Here is the output for netstat -a , ETL247-ESXVC01 is my VC server and it seems that it can connect to the ESX servers(esx64-1, esx64-2,etl247-esx01, etl247-esx02) and the VC server on port 902

TCP ETL247-ESXVC01:1903 esx64-2.cqa.com:902 ESTABLISHED

TCP ETL247-ESXVC01:1905 esx64-1.cqa.com:902 ESTABLISHED

TCP ETL247-ESXVC01:1913 etl247-esx01.cqa.com:902 ESTABLISHED

TCP ETL247-ESXVC01:1915 etl247-esx02.cqa.com:902 ESTABLISHED

TCP ETL247-ESXVC01:1925 ETL247-ESXVC01:http ESTABLISHED

TCP ETL247-ESXVC01:1931 ETL247-ESXVC01:902 ESTABLISHED

TCP ETL247-ESXVC01:1992 ETL247-ESXVC01:902 ESTABLISHED

But from anyother host, here CHARLIEVICTOR, running a Vi Client, it seems like a connection is only established to the VC server (192.168.15.179 - ETL247_ESXVC01).

TCP CharlieVictor:4911 192.168.15.179:http ESTABLISHED

TCP CharlieVictor:4912 192.168.15.179:902 ESTABLISHED

Do I need to be able to connect to the ESX server on port 902 to open a remote console to a VM running on a specific ESX server?

Try verifying that your ESX servers that are managed by that VC server were upgraded to the new VC agent by typing “vpxa- v”

o VC 2.0.1 build number is 32042

o VC 2.0.1 build number is 32042

o VC 2.0.1 Patch 1 build number is 33643

o VC 2.0.1 Patch 2 build number is 40644

You also might try doing a “service vmware-vpxa restart” followed by “service mgmt-vmware restart” on the ESX servers.

902 and 903 (depends if you use ESX and/or VC)

page 188 - http://www.vmware.com/pdf/vi3_server_config.pdf

902 Authentication traffic for the ESX Server host and virtual

machine configuration.

Use Port 902 for the following:

! VI Client access to the VirtualCenter Server.

! VirtualCenter Server access to ESX Server hosts.

! Direct VI Client access to ESX Server hosts.

! ESX Server host access to other ESX Server hosts for

migration and provisioning.

Incoming TCP,

outgoing UDP

903 Remote console traffic generated by user access to virtual

machines on a specific ESX Server host.

Use Port 903 for the following:

! VI Client access to virtual machine consoles.

! VI Web Access Client access to virtual machine consoles.

\[root@etl247-esx01 root]# vpxa -v

VMware VirtualCenter Agent Daemon 2.0.1 build-40644[/i]

The restart of vpx services on the ESX did not help.

How would I check to see if PORT 903 can accept the Remote Console connetion?

Here is what I do not understand about the port, I can remote console when I direclty connect to the ESX server from the host CHARLIEVICTOR using Vi Client. I use netstat to verfiy the port 903 is indeed open. But when I connect to the VC server and try to remote console it does not work. So, essentially the PORT is OK....

Can you load the VI client on the VC server and connect to the ESX and use remote console. If you can then that port should be open for VC Server also, if you can't then something on the VC server is blocking it.

If that does work then I think your certificate errors may be the problem. Are the ESX hosts you are trying to manage with this server being managed by another server by chance? A ESX host can only be managed by one VirtualCenter server at a time. You cannot use multiple VC server to manage the same ESX servers.

I can connect to the remote console using the Vi Client on the VC server, which is what makes it bizarre. I do not have a firewall setup on my VC server or on the HOST running the Vi Client.

It is only from other hosts that are running Vi Client that cannot connect to the remote console through the VC server. But, I can connect to a remote console form any of the hosts if I directly connect to the ESX server through the Vi Client

I checked. I only have one VC managing my ESX servers. Is there a way to reset the certificates?

This guide may help...

Replacing VirtualCenter Server Certificates - http://www.vmware.com/pdf/vi_vcserver_certificates.pdf

Thank you. Will try it.

I installed VC 2.0.1 b32042 just to check, and now everything works fine. So, there is not network or certificate issue.

What could have changed while installing b33643 or b40644 that could cause such an issue?

Each version install of VC is a full installation of the program. Maybe they changed the certificate behavior in the later versions.

Based on this error:

"The host name used for the connection does not match the subject name on the host certificate"

it could have something to do with the DNS name of the VC server or ESX hosts, ie. common name versus fqdn. Certificates are usually tied to specific domain names, when you connect to VC you might try using the FQDN instead of the common name or vice versa. Same when adding the ESX host to VC. Also make sure your CN and FQDN both resolve ok in DNS.

I have 4 ESX servers. Only two have the problem because their HOSTNAME was changed. So, I am not sure if is a certificated issue.

How do you completely uninstall VC server from a XP host i.e. is there any registry keys I would need to get rid off?

Also, what must I clear on the ESX server side if I am going to use a new VC server to manage them?

Do you think, changing the HOSTNAME on my VC Server and completely re-installing the VC server would help?

Thank you for all you help so far.

To clarify "I have 4 ESX servers. Only two have the problem because their HOSTNAME was changed. So, I am not sure if is a certificated issue."[/i]

I only have the certificate error problem on 2 of the ESX servers. But I see the Remote console connect errors on all 4 ESX servers.

To completely wipe VC, first remove the ESX hosts from VC which should disassociate them with that VC server. Then shut down VC, go to a CMD prompt and run "vpxd.exe –b" to delete the database. Un-install VC, then delete any leftover files from C:\Program Files\VMware, and delete any leftover registry entries from HKLM\Software\VMware

Then re-install VC and add the ESX hosts back in.

Is it a potential risk for ESX host to update VC server ?

Shouldn't harm ESX at all, the VC install is independent of ESX except for the agent install to the ESX servers