ESXi

 View Only
  • 1.  Issue after changing port used by VSphere Client - ESXi 5

    Posted Jun 06, 2012 10:27 PM

    Being an ESXi 4 guy, I changed the default ports in the proxy.xml file as per: http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1021199 as I always do. However, this time I did it in ESXi 5, prior to reading the note: "For vSphere 5.0, if the proxy ports are changed, the new ports are not allowed through the ESXi firewall."

    I restarted the management agents, and now of course, I can't seem to connent to the ESXi 5 host machine at all, via any port, and I can't connect to disable the firewall using esxcli. What's the workaround now?

    Thanks in advance.



  • 2.  RE: Issue after changing port used by VSphere Client - ESXi 5
    Best Answer

    Posted Jun 07, 2012 02:10 PM

    You could access the physical console and go into DCUI and undo your changes... if you made a backup file of the xml file before you made changes it should be as simple as copying back the original file.



  • 3.  RE: Issue after changing port used by VSphere Client - ESXi 5

    Posted Jun 07, 2012 06:53 PM

    Thanks, but the issue is that I now can't connect in any way to do anything. Any connection attempts via the DCUI command line brings back "connection to localhost failed: localhost", or via CLi SSH brings back "Connect to <server> failed: Connection failure".

    Again, via SSH, I added the following to proxy.xml:

    <httpPort>xx</httpPort>
    <httpsPort>xxx</httpsPort>

    Correct me if I'm wrong here, (and I hope I am) but as I understand it, now access to the VSphere Client, any remote SSH shell access or shell access via the direct DCUI uses ports xx and xxx only, not the default 80 and 443. And because the firewall is still up and running on ESXi 5, xx and xxx are blocked, but 80 and 443 are still 'available'. The issue is, I can't disable the firewall, or overwrite/restore the proxy.xml because I have no way through the firewall to carry out any commands at all. Again, I hope I'm wrong here.

    If I'm not wrong, and there is no work around, the next question I have is this. If I use the 'Restore Default Settings' via the standard DCUI, will that restore the default proxy.xml file and allow access via 80 and 443, and therefore access through the ESXi 5 firewall and again give me access to the VSphere Client? This is a critical question, because I currently don't have access to any of the VM's via the Client and if I 'Restore Default Settings', the VM's are going to be killed. I'll have no access to them at all if this doesn't restore 80 and 443.



  • 4.  RE: Issue after changing port used by VSphere Client - ESXi 5

    Posted Jun 07, 2012 07:02 PM

    I find it hard to believe that you can't use the local keyboard and get into the ESXi shell / console.  You can't hit F2, logon as local root, then go to Troubleshooting options, and enable the shell?  From there you should be able to then <alt> - F1 and get a shell session.



  • 5.  RE: Issue after changing port used by VSphere Client - ESXi 5

    Posted Jun 07, 2012 08:28 PM

    See attached. From my <alt> f1 shell session, after I made the proxy.xml change via the same UI.



  • 6.  RE: Issue after changing port used by VSphere Client - ESXi 5

    Posted Jun 07, 2012 08:40 PM

    Why can't you just change the proxy.xml back via this interface, instead of playing with the firewall, to get it back working again?



  • 7.  RE: Issue after changing port used by VSphere Client - ESXi 5

    Posted Jun 07, 2012 09:54 PM

    Yes, this is correct. Thanks brucekconverg. Sorry for my being so thick. I was trying to do everything via esxcli commands. A simple vi edit of the file did the trick. For anyone else as daft as me, the file is here: /etc/vmware/hostd/proxy.xml You'll have to change the chmod to +w.



  • 8.  RE: Issue after changing port used by VSphere Client - ESXi 5

    Posted Jun 07, 2012 09:56 PM

    There ya go!  I was starting to wonder if I'd missed something!  Glad you got it working!

    Out of curiousity, why did you change the ports to start with?



  • 9.  RE: Issue after changing port used by VSphere Client - ESXi 5

    Posted Jun 07, 2012 10:04 PM

    We use the host management nic for a VM as well. 80 and 443 are used for the public VM, so we use a different port to access the VM host machine. The client has a cheap router in front of it which only allows single port forwards. We updated from 4 to 5 here recently, and the change I made led to this ridiculous problem, which had a simple fix... thanks again.