VMware Cloud Community
aenagy
Hot Shot
Hot Shot
Jump to solution

InitiateFileTransferFromGuest + download results in java.net.noroutetohostexception (vSphere 6.0 and vRO 7.3)

I have a vRO workflow that attempts to download a log file from a guest operating system using InitiateFileTransferFromGuest + download. Guest operations such as launching a script on the target guest OS completing successfully plus the fact that this is a new vSphere environment behind a firewall lead me to believe that the problem is a blocked port between vRO 7.3 and the ESXi 6.0 host(s). The problem is that the documentation doesn't make explicitly clear which port needs to be open for this.

Do I need to open tcp/443 (Client connections) or tcp/902 (NFC) or some other port(s)?

Port requirements for ESX/ESXi (2039095)

https://kb.vmware.com/kb/2039095

Incoming and Outgoing Firewall Ports for ESXi Hosts

https://docs.vmware.com/en/VMware-vSphere/6.0/com.vmware.vsphere.security.doc/GUID-171B99EA-15B3-4CC...

Managed Object - GuestFileManager(vim.vm.guest.FileManager)#InitiateFileTransferFromGuest(initiateFileTransferFromGuest)

https://vdc-repo.vmware.com/vmwb-repository/dcr-public/723e7f8b-4f21-448b-a830-5f22fd931b01/5a8257bd...

Reply
0 Kudos
1 Solution

Accepted Solutions
aenagy
Hot Shot
Hot Shot
Jump to solution

I opened a SR with GSS. This is what I got (edited for clarity):

Q1: When executing 'InitiateFileTransferFromGuest' or 'initiateFileTransferToGuest' from vRO (https://www.vmware.com/support/orchestrator/doc/vro-vsphere60-api/html/VcGuestFileManager.html) does the data travel: (1) directly between the ESXi host and vRO or (2) does the data travel from ESXi to vCenter to vRO?

From GSS:

1. The file transfer traffic generated by the API calls initiateFileTransferFromGuest and initiateFileTransferToGuest travels directly from the ESXi host on which the virtual machine is running to the caller (vCO, vRO, PowerCLI or whatever), i.e. it does *not* travel from the ESXi host to vCenter to the caller.

Response: All API calls (vSphere Management SDK, Open Source SDK, PowerCLI, vCLI, vRealize Orchestrator) will first hit the vCenter Server via SOAP API, REST API, or CIM API . A reference is sent back to the caller with the ESXi host information, and at that point the communication is between the ESXi host the vm is registered to and vRO.

Q2: Which protocol/port is required for this file transfer?

From GSS:

2. Traffic goes over 443/TCP per https://kb.vmware.com/s/article/2144219.

Response: The communication between vRealize Orchestrator and the ESXi host is over port 443.

GSS even provided a nice picture:

vSphereAPI.png

Hope this helps someone.

Just to provide some context: This vSphere instance is located in a third-party provider's site. Due to overlapping subnets it was necessary to implement NAT between the sites. The vCenter IP was not NAT'ed but the ESXi host IP addresses were NAT'ed. vRO could communicate with vCenter without problem for other guest related calls but would generate the exception in the thread title when attempting the file transfer from the guest. The temporary solution was to update the /etc/hosts file on the vRA appliance to add the FQDN names of each ESXi host and reference the NAT'ed IP address. Obviously there is a firewall between the sites hence this post and SR to GSS to confirm that we have the correct rule(s) in place.

As an extra bonus this is the code snippet that generated the exception:

result = false;

var host = vm.sdkConnection;

var guestOperationsManager = host.guestOperationsManager;

var guestAuth = new VcNamePasswordAuthentication();

guestAuth.username = vmUsername;

guestAuth.password = vmPassword;

vcoPath = System.getTempDirectory() + "/" + guestFileName;

var fileManager = guestOperationsManager.fileManager;

var ftInfo = fileManager.initiateFileTransferFromGuest(vm , guestAuth ,guestFilePath);

// Error occurs on the next line

result = fileManager.downloadFile(vcoPath, ftInfo)

The SR has been posted internally to SC.

View solution in original post

Reply
0 Kudos
2 Replies
aenagy
Hot Shot
Hot Shot
Jump to solution

Anyone else encounter this problem?

Reply
0 Kudos
aenagy
Hot Shot
Hot Shot
Jump to solution

I opened a SR with GSS. This is what I got (edited for clarity):

Q1: When executing 'InitiateFileTransferFromGuest' or 'initiateFileTransferToGuest' from vRO (https://www.vmware.com/support/orchestrator/doc/vro-vsphere60-api/html/VcGuestFileManager.html) does the data travel: (1) directly between the ESXi host and vRO or (2) does the data travel from ESXi to vCenter to vRO?

From GSS:

1. The file transfer traffic generated by the API calls initiateFileTransferFromGuest and initiateFileTransferToGuest travels directly from the ESXi host on which the virtual machine is running to the caller (vCO, vRO, PowerCLI or whatever), i.e. it does *not* travel from the ESXi host to vCenter to the caller.

Response: All API calls (vSphere Management SDK, Open Source SDK, PowerCLI, vCLI, vRealize Orchestrator) will first hit the vCenter Server via SOAP API, REST API, or CIM API . A reference is sent back to the caller with the ESXi host information, and at that point the communication is between the ESXi host the vm is registered to and vRO.

Q2: Which protocol/port is required for this file transfer?

From GSS:

2. Traffic goes over 443/TCP per https://kb.vmware.com/s/article/2144219.

Response: The communication between vRealize Orchestrator and the ESXi host is over port 443.

GSS even provided a nice picture:

vSphereAPI.png

Hope this helps someone.

Just to provide some context: This vSphere instance is located in a third-party provider's site. Due to overlapping subnets it was necessary to implement NAT between the sites. The vCenter IP was not NAT'ed but the ESXi host IP addresses were NAT'ed. vRO could communicate with vCenter without problem for other guest related calls but would generate the exception in the thread title when attempting the file transfer from the guest. The temporary solution was to update the /etc/hosts file on the vRA appliance to add the FQDN names of each ESXi host and reference the NAT'ed IP address. Obviously there is a firewall between the sites hence this post and SR to GSS to confirm that we have the correct rule(s) in place.

As an extra bonus this is the code snippet that generated the exception:

result = false;

var host = vm.sdkConnection;

var guestOperationsManager = host.guestOperationsManager;

var guestAuth = new VcNamePasswordAuthentication();

guestAuth.username = vmUsername;

guestAuth.password = vmPassword;

vcoPath = System.getTempDirectory() + "/" + guestFileName;

var fileManager = guestOperationsManager.fileManager;

var ftInfo = fileManager.initiateFileTransferFromGuest(vm , guestAuth ,guestFilePath);

// Error occurs on the next line

result = fileManager.downloadFile(vcoPath, ftInfo)

The SR has been posted internally to SC.

Reply
0 Kudos