vSphere Web Client (vCSA) stuck on authenticating

Related to vSphere 5.5 and vCenter Server Appliance.

Basically, when attempting to log into the web client I would get the following error message or the dreaded authenticating forever loading bar:
Could not connect to vsphere web client contact your administrator to fix this issue

Long story short, I did the following to fix my problem:

  1. Switched to embedded SSO and back to external SSO.
    1. Honestly, this step may or may not have been needed, but I did notice errors in my SSO server logs.  You might try step 2 first just to see.
  2. Under the admin tab select Yes for certificate regeneration and hit submit.

    1. Then switched back to no.
  3. Restarted Web Client Service.
Thankfully, I had another vCenter appliance attached to the same SSO server that was working fine.  So to troubleshoot, I looked at the virgo logs for the web client on the one that was working and that one that was not.  I noticed that my working vCenter Web Client would get a response back from the SSO server requesting a session.  The entries looked like this:

70008563 100113 200025 com.vmware.vise.security.DefaultAuthenticationProvider            Retrieving session listeners for sessionId 100113, clientId 200025 

session-init-pool-15127      70008563 100113 200025 com.vmware.vsphere.client.security.sso.SsoTokenLifetimeManager    Registering session : 100113

On the one that was not working, the second entry would never show up.  This told me there was something wrong w/ the communication between the SSO server and the VCSA having the issue.  That led me to unregister the VCSA from the external SSO server and use switch to the embedded one then back.  This didn't seem to fix the problem, so my next thought was to have the VCSA regenerate its certs.

Did that and after restarting the web client service, seemed to fix the issue described above.  I'm pointing that the cert regeneration was all that might have been needed, but unsure if unregistering and registering back played a role in fixing the issue as well.  Basically listing it just in case.


Popular posts from this blog

NSX-T: vCenter and NSX-T Inventory out of Sync (Hosts in vSphere not showing up in NSX-T)

MacOS: AnyConnect VPN client was unable to successfully verify the IP forwarding table modifications.

Azure VMware Solution: NSX-T Active/Active T0 Edges...but