Hi Communities,
I would like to know if someone know which h.323 port we need to open inside firewall to communicate with a DMZ. We almost open the different ports mention somewhere else...
53 TCP/UDP Domain
88 TCP/UDP Kerberos
123 UDP Time
137 UDP NetBIOS-ns
139 TCP NetBIOS-ssn
389 TCP/UDP LDAP
3268 TCP LDAP to Global Catalogue
135/445 TCP For DCOM/RPC communication
But when we launch an a analysis on a DMZ machine, VirtualCenter return an error like unable to communicate with the server. I was working with network admin and he says the server inside the DMZ try randomly a h.323 port to communicate with VirtualCenter.
We cannot install an other VirtualCenter inside DMZ. So we really need to open to correct ports to be able to finish our Consolidation.
Thanks in advance
Regards
Eric
Under the covers, Guided Consolidation uses Capacity Planner, which requires these services to tal to Windows machines. I'm thinking that is where your problem exists.
-KjB
You seem to have the ports open, see here for more details: http://kb.vmware.com/kb/1012382
-KjB
hi there,
hopefully ive understood you correctly but this may help!
If any component of your VirtualCenter environment is on the other side of a firewall from the VirtualCenter server, you need to open a pass through port to enable communication. All entities must be able to communicate. This includes the host on which the VirtualCenter server is installed, the ESX Server or GSX Server host, and the VirtualCenter server.
Selected ports allow designated traffic.
port 905 — the default port for VirtualCenter client to VirtualCenter server communications.
port 902 — the defined port for encrypted secure socket layer (ssl) VirtualCenter server to ESX Server or GSX Server communications. This port, when defined, is host specific.
port 8443 — the VMware SDK port.
To open a port for firewall pass through communication:
kjb007,
The link you provide is very interesting. All info concerning port is there except h.323 !? I'll keep this link for the future.
Thanks
Eric
wgerrish82,
All components for the virtualcenter server is on the same side. So my vmware infrastructure is on the lan and the server I want to analyse is behind the firewall. The virtualcenter can pass through the firewall but the server cannot send his analyst because they use some randomly h.323 port.
Thanks for your help.
Eric
That's just it, vCenter does not use that protocol to communicate for Guided Consolidation. The ports listed in the doc are the ones required to make Guided Consolidation work. What error are you actually receiving, other than on your firewall?
-KjB
There's the error is return:
Errors occurred while trying to analyze the following computers - 2010-01-26 2:40:35 PM
-
Cannot analyze 'XXXXXXX' : Unable to contact the host. The host may not be a Windows system.
And the firewall result is :
I'm able to connect on the windows machine. I use my credential and it;'s fine.
Just to be sure about what I talk, there's the print screen of my VirtualCenter
Thanks
Eric
Do you also see errors in your windows event log when you try to connect through guided consolidation? Are you able to connect from the vCenter server to the target server, using WMI and Remote Registry?
-KjB
I try remote registry and it work. After that, I execute simple wmi script to retrieve caption and I got error.
And inside event viewer I got an error
"DCOM was unable to communicate with the computer Sli0331 using any of the configured protocols."
Maybe my problem is there...
I'll verify where is my problem....
Thanks for the cue....
Eric
Under the covers, Guided Consolidation uses Capacity Planner, which requires these services to tal to Windows machines. I'm thinking that is where your problem exists.
-KjB
Thanks KjB for help and for your time !
Very appreciate.
Regards,
Eric
I assume that means it's working now. Very good to hear.
-KjB