VMware Cloud Community
Giga1699
Contributor
Contributor
‎04-30-2012 06:58 PM

vSphere client times out on loading inventory

I have just set-up a test ESXi 5 server. I am able to ping the host, traceroute to the host, ssh to the host, view the https page of the host, browse the datastore online of the host.

However, I can not login to the host using vSphere. It keeps timing out when loading inventory.

The network is about like this...

PC (vlan 4) ----> (vlan 4) Cisco router (vlan 3) ----> (vlan 3) Cisco router (vlan 1) ----> (vlan 1) vyatta router on ESXi 4.1 (vlan 2) ----> (vlan 2) ESXi 5 host

The 4.1 box is part of a cluster on our production systems, and has a trunk port. Sub-interfaces are created on the 4.1 box to allow access to the various vlans. The ESXi 5 host is on an access switchport assigned to vlan2.

Any thoughts?

0 Kudos
10 Replies
peterdabr
Hot Shot
Hot Shot
‎04-30-2012 08:50 PM

Hi,

I recommend the following:

1) check /var/log/auth.log on the host

2) restart management services with services.sh and test again

3) run network dump on vyatta with filter for source (workstation) and destination (host) IP addresses and confirm no communication is being blocked (though only tcp port 443 should be needed from vSphere client to the host)

4) try connecting to the host from another workstation with vSphere Client (btw, can you connect to 4.1 host on the same vlan using the same workstation?)

5) can you confirm routing is not asymetric,  meaning traceroute from source->destination and destination-> source should hit the same hops

6) sometimes it makes sense to temporarily disable firewall on esxi; can you run: esxcli network firewall set --enabled false (revert it back when done testing)

Hope above helps

Peter D

Giga1699
Contributor
Contributor
‎05-02-2012 06:05 PM

Okay, so check this out...

1.) I did not see anything in auth.log

2.) Didn't change anything

4.) Same Issue

5.) It is not

6.) No change

However, with 3... when tshark was not running, I could not connect. When "tshark -i <int> -R ip.src==<vhost_ip>||ip.dst==<vhost_ip>" was running... I could connect just fine. If I stop the tshark, I have problems connecting again.

Any thoughts on that?

0 Kudos
peterdabr
Hot Shot
Hot Shot
‎05-02-2012 09:20 PM

With regards to #4 (or the second part of it), can you confirm whether you've attempted to connect from vSphere client on a machine in the same network/vlan as your destination esxi host?

Peter D.

0 Kudos
Giga1699
Contributor
Contributor
‎05-02-2012 09:31 PM

My mistake... I left that out.

If I connect from the same subnet, there seems to be no issue. However, I've tried everything I could think of to find out what the problem is. I've adjusted MTU values, ensured that firewalls are disabled, made sure routes are all there, etc.

