BugZero | VMware BugID 2120514 - "An error occurred while sending an authentication...

VMware - Defect ID: 2120514

"An error occurred while sending an authentication request to the vCenter Single Sign-On server", VMware vSphere Web Client fails on vCenter Server 6.0 connected to PSC HA

VMware - Defect ID: 2120514

"An error occurred while sending an authentication request to the vCenter Single Sign-On server", VMware vSphere Web Client fails on vCenter Server 6.0 connected to PSC HA

Last updated on 4/28/2020

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

No defect details.

Overall: 0N/A

Severity: 0N/A

Community: 0N/A

Lifecycle: 0N/A

What is the BugZero Risk Score?

Vendor details

No defect details.

Symptoms

When logging into the vSphere Web Client, you see this error: A server error occurred. [400] An error occurred while sending an authentication request to the vCenter Single Sign-On server - An error occurred when processing the metadata during vCenter Single Sign-On setup - Unable to initialize, java.io.IOException: extra data given to DerValue constructor. Check the vSphere Web Client server logs for details. In the vsphere_client_virgo.log file, you see entries similar to: [<YYYY-MM-DD>T<time>] [ERROR] http-bio-9090-exec-5o.a.c.c.C.[.[localhost].[/ds].[healthStatusRequestHandler] Servlet.service() for servlet [healthStatusRequestHandler] in context with path [/ds] threw exception [com.vmware.cis.data.service.exception.ServiceInitializationException: CIS DS service failed to retrieve the SSO trusted certificates. Please, check the log and see if the SsoService has initialized successfully and whether it crashed while fetching the certificates.] with root cause com.vmware.cis.data.service.exception.ServiceInitializationException: CIS DS service failed to retrieve the SSO trusted certificates. Please, check the log and see if the SsoService has initialized successfully and whether it crashed while fetching the certificates. at com.vmware.cis.data.service.session.StsCertManagerImpl.downloadStsCertificates(StsCertManagerImpl.java:79) at com.vmware.cis.data.service.session.StsCertManagerImpl.getStsCertificates(StsCertManagerImpl.java:46) at com.vmware.cis.services.common.sso.SsoOverRestVerifierUtil.verifySecurityHeader(SsoOverRestVerifierUtil.java:143) at com.vmware.cis.cm.common.endpoint.ServletHelper.getVerifiedInputStream(ServletHelper.java:267) at com.vmware.cis.cm.common.endpoint.ServletHelper.requestPrologue(ServletHelper.java:180) at com.vmware.cis.cm.common.endpoint.HealthStatusServlet.doGet(HealthStatusServlet.java:105) at javax.servlet.http.HttpServlet.service(HttpServlet.java:735) at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) at com.vmware.cis.data.service.health.DsHealthStatusRequestHandler.handleRequest(DsHealthStatusRequestHandler.java:58) at org.springframework.web.context.support.HttpRequestHandlerServlet.service(HttpRequestHandlerServlet.java:67) at javax.servlet.http.HttpServlet.service(HttpServlet.java:848) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241) at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208) at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220) at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122) at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501) at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170) at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98) at org.eclipse.virgo.web.tomcat.support.ApplicationNameTrackingValve.invoke(ApplicationNameTrackingValve.java:33) at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950) at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116) at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408) at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040) at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607) at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313) at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) at java.lang.Thread.run(Thread.java:745) [<YYYY-MM-DD>T<time>] [ERROR] ing.timer.TimerFactoryBean#0 com.vmware.vise.vim.security.sso.impl.NgcSolutionUser Login as solution user failed. java.security.cert.CertificateException: Unable to initialize, java.io.IOException: extra data given to DerValue constructor at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:199) at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:97) at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339) at com.vmware.vise.util.security.CertificateUtil.generateCertificate(CertificateUtil.java:80) at com.vmware.vise.vim.security.sso.impl.SsoCmLocatorImpl.getSsoServerInfoFromCM(SsoCmLocatorImpl.java:74) at com.vmware.vise.vim.security.sso.impl.SsoCmLocatorImpl.getSsoServerInfo(SsoCmLocatorImpl.java:54) at com.vmware.vise.vim.security.sso.impl.NgcSolutionUser.login(NgcSolutionUser.java:133) at com.vmware.vise.vim.security.sso.impl.NgcSolutionUser.getLoggedInToken(NgcSolutionUser.java:87) at com.vmware.vise.vim.cm.impl.DefaultLoginCallback.login(DefaultLoginCallback.java:30) at com.vmware.vise.vim.cm.impl.ComponentManagerServiceImpl$1.call(ComponentManagerServiceImpl.java:246) at com.vmware.vise.vim.cm.impl.ComponentManagerServiceImpl$1.call(ComponentManagerServiceImpl.java:243) at java.util.concurrent.FutureTask.run(FutureTask.java:262) at com.vmware.vise.vim.cm.impl.ComponentManagerServiceImpl.getCMInfo(ComponentManagerServiceImpl.java:227) at com.vmware.vise.vim.cm.impl.ComponentManagerServiceImpl.getServiceManager(ComponentManagerServiceImpl.java:194) at com.vmware.vise.vim.cm.impl.ComponentManagerServiceImpl.search(ComponentManagerServiceImpl.java:144) at com.vmware.vise.vim.cm.healthstatus.InventoryServiceHealth.getServiceInfo(InventoryServiceHealth.java:133) at com.vmware.vise.vim.cm.healthstatus.InventoryServiceHealth.getISHealthEndPoint(InventoryServiceHealth.java:199) at com.vmware.vise.vim.cm.healthstatus.InventoryServiceHealth.getInventoryServiceHealthStatus(InventoryServiceHealth.java:79) at com.vmware.vise.vim.cm.healthstatus.InventoryServiceHealth.getStatus(InventoryServiceHealth.java:63) at com.vmware.vise.vim.cm.healthstatus.CompositeClientHealthService.getStatus(CompositeClientHealthService.java:46) at com.vmware.vise.vim.cm.healthstatus.HealthStatusUpdater.update(HealthStatusUpdater.java:24) at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) at java.lang.reflect.Method.invoke(Method.java:606) at org.springframework.util.MethodInvoker.invoke(MethodInvoker.java:273) at org.springframework.scheduling.support.MethodInvokingRunnable.run(MethodInvokingRunnable.java:65) at org.springframework.scheduling.timer.DelegatingTimerTask.run(DelegatingTimerTask.java:70) at java.util.TimerThread.mainLoop(Timer.java:555) at java.util.TimerThread.run(Timer.java:505) Caused by: java.io.IOException: extra data given to DerValue constructor at sun.security.util.DerValue.init(DerValue.java:384) at sun.security.util.DerValue.<init>(DerValue.java:294) at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:196) ... 29 common frames omitted </time></time> Note: These log excerpts are an example. Date, time, and environmental variables may vary depending on your environment. The vsphere_client_virgo.log file is located at: Windows installation: C:\ProgramData\VMware\vCenterServer\logs\vsphere-client\logs\vsphere_client_virgo.log Appliance installation: /var/log/vmware/vsphere-client/logs/vsphere_client_virgo.log Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.For vSphere 7.0, see: [400] An error occurred while sending an authentication request" while logging in to vSphere Client using the vCenter Server shortname

