Cannot open the virtual machine console (749640)

 

Cannot open the virtual machine console (749640)

Details

• When you try to connect to a virtual machine console from vCenter Server, you see these errors:
  
  
  • Error connecting: Host address lookup for server <SERVER> failed: The requested name is valid and was found in the database, but it does not have the correct associated data being resolved for Do you want to try again?
  • Error connecting: cannot connect to host <host>: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond. Do you want to try again?
  • Error connecting: You need execute access in order to connect with the VMware console. Access denied for config file.
  • Unable to connect to MKS: failed to connect to server IP:903.
     
• You cannot open a remote console to a virtual machine.
• Virtual machine console is black (blank).
• The VMware vSphere Client console tab session may time out or disconnect while in use.
• Migration of virtual machines using vMotion fails.
• This issue may affect a single ESXi/ESX host. If the virtual machines are moved to another ESXi/ESX host, you may be able to connect to the console without issues.
• This issue may occur if you try to connect to the console using the VMware vSphere Client connected directly to the ESXi/ESX host or to vCenter Server.

Solution

This issue may occur if your network contains a firewall between the ESXi/ESX host and the client running the workstation.

Validate that each troubleshooting step below is true for your environment. The steps will provide instructions or a link to a document, for validating the step and taking corrective action as necessary. The steps are ordered in the most appropriate sequence to isolate the issue and identify the proper resolution. Do not skip a step.

Notes:

• For more information on restarting the Management agents, see Restarting the Management agents on an ESX or ESXi Server (1003490).
• For more information on editing configuration files, see Editing configuration files in VMware ESXi and ESX (1017022).

Follow these troubleshooting steps:

1. Log into vCenter Server directly through Terminal Services or a Remote KVM and attempt a connection using the vSphere Client from this system. If this method works, the firewall may be preventing the console from working.
    
2. Configure your firewall to allow communications between the ESXi/ESX host and the workstation running the vSphere Client using port 903. For more information, see Testing port connectivity with Telnet (1003487).
   
   If port 903 is not open or cannot be opened in your environment, enable the vmauthd proxy. This forces remote console communication to be sent on port 902 on the Service Console, instead of 903.
   
   Note: By enabling this setting there may be degradation in the performance under heavy usage while communicating to the ESXi/ESX host service console.
   
   To enable the proxy:
   
   
   1. Log into the ESXi/ESX host's service console as root.
   2. Open /etc/vmware/config using a text editor.
   3. Add this line to the file:
      
      vmauthd.server.alwaysProxy = "TRUE"
      
      Note: In ESXi 4.x and 5.x, vmauthd.server.alwaysProxy is, by default, set to true.
       
   4. In ESX, run this command to restart xinetd:
      
      service xinetd restart
       
3. Verify the ESXi/ESX firewall policy:
   
   
   • For ESXi 5.0, see About the ESXi 5.0 firewall (2005284).
   • For ESX 3.x to 4.x, see Troubleshooting the firewall policy on an ESX host (1003634).
4. Verify that the ESXi/ESX host and the workstation running the vSphere Client are correctly synced to an NTP service. This is required to satisfy SSL handshaking between the vSphere Client and the ESXi/ESX host. For more information, see Verifying time synchronization across an ESXi/ESX host environment (1003736).
    
5. DNS problems are a common cause of virtual machine console problems. Verify name resolution in your environment. For more information, see:
   
   
   • Identifying issues with and setting up name resolution on ESXi/ESX Server (1003735)
   • Configuring name resolution for VMware vCenter Server (1003713)
6. After verifying DNS, open a command prompt on the vSphere Client machine and run these commands:
   
   ipconfig /flushdns
ipconfig /registerdns
    
7. Ensure that the VMware ESXi/ESX host has enough disk space in /var and other required partitions. For more information, see Investigating disk space on an ESX or ESXi host (1003564).
    
8. Verify that the permissions for the virtual machine's .vmx file are set correctly. To set the permissions, run the command:
   
   chmod 755 full_path_to_virtual_machine.vmx
    
9. If your ESX host has more than one service console configured, verify that they are not on the same network. For more information, see ESX 4.x hosts lose network connectivity when multiple service console interfaces are configured on subnets that use DHCP IP addresses (1010828).
    
10. Check if the Service Console IP is routing traffic to the workstation running vCenter Server. For more information on configuring the Service Console Gateway, see Changing the IP address, default gateway, and hostname of the Service Console in ESX (4309499).

If the issue still exists after trying the steps in this article:

• Collect the VMware Support information. For more information, see Collecting diagnostic information for VMware products (1008524).
• File a support request with VMware Support and note this Knowledge Base article ID (749640) in the problem description. For more information, see How to Submit a Support Request.

 

Additional Information:

For translated versions of this article, see:

• Español: No se puede abrir la consola de la máquina virtual (2032999)
• Português: Não é possível abrir o console da máquina virtual (2032453)