So you just completed your migration from an earlier version of vSphere up to vSphere 6.5 (particularly vCenter 6.5 Virtual Appliance). When trying to log in to the vSphere web client, you receive numerous “The VMware enhanced authentication plugin has updated it’s SSL certificate in Firefox. Please restart Firefox.”. You’ll usually see 2 of these messages in a row on each page load.
You’ll also note that the “Enhanced Authentication Plugin” doesn’t function after the install (it won’t pull your Active Directory authentication information).
To resolve this:
Uninstall all vSphere plugins from your workstation. I went ahead and uninstalled all vSphere related software on my workstation, this includes the deprecated vSphere C# client application, all authentication plugins, etc… These are all old.
Open up your web browser and point to your vCenter server (https://vCENTERSERVERNAME), and download the “Trusted root CA certificates” from VMCA (VMware certificate authority).
Download and extract the ZIP file. Navigate through the extracted contents to the windows certs. These root CA certificates need to be installed to your “Trusted Root Certification Authorities” store on your system, and make sure you skip the “Certificate Revocation List” file which ends in a “.r0”.
To install them, right click, choose “Install Certificate”, choose “Local Machine”, yes to UAC prompt, then choose “Place all certificates in the following store”, browse, and select “Trusted Root Certification Authorities”, and finally finish. Repeat for each of the certificates. Your workstation will now “trust” all certificates issued by your VMware Certificate Authority (VMCA).
You can now re-open your web browser, download the “Enhanced Authentication Plugin” from your vCenter instance, and install. After restarting your computer, the plugin should function and the messages will no longer appear.
Leave a comment!
While most of us frequently deploy new ESXi hosts, a question and task not oftenly discussed is how to properly decommission a VMware ESXi host. Some might be surprised to… Read More
This guide will outline the instructions to Disable the VMware Horizon Session Bar. These instructions can be used to disable the Horizon Session Bar (also known as the Horizon Client… Read More
Normally, any VMs that are NVIDIA vGPU enabled have to be manually migrated with manual vMotion if a host is placed in to maintenance mode, to evacuate the host. While… Read More
You may experience GPU issues with the VMware Horizon Indirect Display Driver in your environment when using 3rd party applications which incorrectly utilize the incorrect display adapter. This results with… Read More
Today we're going to cover a powerful little NAS being used with VMware; the Synology DS923+ VMware vSphere Use case and Configuration. This little (but powerful) NAS is perfect for… Read More
Today we'll go over how to install the vSphere vCenter Root Certificate on your client system. Certificates are designed to verify the identity of the systems, software, and/or resources we… Read More
View Comments
Thanks so much for taking the time to post this! I was just struggling with this issue and wasn't sure how to fix it. Our company relies on ESXi but we're small enough so we don't have whole server farms running it, or staff with formal VMWare training. I'm the main person in charge of keeping our ESXi environment running and updated, but my experience comes from a previous job where I decided to hand-build a single server with the free version of the product, in order to virtualize a few old Windows servers that had become old and unreliable.
I really like the ESXi product, but at the same time I'm regularly frustrated by how difficult things can be which seem like they should be simple and straightforward. This was one such situation. Why didn't the setup program for the plug-in handle all of this automatically and gracefully?
Hi Tom,
It's unfortunate, but as with all technology and IT products, there will be bugs and hiccups along the way as the product get used, upgrades come and go, and as issues arise in the environment.
This was a major release changing and upgrading to this version, so it's expected that there will be problems with such a major change.
I consider this a minor problem (I've seen way worse), so all it takes is time to find out what's going on and resolve it.
All upgrades should be scheduled and slowly rolled out.
It's unfortunate, but as technology is designed to make our lives easier and allow us to do more, it brings with it new levels of complexity.
Cheers,
Stephen
Stephen,
Thanks for the tip. 2 seasoned IT and PLM professionals struggled with this for 1-1/2 days. But after getting Firefox installed (to use vs Chrome or IE as a test), we noticed that FF was working (unlike the other 2 browsers), until we installed the Enhanced authentication.
With this info my IT guy found your site. So even though we were not doing an upgrade or migration, the certs must have been corrupted, and this fixed them once and for all.
Thanks again
Bob Mills