Solved: vCenter 7 Remote Access

Heliosaur · ‎05-25-2020

Hey All, hoping one of you has run into a similar issue as this.

I've recently built a home lab and I've been intending to base it on VMware with remote access via vCenter. Built it all and its working perfect from internal to my network however when I try to access it from the internet I get no response after opening the link to the vSphere web client.

I'm using DDNS which is the exact FQDN of my vCenter server and forwarding the external port through 443 on my router. When the FQDN was not the same (internal and external) I was getting the error:

"[400] An error occurred while sending an authentication request to the vCenter Single Sign-On server - An error occurred when processing metadata during vCenter Single Sign-On setup: the service provider validation failed. Verify that the server URL is correct and is in FQDN format, or that the hostname is a trusted service provider alias."

When the FQDN matched internal and external I am getting a page timeout after clicking the HTML5 web client link.

I'm assuming that I'm getting to the server just fine with my DDNS as I hit the landing page but I'm not sure what happens after that unfortunately. Anyone have an idea? I've been at this for ages XD

Heliosaur · ‎05-27-2020

Thanks for the reply but I'm honestly not sure what the issue is. This is being done for a home lab. I'm not opening up a production network to the internet. This lab has nothing else but the esxi hosts connected to it and will most likely be being rebuilt on a regular basis. Everyone keeps talking about VPNs and I'm not against them but unless someone can show me one that I can use from a browser without installing any software it will not meet my requirements of being able to access the lab from any PC regardless of permissions.

You mention that I'm misunderstanding some basic stuff yet make no attempt to explain how or why. I may be asking for a square wheel but in return I'm being offered a different car that doesn't suit my requirements.

Regardless I got it to work. So thanks for everyone who had some input.

View solution in original post

daphnissov · ‎05-26-2020

vCenter is not an application meant to be accessed from the public Internet and isn't designed to do that. You should only be accessing vCenter from within a secured LAN environment.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net

mohamed_abdelaa · ‎05-26-2020

Hello Heliosaur

The best and easiest way to remote your vCenter through the internet, You have to deploy a VPN connection to your network then you will be able to remote your vCenter

Heliosaur · ‎05-26-2020

Thanks Mohamed, unfortunately I'm unable to install software on some of the PCs that I will be using the lab from when I'm not at home so a VPN won't work for my use case. I've seen this setup work before for some of my colleagues although admittedly not on vCenter 7. Is there a particular log that will show what the box is doing when the HTML5 web client link is clicked that you know of?

Heliosaur · ‎05-26-2020

Thanks daphnissov but regardless of whether it is meant to work like that I have colleagues that have got it working on versions prior to vCenter 7. I've been working on this for a while now but I'm not a VMware guru hence the post. I've done packet captures on all the boxes in the network and it looks like I'm sending traffic through to the vCenter appliance without issue but the appliance does not send any traffic back. I've tried every configuration of internal forward and reverse DNS lookup zones and external DDNS that matches the internal domain and does not. Would really appreciate even a log file or even just a description of what the box is doing after that HTML5 link is clicked. For example does it only do internal processing or does it communicate with it's DNS server? If so how does that work? Thanks

srodenburg · ‎05-27-2020

"I have colleagues that have got it working on versions prior to vCenter 7"

Tell those colleagues to never apply for a job at my company. The first person that opens a vCenter Webinterface up to the Internet, I will personally shoot him/her/it.

You are misunderstanding a few very basic things and it has nothing to do with being a VMware guru. It's basic stuff like port-forwarding and DNS.

Stop what you are doing. Seriously, stop it !!

Get a VPN up and running and do it the right way. You are asking the people here a question on the level of "I want to mount a square wheel to my car but I can't get it to work". Just stop it.

Heliosaur · ‎05-27-2020

Thanks for the reply but I'm honestly not sure what the issue is. This is being done for a home lab. I'm not opening up a production network to the internet. This lab has nothing else but the esxi hosts connected to it and will most likely be being rebuilt on a regular basis. Everyone keeps talking about VPNs and I'm not against them but unless someone can show me one that I can use from a browser without installing any software it will not meet my requirements of being able to access the lab from any PC regardless of permissions.

You mention that I'm misunderstanding some basic stuff yet make no attempt to explain how or why. I may be asking for a square wheel but in return I'm being offered a different car that doesn't suit my requirements.

Regardless I got it to work. So thanks for everyone who had some input.

ydwang_hefei · ‎12-28-2020

Hi, Could you kindly just tell me how you resovled this issue, I just got the similar situation.
What I need is just connecting to my vCenter7 through internet, my vCenter7 is inside an intranet which has an fixed internet IP, also I has already forwarded the external port through 443 on the router.

Looking forward to your answer, thanks a lot!