Accessing VM Console - Error 902

Discussion in 'Virtualized Computing' started by jaypa, Dec 23, 2009.

  1. jaypa

    jaypa n00b

    Messages:
    6
    Joined:
    Dec 23, 2009
    I have been troubleshooting a problem using vSphere client (4.0.0 Build 162856).
    When connected to my vCenter server, when I try to access a VM "Console" I receive an error msg - UNABLE TO CONNECT TO THE MKS: FAILED TO CONNECT TO SERVER 10.23.23.71:902.

    I have checked various references but can't seem to find what I am missing.

    I know the 902 service is running because if I use vSphere client and connected directly to the ESX host (3.5.0 Build 123629), instead of the vCenter host, I can successfully access the console port of a VM.
    If I use RDP, to the vCenter server and run vSphere client from within that session, again, access to a VM works as well.


    Any suggestions on what I might check.

    Thanks,
    J
     
  2. lopoetve

    lopoetve Imhotep

    Messages:
    28,916
    Joined:
    Oct 11, 2001
    see if you can telnet to the VC server port 902 from wherever you're doing it - if you don't get a VNC page, you've got something wrong blocking it to that host.

    check /var/log/vmware/hostd.log and all_users\application data\vmware\vmware virtual center\logs\vpxd.log files - see what's going on with the connections.
     
  3. jaypa

    jaypa n00b

    Messages:
    6
    Joined:
    Dec 23, 2009
    I can telnet to port 902 on the ESX host from the client where I am running vSphere as well as from vCenter server.

    Connected to esx-71.mylab.com.
    Escape character is '^]'.
    220 VMware Authentication Daemon Version 1.10: SSL Required, ServerDaemonProtocol:SOAP, MKSDisplayProtocol:VNC ,

    I looked at the latest vpxd.log file but didn't see anything that jumps out ?

    I also found several posts about DNS being a possible cause, but I have setup DNS and even modified the /etc/hosts file on vCenter server. I can ping the name without problems.
     
  4. lopoetve

    lopoetve Imhotep

    Messages:
    28,916
    Joined:
    Oct 11, 2001
    can you telenet from the client system TO the VC server though?

    Did you make an /etc/hosts file on the esx server too?
     
  5. jaypa

    jaypa n00b

    Messages:
    6
    Joined:
    Dec 23, 2009
    The VC server doesn't have telnet service nor does it have the 902 AUTH Service, does it need that ?

    Yes, I add entries on the ESX host in /etc/hosts, I can ping the ESX itself by name as well as the VC server by name.

    However, just to note, the ESX host, when added to vCenter, was added using it's IP Address, I didn't think that would matter but just mentioning it.

    Again, so note, that if I use vSphere directly to the ESX host, instead of the vCenter host, I can access a VM console. I only get the 902 error when vSphere connects to the vCenter host.

    Thanks
     
  6. lopoetve

    lopoetve Imhotep

    Messages:
    28,916
    Joined:
    Oct 11, 2001
    Nope. Telnet to the port - you're trying to connect to that port, not the standard telnet port. It'll work! :)

    IP shouldn't matter, as long as it hasn't changed.
     
  7. jaypa

    jaypa n00b

    Messages:
    6
    Joined:
    Dec 23, 2009
    I can telnet to port 902 on the ESX host.
    There isn't a 902 listener on the vCenter host.
    Should there be a 902 service on the vCenter host ?
     
  8. lopoetve

    lopoetve Imhotep

    Messages:
    28,916
    Joined:
    Oct 11, 2001
    Yep. Check 903 as well for me :)
     
  9. jaypa

    jaypa n00b

    Messages:
    6
    Joined:
    Dec 23, 2009
    No 903 service on either the ESX host or the vCenter host.
     
  10. lopoetve

    lopoetve Imhotep

    Messages:
    28,916
    Joined:
    Oct 11, 2001
  11. lopoetve

    lopoetve Imhotep

    Messages:
    28,916
    Joined:
    Oct 11, 2001
    edit: Nm, looks like 902 no longer listens on the VC host. So we're just doing a redirect now instead of tunneling.

    Ok... so why would the redirect be not working then?

    You all using DNS, or IP addresses?
     
  12. jaypa

    jaypa n00b

    Messages:
    6
    Joined:
    Dec 23, 2009
    Within VC, the ESX host was added with IP Address. I have read several instances were people indicated this problem was due to DNS. After looking at this some more I am starting to think that may be the issue ??
    The vCenter server has an IP of 10.1.1.74, the ESX is 10.1.1.71. However both of these are in a lab, therefore the addresses above are NAT's. From the vSphere client, to access vCenter I have to use 172.16.1.74 and 172.16.1.71 is I want to access the ESX host.
    vCenter, uses as it's primary DNS, a DNS server outside the lab network, that DNS server doesn't have authority for any 10.x.x network. I have a DNS server setup in the lab for 10.1.1 and it can resolve 10.1.1.71.
    From vCenter when I ping the host name only, it works, but the DNS is provided by the DNS server outside the lab. The DNS server outside, has both the vCenter and ESX host addresses on the 171.16.1 network, not the 10.1.1 (lab side) network. In vCenter I add 10.1.1.74 to the hosts file and gave the name esx71.vmlab.mylab.com...if I ping that name it works, if I ping just esx71 it is resolved from the DNS outside, as I see the message "Pinging esx71.mylab.com [10.1.1.71]".

    Hope this makes some sense and sorry for the long reply.
    The thing that still throws me, why when connecting to vCenter, via RDP, running vSphere client from vCenter everything works fine ? It only fails when using vSphere to vCenter from outside the lab network. If I use, vSphere, from outside, directly to an ESX host, again I can access the console windows.
    So starting to think this is DNS related but NATing may be causing the issue.

    Thanks