My question is if anyone has a better list of required ports between both vCenter servers?
I had opened the required ports for vCenter 6.7 Linked mode according to a vSphere document with the ports listed below, but I still got a failure when running the domain-repoint command until my colleague opened the firewall completely for testing purposes. I need to know the exact ports. I tried netstat on vCenter but wasn't effective for determining the vc to vc communication during time of installation. You'll notice 2012/2014 isn't in the list as I think that was deprecated in the later vCenters. Any ideas?
135 1024 389 7500 636 10111 8443
Please please this link where have all ports details Additional vCenter Server TCP and UDP Ports
Also, If possible can you share the error what you are facing.
Thanks for the response. I didn't think it mattered because the install works when the firewall is wide open. Everything is closed except the linked mode ports I listed however I remember getting domain not available error in the vdcpromo log.
The reason why I don't like that document you gave me is because it doesn't list VC to VC required ports for Linked mode. It's even missing port 7500 which is a required Linked mode port.
Following are the ports need to open in firewall.
8443 TCP vCenter Server Linked Mode
10111 TCP vCenter Server vCenter Inventory Service Linked Mode Communication
636 TCP vCenter Server Linked Mode, this is the SSL port of the local instance.
902 TCP vCenter Server ESXi 6.x vCenter Server system uses to send data to managed hosts. This port must not be blocked by firewalls between the server and the hosts or between hosts.
902 TCP/UDP vSphere Client ESXi 6.x vSphere Client uses this ports to display virtual machine consoles.
7500 UDP vCenter Server vCenter Server Linked Mode, Java Discovery Port
135 TCP vCenter Server vCenter Server Linked Mode
389 TCP/UDP vCenter Server Linked vCenter Servers .This is the LDAP port number for the Directory Services for the vCenter Server group.
The vCenter Server system needs to bind to port 389, even if you are not joining this vCenter Server instance to a Linked Mode group. If another service is running on this port, you can run the LDAP service on any port from 1025 through 65535.
Please mark correct/helpful if your issue resolved.
Thanks Bewe but that's the diagram I actually used to make the firewall rules. You'll see that it leaves out 10443 which I found in another document here and shown below. VMware Knowledge Base
And as you can see in our diagram, there's also no arrows going to the external SSO example they have making me think 6.x doesn't need 2012 and 2014 etc as it says vSphere 5.x only plus this is just for internal communication and I'm all embedded.
Thanks Bewe that diagram actually showed the ports I was missing. I was focusing on Linked mode but didn't realize it requires SSO ports in order to rejoin into the new domain.
Thanks this helps too but was incomplete for linked mode and even SSO. It was more for host or client to vc communications and not Linked mode specific ports or SSO.