Cause

This issue can happen if SSL trust anchors for cs.identity service type in Lookupservice is configured with full certificate chain instead of leaf certificate.

Resolution

This issue is resolved in vCenter Server and vCenter Server Appliance 6.0 Update 1, available at VMware Downloads. For more information, see the VMware vCenter Server 6.0 Update 1 Release Notes.

Related Information

"An error occurred while sending an authentication request to the PSC Single Sign-On server - null" while connecting to PSC Client after upgrading vCenter Server to 6.5Configuring PSC 6.0 High Availability after upgrading from SSO 5.5 High Availability (2110879) Configuring Windows PSC 6.0 High Availability for vSphere 6.0 (2113085) Configuring PSC 6.0 High Availability for vSphere 6.0 using vCenter Server 6.0 Appliance (2113315)

Original Vendor Announcement

No bugs this month

Ready to prevent the next vendor outage?

Get a demo

OPERATIONAL DEFECT DATABASE

VMware - Defect ID: 2120514

"An error occurred while sending an authentication request to the vCenter Single Sign-On server", VMware vSphere Web Client fails on vCenter Server 6.0 connected to PSC HA

VMware - Defect ID: 2120514

"An error occurred while sending an authentication request to the vCenter Single Sign-On server", VMware vSphere Web Client fails on vCenter Server 6.0 connected to PSC HA

Last updated on 4/28/2020

Vendor details

Vendor details

Description

Symptoms

Cause

Resolution

Related Information

Links

Top VMware defects by risk score

Ready to prevent the next vendor outage?