VMware vSphere

 View Only

  • 1.  A connection attempt failed....

    Posted May 03, 2009 10:55 PM

    Hi guys,

    I am getting the following error:

    Error connecting: Cannot connect to host tur-esx4.massey.ac.nz: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.

    It only happens to one host in the cluster and only if I use VC client from a desktop. If I RDP into vCenter server it works fine.

    Both my vCenter server and ESX hosts have all entries in their hosts file. I am not sure what else it can be. Some posts suggests firewalls

    but it works fine for the others and our setup is always done in the same manner.

    UDP port 902 is opened up for the VC agent and other settings seems consistent across all hosts.

    I restarted the management service but still no go.

    Any ideas?

    Cheers



  • 2.  RE: A connection attempt failed....

    Posted May 04, 2009 03:59 AM

    Hi

    Check if port 903 is opened from your desktop. if it is opened u can try adding the below line to /etc/vmware/config file,

    vmauthd.server.alwaysProxy="True"

    Hope this helps



  • 3.  RE: A connection attempt failed....

    Posted May 04, 2009 04:17 AM

    Not sure whats going on but this is what is happening.

    Using the client from server subnet it works fine.

    Using the client from the "desktop" subnet, it does not work.

    The weird thing is that it works from the "desktop" subnet for the other nodes in the cluster!

    There is no firewall in between so that cannot be the problem either.

    It can't be a host issue as it works from the same subnet.

    When I check esxcfg-firewall -q output I see the following,

    Chain INPUT (policy DROP 2588K packets, 323M bytes)

    pkts bytes target prot opt in out source destination

    2127K 739M ACCEPT all -- lo * 0.0.0.0/0 0.0.0.0/0

    512K 199M valid-tcp-flags tcp -- * * 0.0.0.0/0 0.0.0.0/0

    517K 199M valid-source-address !udp -- * * 0.0.0.0/0 0.0.0.0/0

    5747K 1826M valid-source-address-udp udp -- * * 0.0.0.0/0 0.0.0.0/0

    3550 164K valid-source-address tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp flags:0x16/0x02

    23 1806 icmp-in icmp -- * * 0.0.0.0/0 0.0.0.0/0

    2520K 1415M ACCEPT all -- * * 0.0.0.0/0 0.0.0.0/0 state RELATED,ESTABLISHED

    129 6632 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:902 state NEW

    618 29744 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:80 state NEW

    153 7476 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:443 state NEW

    323 106K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp spts:67:68 dpts:67:68

    318 29574 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:427

    21 1012 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:427 state NEW

    95 4468 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:2050:2250 state NEW

    55 48620 ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:2050:2250 state NEW

    46 2356 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpts:8042:8045 state NEW

    1140K 283M ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpts:8042:8045 state NEW

    92 4507 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:5989 state NEW

    2256 187K ACCEPT udp -- * * 0.0.0.0/0 0.0.0.0/0 udp dpt:161

    31 1640 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:22 state NEW

    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6390

    22 1136 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2301

    75 3620 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:280

    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6391

    24 1168 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:2381

    23 1188 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6389

    0 0 ACCEPT tcp -- * * 0.0.0.0/0 0.0.0.0/0 tcp dpt:6392

    It does not refer to 903 on any of the hosts. I am no firewall expert so I might be overlooking something but as far as I know ESX always takes care of this and you only have to ensure ports are open in the firewall if there is one in between.

    The suggestion you made does work but I am still interested in finding out why the problem occurs in first place.

    Cheers



  • 4.  RE: A connection attempt failed....

    Posted May 04, 2009 04:35 AM

    Try adding vmauthd.server.alwaysProxy="True" to /etc/vmware/config file on the host which u r not able to connect the vm console.



  • 5.  RE: A connection attempt failed....

    Posted May 04, 2009 11:05 PM

    As I said that does work.The vmauthd.server.alwaysProxy setting, when changed to true, forces remote console communication to be sent on port 902 on the Service Console, instead of 903.

    I guess it will it have to do until the origin of fault is determined.

    Cheers



  • 6.  RE: A connection attempt failed....

    Posted Jul 17, 2009 01:44 PM

    I think the problem is on the ESX/Host side...if you check the Security Profile you'll see that the ESX server allows port 902 (UDP - vCenter Agent, TCP - VMware Consolidated Backup) and does NOT have an entry for port 903. It looks like the MKS uses port 903. Using the vmauthd.server.alwaysProxy setting forces the MKS traffic to use port 902 which is open on the ESX host.

    I haven't found a way (well an easy way) to open port 903...maybe the next version of vCenter/ESX will allow you to add your own ports(custom).

    I was having this issue and using the vmauthd.server.alwaysProxy fixed things right up :smileyhappy:

    ...Jay