9 Replies Latest reply on Dec 11, 2011 2:14 AM by AndreTheGiant

    ESXi 5 and VNC

    AndyKnowsBest Lurker

      Hello,

       

      I have configured my ESXi 5 VMs for VNC - to enable me to VNC to the console for each of the VMs. But I cannot work out how to obfuscate the password, I wonder if anyone can help? I have set it up as follows:

       

      Stop each VM

      Log in to the ESXi host using SSH

      Add the following to the VM's .vmx file:

       

      RemoteDisplay.vnc.enabled = "TRUE" 
      RemoteDisplay.vnc.port = "5901"
      RemoteDisplay.vnc.password = "password"

      When I restart the VM, I see that the following line has been added to the .vmx file

       

      RemoteDisplay.vnc.key = "long random string blah blah blah......."

       

      Now, when I try to connect to the server using a VNC client, I am not being allowed in. It is not asking for a password, it is showing me a blank screen.

       

      Specifically, I am not sure if the password is working (I think this config element is deprecated in ESXi 5) and so I am not sure whether the key is my password hashed, or if it is some random password and I should generate my own key and populate the field. I would like to know how to generate the key - there is an article which details this, but when I click the link it sends me to a redirect loop. Does anyone have the details?

       

      Secondly, why is my connection not working? I am trying to connect from a local machine. No firewalls should be getting in the way.

       

      Any ideas?

       

      Andy

        • 1. Re: ESXi 5 and VNC
          Troy Clavell Guru
          User ModeratorsvExpert

          thread moved from VMware Server 1 Community to VMware ESXi 5 Community

          • 2. Re: ESXi 5 and VNC
            AndyKnowsBest Lurker

            Troy,

             

            Thanks for that, and apologies for posting to the wrong forum. I was not paying attention at all, sorry.

             

            Andy

            • 3. Re: ESXi 5 and VNC
              Dave.Mishchenko Guru
              User Moderators

              Have you opened a firewall port on ESXi to allow for this traffic?

              • 4. Re: ESXi 5 and VNC
                AndyKnowsBest Lurker

                Dave,

                 

                That is a very good question, and the answer is "no". This is a new feature in 5 I think. In 4.x there was no firewall?

                 

                Anyway, I have opened vSphere client and am looking at the Security Profile for the host and can see that there does not seem to be a way to add services or ports. Does this indicate that I should have done something to add the VNC service to the list of services/ports (so that I could enable it here)? Or do I need to use the command line to add a service?

                 

                Is VNC automatically running on ESXi 5? Is it not, and that is why it does not appear in the service/ports list?

                 

                Andy

                • 5. Re: ESXi 5 and VNC
                  AndreTheGiant Guru
                  vExpertUser Moderators

                  Are you sure that is supported on ESXi 5?

                   

                  I've see in kb.vmware.com/kb/1246 that was working only on GSX 3 (aka the old VMware Server) and also that

                  Note: VMware does not support running virtual machines with a VNC client.

                  • 6. Re: ESXi 5 and VNC
                    AndyKnowsBest Lurker

                    I have seen various posts about getting this working with ESXi 5. It seems that it does work.

                     

                    I think the sequence is something like:

                     

                    1. Edit .VMX file to add remotedisplay settings

                     

                    2. Edit service.xml to add firewall rules

                     

                    3. Do something to make these persistent after ESXi boot - as we are editing files on a memory resident file system, so they will disappear after boot.

                     

                    I will be trying this at some point, and will report back here with exact steps and whether or not it works.

                     

                    I know it is not supported. But as a Linux user, I don't really want to have to boot up a Windows VM (on VMWare Player on my laptpop) to run VMSphere Client to connect to the machines consoles. Of course I can configure VNC within the VM, but it is a pain as I am running different OSs so the setup will be different for each, which seems a pain.

                     

                    An alternative, of course, would be to find a nice Linux VM management application or some such, but there don't seem to be any.

                     

                    Andy

                    • 7. Re: ESXi 5 and VNC
                      geneC Lurker

                      Look at vCenter Server Appliance and the FlexUI that vCenter's web interface allows.  As always, there are limitations on both (including needing at least Essentials).

                      • 8. Re: ESXi 5 and VNC
                        AndyKnowsBest Lurker

                        I had not seen vCenter Server Appliance, it looks very interesting in general.... but not for me right now where I am using the free ESXi. Still, at work, where we have paid licensing, that will be looked into.

                         

                        I still have testing the VNC and firewall updates direct to the ESXi server through SSH on my to do list. And will report back on those...

                         

                        Andy

                        • 9. Re: ESXi 5 and VNC
                          AndreTheGiant Guru
                          vExpertUser Moderators

                          You configuration works, but you need to open the firewall on ESXi...

                           

                          First step is build a new rule like this:

                          ~ # cat /etc/vmware/firewall/vnc.xml
                           <!-- Firewall configuration information for VNC -->
                           <ConfigRoot>
                            <service>
                             <id>VNC</id>
                              <rule id='0000'>
                               <direction>inbound</direction>
                               <protocol>tcp</protocol>
                               <porttype>dst</porttype>
                               <port>5901</port>
                              </rule>
                              <rule id='0001'>
                               <direction>outbound</direction>
                               <protocol>tcp</protocol>
                               <porttype>dst</porttype>
                               <port>
                                <begin>0</begin>
                                <end>65535</end>
                               </port>
                              </rule>
                              <enabled>true</enabled>
                              <required>false</required>
                            </service>
                           </ConfigRoot>

                           

                          Then you can refresh the firewall rules and check that the new one is correctly loaded:

                          ~ # esxcli network firewall refresh
                          ~ # esxcli network firewall ruleset list | grep VNC
                          VNC                    true