snyderkv1
Enthusiast
Enthusiast

Linked mode port requirements for Firewall?

Jump to solution

My question is if anyone has a better list of required ports between both vCenter servers?

I had opened the required ports for vCenter 6.7 Linked mode according to a vSphere document with the ports listed below, but I still got a failure when running the domain-repoint command until my colleague opened the firewall completely for testing purposes. I need to know the exact ports. I tried netstat on vCenter but wasn't effective for determining the vc to vc communication during time of installation. You'll notice 2012/2014 isn't in the list as I think that was deprecated in the later vCenters. Any ideas?

135 1024 389 7500 636 10111 8443

Thanks

0 Kudos
1 Solution

Accepted Solutions

have a look on the attached pdf in this kb:VMware Knowledge Base

there are listed the additional required ports for linked mode

View solution in original post

0 Kudos
9 Replies
Nawals
Expert
Expert

Please please this link where have all ports details Additional vCenter Server TCP and UDP Ports

Also, If possible can you share the error what you are facing.

NKS Please Mark Helpful/correct if my answer resolve your query.
0 Kudos
snyderkv1
Enthusiast
Enthusiast

Thanks for the response. I didn't think it mattered because the install works when the firewall is wide open. Everything is closed except the linked mode ports I listed however I remember getting domain not available error in the vdcpromo log.

The reason why I don't like that document you gave me is because it doesn't list VC to VC required ports for Linked mode. It's even missing port 7500 which is a required Linked mode port.

0 Kudos

have a look on the attached pdf in this kb:VMware Knowledge Base

there are listed the additional required ports for linked mode

0 Kudos
Nawals
Expert
Expert

Following are the ports need to open in firewall.

8443 TCP vCenter Server Linked Mode

10111  TCP  vCenter Server vCenter Inventory Service Linked Mode Communication

636  TCP    vCenter Server Linked Mode, this is the SSL port of the local instance.

902  TCP    vCenter Server ESXi 6.x vCenter Server system uses to send data to managed hosts. This port must not be blocked by firewalls between the server and the hosts or between hosts.

902  TCP/UDP vSphere Client ESXi 6.x vSphere Client uses this ports to display virtual machine consoles.

7500 UDP vCenter Server vCenter Server Linked Mode, Java Discovery Port

135 TCP vCenter Server vCenter Server Linked Mode

389 TCP/UDP vCenter Server Linked vCenter Servers .This is the LDAP port number for the Directory Services for the vCenter Server group.

The vCenter Server system needs to bind to port 389, even if you are not joining this vCenter Server instance to a Linked Mode group. If another service is running on this port, you can run the LDAP service on any port from 1025 through 65535.

Please mark correct/helpful if your issue resolved.

NKS Please Mark Helpful/correct if my answer resolve your query.
0 Kudos
snyderkv1
Enthusiast
Enthusiast

Thanks Nawals, I'll add 902 TCP/UDP but that is for VC to Host comms not vc-vc but I'll give it a shot anyways.

0 Kudos
snyderkv1
Enthusiast
Enthusiast

Thanks Bewe but that's the diagram I actually used to make the firewall rules. You'll see that it leaves out 10443 which I found in another document here and shown below. VMware Knowledge Base

And as you can see in our diagram, there's also no arrows going to the external SSO example they have making me think 6.x doesn't need 2012 and 2014 etc as it says vSphere 5.x only plus this is just for internal communication and I'm all embedded.

pastedImage_0.png

pastedImage_2.png

0 Kudos
Alex_Romeo
Leadership
Leadership

Hi,

in the attached document you will find all the necessary firewall ports (from page 31)

ARomeo

Blog: https://www.aleadmin.it/
0 Kudos
snyderkv1
Enthusiast
Enthusiast

Thanks Bewe that diagram actually showed the ports I was missing. I was focusing on Linked mode but didn't realize it requires SSO ports in order to rejoin into the new domain.

pastedImage_0.png

0 Kudos
snyderkv1
Enthusiast
Enthusiast

Thanks this helps too but was incomplete for linked mode and even SSO. It was more for host or client to vc communications and not Linked mode specific ports or SSO.

0 Kudos