VMware Cloud Community
unsichtbare
Expert
Expert
‎03-24-2015 02:30 PM

Unable to open VMRC - and it's not the usual suspects!

I just discovered that I am unable to access the VMRC at all (for any VMs), I get the old: Unable to connect to the MKS: Internal error

FYI: VM and client are on same broadcast domain, no firewall (Windows or otherwise), DNS is working and tested from client and host

I am having some trouble with AD, in another discussion

At this point, I can log-on to SSH with: user@domain.tld

and I can use the C# client with: user@domain.tld but not DOMAIN\user

THX

+The Invisible Admin+ If you find me useful, follow my blog: http://johnborhek.com/
0 Kudos
8 Replies
vickey0rana
Enthusiast
Enthusiast
‎03-24-2015 11:19 PM

Can you vMotion the VM to another Host and check if that works?

---------------------------------------------------------------- If you found this or any other answer helpful, please consider to award points. (use Correct or Helpful buttons) BR, Ravinder S Rana
0 Kudos
brunofernandez1
Expert
Expert
‎03-25-2015 12:32 AM

the VM and the Client dom't have to be on the same subnet.

it's more important that the esx server or the vcenter have to be on the same subnet like the client. or you have openend the needed ports (443/902/903 and so on) on the firewall if they aren't on the same subnet....

------------------------------------------------------------------------------- If you found this or any other answer helpful, please consider to award points. (use Correct or Helpful buttons) Regards from Switzerland, B. Fernandez http://vpxa.info/
0 Kudos
unsichtbare
Expert
Expert
‎03-25-2015 06:57 AM

Don't have vMotion up yet.

Broadcast Domain is essentially the same thing as the same subnet/network. For testing, ESXi, vCenter, VM's, everything is on the network: 172.20.0.0/16

The "MKS internal error" was happening both when connected through vCenter and when connected directly to the ESXi host. I have verified DNS on both the ESXi and the VCSA is working.

+The Invisible Admin+ If you find me useful, follow my blog: http://johnborhek.com/
0 Kudos
brunofernandez1
Expert
Expert
‎03-25-2015 07:05 AM

i know you don't want to hear it but have you disabled the windows firewall? Smiley Happy

the MKS error is most of the times in context with dns, network or firewal...

------------------------------------------------------------------------------- If you found this or any other answer helpful, please consider to award points. (use Correct or Helpful buttons) Regards from Switzerland, B. Fernandez http://vpxa.info/
0 Kudos
unsichtbare
Expert
Expert
‎03-25-2015 07:52 AM

Windows firewall is off.

+The Invisible Admin+ If you find me useful, follow my blog: http://johnborhek.com/
0 Kudos
vickey0rana
Enthusiast
Enthusiast
‎03-25-2015 11:15 PM

can you add the esxi host entries to local PC's HOST file, from where you are opening vSphere Client and check post this?

---------------------------------------------------------------- If you found this or any other answer helpful, please consider to award points. (use Correct or Helpful buttons) BR, Ravinder S Rana
0 Kudos
unsichtbare
Expert
Expert
‎03-26-2015 06:58 AM

Done and Done!

I first tested forward DNS from Windows and VCSA (ping esxi.mydomain.local) and from ESXi (ping dc1.mydomain.local) - no problems

Even so,I added entries to the hosts file (for vCenter and ESXi)  on Windows where the client is, then I added entries to the hosts file on VCSA (for ESXi). - no changes. Those entries have now been removed.

I think I can conclusively state that it is NOT a DNS issue.

A new symptom: before this happens, I get a certificate warning from VCSA/client stating that the certificate ESXi is presenting is not the same at the one I initially trusted. It is almost as if the ESXi is somehow regenerating certificates and causing trust issues.

The fix is a reboot. On an ongoing basis, ESXi hosts can not require regular reboots,

Thanks for your help!

-J

+The Invisible Admin+ If you find me useful, follow my blog: http://johnborhek.com/
0 Kudos
florindespa
Enthusiast
Enthusiast
‎03-26-2015 11:14 PM

Hi,

   Could you please log in into your ESXi directly with the ip ? And then try ? Than should exclude the dns.

   Another thing that you could try is vSphere Documentation Center  . I usually recreate the self signed certificates once I have completely set up the ESXi with fqdn DNS ( the certificates are created during installation for localhost.localdomain ) . You will have to reboot the ESXi and might have to reconnect to the vCenter , as the ESXi will present a new certificate . If that still fails , open https://fqdn.of.esxi on the client pc, and accept & add the certificate.

Warning : As I do not know about your setup , if you use domain certificates vs  self signed etc, it is just an ideea .

Hope you get this fixed.

0 Kudos