Greetings,
I'm receiving the error "Unable to connect to the MKS: Failed to connect to server x.x.x.x:902." while trying to 'Open Console' on my VMs. The VMs are located on hosts that are on a private backend network and are managed by a vCenter server that sits on the public and private. All connections come into the vCenter server over the public network and are apparently having no luck bridging the console. I've attempted to add vmauthd.server.alwaysProxy = “TRUE” to /etc/vmware/config, but still no go. Can anyone shed some light on this? Is it even doable? I'd move the hosts to the public network, but my firewall drops ESX hosts out of their clusters with session timeouts. The heartbeats will not stay alive.
Thanks
Did you see this KB article? Cannot open Virtual Machine Console 749640
Rick Blythe
Social Media Specialist
VMware Inc.
The fix for this issue was to move the vCenter Server behind a different firewall and place it on the public network. In this case we chose a locally installed firewall that does not time out the sessions. Our old Juniper just couldn't handle it. Thanks for all who helped answer my questions.
Maybe we are simply lacking this information. Is there a firewall between your local workstation that runs the vSphere Client and the ESX? You need to be able to access ports 80, 443, 902 and 903 on the ESX from the vSphere Client. If that is given, please provide some more network information of your infrastructure. I only saw the mentioned error in environments that did not have all ports opened on the firewall.
Best regards,
vbjoern
Originally, there was no firewall between my local workstation and the ESX hosts. The ESX hosts were on a backend private 10.0.0.0 network that my workstation had access to. Without letting my customers VPN into that network they were unable to bridge the console from vCenter. vCenter was on the public internet NAT'd behind our Juniper. When the ESX servers were in front of the Juniper it would somehow time out the ESX heartbeats. All the appropriate ports were opened. It is an old firewall without the ability to be updated. The issue definitely is with the Juniper because the new firewall doesn't blink for a second at the hosts. Even with the timeout set to 'never' the Juniper would always drop my servers from vCenter.