VMware Cloud Foundation

Couldn’t establish a connection to the VM web console from vSphere Client

by Tommy Grot
by Tommy Grot 1.6K views 2 minutes read

You’ve launched the vSphere Client, but can’t access your virtual machine’s web console? Don’t worry, you’re not alone! This new problem can be frustrating, but it often has simple solution to fix the problem. After the recent upgrade of vSphere 8.0.3.00400 this issue occurred to me as I was trying to connect to a virtual machine web console. So below I go through steps to fix it.

This is what I saw: Couldn’t establish a connection to the VM web console from vSphere Client. So first thing was I connected to my SDDC Manager, retrieved my vCenter Root Password.

VMware’s KB – Here

Then I started digging into the logs where I saw that the Reverse HTTP Proxy was putting out Errors on JWT verification failed.

2024-12-19T19:03:18.572-07:00 error rhttpproxy[02851] [Originator@6876 sub=RhttpProxy] [Rhttpproxy REST Handler] Missing JWT
2024-12-19T19:03:18.572-07:00 error rhttpproxy[02851] [Originator@6876 sub=RhttpProxy] [Rhttpproxy REST PUT Handler] JWT verification failed
2024-12-19T19:03:18.778-07:00 error rhttpproxy[02891] [Originator@6876 sub=RhttpProxy] [Rhttpproxy REST Handler] Missing JWT
2024-12-19T19:03:18.778-07:00 error rhttpproxy[02891] [Originator@6876 sub=RhttpProxy] [Rhttpproxy REST PUT Handler] JWT veri
2024-12-20T02:03:18.852Z INFO tokenservice[92:tomcat-http--46] [CorId=27264dea-fc49-485f-8df6-182c9e3bb977 OpId=m369ltl2-668183-auto-ebl6-h5:70192572] [com.vmware.identity.token.impl.SamlTokenImpl] Token expiration date: Fri Dec 20 01:58:38 GMT 2024 is in the past.
2024-12-20T02:03:18.852Z ERROR tokenservice[92:tomcat-http--46] [CorId=27264dea-fc49-485f-8df6-182c9e3bb977 OpId=] [com.vmware.vcenter.tokenservice.vapi.TokenExchangeProviderImpl] Exchange failed due to invalid grant:
com.vmware.vcenter.tokenservice.exceptions.InvalidGrant: Invalid SUBJECT token: tokenType=SAML2

So what I ended up doing is going to:

  • Go to Administration ->Access Control -> Roles
  • Select the vSphere Client Service Account and click edit
  • Scroll down to Global section and de-select the Proxy setting as you see in the screenshot below, and then click Save, but go back into the same Proxy setting and re-select it and hit Save.

A working Web Console!

You may also like

Securing Software Updates for VMware Cloud Foundation: What...

VMware Cloud Foundation 5.2: A Guide to Simplified...

VMware Cloud Foundation 5.2: Unlocking Secure Hybrid Cloud...

VMware Cloud Foundation – Memory Tiering: Optimizing Memory...

Decoding VMware Cloud Foundation: Unveiling the numerous amount...

VMware Cloud Director 10.6.1: Taking Cloud Management to...

VMware Cloud Foundation 5.2.1.1

VMware Cloud Foundation 5.2.1 – Upgrade Process &...

VMware Explore 2024 – General Session – Shaping...

VMware Cloud Foundation 5.2 – Tips & Troubleshooting