1 Reply Latest reply on Apr 9, 2020 12:38 PM by AlessandroRomeo68

    Having issues opening web consoles in linked vCenters

    MattGoddard Enthusiast

      I'm trying to get a better sense of the connection path between a vCenter user and a VM's web console in order to diagnose why users can open some web consoles but not others.

       

      When you're connected to to the web client of [VC1] and you open the web console of a VM on [VC2] (which is in the same SSO domain and shows up on the same web client), does the path go like this:

       

      Me -> [TCP 443] -> VC1 -> [TCP/UDP 902] -> VC2 -> [TCP/UDP 902] -> VC2Host -> VM

       

      Or is it this:

       

      Me -> [TCP 443] -> VC1 -> [TCP/UDP 902] -> VC2Host -> VM

       

      And are those ports accurate? Are there any other ports needed for the web console to work (whether from one VC directly or from a linked VC)?

       

      -----

       

      Here's the actual problem I'm having:

       

      I have these two vCenter appliances (both v6.7):

      • vc-toronto
      • vc-portland

       

      If I log in to vc-toronto from our corporate LAN, I can open web consoles for VMs in that vCenter, but if I try to open a console for a VM on vc-portland, it hangs and then times out. The opposite is also true if I log in to vc-portland. However, if I use the VMRC, I can open the consoles of any of the VMs regardless of which of the two vCenters I'm logged in to.

       

      Meanwhile, I have one user working from home, connecting via VPN1, who reports the same behavior as me, and a second user, connecting via VPN2, who can open web consoles on either vCenter, regardless of which one he's logged in to.

       

      So the implication is that this is a firewall/routing issue. I just need to figure out which ports need to be open and from where to where.