TCP and UDP ports required to access VMware vCenter Server
search cancel

TCP and UDP ports required to access VMware vCenter Server

book

Article ID: 326184

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

This article lists the TCP and UDP ports required for VMware vCenter Server.

Resolution

vCenter Server 6.5 - vCenter Server 8.0

The information has moved. Please refer to VMware Ports and Protocols for a comprehensive list of the TCP and UDP ports required for current vSphere versions.

 

vCenter Server 5.x - vCenter Server 6.0

Product Port Protocol Source Target Purpose
Heartbeat 52267 TCP vCenter Server Heartbeat Console vCenter Server Heartbeat Server Client Connection Port
Heartbeat 57348 TCP vCenter Server Primary Server vCenter Server Secondary Server Default Channel Port to communicate between Primary and Secondary server
vCenter Server 5.x 25 TCP vCenter Server SMTP Server Email notifications
vCenter Server 5.x 53 UDP vCenter Server DNS Server DNS lookups
vCenter Server 5.x 80 TCP Client PC vCenter Server vCenter Server requires port 80 for direct HTTP connections.
vCenter Server 5.x 80 TCP vCenter Server ESXi 5.x DPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol
vCenter Server 5.x 88 UDP vCenter Server Active Directory Server AD Authentication
vCenter Server 5.x 88 TCP vCenter Server Active Directory Server AD Authentication
vCenter Server 5.x 135 TCP vCenter Server vCenter Server Used by ADAM for RPC communications between vCenter Servers in Linked Mode.
vCenter Server 5.x 161 UDP SNMP Server vCenter Server SNMP Polling
vCenter Server 5.x 162 UDP vCenter Server SNMP Server SNMP Trap Send
vCenter Server 5.x 389 TCP/UDP vCenter Server Linked vCenter Servers This port must be open in the local and all remote instances of vCenter Server. This is the LDAP port number for the Directory Services for the vCenter Server group. The vCenter Server system needs to bind to port 389, even if you are not joining this vCenter Server instance to a Linked Mode group. If another service is running on this port, it might be preferable to remove it or change its port to a different port. You can run the LDAP service on any port from 1025 through 65535.
vCenter Server 5.x 443 TCP vSphere Client vCenter Server vCenter Server system uses to listen for connections from the vSphere Client.
vCenter Server 5.x 443 TCP vCenter Server ESXi 5.x vCenter Agent. Host DPM with HP iLO Remote Management and Control Protocol
vCenter Server 5.x 623 UDP vCenter Server ESXi 5.x DPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol
vCenter Server 5.x 636 TCP vCenter Servers Linked vCenter Servers This is the SSL port of the local instance for vCenter Server Linked Mode. If another service is running on this port, it might be preferable to remove it or change its port. You can run the SSL service on any port from 1025 through 65535.
vCenter Server 5.x 902 TCP vCenter Server ESXi 5.x vCenter Server system uses to send data to managed hosts. This port must not be blocked by firewalls between the server and the hosts or between hosts.
vCenter Server 5.x 902 TCP/UDP vSphere Client ESXi 5.x vSphere Client uses this ports to display virtual machine consoles.
vCenter Server 5.x 902 TCP/UDP ESXi 5.x ESXi 5.x Host access to other hosts for migration and provisioning
vCenter Server 5.x 1024 (dynamic) RPC Linked vCenter Servers Linked vCenter Servers Bi-directional RPC communication on dynamic TCP ports is required between all vCenters that need to replicate (via ADAM).
vCenter Server 5.x 1433 TCP vCenter Server Microsoft SQL Server For vCenter Microsoft SQL Server Database
vCenter Server 5.x 1521 TCP vCenter Server Oracle Database Server For vCenter Oracle Database
vCenter Server 5.x 5988 TCP ESXi 5.x vCenter Server CIM transactions over HTTP
vCenter Server 5.x 5989 TCP vCenter Server ESXi 5.x CIM XML transactions over HTTPS
vCenter Server 5.x 5989 TCP ESXi 5.x vCenter Server CIM XML transactions over HTTPS
vCenter Server 5.x 7500 UDP vCenter Server Linked vCenter Servers vCenter Inventory Service Groups diagnostics port for Inventory Service instances.
vCenter Server 5.x 8005 TCP vCenter Server vCenter Server Internal Communication Port
vCenter Server 5.x 8006 TCP vCenter Server vCenter Server Internal Communication Port
vCenter Server 5.x 8009 TCP vCenter Server vCenter Server AJP Port
vCenter Server 5.x 8080 TCP Client PC vCenter Server Web Services HTTP. Used for the VMware VirtualCenter Management Web Services
vCenter Server 5.x 8083 TCP vCenter Server vCenter Server Internal Service Diagnostics
vCenter Server 5.x 8085 TCP vCenter Server vCenter Server Internal Service Diagnostics/SDK
vCenter Server 5.x 8086 TCP vCenter Server vCenter Server Internal Communication Port
vCenter Server 5.x 8087 TCP vCenter Server vCenter Server Internal Service Diagnostics
vCenter Server 5.x 8089 TCP vCenter Server vCenter Server SDK Tunneling Port
vCenter Server 5.x 8443 TCP Client PC Linked vCenter Servers Web Services HTTPS. Used for the VMware VirtualCenter Management Web Services.
