5 Replies Latest reply on Jan 31, 2018 5:38 AM by travisgallegos

    Issues when using Windows Session Authentication

    travisgallegos Novice

      I recently upgraded my machine from Windows 8.1 to Windows 10 and now I am unable to use Windows Session Authentication when logging into vCenter.  I have downloaded the Enhanced Authentication Plugin and installed it.  I'm not sure if there is a policy that is affecting my browsers ability to load my credentials into the webpage or what else it could be. 

       

      The Issue:

      When I click the radio button for Windows Session Credentials, the webpage fills in my username (domain\username) and grays out the fields.  When I click Login,  I get an immediate  "Access Denied".  I know I have access because I have no issues on Windows 7 and 8.  Please Help!

        • 1. Re: Issues when using Windows Session Authentication
          AishR Hot Shot
          Knowledge ChampionVMware Employees

          Does this happen when you use a different browser?

          Do you see VMware CIP Message Proxy Service in the list of services, if yes, change startup type to Automatic (delayed start).

          • 2. Re: Issues when using Windows Session Authentication
            travisgallegos Novice

            I have used IE, Edge, Chrome, and Firefox.  I get the same error, "Invalid Credentials" on all except for Firefox.  Firefox doesn't see the Enhanced Authentication Plugin.

            I went ahead and set VMware CIP Message Proxy Service to run Automatic (delayed start).  It was set to Automatic previously.  I will perform a restart and see if it fixes my issue.

            • 3. Re: Issues when using Windows Session Authentication
              travisgallegos Novice

              Nothing has changed.  I still get "Invalid Credentials" at login. 

              • 4. Re: Issues when using Windows Session Authentication
                Kiristo Novice

                Travis,

                 

                I had the exact same issue.  Working with USAF SDC images, which is a standard desktop configuration built on a OS.  Usually with a lot more security settings enabled/configured.  In this case, I could get to vCenter via the Windows 7 SDC I was using, but not the Windows 10 one.  I opened my security policies and compared every single item and found the culprit!  In your security policy settings (local or GPO) go to Computer Configuration> Windows Settings>Security Settings>Local Policies>Security Options.  Look for "Network Security: Configure encryption types allowed for Kerberos", and edit it.  My Windows 10 machine had RC4_HMAC_MD5 unchecked.  Checking/enabling this resolved my issue.

                 

                This setting (and the "System cryptography: Use FIPS compliant algorithms for encryption, hashing, and signing") are set because the AF network is going to fully FIPS compliant encryption.  There might be a way to change what VMware accepts on the otherside so limiting your network to FIPS compliant algorithms still lets you use SSO for VMware, but for me, I'm on a development network, so I just pushed out the above fix via GPO for the time being.  I disabled the System Cryptography policy as well as it was preventing some other software from working, but for VMware SSO, you probably only need the Kerberos encryption one.

                 

                Hope this helps.

                • 5. Re: Issues when using Windows Session Authentication
                  travisgallegos Novice

                  Kiristo,

                   

                  Thank you for the assistance.  Unfortunately that setting is grayed out and I am unable to change it.  Couldn't even find it in the registry to even test if this fix action works.  Over the last month, my Windows 10 machine is not asking for credentials at least.  It looks like it wants to authenticate, but it still comes up with invalid credentials.