6 Replies Latest reply on Oct 29, 2012 2:55 PM by markdean

    Port 903??

    peetz Master
    vExpertUser Moderators
      I'm currently investigating the network ports required to be open on
      a firewall for accessing an ESXi 4.1 host.
      According to http://kb.vmware.com/kb/1012382 the port 903 needs
      to be accessible from both the VI client and the vCenter server
      towards the ESXi host (for VM console access).
      However, if I check the network ports used in my environment I never
      see any connections on port 903. For console access it looks
      like only port 902 is used instead.
      And if I check open network ports directly on an ESXi host with
      "esxcli network connection list", there is even no listener on port 903!
      So, is port 903 really been used? If yes, how and when?
      Or is there just wrong information in the KB article?

      - VMware Front Experience Blog

        • 1. Re: Port 903??
          MauroBonder Champion
          User ModeratorsVMware Employees

          you can check it here - http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003971


          Please, don't forget the awarding points for "helpful" and/or "correct" answers. 


          Mauro Bonder - Moderator

          • 2. Re: Port 903??
            jamesbowling Master
            VMware Employees

            Here is a good reference for you regarding ports needed as well:



            • 3. Re: Port 903??
              peetz Master
              User ModeratorsvExpert

              Thanks guys for your answers, but ...

              I am aware of all the documentation available for the required network ports, and I also know how to check if a port is being used (on Windows and ESXi).


              Fact #1: All available documents mentions port 903 is being used for VM console access to the ESXi host.

              Fact #2: On our ESXi hosts there is no listening process on port 903. Also a telnet on that port fails to connect.

              Fact #3: Console access is working fine for us. It looks like it is using port 902, not 903.


              I don't think that we haved changed anything from the default, but can you please check in your environment if it behaves the same?


              My question remains: Is this port really being used for something? For what?



              - VMware Front Experience Blog

              • 4. Re: Port 903??
                MauroBonder Champion
                VMware EmployeesUser Moderators

                In vcenter this port is used to

                vCenter 4.x903TCPClient PCvCenter ServerVI/vSphere Client to VM Console
                vCenter 4.x903TCPvCenter ServerESX/ESXi HostVI/vSphere Client to VM Console (after connection established between VI/vSphere Client and vCenter)


                if you need you can change it when start installation.


                Please, don't forget the awarding points for "helpful" and/or "correct" answers. 


                Mauro Bonder - Moderator

                • 5. Answered: Port 903 is NOT used by ESXi!
                  peetz Master
                  vExpertUser Moderators

                  Okay, I got VMware support engaged on that, and they finally admitted that port 903 is NOT used at all by ESXi 4.1.

                  They will update KB1012382 accordingly.



                  - VMware Front Experience Blog

                  • 6. Re: Answered: Port 903 is NOT used by ESXi!
                    markdean Enthusiast

                    Wrong. Working with a client's locked down network and ESX 4.1 U3 environment. After opening up 902, 22, 80 and 443 between the admin network and the ESX hosts, but with port 903 closed, you will not be able to get to a remote console, either via the tabs or via the remote console menu item. Everything else works just fine.


                    Here's the error, clearly showing that the VI Client is going, by default, to <ipaddress>:903 :


                    Unable to connect to the MKS: Failed to connect to server alp-msm-esx-06:903.


                    So this grid in the referenced KB article is correct, by default, you need port 903 opened.


                    ESX 4.x903TCPVI / vSphere ClientESXi/ESX HostVM Remote Console (MKS)



                    If there's some other smoke and mirror thing going on or if you have information that shows this as being wrong, please let me know, but it's hard to argue with what the VI Client reports is the port it's using.


                    Message was edited by: markdean The image didn't show up, inserted the text and attached the .png file.