VMware Cloud Community
numinus
Contributor
Contributor
‎01-14-2010 10:27 AM

"Open Console" on VMs with ESX on Private Network - MKS: Failed to connect error

Greetings,

I'm receiving the error "Unable to connect to the MKS: Failed to connect to server x.x.x.x:902." while trying to 'Open Console' on my VMs. The VMs are located on hosts that are on a private backend network and are managed by a vCenter server that sits on the public and private. All connections come into the vCenter server over the public network and are apparently having no luck bridging the console. I've attempted to add vmauthd.server.alwaysProxy = “TRUE” to /etc/vmware/config, but still no go. Can anyone shed some light on this? Is it even doable? I'd move the hosts to the public network, but my firewall drops ESX hosts out of their clusters with session timeouts. The heartbeats will not stay alive.

Thanks

0 Kudos
4 Replies
admin
Immortal
Immortal
‎01-14-2010 11:27 AM

Did you see this KB article? Cannot open Virtual Machine Console 749640

Rick Blythe

Social Media Specialist

VMware Inc.

0 Kudos
numinus
Contributor
Contributor
‎01-27-2010 09:38 AM

The fix for this issue was to move the vCenter Server behind a different firewall and place it on the public network. In this case we chose a locally installed firewall that does not time out the sessions. Our old Juniper just couldn't handle it. Thanks for all who helped answer my questions.

0 Kudos
vbjoern
Contributor
Contributor
‎01-27-2010 02:24 PM

Maybe we are simply lacking this information. Is there a firewall between your local workstation that runs the vSphere Client and the ESX? You need to be able to access ports 80, 443, 902 and 903 on the ESX from the vSphere Client. If that is given, please provide some more network information of your infrastructure. I only saw the mentioned error in environments that did not have all ports opened on the firewall.

Best regards,

vbjoern

0 Kudos
numinus
Contributor
Contributor
‎01-27-2010 02:47 PM

Originally, there was no firewall between my local workstation and the ESX hosts. The ESX hosts were on a backend private 10.0.0.0 network that my workstation had access to. Without letting my customers VPN into that network they were unable to bridge the console from vCenter. vCenter was on the public internet NAT'd behind our Juniper. When the ESX servers were in front of the Juniper it would somehow time out the ESX heartbeats. All the appropriate ports were opened. It is an old firewall without the ability to be updated. The issue definitely is with the Juniper because the new firewall doesn't blink for a second at the hosts. Even with the timeout set to 'never' the Juniper would always drop my servers from vCenter.

0 Kudos