VMware Cloud Community
ytlevine
Enthusiast
Enthusiast
‎05-11-2015 09:38 AM

Constantly getting a "Host connection and power state" error from an ESXi server behind a NAT

I have an ESXi server that's connected to a remote vCenter server.

The vCenter (VCSA) server is open directly to the internet, with its own public IP address, but the ESXi server is behind a NAT.

I had initially set this up running ESXi/vSphere 5.5 and had opened/forwarded all the necessary ports on the firewall to the ESXi machine, and it had worked perfectly, without any issues.

I recently upgraded to a trial of ESXi/vSphere 6, and upgraded the vCenter server to 6.0 as well.

After the upgrade, vCenter is constantly showing "Host connection and power state" errors for that server.

I checked a few things, and nothing seems to have changed from the working 5.5 setup, and if I manually reconnect when it shows the error, or wait for it to reconnect on its own, it again works for a while.

Is there anything additional that I am supposed to be doing, or additional ports that I need to open/forward to the server for ESXi 6.0, so that it works correctly?

Thanks a lot!

0 Kudos
4 Replies
rcporto
Leadership
Leadership
‎05-11-2015 09:43 AM

The new vSphere ESXi and vCenter server are using the same IP address ? Seems like you have not allowed the UDP 902 port in both directions, take a look: VMware KB: ESXi/ESX host disconnects from vCenter Server 60 seconds after connecting

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
0 Kudos
ytlevine
Enthusiast
Enthusiast
‎05-11-2015 09:47 AM

The vCenter server has its own IP address, and the ESXi server is added using the hostname pointing to the public IP address of that NAT, but they are both using the same info as before.

And both TCP and UDP 902 (as well as TCP 443) are open on the firewall, and pointing to the ESXi server (outgoing should be open as well).

0 Kudos
ytlevine
Enthusiast
Enthusiast
‎05-18-2015 12:05 PM

Anyone have any other ideas?

0 Kudos
ytlevine
Enthusiast
Enthusiast
‎07-08-2015 08:20 AM

To follow up on this - I just set up DMZ on that NAT, to open my ESXi server directly to the internet.

I'm not sure why I didn't try it earlier, but once I do that, it now seems to be fine.

So there must be a port that isn't being forwarded to the server from that firewall, that is now open because of the DMZ.

I had everything working perfectly when it was on ESXi/vSphere 5.5, so there must be a port that got added or changed when ESXi/vSphere 6 was released.

I added a bunch of additional ports, but nothing seems to have worked.

Does anyone have any other ideas?

Thanks!

0 Kudos