Hi,
I've installed ESX 4.0, in DMZ net work.
When I tried to add this server in Virtual center I get "Request timed" out error, but Im able to manage this server using vSphere client and able to connect using Putty.
Im able to telnet 903 from VC server also from where I installed vSphere client.
any help would be highly appreciated.
Thanks,
Ajesh
Try with 902 port and 443
Update
22. ssh access to service console.
80. HTTP access to web servers.
443. HTTPS SSL access to web servers for VI Web Access.
902. VI Client access to ESX Server or VirtualCenter, and communication between VirtualCenter and ESX Server hosts or between hosts.
903. VM Console access via VI Client or VI Web Access.
2049. Connection to NFS storage devices.
2050-5000, and 8042-8045. Traffic between ESX Server hosts for VMware HA (also utilizes EMC Automated Availability Manager).
3260. Connection to iSCSI storage devices.
8000. Incoming requests from VMotion.
8083. VirtualCenter diagnostics port.
8086. Apache Tomcat web server admin on VirtualCenter Server
27000. License transactions from ESX Server to the License Server.
27010. License transactions from the License Server.
Javier Galvez
VCP 2/3/4
MCTS Hyper-V and SCVMM
CCA XenServer
CCA XenDesktop
i tried 902 and 443 both are open.
What about the DNS configuration? Can the host resolve the FQDN of vCenter Server and vice versa.
André
yes it does name resolution.
Hi,
Have it connected to vCenter before? Since vCenter is a Windows server with a different IP address, it might be on a different LAN segment or VLAN. Are there any firewalls between the ESX SCs and vCenter? It sounds like there might a networking or firewall issue there. When you connect to an ESX box directly with VI client, you are just connecting from your VI workstation to the ESX SC. When you connect hosts to vCenter, then vCenter is trying to communicate with the SC of the ESX boxes, so the networking is totally different. Can you check the networking and firewalls between the ESX host in question and vCenter?
Good Luck
if you found this post helpful please consider the use of the Helpful/Correct buttons to award points
Suresh
Thank you for your reply..
I had this server earlier in the Vcenter , it was ESX 3.5, and I upgraded to 4.0 after that im unable to add to vcenter.
Thanks,
Ajesh
now try to diconnect and remove the host from inventory and connect it again. your problem will be solved. this was happened to me few days back. i did like this.
if you found this post helpful please consider the use of the Helpful/Correct buttons to award points
Suresh
Is there security concern for putting the whole ESX host in the DMZ vs. just adding a DMZ uplink port for your VM's ?
What version of vCenter do you have running? I think you said your ESX hosts were 4.0, so you must have at least version 4.0 for vCenter
Do you see any errors besides a Timeout error ? have you looked in the vCenter logs or in the ESX Logs at all?
If its in the DMZ there are actually 2 firewall's you need to check to make sure the ports are open. 1) is the ESX firewall, 2) is your Network Firewall telneting to each of the ports from your vCenter server is a pretty good indication its open or not.
TCP and UDP Ports required to access vCenter Server, ESX hosts, and other network components:
http://kb.vmware.com/kb/1012382
From above article:
ESX 4.x 47 UDP ESX/ESXi Host Physical Switches vDS (Virtual Distributed Switch) Broadcast
ESX 4.x 902 TCP VI/vSphere Client ESX/ESXi Host VI/vSphere Client to ESX/ESXi hosted VM connectivity
ESX 4.x 902 TCP/UDP ESX/ESXi Host ESX/ESXi Host Authentication, Provisioning, VM Migration
ESX 4.x 902 UDP ESX/ESXi Host vCenter 4 Server Heartbeat
ESX 4.x 903 TCP VI/vSphere Client ESX/ESXi Host VM Remote VM Console
ESX 4.x 2050 to 2250 UDP ESX/ESXi Host ESX/ESXi Host VMware HA
ESX 4.x 5989 TCP ESX/ESXi Host VirtualCenter/vCenter CIM Secure Server to CIM Client
ESX 4.x 8000 TCP ESX/ESXi Host (VM Target) ESX/ESXi Host (VM Source) VMotion Communication on VMKernel Interface
ESX 4.x 8000 TCP ESX/ESXi Host (VM Source) ESX/ESXi Host (VM Target) VMotion Communication on VMKernel Interface
ESX 4.x 8042 to 8045 TCP ESX/ESXi Host ESX/ESXi Host VMware HA
ESX 4.x 8100 TCP/UDP ESX/ESXi 4 Host ESX/ESXi 4.x Host VMware Fault Tolerance. ESX/ESXi 4 only.
ESX 4.x 8200 TCP/UDP ESX/ESXi 4 Host ESX/ESXi 4.x Host VMware Fault Tolerance. ESX/ESXi 4 only.
443/902/903 seems to be the key ports you need to make sure that is open.
This PDF also does a great job of visualizing all of the communications that happens from various components:
http://www.virtualinsanity.com/wp-content/uploads/connections-ports-esx.pdf
If those ports are open, and you still can't add it to vCenter then it could be another issue. You can always take it out of the DMZ put it on a local subnet to the vCenter server and try it again and see if it does work in that case so you know if it is a network/firewall issue or something else.
How many NIC do you have in that host, make sure that in the host console, both NIC are checked (connected). I hope this helps.
I had a similar problem this morning. VC lost its connection to two of my hosts after I moved some redundant network connections to redundant switches. I migrated the VC from one host to another, and I was able to get it to see the missing hosts again. Bottom line: see if you can rule out possible faulty paths when you encounter this issue, especially when you can't find an answer in the KB and restarting services & rebuilding files doesn't help.