoke(Unknown Source)

    at com.sun.xml.internal.ws.client.dispatch.DispatchImpl.invoke(Unknown Source)

    at com.vmware.vim.sso.client.impl.SoapBindingImpl.sendMessage(SoapBindingImpl.java:131)

    at com.vmware.vim.sso.client.impl.SoapBindingImpl.sendMessage(SoapBindingImpl.java:82)

    at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.sendRequest(SecurityTokenServiceImpl.java:677)

    at com.vmware.vim.sso.client.impl.SecurityTokenServiceImpl$RequestResponseProcessor.executeRoundtrip(SecurityTokenServiceImpl.java:611)

    at com.vmware.vim.sso.client.impl.GssNegotiationClientImpl.negotiateToken(GssNegotiationClientImpl.java:102)

    at com.vmware.vise.vim.security.sso.impl.SsoUtilInternal.negotiateToken(SsoUtilInternal.java:602)

    at com.vmware.vise.vim.security.sso.impl.SsoServiceImpl.negotiateToken(SsoServiceImpl.java:266)

    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

    at java.lang.reflect.Method.invoke(Unknown Source)

    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319)

    at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:56)

    at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:60)

    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

    at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)

    at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)

    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

    at org.eclipse.gemini.blueprint.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:57)

    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

    at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)

    at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)

    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)

    at com.sun.proxy.$Proxy153.negotiateToken(Unknown Source)

    at com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler.acquireTokenBySSPI(SsoAuthenticationHandler.java:238)

    at com.vmware.vsphere.client.security.sso.SsoAuthenticationHandler.authenticate(SsoAuthenticationHandler.java:107)

    at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

    at sun.reflect.NativeMethodAccessorImpl.invoke(Unknown Source)

    at sun.reflect.DelegatingMethodAccessorImpl.invoke(Unknown Source)

    at java.lang.reflect.Method.invoke(Unknown Source)

    at org.springframework.aop.support.AopUtils.invokeJoinpointUsingReflection(AopUtils.java:319)

    at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.doInvoke(ServiceInvoker.java:56)

    at org.eclipse.gemini.blueprint.service.importer.support.internal.aop.ServiceInvoker.invoke(ServiceInvoker.java:60)

    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

    at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)

    at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)

    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

    at org.eclipse.gemini.blueprint.service.importer.support.LocalBundleContextAdvice.invoke(LocalBundleContextAdvice.java:57)

    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

    at org.springframework.aop.support.DelegatingIntroductionInterceptor.doProceed(DelegatingIntroductionInterceptor.java:131)

    at org.springframework.aop.support.DelegatingIntroductionInterceptor.invoke(DelegatingIntroductionInterceptor.java:119)

    at org.springframework.aop.framework.ReflectiveMethodInvocation.proceed(ReflectiveMethodInvocation.java:172)

    at org.springframework.aop.framework.JdkDynamicAopProxy.invoke(JdkDynamicAopProxy.java:202)

    at com.sun.proxy.$Proxy229.authenticate(Unknown Source)

    at com.vmware.vise.security.DefaultAuthenticationProvider.authenticate(DefaultAuthenticationProvider.java:176)

    at org.springframework.security.authentication.ProviderManager.authenticate(ProviderManager.java:156)

    at org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter.attemptAuthentication(UsernamePasswordAuthenticationFilter.java:94)

    at org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:194)

    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)

    at org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:105)

    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)

    at org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:87)

    at org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:323)

    at org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:173)

    at org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346)

    at org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:259)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

    at com.vmware.vise.security.FlexLoginFilter.doFilterInternal(FlexLoginFilter.java:47)

    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

    at com.vmware.vise.util.i18n.I18nFilter.doFilterInternal(I18nFilter.java:45)

    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

    at com.vmware.vise.security.SessionManagementFilter.doFilterInternal(SessionManagementFilter.java:57)

    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

    at com.vmware.vsphere.client.logging.MDCLogFilter.doFilterInternal(MDCLogFilter.java:41)

    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

    at org.springframework.web.filter.CharacterEncodingFilter.doFilterInternal(CharacterEncodingFilter.java:88)

    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

    at com.vmware.vise.util.jsp.JspFilter.doFilterInternal(JspFilter.java:34)

    at org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:76)

    at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:243)

    at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:210)

    at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:222)

    at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:123)

    at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:472)

    at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:168)

    at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:99)

    at org.eclipse.virgo.web.tomcat.support.ApplicationNameTrackingValve.invoke(ApplicationNameTrackingValve.java:33)

    at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:929)

    at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:118)

    at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:407)

    at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1002)

    at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:585)

    at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:312)

    at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)

    at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)

    at java.lang.Thread.run(Unknown Source)

[2013-10-24 16:32:47.855] [INFO ] http-bio-9443-exec-1     70000103 100005 ###### c.v.v.s.c.impl.SecurityTokenServiceImpl$RequestResponseProcessor  Failed trying to retrieve token: ns0:RequestFailed: IDM threw unexpected error during authentication :: Native platform error [code: 9234][null][null]
0 Kudos
Locky_
Contributor
Contributor

Hi,

I logged a support ticket about this a couple of weeks ago. The resolution was that this was a known feature, and was to be fixed in an update due in early Nov. Here's hoping.

0 Kudos
JBSL
Contributor
Contributor

Locky_ wrote, in Oct 2013 (one year ago):

I logged a support ticket about this a couple of weeks ago. The resolution was that this was a known feature, and was to be fixed in an update due in early Nov. Here's hoping.

Hmm, did they say WHICH November?  I have the exact same error one year later, "IDM threw unexpected error during authentication :: Native platform error [code: 9234][null][null]" when using login with Windows session creds in the Web Client only.  Manually typing creds for the same domain user account  works.  Session creds works in the C# client

vSphere 5.5 U2 has all critical and non-critical patches.  VCSA 5.5 U2b, same deal, all patched.

0 Kudos
PK3030
Contributor
Contributor

The authentication server returned an unexpected error: ns0:RequestFailed: IDM threw unexpected error during authentication :: Native platform error [code: 9234][null][null]. The error may be caused by a malfunctioning identity source.

I am experiencing this problem as well.  The problem must be with the Client Integration Plug-in itself as using the same credentials manually works.  But Uninstalling/reinstalling the plug-in does not help.  The plug-in was working fine for me until my last password change.

0 Kudos