vSphere Web Client logbrowser: Unauthorized access

vSphere 5.1 is just released and I’m already implementing it in a test environment for a customer of mine. As of vSphere 5.1 the vSphere Web Client is must improved.

While playing around I wanted to test the logbrowser. The logbrowser you can view, search, and export one or more vCenter Server and ESXi log files at a time using the log browser. You can also export, manage, and view different log types.

Right after I clicked the logbrowser option I got the error:

 

 

 

 

 

 

 

The release note off vSphere 5.1 say’s the following:
When you click Log Browser in the vSphere Web Client, an Unauthorized Access error appears
When you click the Log Browser link in the vSphere Web Client, an error message appears: Exception: https://<system-address>:12443/vmwb/logbrowser: Unauthorized access. This error occurs after you replace the default vCenter Single Sign On server’s SSL certificate, either directly or by regenerating the certificate in the vCenter Server Appliance.

I didn’t replace or recreate the certificate files but the error is the same. VMware has the following work around.

  1. Log in to the vSphere Web Client as a Single Sign On administrator.
  2. Navigate to Administration > Sign-on and Discovery > Configuration, and click the STS Certificate tab.
  3. Click Edit.
  4. Select the Single Sign On SSL keystore.
    • If Single Sign On is running on a Windows system, select the following file:
      C:Program FilesVMwareInfrastructureSSOServersecurityserver-identity.jks (default path)
    • If Single Sign On is running on Linux (vCenter Server Appliance), select the following file:
      /usr/lib/vmware-sso/security/server.jks (default path)
  5. Open the Single Sign On server.xml file with a text editor or browser.
    • On Windows:
      C:Program FilesVMwareInfrastructureSSOServerconfserver.xml (default path)
    • On Linux:
      /usr/lib/vmware-sso/conf/server.xml (default path)
  6. Search for keystorePass="..." on the Connector element. The string in quotes is your password.
  7. Enter the password in the vSphere Web Client when prompted.
  8. Select only the displayed chain.
  9. Click OK and enter the password again.
  10. Restart the following services: the vSphere Web Client, vCenter Server, vCenter Inventory Service, and the VMware Log Browser. You do not need to restart Single Sign On.

After reading the procedure multiple times I didn’t understand step 4 and 5. When I click Edit as in step 3 I didn’t see any keystore. And when I clicked on the Browse button. I browsed my own desktop. And of course the file server-identity.jks from step 4 isn’t on my desktop.

I copied the file from the vCenter appliance to my desktop with secure copy and used it like described in step 4. The rest of the procedure is correct and you can browse the logfiles.

About Michael
Michael Wilmsen is a experienced VMware Architect with more than 20 years in the IT industry. Main focus is VMware vSphere, Horizon View and Hyper Converged with a deep interest into performance and architecture. Michael is VCDX 210 certified, has been rewarded with the vExpert title from 2011, Nutanix Tech Champion and a Nutanix Platform Professional.

RSS feed for comments on this post.

Leave a Reply

You must be logged in to post a comment.