Sometime in the last week and a half my Chrome browser updated to 57.0.2987.110. Since then the option to login to the web GUI for vCenter server with Windows Session Credentials is grayed out.
I attempted to uninstall and reinstall the Client Integration Plugin with no luck.
When I go to help > about in the web GUI it shows the version of the plugin as 6.0.0 Build 4275819, which is correct with our current version of vSphere.
Is anyone else seeing this issue or have an idea of how to resolve it? I realize it's a minor annoyance, but it's a nice convenience to have.
Thanks,
Chris
I am having the exact same problem. I have 2 environments and one was on version 56 and one on 57. The version 56 environment allowed the client integration plugin to work as expected but the version 57 environment the plugin doesn't seem to work at all.
It's also more than just an annoyance because it doesn't allow downloading of files from the datastores through the webclient. I would also guess that it won't allow OVA deployments as that relies on the client integration plugin.
We are having the same issue with vCenter 6.5.0 and the Enhanced Authentication Plugin
Chrome 57 removes end-user control over plugins, and drops support for third party plugins completely.
Unfortunately as far as Google is concerned this would seem to be permanently broken as mentioned by JeremyLCrabtree. Digging around deeper I found a workaround on another forum; it's not great; it's not permanent; and it may raise more issues then it solves; but it can be found here: https://www.reddit.com/r/vmware/comments/5zmnia/client_integration_plugin_60_flash_25_chrome_57/
To get a permanent fix (which may not even be possible anymore) VMware will need to redesign how the Client Integration Plugin works... again... I remember when VMware decided to force the vCenter Web Client down our collective throats it was explained as being because "it takes too many resources to develop a thick client and web client, so we'd rather focus on the 'universal client' (ie web) because it's OS agnostic" I wonder if they realized they would have to develop said Web Client to support all the different browser's quirks (or maybe not as it were). Still standing by that questionable decision?
The true HTML client can't come soon enough, this current version is just horrible, slow, unreliable, buggy.
I raised a case about this. Apparently VMware are working on a fix and will be released shortly.
Excellent! Please keep us updated. I've found this to be increasingly frustrating as, apparently, I can't upload files into our datastores without the plugin.
I used Firefox for now. it works.
Vmware Internally identified the issue and working on a it.Fix for this issue will be included in upcoming update releases.
2 months on, any progress on this?
We're onto Chrome 58 now, with the exact same issue.
I have a similar issue and have found a work around that works for me and my environment. I have found that the certificate that is self-generated with the EAP plug-in is getting rejected by Chrome, you can see this if you hit F12 and look at the "Console" and "Security" tabs.
The simple work around is to manually navigate to https://vmware-plugin:8094 (your hosts file is edited as part of the installation) and select "Advanced" and "Proceed to https://vmware-plugin:8094".
This will work as long as the exception is remembered by Chrome. A better solution would be to regenerate the certificate with the appropriate missing information, but VMware is just telling everyone to wait for the next vCenter release.
Hi everyone
Thanks for this, I've reproduced the steps that tim_841mentioned and managed to get the certificate to issue correctly.
I've created my own version of the MSI with the csd-openssl.cfg file modified to include the SAN section.
I've uploaded the modified MSI to save time to those who want a quick fix and the csd-openssl.cfg file for those who don't trust my MSI
Hashes:
SHA256: 723235A3AAB67874682420E3C76C9D9DCFD859DEE7F4210DFE13875D41351B7
SHA1: 5412CAC08E27B43266652F9EBCE0D1CDB0C08E87
I can also create a transform file if needed.
Please test it out and let me know if you have any issues
Regards
Matt
"vmware-plugin" is, apparently, not in my hosts file. (or the hosts file on any of the other machines on which I have it installed)
It's not so much that we don't trust you, it's more that VMware (support) gives the run around when trying to get these things resolved. They could easily make an official patch file (or script) that modifies the CFG, runs OpenSSL, and reapplies ICACLS. Boom! DONE! The response I get is that it will be resolved with vCenter update in June/July (which has already been affecting us for about one-two months now).
It's great that VMware has such a knowledgeable and talented community, but it's sad when I get better solutions than the support that I am paying a pretty penny for.
Hey Jeremy,
From what I've witnessed, there is a script on the vCenter login page that will try to make a call to 'wss://vmware-plugin:8094/?src=client&sessionId=<insertSessionIDhere>&appName=ui&version=2016'
Hit F12 and look at the "Network" tab, do you see a bunch of pending connections to that address?
The additions made by the program (EAP 6.5) were:
::1 vmware-plugin
127.0.0.1 vmware-plugin
Have you tried adding them manually?
I can't guarantee that the same changes will work in the 6.0 branch, but I think that they use 'wss://vmware-localhost:8093/' instead.
It looks like there's nobody listening on that port on my machine. The vmware-localhost entries are already in the hosts file, though. For now I can, through a convoluted work around, use IE11 to access the few features that absolutely require the plugin.
Running into the same thing, Chrome 58, IE 11, Edge on Win10, multiple machines, desktops, laptops, VMs, etc. I don't have a way to properly deploy an OVA.
I opened up SR 17459548405 but per typical VMware support these past few years I'm struggling to even get a reply, much less something useful.
