January 19, 2013

Enable VNC in VMware ESXi 5.1

Steps

  1. create custom firewall rule file
  2. refresh rules
  3. make sure the changes are persistent across reboots
  4. NOTE: these changes may not be persistent across upgrades or updates.
  5. Enable VNC on the target VM

Procedure

Custom Firewall rule file

Service ID

First, find the service ID to use for your custom firewall rule.

Example:

/etc/vmware/firewall # cat service.xml
...
<service id='0032'>
    <id>vprobeServer</id>
    <rule id='0000'>
      <direction>inbound</direction>
      <protocol>tcp</protocol>
      <porttype>dst</porttype>
      <port>57007</port>
    </rule>
    <enabled>false</enabled>
    <required>false</required>
  </service>

</ConfigRoot>

/etc/vmware/firewall #

We are going to use 0033

Custom File

Create a file on your computer called enablevnc.xml


<!-- Firewall configuration information -->
<ConfigRoot>

  <!-- VNC -->
  <service id="0033">
    <id>VNC</id>
    <rule id='0000'>
      <direction>outbound</direction>
      <protocol>tcp</protocol>
      <porttype>dst</porttype>
      <port>
        <begin>5800</begin>
        <end>5999</end>
      </port>
    </rule>
    <rule id='0001'>
      <direction>inbound</direction>
      <protocol>tcp</protocol>
      <porttype>dst</porttype>
      <port>
        <begin>5800</begin>
        <end>5999</end>
      </port>
    </rule>
    <enabled>true</enabled>
    <required>false</required>
  </service>

</ConfigRoot>


Copy the file to a datastore on your VM
in this example copied to 
/vmfs/volumes/500G2/enablevnc.xml

You can also edit in place in SSH and just copy/paste.


Copy the file from the datastore to the firewall folder

/etc/vmware/firewall # cp /vmfs/volumes/500G2/enablevnc.xml /etc/vmware/firewall/

Refresh firewall rules

/etc/vmware/firewall # esxcli network firewall refresh 
Confirm the changes
/etc/vmware/firewall # esxcli network firewall ruleset list
...
vSPC                  false
remoteSerialPort      false
vprobeServer          false
VNC                    true


Make changes peristent

Edit local.sh

ESXi 5.1 made changes so you have to edit /etc/rc.local.d/local.sh now.

/etc/vmware/firewall # vi /etc/rc.local.d/local.sh 

#!/bin/sh

# local configuration options

# Note: modify at your own risk!  If you do/use anything in this
# script that is not part of a stable API (relying on files to be in
# specific places, specific tools, specific output, etc) there is a
# possibility you will end up with a broken system after patching or
# upgrading.  Changes are not supported unless under direction of
# VMware support.

cp /vmfs/volumes/500G2/enablevnc.xml /etc/vmware/firewall/
      
exit 0
~
/etc/vmware/firewall # 

Run auto-backup.sh

/etc/vmware/firewall # /sbin/auto-backup.sh 
Files /etc/vmware/dvsdata.db and /tmp/auto-backup.61769//etc/vmware/dvsdata.db differ
Saving current state in /bootbank
Clock updated.
Time: 03:54:44   Date: 01/20/2013   UTC
/etc/vmware/firewall #


Enable VNC on target VM

Make sure your VM is shut down
edit the .vmx file manually over SSH or change the 'Configuration Parameters' in vSphere
These are the two config parameters to add. 
There is no password configured in this example.

remotedisplay.vnc.enabled = "true"
remotedisplay.vnc.port = "5900"

Connect


To connect to the desktop of the target VM, use a free VNC client, IP address of your ESXi server and port 5900
Posted by at 4 comments:
Subscribe to: Posts (Atom)