Friday, February 24, 2017

Fix that Damn Enhanced Authentication Plugin in Any Browser!

Enhanced Authentication Plugin Driving you Nuts?

Update May 2017:  To use with Chrome & Firefox, add a step.

Navigate to https://vmware-plugin:8094 and Advanced and then Proceed.

Note: For this who are interested, the reason your machine is able to resolve https://vmware-plugin is because during the installation of the plugin your hosts file is manipulated to point vmware-plugin to

Once you’ve done this, you’ll be able to check the Use Windows session authentication box and carry on as you had previously.

------------ End of May update

Well I have the answer for you here. 🙂

Now that you've finished installing or upgrading to vSphere 6.5, no matter what browser you use, IE, Firefox, Chrome, Edge, the damn checkbox for the Enhanced Authentication Plugin won't show up and the link to download it is still there.

The simple answer is that you need to TRUST the root CA certificates from YOUR vCenter server.

Uninstall the plugins from your workstation.  Some people claim to uninstall all old ones from previous versions, including the old Client Integration plugins, etc..  I'm not convinced that's necessary.  I just uninstalled the pair of programs related to the Enhanced Authentication plugin:

  • Open up your browser and point it to your vCenter server https://<VC or VCFQDN>/ 
  • Click on "Download trusted root CA certificates".  They are actually downloaded from YOUR VMCA (VMware Certificate Authority).
  • Download and Extract the ZIP file.
  • The certificates in the .\certs folder need to be installed as "Trusted Root Authorities".
  • If you extracted the file to the download folder, you will have a directory structure for Windows workstations like ".\download\certs\win".
In that folder you will see a series of files like these:

  • For each file that ends in .crt, Right click on it and Choose Install Certificate
  • Click Open if you receive a Security Warning
  • Choose "Local Machine" as the "Store Location"
  • Select "Place all certificates in the following store", Click Browse
  • Click "Trusted Root Certificate Authorities", Click OK, Click Next
  • Click Finish, Click OK on the "Import was Successful" popup
  • Repeat for each .crt file.
  • Reopen your browser pointing to the https://VC/vsphere-client, Download and install the "Enhanced Authentication Plugin"
  • Restart your workstation.
The plugin should now work in your browser of choice...

Happy Administering!

No comments:

Post a Comment

Thanks for your comment!