VMware Cloud Community
changhu
Contributor
Contributor
‎01-12-2014 09:50 PM

Invoke-vmscript does not return any values from VMs/Hosts behind firewall

Hey everyone

I've been having issues with invoke-vmscript behind firewall. Invoke-vmscript actual works and executed everything but does not return any values from VMs behind firewall. VMs on the corporate network returns the values with no issues, for example it will return that creation of a folder is successful. It is my understanding and agreed by VMWare support the communication stream is my-laptop--(powercli)-->vCenter---(port 902)--->host---(vmtool)--->VM, and the return value should follow the same exact stream but in reverse. According to VM article and VMWare support I only need to worry about port 902 between vCenter and the host and I've validated that 902 is open both ways TCP and UDP.

I even installed wireshark on a test VM and ran invoke-vmscript against it and wireshark did not capture any network communications from the VM to anything that looks like it could be return value from invoke-vmscript. The VM wouldn't know where to send the return value anyways.

VMWare support is out of ideas and obviously it got me stumped pretty good.

Any help would be greatly appreciated.

Thanks in advance!

0 Kudos
7 Replies
LucD
Leadership
Leadership
‎01-12-2014 11:15 PM

Which OS do you have running in the VM ?

If it is a WIndows OS, is the Windows FW enabled for traffic over port 902 in both directions ?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
changhu
Contributor
Contributor
‎01-12-2014 11:35 PM

VM OS is 2008 R2, both vce term and hosts are on 5.1. The vmtool is current on the VM also.

yes I even looked at the firewall rule export myself and 902 is enable on both directions.

thanks

0 Kudos
LucD
Leadership
Leadership
‎01-13-2014 12:56 AM

To exclude the Windows FW, did you try disabling the Windows Firewall ?


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos
changhu
Contributor
Contributor
‎01-13-2014 09:59 AM

Forgot to mention, I also made sure the firewall is disabled. There is vShield but I've added the VM into exception list so traffic won't be affected.

The script/command works fine but no return which makes automation impossible.

I'm at my wits end!

Thanks

0 Kudos
vTracker
Contributor
Contributor
‎01-14-2014 09:48 AM

See the following KB:

Required ports for configuring an external firewall to allow ESX/ESXi and vCenter Server traffic

http://kb.vmware.com/kb/1005189

I'd at least make sure ports 443 and 88 (for Kerberos if using Windows) are open as well.

0 Kudos
MSpriya
Contributor
Contributor
‎11-18-2020 08:15 AM

Hi @changhu ,

I am also facing the same issue. Script/command is executed on the guest VM but the results are not propagated back. 

Were you able to get around this issue and get the results from the Invoke-VMScript command? 

Any help is much appreciated. Thanks.

0 Kudos
LucD
Leadership
Leadership
‎11-18-2020 10:39 PM

Please stop piggy-backing on multiple threads with the same issue.
Better yet, start a new thread for your issue.


Blog: lucd.info  Twitter: @LucD22  Co-author PowerCLI Reference

0 Kudos