VMware Cloud Community
Byron_Zhao
Enthusiast
Enthusiast
‎07-17-2008 10:36 AM
Jump to solution

Firewall between VirtualCenter and ESX

I am running into a brick wall while I am trying to consolidate the VirtualCenter in production and development into one. Currently the VC sits in production environment. I had network team openning up port 902, 903, 80, 443, 27000 and 27010 between VC and ESX. But right after I successully register a dev ESX in the VC, it shows a status of "not responding" immediately. I have consulted the Server Configuration document on page 183, and found it only requires port open from ESX's 902,tcp/udp,incoming/outgoing, and 27000 TCP outgoing/27010 TCP incoming.

I used telent from VC to each port on the Dev ESX, and here are what I go:

c:\telnet esx1001 902

220 VMware Authentication Daemon Version 1.10: SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC

c:\telnet esx1001 903

220 VMware Authentication Daemon Version 1.10: SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC

c:\telnet esx1001 80

HTTP/1.1 400 Bad Request

Date: Tue, 17 Jun 2008 12:53:42 GMT

Connection: close

Content-Type: text/html

Content-Length: 50

<HTML><BODY><H1>400 Bad Request</H1></BODY></HTML>

Connection to host lost.

c:\telnet esx1001 443

Blank. It returns nothing. To me, it seems 443 is open and accepting connection request.

Now it is still not working right. Anyone what I am missing here? Thanks

BZ

Tags (3)
0 Kudos
1 Solution

Accepted Solutions
admin
Immortal
Immortal
‎07-27-2008 07:40 AM
Jump to solution

Is UDP 902 open between the VC server and ESX?

If your unsure, run wireshark on the VC server to check if its receiving the UDP 902 packets.

View solution in original post

0 Kudos
5 Replies
oschistad
Enthusiast
Enthusiast
‎07-18-2008 01:27 AM
Jump to solution

The easiest way to troubleshoot is probably to ask your firewall admin to check his logs for packets being dropped. Some firewalls treat HTTP as a special case and enforce compliance with the standards, in which case certain types of non-web HTTP traffic may end up being considered malformed and rejected.

0 Kudos
Byron_Zhao
Enthusiast
Enthusiast
‎07-25-2008 08:30 AM
Jump to solution

sorry for getting back so late. Anyway, the network guy told me that we don't have rules in place. All the traffic for a specific port that is open in the firewall should be able to get through. Thanks anyway.

BZ

0 Kudos
admin
Immortal
Immortal
‎07-27-2008 07:40 AM
Jump to solution

Is UDP 902 open between the VC server and ESX?

If your unsure, run wireshark on the VC server to check if its receiving the UDP 902 packets.

0 Kudos
Rubeck
Virtuoso
Virtuoso
‎07-27-2008 08:34 AM
Jump to solution

Description and poster with network ports... ..

/Rubeck

Preview file
245 KB
Byron_Zhao
Enthusiast
Enthusiast
‎07-28-2008 08:13 AM
Jump to solution

Thanks appk. I did use wireshark, and figured this out right before I saw your post. But I appreciated it. 5 minutes ago I saw the ESX's status change from "not responding" to normal. From wireshark, I can see it is accepting the 902 UDP packets now.

Does anyone knows if there is any way to check UDP 902 port is communicating between ESX and VC without using wireshark?

0 Kudos