Since I am my own system administrator, I contacted myself. This led to some heated internal discussions, followed by the inevitable Google search.
Apparently this is a fairly well-known message to real-life Sametime admins and the usual remedy is to configure the VPS_ALLOWED_LOGIN_TYPES variable in the server's sametime.ini file using the appropriate Sametime Client ID. Unfortunately, at the time this happened the IBM technote that lists the Client IDs hadn't been updated with the Notes 9 Beta client information yet, which left me with the question of how to determine the ID my Lotus Notes embedded Sametime client was using.
There is information on how to do this using debug settings on the Sametime server, but I wanted to know how to get this information directly from my client. So here is what I did:
com.ibm.collaboration.realtime.community.sametime.level=FINE
In the trace log file, I saw lines like this:
Got client ID [1F954w==] from runtime version property [st852.notes900]
Client ID succesfully set for Sametime login. Login Type: 4678
The first line is a bit of a red herring; it looks like it should be the Client ID I'm looking for (or a Base64 version of it), but it's not. Maybe it's some encoded form of it or something, I don't know. Just ignore it.
What you really want is the "Login Type" number on that second line. That is the decimal version of the Client ID you need to add to VPS_ALLOWED_LOGIN_TYPES on the server. If you use your favorite calculator program to convert that to hex, you will see that the hexidecimal representation of 4678 is "1246", which is the Client ID you are looking for.
Of course, if you don't have access to make that setting on the Sametime server that won't help you one bit. But if you can get a hold of your Sametime administrator then that is the information they will need.