I've been having issues with invoke-vmscript behind firewall. Invoke-vmscript actual works and executed everything but does not return any values from VMs behind firewall. VMs on the corporate network returns the values with no issues, for example it will return that creation of a folder is successful. It is my understanding and agreed by VMWare support the communication stream is my-laptop--(powercli)-->vCenter---(port 902)--->host---(vmtool)--->VM, and the return value should follow the same exact stream but in reverse. According to VM article and VMWare support I only need to worry about port 902 between vCenter and the host and I've validated that 902 is open both ways TCP and UDP.
I even installed wireshark on a test VM and ran invoke-vmscript against it and wireshark did not capture any network communications from the VM to anything that looks like it could be return value from invoke-vmscript. The VM wouldn't know where to send the return value anyways.
VMWare support is out of ideas and obviously it got me stumped pretty good.
Any help would be greatly appreciated.
Thanks in advance!
VM OS is 2008 R2, both vce term and hosts are on 5.1. The vmtool is current on the VM also.
yes I even looked at the firewall rule export myself and 902 is enable on both directions.
Forgot to mention, I also made sure the firewall is disabled. There is vShield but I've added the VM into exception list so traffic won't be affected.
The script/command works fine but no return which makes automation impossible.
I'm at my wits end!
See the following KB:
Required ports for configuring an external firewall to allow ESX/ESXi and vCenter Server traffic
I'd at least make sure ports 443 and 88 (for Kerberos if using Windows) are open as well.
Hi @changhu ,
I am also facing the same issue. Script/command is executed on the guest VM but the results are not propagated back.
Were you able to get around this issue and get the results from the Invoke-VMScript command?
Any help is much appreciated. Thanks.