Solved: Console error

flyingfreak · ‎02-15-2010

I am getting the error "Unable to connect to the MKS: Failed to connect to server xxx.xxx.xxx.xxx:902" sometimes the port is 903.

I have found some solutions but none have worked. I get this error on both the vSphere client and the webaccess.

Before we get to this error i want to make sure how i want this setup is even possible.

I am working with Dell Poweredge 1855 with two nics on each blade. I want to setup a private network (say 10.0.x.x) for the Vcenter to communicate with the ESX servers. So one NIC on the each blade will be DHCP on the same private network as one of the NICs on the Vcenter blade. The other NIC on the Vcenter blade will be one of my public Ips (lets say 73.129).

I have 5 static public IPs - 73.129/133 & my private network is DHCP

Server--

O/S- -

NIC 1--

NIC2

blade1--

Win2k3/Vcenter--~~-73.129~~--

10.0.10.x

blade2 -

ESX -

73.130 -

10.0.10.x

blade3 -

ESX -

73.131------ 10.0.10.x

blade4 -

ESX -

73.132 -

10.0.10.x

blade5----

ESX -

73.133 -

10.0.10.x

I want the service console on each ESX to only be accessed by the private IP of NIC 2. The Public/Static IP of NIC1 I want the VM to use.

I want the only way to manage the esx servers is to use vSphere connecting to the vCenter on blade1. Is this setup possible?

I have all this setup NIcs, switchs, Ips, however I get the error above when i try to use the webclient and the vSphere via the Vcenter blade.

I couldn't find much on this particular situation but if you find something or have any ideas I would greatly appreciate the info or a link. Thanks in Advance.

JimmyDean · ‎03-16-2010

Everyone,

Since was having issues that are more related to his setup I took the time to do a one on one chat. For anyone reading this later the solution was to create VM's of the ESX/ESXi Servers and place them on a public vNetwork Switch. That way there is no way for someone to own the servers and have a way into the private network.

Flyingfreak if this did not help you resolve the issue please repost on this and the community will join in to help. If this did resolve your issue please hit "Answered"

Thankx!

Jimmy Dean

View solution in original post

1011ygagr · ‎02-15-2010

FF -

A few questions first to better understand your situation ...

1. When you say you "want the service console on each ESX to only be accessed by the private IP of NIC 2", I assume you mean the private IP of NIC 2 on the vCenter blade, right?

2. How are vCenter and the clients resolving the addresses of your ESX hosts - DNS or other? Do you see issues with the vSphere client when running it from the vCenter server?

3. Lastly, please detail the configuration of the vSwitches on the ESX hosts. I assume you have two on each, one for the Service Console with an uplink in the 10.0.x.x subnt, the other for VM NICs with an uplink on your 73.129.x.x. Please describe, as well as any firewall configuration you have done on the ESX hosts.

Thanks -

Dan G.

flyingfreak · ‎02-15-2010

Thanks for your reply, let me see if i can answer these for you.

1. That is correct blade 1 has two NICS I want on with a static IP and the other with a private IP

2. Currently I connect to the Vcenter via vSphere by the static Ip address of blade 1 . The Vcenter is using the private IPs to manage the ESX servers on the same 10.0.10.x subnet. Also I am able to access the console from vsphere if im on the 10.0.10.x subnet .

3. I have not made any changes to the firewall.

I will have to get the vswitches information tomorrow , I will post them as soon as I confirm them.

Thanks

flyingfreak · ‎02-16-2010

esx network config

NIC1 vswitch0 - service console port: vswif0 : 10.0.10.63 ; Virtual Machine port Group: VM network

NIC2 vSwitch1 - open (i plan on using this for VM public static IP)

I really dont care waht NIC does what I just used the chart at the start of the thread as a guide. I would just like to get the setup the way I hope I can.

Thanks,

flyingfreak · ‎02-16-2010

My DNS and routing do not look correct . i think maybe we should start there. What should I set the service console gateway to? Keep in mind that the private IP 10.0.10.x doesnt see the cloud.

flyingfreak · ‎02-16-2010

I guess another way to ask this question is... do my esx hosts need to have access to the cloud in order to manage them from a Vcenter which does have access to the cloud (and the private network that the esx are on)?

Preetam_Zare · ‎03-10-2010

I have experience similiar problem. I think the problem is more to do with Bandwidth between client from which you are accessing vCenter.

- Preetam Zare

flyingfreak · ‎03-11-2010

actually im pretty sure the issue is that The vcenter server is trying to est a connection between the outside client and the esx server, however its trying to give the outside client the private lan ip address to connect to.

JimmyDean · ‎03-15-2010

Hello all,

I had this same issue. It took me days to find a solution that worked.

Your Setup:

I have 5 static public IPs - 73.129/133 & my private network is DHCP

Server--

O/S- -

NIC 1--

NIC2

blade1--

Win2k3/Vcenter--~~-73.129~~--

10.0.10.100 My Example

blade2 -

ESX -

73.130 -

10.0.10.x

blade3 -

ESX -

73.131------ 10.0.10.x

blade4 -

ESX -

73.132 -

10.0.10.x

blade5----

ESX -

73.133 -

10.0.10.x

So if the Service Consoles are on 10.0.10.x you will need to use the vSphere client to the privite vCenter IP (10.0.10.100) to access all the esx servers. There is no way to setup nating 902/903 from out side the FW to inside. Since your VC is a 2003 box you can RDP to it then manage everything from that point.

On my post http://communities.vmware.com/thread/232124

My Corp 192.8.100.x

My Lab: 10.x.x.x

All of my service consoles were sitting on the 10.0.0.10 - 10.0.0.40

My VC Server is a VM and I have one nic on Corp and one on Lab. VM VC's are great for stuff like that but its your call. vmware says it the best way to go and I agree but people have feelings on both ways about it. I say its your setup then set it up how you want.

When using the vSphere client I could log in but not access anything related to the vm's. Ex the 902 KVM error.

So I just moved the service console ports over to the corp side and poof everything is happy. my test/dev users are happy.

-

CORP || Lab

Service Console || vmKernel, vMotion, VM's

Let me know if you need more help.

J

flyingfreak · ‎03-16-2010

This is giving me a headache. I appreciate the help.

I am trying to create curriculum for students that is strictly online. My goal is to have students download vsphere and connect to the Vcenter server. I will have created user restriction for each student so that they only see a specific blade. I was hoping that they setup there own VM via VSphere and then after it is setup , attach a public IP to it and RDC or VNC into them, for much faster response. The Vms will be used to analyze malware and also be temporarily setup as a honeypot (which is where the public IP comes in). Becuase the nature of malware the student will be using snap shot manager quite a bit which is where vsphere comes in again.

What your saying is that my current setup will not work regardless of any nat rules or routing rules I come up with? Instead I would have to have every student RDC into mywin2k3 box and use the vsphere client on it? That might be tuff if more then one user needs to use the vcenter at a time. IT also makes for an additional middle man that would cause more lag issues. Would I gain any advantage in this scenario by putting vcenter on a VM?

Thanks Again!

JimmyDean · ‎03-16-2010

Everyone,

Since was having issues that are more related to his setup I took the time to do a one on one chat. For anyone reading this later the solution was to create VM's of the ESX/ESXi Servers and place them on a public vNetwork Switch. That way there is no way for someone to own the servers and have a way into the private network.

Flyingfreak if this did not help you resolve the issue please repost on this and the community will join in to help. If this did resolve your issue please hit "Answered"

Thankx!

Jimmy Dean