Hey,
after upgrading all certificates of the different services that are linked to vCenter 5.1, that was to be honest, a very hard and time consuming task to manage, I am receiving this error when trying to open the log browser on the vSphere WebClient. As this seems to be a known issue to VMware, they are recommending the following to fix it:
When you click Log Browser in the vSphere Web Client, an Unauthorized Access error appears
When you click the Log Browser link in the vSphere Web Client, an error message appears: Exception: https://<system-address>:12443/vmwb/logbrowser: Unauthorized access. This error occurs after you replace the default vCenter Single Sign On server's SSL certificate, either directly or by regenerating the certificate in the vCenter Server Appliance.
Workaround:
- Log in to the vSphere Web Client as a Single Sign On administrator.
- Navigate to Administration> Sign-on and Discovery> Configuration, and click the STS Certificate tab.
- Click Edit.
- Select the Single Sign On SSL keystore.
- If Single Sign On is running on a Windows system, select the following file:
C:\Program Files\VMware\Infrastructure\SSOServer\security\server-identity.jks (default path) - If Single Sign On is running on Linux (vCenter Server Appliance), select the following file:
/usr/lib/vmware-sso/security/server.jks (default path)
- If Single Sign On is running on a Windows system, select the following file:
- Open the Single Sign On server.xml file with a text editor or browser.
- On Windows:
C:\Program Files\VMware\Infrastructure\SSOServer\conf\server.xml (default path) - On Linux:
/usr/lib/vmware-sso/conf/server.xml (default path)
- On Windows:
- Search for keystorePass="..." on the Connector element. The string in quotes is your password.
- Enter the password in the vSphere Web Client when prompted.
- Select only the displayed chain.
- Click OK and enter the password again.
- Restart the following services: the vSphere Web Client, vCenter Server, vCenter Inventory Service, and the VMware Log Browser. You do not need to restart Single Sign On.
as stated in:
https://www.vmware.com/support/vsphere5/doc/vsphere-esx-vcenter-server-51-release-notes.html
I followed this guide, but whenever I am asked for the password for the server-identity.jks file and I am entering the password that is found in the server.xml, the password window is just reopening again and again, what brings me to the conclusion this password is not correct.
The other thing I tried was, that I used the keytool.exe to generate new STS keystores, fitting to my cerficates generated by the CA.
keytool.exe -import -alias root -file root.cer -keystore e:\selfsigned.jks
And then trying to import that one. The password entered for this file seems to be correct, since I've set it myself before, when generating the file. Although I am not getting any chain back that I can select.
I hope anyone ran into the same issue and has a solution for it.
greetings from Germany
Simon