Cromathaar
Contributor
Contributor

HTML 5 Console SDK not working in vSphere 6.5

Greetings guys!

I'm successfully using HTML 5 Console SDK with vSphere 5.5. However when I try to connect to vCenter 6.5 I keep getting errors. I'm aware of the following ways to connect - Showing Web Console of a VM via vSphere HTML Console SDK - Samples - VMware {code} I'm interested in either 1 or 3 (I don't want to connect to a VM directly using its IP). So I tried the following uris:

(Getting 500 error)  wss://vcenter_ip:9443/vsphere-client/webconsole/authd?vmId=vm-808&vmName=staging01&serverGuid=ef6a5492-165c-4d0a-813e-10f79a5cfdd0&host=vcenter_ip:443&sessionTicket=cst-VCT-52e79734-6f0d-69bb-10a2-eb92f9939beb--tp-D6-7A-CB-EC-ED-43-35-AD-0D-FB-B3-21-F9-F0-24-88-F6-FB-77-51

(Getting 500 error) wss://vcenter_ip:9443/vsphere-client/webconsole/authd?mksTicket=52c10d92-1867-4a0e-4c2e-d97df164a817&host=vcenter_ip&port=902&cfgFile=%2Fvmfs%2Fvolumes%2F56600453-39658cc7-9ec6-002219644073%2FNode1%2FNode1.vmx&sslThumbprint=9F:C5:E9:6C:97:ED:CE:0B:BD:86:9F:5F:E7:AB:1C:E2:CA:46:E2:C2

I've also noticed that if I go directly to https://vcenter_ip/vsphere-client/webconsole/authd it opens a page and prompts for several mandatory query string parameters like host, port, cfgFile, ticket and thumbprint. As far as I get, it's the same parameters that are required in MKS ticket approach, but for some reason mksTicket and sslThumbrint parameters are renamed to ticket and thumbprint. Anyways, if I rename them it still doesn't work returning 403 error.

Getting 403 (Forbidden) instead of 500 (Internal Server Error) is a better result, however I still don't see what I am missing here. Has something changed in 6.5 compared to 6.0? Do you guys have any ideas?

P.S. The user I'm connecting under has console interaction permission enabled.

0 Kudos
29 Replies
belesev
Enthusiast
Enthusiast

I have exactly the same question: 500 error for all URIs I tried.

E.g. I tried to use CloneSessionTicket authentication (here #3😞

wss://vmcloud.myhost.ru/vsphere-client/webconsole/authd?vmId=vm-544&vmName=win2012r2-x64-1&serverGuid=dac57f74-110b-4607-935e-f6b3df768e41&host=vmcloud.myhost.ru:443&sessionTicket=cst-VCT-52c74c27-2eae-a33d-5670-6635f6a09722--tp-9E-BE-3B-13-D4-55-B8-07-6B-30-2E-3A-82-B1-49-46-D9-5A-A5-24

It gave me 500 error.

I've read vcenter logs (\var\log\vmware\vsphere-client\logs\vsphere_client_virgo.log).

It stated

[2018-05-16T12:23:32.125+03:00] [ERROR] http-bio-9090-exec-68         o.a.c.c.C.[.[localhost].[/vsphere-client].[AuthdAdapter]          Servlet.service() for servlet [AuthdAdapter] in context with path [/vsphere-client] threw exception java.lang.RuntimeException: Required parameter 'port' is missing.

at com.vmware.vise.vim.commons.mks.tomcat.TomcatAuthdAdapterServlet.validateRequireParams(TomcatAuthdAdapterServlet.java:168)

at com.vmware.vise.vim.commons.mks.tomcat.TomcatAuthdAdapterServlet.doGet(TomcatAuthdAdapterServlet.java:90)

at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)

"OK",- I thought,- and added "&port=443".

