VMware Cloud Community
JDMils_Interact
Enthusiast
Enthusiast
‎02-02-2021 07:33 PM

How to check if a port is open on a vCenter or PSC appliance

I recently upgraded an external PSC from 5.5 to 6.7 however I found that the NTP sources were not accessible and this was evident when I added the NTP sources to the Appliance Management interface, I got the error "<NPT_SOURCE_01> and <NTP_SOURCE_02> are not accessible". I asked the network team to open UDP port 123 from the PSC to the NTP sources which they completed, and I was able to add the NTP sources to the Appliance Management interface and the NTP sources came up with a green tick.

Great!

I then wanted to make sure the port was open from the CLI so I logged into the PSC and ran the following command:

root@PSC01 [ ~ ]# nc -uv 172.0.0.225 123
^CExiting.
root@PSC01 [ ~ ]#

As you can see, the command failed.

I then ran this command:

root@PSC01 [ ~ ]# curl telnet://172.0.0.225:123
curl: (7) Failed to connect to 172.0.0.225 port 123: Connection refused

As you can see, this also failed.

NTPQ works and shows a positive result:

root@PSC01 [ ~ ]# ntpq -p
remote refid st t when poll reach delay offset jitter
==============================================================================
ADC03.my 172.0.0.80 2 u 20 64 377 0.372 -38.366 5.061
ADC04.my 172.0.0.80 2 u 33 64 377 0.350 -58.323 14.223
root@PSC01 [ ~ ]#

So what command should I use to check the port is open as nc and curl don't give the right response?

0 Kudos
2 Replies
ashilkrishnan
VMware Employee
VMware Employee
‎02-03-2021 12:04 AM

Hi @JDMils_Interact ,

To check the port status, you can run 'netstat' or you can follow this blog by William --> https://www.virtuallyghetto.com/2017/07/quick-tip-list-all-open-ports-on-the-vcsa-psc.html 

On the other hand, you can try restarting ntp services: 

systemctl enable ntpd.service

systemctl stop ntpd.service

systemctl start ntpd.service

Also refer --> https://kb.vmware.com/s/article/59729 

Hope that helps

0 Kudos
JDMils_Interact
Enthusiast
Enthusiast
‎02-03-2021 03:07 PM

Hi, thanks for your advice, but I do not want to check if a port is open on the appliance.

I want to check FROM the appliance, if there is a connection to the NTP source IP via port 123. Like when doing a TELNET from Windows.

I tried using nc & curl telnet:// from the vCenter appliance to see if the NTP port is open ON THE Windows Domain Controller, but in both cases the test fails, however in the VAMI GUI of the vCenter, it shows the Domain Controllers as reachable. (green tick).

 

 

0 Kudos