Hi all
Im receiving connection timed out error message from the vsphere Web Client, when trying to access the console of a virtual machine,
On the internal network it works fine but if I access the webclient page externally i can do all things except open a console.
Im wondering if anyone could help me to troubleshoot this issue.
I have tried various things on the firewall to allow ports 902903 9090 8333 8222 and still no fix.
Currently the only firewall port that is open is 9443 so I know that works as its all part of the same rull i just add ports to it.
thanks
michaelg11
The Connection Time Out was driving me crazy , never imagined that the Console Plug In had anything to do with it !!!
Thank you for the workaround !!
Hi Justin,
I've just upgrade to vCenter server 6 in my lab environment and now I'm not anymore able to access the vSphere Web Client 6 behind my apache reverse proxy. Looks like the flash web client has the internal URL "hard coded" somewhere... I'm able to download the flash content behind the reverse proxy but then it redirects me to the internal URL / websso address (so actually it's working using the reverse proxy from LAN but not from outside since the internal DNS is not resolved...)
I've tried to look for any vmrc conf file but where not able to find any...
Any idea where this vmrc could be in vSphere 6 ?
Thanks in advance !
Hello,
No one else here facing the same issue with vSphere 6 ?
Any chance you updated to vCenter 6 and know the workaround for that version as well ?
Cheers,
Yes, I have the same issue. My workaround has been change the hostname file that is located at /etc/vmware-sso/ with the external hostname of the server and change the reverse proxy to point to https://server_ip/ (In 5.5 I had https://server_ip:9443)
Can you provide some more detail on how you configured your reverse proxy? Did you also have to configure any portforwarding, except for to your proxyserver?
I have the following configuration in Apache on Ubuntu where 192.168.1.195 is my vCenter Appliance 6:
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
ProxyPass /vmware https://192.168.1.195
ProxyPassReverse /vmware https://192.168.1.195
Hi, this is mi configuration:
<VirtualHost _default_:443>
ServerAdmin xxx
ServerName xxx
SSLEngine on
SSLCertificateFile xxx
SSLCertificateKeyFile xxx
SSLProxyEngine on
SSLProxyVerify none
SSLProxyCheckPeerCN off
SSLProxyCheckPeerName off
SSLProxyCheckPeerExpire off
RewriteEngine On
ProxyPreserveHost On
DocumentRoot /var/www/html
ErrorLog ${APACHE_LOG_DIR}/xxx.log
CustomLog ${APACHE_LOG_DIR}/xxx_access.log combined
<Location />
ProxyPass https://xxx/
ProxyPassReverse https://xxx/
SSLRequireSSL
RedirectMatch permanent ^/$ https://xxx/vsphere-client/?csp
RedirectMatch permanent ^/admin$ https://xxx/admin/
RedirectMatch permanent ^/vami$ https://xxx/vami/
RedirectMatch permanent ^/websso$ https://xxx/websso/
RedirectMatch permanent ^/psc$ https://xxx/psc/
</Location>
<Location /vsphere-client/>
ProxyPass https://yyy:9443/vsphere-client/
ProxyPassReverse https://yyy:9443/vsphere-client/
SSLRequireSSL
</Location>
<Location /admin/>
ProxyPass https://yyy:5480/
ProxyPassReverse https://yyy:5480/
SSLRequireSSL
</Location>
<Location /vami/>
ProxyPass https://yyy:5480/vami/
ProxyPassReverse https://yyy:5480/vami/
SSLRequireSSL
</Location>
BrowserMatch "MSIE [2-6]" \
nokeepalive ssl-unclean-shutdown \
downgrade-1.0 force-response-1.0
# MSIE 7 and newer should be able to use keepalive
BrowserMatch "MSIE [17-9]" ssl-unclean-shutdown
</VirtualHost>
Best Regards
Came across this thread today and seems to be similar to the issue I am having. I'm running ESX 6.0 update 2 and am trying to run the ESXi Embedded client behind an IIS reverse proxy (https://esx-host/ui/). With the reverse proxy, all is well, except that the Console functionality does not work, I receive a "failed to connect" notice. If I try to run the VMRC client instead, I get a 404 error. I'm thinking that a solution like the one "justin007" proposed would work for me, but I cannot find where the vrmc settings would be on the ESXi host. The console works fine if I access the embedded client by IP. Again, I'm running just the ESX embedded host, not vCenter. Anybody know where or what setting I need to adjust on the ESX host to get Console working in the Embedded client?
I attached what I'm seeing. Any thoughts would be appreciated.
Hi guys,
tried to reach Windows webclient 6.0U2 behind Nat-Reverse Proxy config.
currently vcenter6 having internally IP which is not externally reachable.
So i tested 2 vm's. 1x Nat and 1x Reverse Proxy (tested apache 2.4 and nginx 1.10)
i did the proper Nat settings for Masking and forwarded Port to Reverse Proxy. First tested just 443 Port forward to Apache. i just getting First page - but not the Login Screen. (error because getting internally IP back also with the Proxy Settings).
tried then Nginx. with nginx i get the Login Screen > but once trying to login i get timeout.
getting some permission errors on nginx to place listen Ports. so for test i did listen 8080 without ssl.
so nginx making 1 step further to the logon screen.
http://xxxxxx:8080/vsphere-client/?csp
i don't find any error in the webclient log. also not finding something in the logs from nginx.
if i type an faulty pass it's giving "Authentication Error" > so sso recognizing it. but once placing correct Pass getting Timeout after few seconds
i need to change something in the nginx? just short basic Test Code:
server {
listen 8080;
location / {
proxy_pass https://xxxxx;
}
}
Many thx
Best regards
Max
seems from the Logs it's making "GET /vsphere-client/" and once trying to login it's doing "POST /websso/SAML2/SSO/vsphere.local"
need maybe special handle for POST Actions?
downloaded now the latest Apache Proxy Source Code 2.4.20 and changed the worker names to 2000.
After "Log in to vSphere Webclient" > i get Status 400 Error. Now it's not related anymore regarding the long websso Link. now getting other error.
once placing the websso link into the passproxy as a test getting:
HTTP Status 500 - Request processing failed; nested exception is java.lang.IllegalStateException: Failed to return authentication policy object: for tenant vsphere.local?
org.springframework.web.util.NestedServletException: Request processing failed; nested exception is java.lang.IllegalStateException: Failed to return authentication policy object: for tenant vsphere.local?SAMLRequest
Special Module Missing?
Wondering if that is Just Issues once using vCenter on Windows?! As seeing someone got it working with Appliance Version.
But anyway. maybe anyone have a Clue for this error?
Best regards
Max