Then I got

[2018-05-17T13:40:49.380+03:00] [ERROR] http-bio-9090-exec-57 o.a.c.c.C.[.[localhost].[/vsphere-client].[AuthdAdapter] Servlet.service() for servlet [AuthdAdapter] in context with path [/vsphere-client] threw exception java.lang.RuntimeException: Required parameter 'ticket' is missing.

  at com.vmware.vise.vim.commons.mks.tomcat.TomcatAuthdAdapterServlet.validateRequireParams(TomcatAuthdAdapterServlet.java:168) at com.vmware.vise.vim.commons.mks.tomcat.TomcatAuthdAdapterServlet.doGet(TomcatAuthdAdapterServlet.java:90)

I.e. it anyway treats my URI as mksTicket authentication.

VSphere version 6.5 too.

0 Kudos
Cromathaar
Contributor
Contributor

belesev​ Great to hear, that I'm not the only one Smiley Happy

Just wondering, do you also get 403 when trying MKS ticket approach? What does your log file state in that case? Maybe together we can brainstorm a solution.

0 Kudos
belesev
Enthusiast
Enthusiast

Cromathaar​, first of all I can't get this part "mksTicket=......."

I know only one way to get it - via https://vmcloud.myhost.ru/mob/?moid=vm-544&method=acquireTicket

But it won't return ticket: it returns

ticketstring(not shown)

As explained here, for security reason.

How did you manage to get this ticket?

0 Kudos
Cromathaar
Contributor
Contributor

Have you tried https://vmcloud.myhost.ru/mob/?moid=vm-544&method=acquireMksTicket? Notice that the method name differs.

0 Kudos
belesev
Enthusiast
Enthusiast

Yes, it's basically the same, besides the need to input "ticketType".

2018-05-22_1223.png

0 Kudos
Cromathaar
Contributor
Contributor

I'm using VmWare PowerCLI (VMware PowerCLI Documentation) formerly known as VI Toolkit on the backend to obtain the tickets. So, I call my own web service from JS code that uses VmWare.Vim SDK to call the vSphere API and then returns the ticket back to JS code. I believe that SDK part can be omitted and you can make the direct HTTP call to vSphere API from your backend. Looks like the ticket is not showed in the UI on the page (your screenshot), but it still should be returned with the response. Give it a try.

0 Kudos
belesev
Enthusiast
Enthusiast

Cromathaar​, I wish I succeeded with calling vSphere API directly for tickets...

Posted that here too: Re: Can't get the VM ticket

0 Kudos
Cromathaar
Contributor
Contributor

The guys prompted there: "Calling the APIs from code will return the correct values". I believe coding it isn't necessary. You can use PowerShell, curl or whatever tool to send the HTTP request directly and get HTTP response with all the values including the ticket.

0 Kudos
belesev
Enthusiast
Enthusiast

Cromathaar

I don't know what to call.

There's no adequate API guide.

I tried this at random: https://vcloud.myhost.ru/api/vApp/vm-544/screen/action/acquireTicket  but no luck: it's unavailable.

0 Kudos
Cromathaar
Contributor
Contributor

Here's an example for Powershell - https://www.virtuallyghetto.com/2016/07/how-to-automate-vsphere-mob-operations-using-powershell.html​. The correct url to call would be https://vmcloud.myhost.ru/mob/?moid=vm-544&method=acquireMksTicket I believe.

Or you can write some code using their SDK. Don't know what backend technology you're proficient with, but here's a code example in C#:

var vimClient = new VMware.Vim.VimClient();

vimClient.Connect("https://" + vcenter_host + "/sdk");
vimClient.Login(username, password);

var filter = new NameValueCollection();
filter.Add("Name", virtualMachineName);

var vm = vimClient.FindEntityView(typeof(VMware.Vim.VirtualMachine), null, filter, null) as VMware.Vim.VirtualMachine;

VMware.Vim.VirtualMachineMksTicket mksTicket = vm.AcquireMksTicket();

belesev
Enthusiast
Enthusiast

Cromathaar​, thank you very much.

