Highlighted
Contributor
Contributor

ESXi 5 and VNC

Hello,

I have configured my ESXi 5 VMs for VNC - to enable me to VNC to the console for each of the VMs. But I cannot work out how to obfuscate the password, I wonder if anyone can help? I have set it up as follows:

Stop each VM

Log in to the ESXi host using SSH

Add the following to the VM's .vmx file:

RemoteDisplay.vnc.enabled = "TRUE" 
RemoteDisplay.vnc.port = "5901"
RemoteDisplay.vnc.password = "password"

When I restart the VM, I see that the following line has been added to the .vmx file

RemoteDisplay.vnc.key = "long random string blah blah blah......."

Now, when I try to connect to the server using a VNC client, I am not being allowed in. It is not asking for a password, it is showing me a blank screen.

Specifically, I am not sure if the password is working (I think this config element is deprecated in ESXi 5) and so I am not sure whether the key is my password hashed, or if it is some random password and I should generate my own key and populate the field. I would like to know how to generate the key - there is an article which details this, but when I click the link it sends me to a redirect loop. Does anyone have the details?

Secondly, why is my connection not working? I am trying to connect from a local machine. No firewalls should be getting in the way.

Any ideas?

Andy

0 Kudos
9 Replies
Highlighted
Immortal
Immortal

thread moved from VMware Server 1 Community to VMware ESXi 5 Community

0 Kudos
Highlighted
Contributor
Contributor

Troy,

Thanks for that, and apologies for posting to the wrong forum. I was not paying attention at all, sorry.

Andy

0 Kudos
Highlighted

Have you opened a firewall port on ESXi to allow for this traffic?

0 Kudos
Highlighted
Contributor
Contributor

Dave,

That is a very good question, and the answer is "no". This is a new feature in 5 I think. In 4.x there was no firewall?

Anyway, I have opened vSphere client and am looking at the Security Profile for the host and can see that there does not seem to be a way to add services or ports. Does this indicate that I should have done something to add the VNC service to the list of services/ports (so that I could enable it here)? Or do I need to use the command line to add a service?

Is VNC automatically running on ESXi 5? Is it not, and that is why it does not appear in the service/ports list?

Andy

0 Kudos
Highlighted
Immortal
Immortal

Are you sure that is supported on ESXi 5?

I've see in kb.vmware.com/kb/1246 that was working only on GSX 3 (aka the old VMware Server) and also that

Note: VMware does not support running virtual machines with a VNC client.

Andre | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
0 Kudos
Highlighted
Contributor
Contributor

I have seen various posts about getting this working with ESXi 5. It seems that it does work.

I think the sequence is something like:

1. Edit .VMX file to add remotedisplay settings

2. Edit service.xml to add firewall rules

3. Do something to make these persistent after ESXi boot - as we are editing files on a memory resident file system, so they will disappear after boot.

I will be trying this at some point, and will report back here with exact steps and whether or not it works.

I know it is not supported. But as a Linux user, I don't really want to have to boot up a Windows VM (on VMWare Player on my laptpop) to run VMSphere Client to connect to the machines consoles. Of course I can configure VNC within the VM, but it is a pain as I am running different OSs so the setup will be different for each, which seems a pain.

An alternative, of course, would be to find a nice Linux VM management application or some such, but there don't seem to be any.

Andy

0 Kudos
Highlighted
Contributor
Contributor

Look at vCenter Server Appliance and the FlexUI that vCenter's web interface allows.  As always, there are limitations on both (including needing at least Essentials).

0 Kudos
Highlighted
Contributor
Contributor

I had not seen vCenter Server Appliance, it looks very interesting in general.... but not for me right now where I am using the free ESXi. Still, at work, where we have paid licensing, that will be looked into.

I still have testing the VNC and firewall updates direct to the ESXi server through SSH on my to do list. And will report back on those...

Andy

0 Kudos
Highlighted
Immortal
Immortal

You configuration works, but you need to open the firewall on ESXi...

First step is build a new rule like this:

~ # cat /etc/vmware/firewall/vnc.xml
 <!-- Firewall configuration information for VNC -->
 <ConfigRoot>
  <service>
   <id>VNC</id>
    <rule id='0000'>
     <direction>inbound</direction>
     <protocol>tcp</protocol>
     <porttype>dst</porttype>
     <port>5901</port>
    </rule>
    <rule id='0001'>
     <direction>outbound</direction>
     <protocol>tcp</protocol>
     <porttype>dst</porttype>
     <port>
      <begin>0</begin>
      <end>65535</end>
     </port>
    </rule>
    <enabled>true</enabled>
    <required>false</required>
  </service>
 </ConfigRoot>

Then you can refresh the firewall rules and check that the new one is correctly loaded:

~ # esxcli network firewall refresh
~ # esxcli network firewall ruleset list | grep VNC
VNC                    true
Andre | http://about.me/amauro | http://vinfrastructure.it/ | @Andrea_Mauro
0 Kudos