0 Kudos
UmeshAhuja
Commander
Commander
‎05-02-2012 09:46 PM

Hi,

Check if all the required ports are open or not

ProductPortProtocolSourceTargetPurpose
ESXi 5.x22TCPClient PCESXi 5.xSSH Server
ESXi 5.x53UDPESXi 5.xDNS ServerDNS Client
ESXi 5.x68UDPESXi 5.xDHCP ServerDHCP Client
ESXi 5.x80TCPClient PCESXi 5.xRedirect Web Browser to HTTPS Service (443)
ESXi 5.x88TCPESXi hostActive Directory ServerPAM Active Directory Authentication - Kerberos
ESXi 5.x111TCPESX/ESXi HostNFS ServerNFS Client – RPC Portmapper
ESXi 5.x111UDPESX/ESXi HostNFS ServerNFS Client – RPC Portmapper
ESXi 5.x123UDPESX/ESXi HostNTP Time ServerNTP Client
ESXi 5.x161UDPSNMP ServerESXi 4.x HostSNMP Polling. Not used in ESXi 3.x
ESXi 5.x162UDPESXi HostSNMP CollectorSNMP Trap Send
ESXi 5.x389TCP/UDPESXi hostLDAP ServerPAM Active Directory Authentication - Kerberos
ESXi 5.x427UDPESX/ESXi HostESX/ESXi HostCIM Service Location Protocol (SLP)
ESXi 5.x443TCPVI / vSphere ClientESX/ESXi HostVI / vSphere Client to ESX/ESXi Host management connection
ESXi 5.x443TCPESX/ESXi HostESX/ESXi HostHost to host VM migration and provisioning
ESXi 5.x445UDPESXi hostMS Directory Services ServerPAM Active Directory Authentication
ESXi 5.x445TCPESXi hostMS Directory Services ServerPAM Active Directory Authentication
ESXi 5.x445TCPESXi hostSMB ServerSMB Server
ESXi 5.x464TCPESXi hostActive Directory ServerPAM Active Directory Authentication - Kerberos
ESXi 5.x514UDP/TCPESXi 5.xSyslog ServerRemote syslog logging
ESXi 5.x902TCP/UDPESXi 5.xESXi 5.xHost access to other hosts for migration and provisioning
ESXi 5.x902TCPvSphere ClientESXi 5.xvSphere Client access to virtual machine consoles (MKS)
ESXi 5.x902TCP/UDPESXi 5.xvCenter Server(UDP) Status update (heartbeat) connection from E SXi to vCenter Server
ESXi 5.x> 1024 (dynamic)TCP/UDPESXi HostActive Directory ServerBi-directional communication on TCP/UDP ports is required between the ESXi host and the Active Directory Domain Controller (via the netlogond process on the ESXi host). See Active Directory and Active Directory Domain Services Port Requirements and MS article 179442.
ESXi 5.x2049TCPESXi 5.xNFS ServerTransactions from NFS storage devices
ESXi 5.x2049UDPESXi 5.xNFS ServerTransactions from NFS storage devices
ESXi 5.x3260TCPESXi 5.xiSCSI storage serverTransactions to iSCSI storage devices
ESXi 5.x5900 to 5964TCPESXi 5.xESXi 5.xRFB protocol, which is used by management tools such as VNC
ESXi 5.x5988TCPCIM ServerESXi 5.xCIM transactions over HTTP
ESXi 5.x5989TCPvCenter ServerESXi 5.xCIM XML transactions over HTTPS
ESXi 5.x5989TCPESXi 5.xvCenter ServerCIM XML transactions over HTTPS
ESXi 5.x8000TCPESXi 5.x (VM Target)ESXi 5.x (VM Source)Requests from vMotion
ESXi 5.x8000TCPESXi 5.x (VM Source)ESXi 5.x (VM Target)Requests from vMotion
ESXi 5.x8100TCP/UDPESXi 5.xESXi 5.xTraffic between hosts for vSphere Fault Tolerance (FT)
ESXi 5.x8182TCP/UDPESXi 5.xESXi 5.xTraffic between hosts for vSphere High Availability (vSphere HA)
ESXi 5.x8200TCP/UDPESXi 5.xESXi 5.xTraffic between hosts for vSphere Fault Tolerance (FT)
ESXi 5.x8301UDPESXi 5.xESXi 5.xDVS Port Information
ESXi 5.x8302UDPESXi 5.xESXi 5.xDVS Port Information
ESXi 5.x31100TCPvCenterSPS ServerInternal Communication Port
ESXi 5.x31000TCPSPS ServervCenterInternal Communication Port

Thanks n Regards
Umesh Ahuja

If your query resolved then please consider awarding points by correct or helpful marking.
0 Kudos
Giga1699
Contributor
Contributor
‎05-17-2012 10:26 PM

I can't find that any ports are being blocked.

I can log in using vSphere only when tshark is running on the vyatta router. Any thoughts why this would be so?

I've disabled all firewalls along the path, I've rebooted everything, I can ping the entire path, traceroutes are exactly the same back and forth. Nothing but running tshark has allowed me to login to the ESXi box.

0 Kudos
zXi_Gamer
Virtuoso
Virtuoso
‎05-17-2012 10:55 PM

Just to make sure that your dns is resolving both ways, since inventory and search service depends on routing to be proper both ways

0 Kudos
Giga1699
Contributor
Contributor
‎05-17-2012 11:50 PM

DNS is working just fine.

0 Kudos
Giga1699
Contributor
Contributor
‎05-18-2012 12:11 AM

No matter what I've done, it still hasn't worked.

The only thing that allows me to connect is to have tshark (terminal version of wireshark) running on the vyatta router. If it's not running, the second I start it up vSphere finishes loading the inventory and brings up the main screen.

If I stop tshark while I'm connected to vSphere, it will disconnect the session eventually.

0 Kudos
Giga1699
Contributor
Contributor
‎05-23-2012 08:38 AM

The problem was a bug when using the VMWare network driver in Vyatta.

Switching to the E1000 driver fixed the issue.

Please reference the following Vyatta forum post for further details:

http://vyatta.org/forum/viewtopic.php?p=139389

0 Kudos