I've installed PowerCLI and used your snippet, so succeeded with getting mksTicket.

If I "hack" and pass 'ticket' and 'thumbprint' (instead 'mksTicket' and 'sslThumbprint' correspondingly)

wss://vmcloud.myhost.ru:9443/vsphere-client/webconsole/authd?host=sdcvmcloud1-01.myhost.ru&port=902&cfgFile=%2Fvmfs%2Fvolumes%2F5a703105-310bea74-83de-0025b040a17d%2Fwin2012r2-x64-t1%2Fwin2012r2-x64-t1.vmx&thumbprint=6E:5C:D1:94:60:F3:43:BC:26:DF:62:BB:1F:8C:61:AA:00:AA:BB:CC&ticket=525895ea-b650-a7ce-84b3-911d8e0b23c1

, I still get 500 error, but a new one:

[2018-05-22T17:40:38.883+03:00] [ERROR] http-bio-9443-exec-8          o.a.c.c.C.[.[localhost].[/vsphere-client].[AuthdAdapter]          Servlet.service() for servlet [AuthdAdapter] in context with path [/vsphere-client] threw exception java.lang.IllegalArgumentException: [file://] is not a valid HTTP URL

        at com.vmware.vise.util.http.HttpUtil.fromHttpUrl(HttpUtil.java:315)

        at com.vmware.vise.util.http.HttpUtil.isSameOrigin(HttpUtil.java:165)

        at com.vmware.vise.vim.commons.mks.tomcat.TomcatAuthdAdapterServlet.doGet(TomcatAuthdAdapterServlet.java:91)

0 Kudos
Cromathaar
Contributor
Contributor

Will you try webMKS ticket by replacing following line of code

VMware.Vim.VirtualMachineMksTicket mksTicket = vm.AcquireMksTicket();

with

VMware.Vim.VirtualMachineTicket mksTicket = vm.AcquireTicket("webmks");

Just a guess.

0 Kudos
belesev
Enthusiast
Enthusiast

Connecting to VM directly via its IP address with webMKS ticket (way no. 2) gives me

Error in connection establishment: net::ERR_CONNECTION_REFUSED

And if you mean using webMKS ticket in mksTicket authentication (way no. 1), it's useless: it even doesn't start checking ticket itself.

Error "java.lang.IllegalArgumentException: [file://] is not a valid HTTP URL" occurs in validation before it.

0 Kudos
belesev
Enthusiast
Enthusiast

I debug and run store my html file on the local computer.

So when requesting to wss://vmcloud.myhost.ru:9443, it pass HTTP request with the following header:

Origin:  file://

That's probably why I got this error [file://] is not a valid HTTP URL

I guess I should publish this HTML file somewhere.

0 Kudos
belesev
Enthusiast
Enthusiast

Cromathaar

publishing my html file in IIS fixed problem "[file://] is not a valid HTTP URL".

Now I get 403 error too:    failed: Error during WebSocket handshake: Unexpected response code: 403

And nothing is shown in log files neither.

I suspect that 403 (Forbidden) is returned as HTML is hosted not on vCenter.

0 Kudos
Cromathaar
Contributor
Contributor

It's not supposed to actually. Do you have any log entries accompanying 403 error?

0 Kudos
hellWork
Enthusiast
Enthusiast

Do you get a ticket using powershell or C#?

I get it through the powershell, but I don't show it.

thank you very much!!

0 Kudos
belesev
Enthusiast
Enthusiast

hellWork

I'm getting ticket by using C# snippet  from Cromathaar  - here  Re: HTML 5 Console SDK not working in vSphere 6.5 . You need PowerCLI to be installed to get library VMWare.Vim.dll reference

0 Kudos
belesev
Enthusiast
Enthusiast

Cromathaar

I'll look for additional logs. Still don't have.

Here is a posted problem when websocket stopped working when deployed behind nginx. Isn't it your case?

0 Kudos