vCenter Server 5.x 8443 TCP vCenter Server vCenter Server VMware Web Management Services Linked Mode Communication port
vCenter Server 5.x 9443 TCP Client PC vCenter Server vSphere Web Client Access
vCenter Server 5.x 10111 TCP vCenter Server Linked vCenter Servers vCenter Inventory Service Linked Mode Communication
vCenter Server 5.x 10443 TCP Client PC Linked vCenter Servers vCenter Inventory Service Linked Mode Communication between Inventory Service instances.This can be changed during the vCenter Server installation and should be adjusted in the firewall settings as needed.
vCenter Server 5.x 51915 TCP ESXi vSphere Authentication Proxy This is a web service, which is used to add host to Active Directory domain.
vCenter Server 5.x 60099 TCP vCenter Server vCenter Server Web Service change service notification port
vCenter Server 5.1 7005 TCP vCenter Server (Tomcat Server settings) vCenter Single Sign-On Base shutdown port.
For more information, see Configuring VMware Tomcat Server Settings in vCenter Server 5.1.
vCenter Server 5.1 7080 TCP vCenter Server (Tomcat Server settings) vCenter Single Sign-On HTTP Port
vCenter Server 5.1 7009 TCP vCenter Server (Tomcat Server settings) vCenter Single Sign-On AJP Port
vCenter Server 5.1 49152 to 65535 TCP Active Directory vCenter Server Allow Active Directory authentication/communication between domain controllers and vCenter Server.
vCenter Server 5.1/5.5 7444 TCP vCenter Server (Tomcat Server settings) vCenter Single Sign-On Lookup Service, HTTPS Port
vCenter Server 5.1/5.5 8003 TCP vCenter Server (Tomcat Server settings) vCenter Server Management Web Services vCenter Server Management Web Service shutdown
vCenter Server 5.5 31000 to 32999 TCP vCenter Single Sign-On vCenter Single Sign-On Internal Communication Ports for VMware Secure Token Service, which uses two available ports. One port from the 31000 to 31999 range and one port from the 32000 to 32999 range.
vCenter Server 5.5 88 TCP vCenter Server vCenter Single Sign-On Kdc Service
vCenter Server 5.5 2012 TCP vCenter Server (Tomcat Server settings) vCenter Single Sign-On Directory Service
vCenter Server 5.5 2013 TCP vCenter Server (Tomcat Server settings) vCenter Single Sign-On Kdc Service
vCenter Server 5.5 2014 TCP vCenter Server (Tomcat Server settings) vCenter Single Sign-On VMware Certificate Service inter-communications with vCenter Single Sign-On
vCenter Server 5.5 6501 TCP Auto Deploy service ESXi Host Auto Deploy Service
vCenter Server 5.5 6502 TCP Auto Deploy Manager vSphere Client Auto Deploy Manager Service
vCenter Server 5.5 7331 TCP vSphere Web Client vCenter Server (Tomcat Server settings) HTML5 remote console for virtual machines
vCenter Server 5.5 Update 2 and later 7343 TCP vSphere Web Client vCenter Server (Tomcat Server settings) HTML5 remote console for virtual machines, HTTPS
vCenter Server 5.5 7444 TCP vCenter Server (Tomcat Server settings) vCenter Single Sign-On Lookup Service, HTTPS port
vCenter Server 5.5 8190 TCP vCenter Server vCenter Server Storage Policy Server HTTP
vCenter Server 5.5 8191 TCP vCenter Server vCenter Server Storage Policy Server HTTPS
vCenter 5.5 9875-9877 TCP vSphere Web Client vSphere Web Client vSphere Web Client Java Management Extension (JMX). Dynamically acquired upon the vSphere Web Client service starting.
vCenter Server 5.5 9090 TCP vSphere Web Client HTTP vSphere Web Client HTTP redirect to HTTPS
vCenter Server 5.5 11711 TCP vCenter Single Sign-On vCenter Single Sign-On Directory service LDAP use for replication between vCenter Single Sign-On nodes
vCenter Server 5.5 11712 TCP vCenter Single Sign-On vCenter Single Sign-On Directory service LDAPS use for replication between vCenter Single Sign-On nodes
vCenter Server 5.5 12721 TCP vCenter Single Sign-On vCenter Single Sign-On Identity Management Service (IDM) internal client/server communication port.
Used by VMware Identity Management Service.
vCenter Server 5.5 12443 TCP Log Browser vCenter Server Log Browser
vCenter Server 5.5 22000 TCP vCenter Server vCenter Server vCenter Server Storage Monitoring Service HTTP
vCenter Server 5.5 22100 TCP vCenter Server vCenter Server vCenter Server Storage Monitoring Service HTTPS
vCenter Server 5.5 31000 TCP vCenter Server vCenter Server VMware vSphere Profile-Driven Storage Service HTTP
vCenter Server 5.5 31100 TCP vCenter Server vCenter Server VMware vSphere Profile-Driven Storage Service HTTPS
vCenter Server 5.5 49000 to 65000 TCP Active Directory vCenter Server Allow Active Directory authentication/communication between domain controllers and vCenter Server.Used by the VMware Identity Management Service
vCenter Server 6.0 22 TCP/UDP vCenter Server SSH Client System port for SSHD. This port is only used by the vCenter Server Appliance
vCenter Server 6.0 80 TCP Client PC vCenter Server vCenter Server requires port80for direct HTTP connections. Port80redirects requests to HTTPS port 443. This redirection is useful if you accidentally usehttp://serverinstead ofhttps://server.

