Enhanced Authentication Plug-in (EAP) and Chrome v105+

Do you use Chrome (v105+) with Windows and have been having recent issues using the Enhanced Authentication Plug-in (EAP) when logging in to vSphere? Well, now there’s a fix.

Here’s a link to the KB: The Enhanced Authentication Plug-in (EAP) stops functioning in Google Chrome versions 105 and above. (90333) (vmware.com)

Yep, I’m running v109.0.5414.75 and I’m having the issue.

If you are saying “wait, what’s the issue? I missed something” Well…the primary issue is that the EAP, well…just didn’t work…like at all. Attempting to check the “Use Windows session authentication” checkbox was fruitless and frustrating because it didn’t do anything. And, let’s be honest, typing in your user/password every time was getting very old.

Since I had this same issue in my lab, I did some troubleshooting on a Win10 box.

Checking Windows Apps & features to verify the EAP and the plug-in service were also installed. Uninstalling and re-installing did not resolve the issue.

Things I also tried were:

Check and verify the VMware CIP Message Proxy Service is running and set to Automatic or Automatic (Delayed Start – yep…running!
Check for pop-up blockers in Chrome – nope…none!
Are SSL certs installed for vCenter – yes, all good!

So…I guess up until yesterday (1/10/2023) I/we were out of luck, until the awesome team at VMware found the solution and resolution: turn “ChromeRootStoreEnabled” policy to “FALSE“

In Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Chrome :

Add a DWORD (32 bit) Value named “ChromeRootStoreEnabled” to 0
Confirm the value in Chrome policy (chrome://policy/) and ensure “ChromeRootStoreEnabled” policy value has been set to 0

Here we go:

I didn’t find the vaules in my registry, so I added them.

Right click “Polices” folder -> New -> Key. Name it “Google”.

Click on “Google” folder -> New -> Key. Name it “Chrome:

Right-click “Chrome” -> New -> “DWORD (32-bit) Value”

Type in “ChromeRootStoreEnabled” and verify the Value data is “0”