abulhol
Enthusiast
Enthusiast

esxcli network firewall refresh: More than one instance of tag found, expected only one.

Jump to solution

We decided to change the SSH port for ESXi following the instructions in this article:

Change Port 22 SSH on ESXi 6.5

After doing so, we realized that actually the command

esxcli network firewall refresh

returns with an error

"More than one instance of tag found, expected only one."

I checked the XML, and actually there is something wrong with the example configuration given in the article above:

        <protocol>tcp</protocol>

        <protocol>dst</protocol>

The second "protocol" entry must actually be changed to "porttype" to conform to the service.xml specification.

Now the crazy thing is, with the malformed TCPALLOUT entry and refresh throwing an error, I can access via SSH on the newly defined port.

Without the TCPALLOUT entry, I have no SSH access.

And if I  fix "protocol" to "porttype" in the entry and refresh, I instantly lose SSH access completely.

How does that fit together?

0 Kudos
1 Solution

Accepted Solutions
abulhol
Enthusiast
Enthusiast

In effect, the instructions in Change Port 22 SSH on ESXi 6.5  seem to be wrong.

See my reply there.

View solution in original post

0 Kudos
1 Reply
abulhol
Enthusiast
Enthusiast

In effect, the instructions in Change Port 22 SSH on ESXi 6.5  seem to be wrong.

See my reply there.

View solution in original post

0 Kudos