We are having the same issue. We have tried every browser, Chrome, Firefox, IE, Edge, Opera on multiple machines, win10, win7, mac. They all have the same issue. Have we heard anything from Vmware on this yet?
VMware technical support has been, shall we say, less than stellar. I wrote in the case that this is happening on multiple machines, 6.0, 6.5, flash web client, HTML5 client, Chrome, IE, Edge... the first thing the rep asked me is if I tried Firefox. Then he asked for vCenter logs, which is a standard stall tactic for support. In the latest reply I received he told me that it's a known issue in Chrome but it "should work" in IE and asked me to downgrade the version of IE on my Windows 10 machine.
I wrote up a detailed post in the HTML5 fling community/feedback page 3 days ago and have yet to receive a response. I just replied to the engineer who owns my support case asking him to escalate it to another engineer. I'm expecting a response on or around the 4th of never.
There's actually a couple issues in the present version of Chrome that could keep the CIP/EAP from working. Building off what tim_841 and mateuszd have contributed, I was able to put together a set of instructions to work around these issues:
req_extentions = v3_reqAdd the following section and entry at the end of the file:
[ v3_req ]EAPsubjectAltName = DNS:vmware-localhost
subjectAltName = @alt_namesAdd the following section and entry at the end of the file:
[ alt_names ]
DNS.1 = vmware-plugin
"C:\Program Files (x86)\VMware\Client Integration Plug-in 6.0\openssl.exe" req -new -config C:\ProgramData\VMware\CIP\csd\ssl\csd-openssl.cfg -key C:\ProgramData\VMware\CIP\csd\ssl\key.pem -out C:\ProgramData\VMware\CIP\csd\ssl\server.csrEAP
"C:\Program Files (x86)\VMware\Plug-in Service\openssl.exe" req -new -config C:\ProgramData\VMware\CIP\csd\ssl\csd-openssl.cfg -key C:\ProgramData\VMware\CIP\csd\ssl\key.pem -out C:\ProgramData\VMware\CIP\csd\ssl\server.csr
"C:\Program Files (x86)\VMware\Client Integration Plug-in 6.0\openssl.exe" x509 -req -days 3650 -in C:\ProgramData\VMware\CIP\csd\ssl\server.csr -signkey C:\ProgramData\VMware\CIP\csd\ssl\key.pem -out C:\ProgramData\VMware\CIP\csd\ssl\cert.pem -extfile C:\ProgramData\VMware\CIP\csd\ssl\csd-openssl.cfg -extensions v3_reqEAP
"C:\Program Files (x86)\VMware\Plug-in Service\openssl.exe" x509 -req -days 3650 -in C:\ProgramData\VMware\CIP\csd\ssl\server.csr -signkey C:\ProgramData\VMware\CIP\csd\ssl\key.pem -out C:\ProgramData\VMware\CIP\csd\ssl\cert.pem -extfile C:\ProgramData\VMware\CIP\csd\ssl\csd-openssl.cfg -extensions req_x509_extensions
copy /b C:\ProgramData\VMware\CIP\csd\ssl\cert.pem+C:\ProgramData\VMware\CIP\csd\ssl\key.pem C:\ProgramData\VMware\CIP\csd\ssl\server.pem
"C:\Program Files (x86)\VMware\Client Integration Plug-in 6.0\openssl.exe" x509 -outform der -in C:\ProgramData\VMware\CIP\csd\ssl\cert.pem -out C:\ProgramData\VMware\CIP\csd\ssl\cert.derEAP
"C:\Program Files (x86)\VMware\Plug-in Service\openssl.exe" x509 -outform der -in C:\ProgramData\VMware\CIP\csd\ssl\cert.pem -out C:\ProgramData\VMware\CIP\csd\ssl\cert.der
C:\Windows\System32\icacls.exe C:\ProgramData\VMware\CIP\csd\ssl\cert.der /inheritance:r /grant:r *S-1-5-11:R /grant:r *S-1-5-32-544:F /grant:r "SYSTEM":F C:\Windows\System32\icacls.exe C:\ProgramData\VMware\CIP\csd\ssl\cert.pem /inheritance:r /grant:r *S-1-5-11:R /grant:r *S-1-5-32-544:F /grant:r "SYSTEM":F C:\Windows\System32\icacls.exe C:\ProgramData\VMware\CIP\csd\ssl\server.pem /inheritance:r /grant:r *S-1-5-11:R /grant:r *S-1-5-32-544:F /grant:r "SYSTEM":FEAP
C:\Windows\System32\icacls.exe C:\ProgramData\VMware\CIP\csd\ssl\cert.der /inheritance:r /grant:r "LOCAL SERVICE":R /grant:r "SERVICE":R /grant:r "SYSTEM":F /grant:r *S-1-5-32-544:F C:\Windows\System32\icacls.exe C:\ProgramData\VMware\CIP\csd\ssl\cert.pem /inheritance:r /grant:r "LOCAL SERVICE":R /grant:r "SERVICE":R /grant:r *S-1-5-11:R /grant:r "SYSTEM":F /grant:r *S-1-5-32-544:F C:\Windows\System32\icacls.exe C:\ProgramData\VMware\CIP\csd\ssl\server.pem /inheritance:r /grant:r "LOCAL SERVICE":R /grant:r "SERVICE":R /grant:r "SYSTEM":F /grant:r *S-1-5-32-544:F
Some notes: