"An error occurred while sending an authentication request to the vCenter Single Sign-On server", VMware vSphere Web Client fails on vCenter Server 6.0 connected to PSC HA

search cancel

"An error occurred while sending an authentication request to the vCenter Single Sign-On server", VMware vSphere Web Client fails on vCenter Server 6.0 connected to PSC HA

book

Article ID: 315246

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Symptoms:

When logging into the vSphere Web Client, you see this error:

A server error occurred.

[400] An error occurred while sending an authentication request to the vCenter Single Sign-On server - An error occurred when processing the metadata during vCenter Single Sign-On setup - Unable to initialize, java.io.IOException: extra data given to DerValue constructor.

Check the vSphere Web Client server logs for details.
In the vsphere_client_virgo.log file, you see entries similar to:

[<YYYY-MM-DD>T<time>] [ERROR] http-bio-9090-exec-5o.a.c.c.C.[.[localhost].[/ds].[healthStatusRequestHandler] Servlet.service() for servlet [healthStatusRequestHandler] in context with path [/ds] threw exception [com.vmware.cis.data.service.exception.ServiceInitializationException: CIS DS service failed to retrieve the SSO trusted certificates. Please, check the log and see if the SsoService has initialized successfully and whether it crashed while fetching the certificates.] with root cause com.vmware.cis.data.service.exception.ServiceInitializationException: CIS DS service failed to retrieve the SSO trusted certificates. Please, check the log and see if the SsoService has initialized successfully and whether it crashed while fetching the certificates.

at com.vmware.cis.data.service.session.StsCertManagerImpl.downloadStsCertificates(StsCertManagerImpl.java:79)
at com.vmware.cis.data.service.session.StsCertManagerImpl.getStsCertificates(StsCertManagerImpl.java:46)
at com.vmware.cis.services.common.sso.SsoOverRestVerifierUtil.verifySecurityHeader(SsoOverRestVerifierUtil.java:143)
at com.vmware.cis.cm.common.endpoint.ServletHelper.getVerifiedInputStream(ServletHelper.java:267)
at com.vmware.cis.cm.common.endpoint.ServletHelper.requestPrologue(ServletHelper.java:180)
at com.vmware.cis.cm.common.endpoint.HealthStatusServlet.doGet(HealthStatusServlet.java:105)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:735)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at com.vmware.cis.data.service.health.DsHealthStatusRequestHandler.handleRequest(DsHealthStatusRequestHandler.java:58)
at org.springframework.web.context.support.HttpRequestHandlerServlet.service(HttpRequestHandlerServlet.java:67)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:848)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
at org.eclipse.virgo.web.tomcat.support.ApplicationNameTrackingValve.invoke(ApplicationNameTrackingValve.java:33)
at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313)
at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145)
at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615)
at java.lang.Thread.run(Thread.java:745)

[<YYYY-MM-DD>T<time>] [ERROR] ing.timer.TimerFactoryBean#0 com.vmware.vise.vim.security.sso.impl.NgcSolutionUser Login as solution user failed. java.security.cert.CertificateException: Unable to initialize, java.io.IOException: extra data given to DerValue constructor
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:199)
at sun.security.provider.X509Factory.engineGenerateCertificate(X509Factory.java:97)
at java.security.cert.CertificateFactory.generateCertificate(CertificateFactory.java:339)
at com.vmware.vise.util.security.CertificateUtil.generateCertificate(CertificateUtil.java:80)
at com.vmware.vise.vim.security.sso.impl.SsoCmLocatorImpl.getSsoServerInfoFromCM(SsoCmLocatorImpl.java:74)
at com.vmware.vise.vim.security.sso.impl.SsoCmLocatorImpl.getSsoServerInfo(SsoCmLocatorImpl.java:54)
at com.vmware.vise.vim.security.sso.impl.NgcSolutionUser.login(NgcSolutionUser.java:133)
at com.vmware.vise.vim.security.sso.impl.NgcSolutionUser.getLoggedInToken(NgcSolutionUser.java:87)
at com.vmware.vise.vim.cm.impl.DefaultLoginCallback.login(DefaultLoginCallback.java:30)
at com.vmware.vise.vim.cm.impl.ComponentManagerServiceImpl$1.call(ComponentManagerServiceImpl.java:246)
at com.vmware.vise.vim.cm.impl.ComponentManagerServiceImpl$1.call(ComponentManagerServiceImpl.java:243)
at java.util.concurrent.FutureTask.run(FutureTask.java:262)
at com.vmware.vise.vim.cm.impl.ComponentManagerServiceImpl.getCMInfo(ComponentManagerServiceImpl.java:227)
at com.vmware.vise.vim.cm.impl.ComponentManagerServiceImpl.getServiceManager(ComponentManagerServiceImpl.java:194)
at com.vmware.vise.vim.cm.impl.ComponentManagerServiceImpl.search(ComponentManagerServiceImpl.java:144)
at com.vmware.vise.vim.cm.healthstatus.InventoryServiceHealth.getServiceInfo(InventoryServiceHealth.java:133)
at com.vmware.vise.vim.cm.healthstatus.InventoryServiceHealth.getISHealthEndPoint(InventoryServiceHealth.java:199)
at com.vmware.vise.vim.cm.healthstatus.InventoryServiceHealth.getInventoryServiceHealthStatus(InventoryServiceHealth.java:79)
at com.vmware.vise.vim.cm.healthstatus.InventoryServiceHealth.getStatus(InventoryServiceHealth.java:63)
at com.vmware.vise.vim.cm.healthstatus.CompositeClientHealthService.getStatus(CompositeClientHealthService.java:46)
at com.vmware.vise.vim.cm.healthstatus.HealthStatusUpdater.update(HealthStatusUpdater.java:24)
at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)
at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57)
at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)
at java.lang.reflect.Method.invoke(Method.java:606)
at org.springframework.util.MethodInvoker.invoke(MethodInvoker.java:273)
at org.springframework.scheduling.support.MethodInvokingRunnable.run(MethodInvokingRunnable.java:65)
at org.springframework.scheduling.timer.DelegatingTimerTask.run(DelegatingTimerTask.java:70)
at java.util.TimerThread.mainLoop(Timer.java:555)
at java.util.TimerThread.run(Timer.java:505)
Caused by: java.io.IOException: extra data given to DerValue constructor
at sun.security.util.DerValue.init(DerValue.java:384)
at sun.security.util.DerValue.<init>(DerValue.java:294)
at sun.security.x509.X509CertImpl.<init>(X509CertImpl.java:196)
... 29 common frames omitted
</time></time>

Note: These log excerpts are an example. Date, time, and environmental variables may vary depending on your environment.

The vsphere_client_virgo.log file is located at:

Windows installation:
C:\ProgramData\VMware\vCenterServer\logs\vsphere-client\logs\vsphere_client_virgo.log
Appliance installation:
/var/log/vmware/vsphere-client/logs/vsphere_client_virgo.log

Note: The preceding log excerpts are only examples. Date, time, and environmental variables may vary depending on your environment.

For vSphere 7.0, see: [400] An error occurred while sending an authentication request" while logging in to vSphere Client using the vCenter Server shortname

Cause

This issue can happen if SSL trust anchors for cs.identity service type in Lookupservice is configured with full certificate chain instead of leaf certificate.

Resolution

This issue is resolved in vCenter Server and vCenter Server Appliance 6.0 Update 1, available at VMware Downloads. For more information, see the VMware vCenter Server 6.0 Update 1 Release Notes.

Additional Information

"An error occurred while sending an authentication request to the PSC Single Sign-On server - null" while connecting to PSC Client after upgrading vCenter Server to 6.5
Configuring PSC 6.0 High Availability after upgrading from SSO 5.5 High Availability (2110879)

Configuring Windows PSC 6.0 High Availability for vSphere 6.0 (2113085)

Configuring PSC 6.0 High Availability for vSphere 6.0 using vCenter Server 6.0 Appliance (2113315)

Feedback

thumb_up Yes

thumb_down No

"An error occurred while sending an authentication request to the vCenter Single Sign-On server", VMware vSphere Web Client fails on vCenter Server 6.0 connected to PSC HA

Article ID: 315246

Updated On:

Products

Issue/Introduction

Windows installation:

Appliance installation:

Cause

Resolution

Additional Information

Feedback