Hello,
I have configured my ESXi 5 VMs for VNC - to enable me to VNC to the console for each of the VMs. But I cannot work out how to obfuscate the password, I wonder if anyone can help? I have set it up as follows:
Stop each VM
Log in to the ESXi host using SSH
Add the following to the VM's .vmx file:
RemoteDisplay.vnc.enabled = "TRUE" RemoteDisplay.vnc.port = "5901"RemoteDisplay.vnc.password = "password"
When I restart the VM, I see that the following line has been added to the .vmx file
RemoteDisplay.vnc.key = "long random string blah blah blah......."
Now, when I try to connect to the server using a VNC client, I am not being allowed in. It is not asking for a password, it is showing me a blank screen.
Specifically, I am not sure if the password is working (I think this config element is deprecated in ESXi 5) and so I am not sure whether the key is my password hashed, or if it is some random password and I should generate my own key and populate the field. I would like to know how to generate the key - there is an article which details this, but when I click the link it sends me to a redirect loop. Does anyone have the details?
Secondly, why is my connection not working? I am trying to connect from a local machine. No firewalls should be getting in the way.
Any ideas?
Andy
thread moved from VMware Server 1 Community to VMware ESXi 5 Community
Troy,
Thanks for that, and apologies for posting to the wrong forum. I was not paying attention at all, sorry.
Andy
Have you opened a firewall port on ESXi to allow for this traffic?
Dave,
That is a very good question, and the answer is "no". This is a new feature in 5 I think. In 4.x there was no firewall?
Anyway, I have opened vSphere client and am looking at the Security Profile for the host and can see that there does not seem to be a way to add services or ports. Does this indicate that I should have done something to add the VNC service to the list of services/ports (so that I could enable it here)? Or do I need to use the command line to add a service?
Is VNC automatically running on ESXi 5? Is it not, and that is why it does not appear in the service/ports list?
Andy
Are you sure that is supported on ESXi 5?
I've see in kb.vmware.com/kb/1246 that was working only on GSX 3 (aka the old VMware Server) and also that
Note: VMware does not support running virtual machines with a VNC client.
I have seen various posts about getting this working with ESXi 5. It seems that it does work.
I think the sequence is something like:
1. Edit .VMX file to add remotedisplay settings
2. Edit service.xml to add firewall rules
3. Do something to make these persistent after ESXi boot - as we are editing files on a memory resident file system, so they will disappear after boot.
I will be trying this at some point, and will report back here with exact steps and whether or not it works.
I know it is not supported. But as a Linux user, I don't really want to have to boot up a Windows VM (on VMWare Player on my laptpop) to run VMSphere Client to connect to the machines consoles. Of course I can configure VNC within the VM, but it is a pain as I am running different OSs so the setup will be different for each, which seems a pain.
An alternative, of course, would be to find a nice Linux VM management application or some such, but there don't seem to be any.
Andy
Look at vCenter Server Appliance and the FlexUI that vCenter's web interface allows. As always, there are limitations on both (including needing at least Essentials).
I had not seen vCenter Server Appliance, it looks very interesting in general.... but not for me right now where I am using the free ESXi. Still, at work, where we have paid licensing, that will be looked into.
I still have testing the VNC and firewall updates direct to the ESXi server through SSH on my to do list. And will report back on those...
Andy
You configuration works, but you need to open the firewall on ESXi...
First step is build a new rule like this:
~ # cat /etc/vmware/firewall/vnc.xml <!-- Firewall configuration information for VNC --> <ConfigRoot> <service> <id>VNC</id> <rule id='0000'> <direction>inbound</direction> <protocol>tcp</protocol> <porttype>dst</porttype> <port>5901</port> </rule> <rule id='0001'> <direction>outbound</direction> <protocol>tcp</protocol> <porttype>dst</porttype> <port> <begin>0</begin> <end>65535</end> </port> </rule> <enabled>true</enabled> <required>false</required> </service> </ConfigRoot>
Then you can refresh the firewall rules and check that the new one is correctly loaded:
~ # esxcli network firewall refresh ~ # esxcli network firewall ruleset list | grep VNC VNC true