WS-Management (also requires port 443 to be open).

If you use a Microsoft SQL database that is stored on the same virtual machine or physical server as vCenter Server, port 80 is used by the SQL Reporting Service.

When you install or upgrade vCenter Server, the installer prompts you to change the HTTP port for vCenter Server. Change the vCenter Server HTTP port to a custom value to ensure a successful installation or upgrade.
vCenter Server 6.0 88 TCP vCenter Server Active Directory Server VMware key distribution center port
vCenter Server 6.0 389 TCP/UDP vCenter Server Linked vCenter Servers This port must be open on the local and all remote instances of vCenter Server. This is the LDAP port number for the Directory Services for the vCenter Server group.

If another service is running on this port, it might be preferable to remove it or change its port to a different port. You can run the LDAP service on any port from 1025 through 65535.
vCenter Server 6.0 443 TCP vSphere Web Client vCenter Server The default port that the vCenter Server system uses to listen for connections from the vSphere Web Client. To enable the vCenter Server system to receive data from the vSphere Web Client, open port 443 in the firewall.
The vCenter Server system also uses port 443 to monitor data transfer from SDK clients.


Port 443 is also used for these services:

WS-Management (also requires port 80 to be open)

Third-party network management client connection to vCenter Server. 
Third-party network management clients access to host
vCenter Server 6.0 514 UDP Syslog Collector Syslog Collector vSphere Syslog Collector port for vCenter Server on Windows and vSphere Syslog Service port for vCenter Server Appliance
vCenter Server 6.0 636 TCP Platform Service Controller Management Nodes For vCenter Server Enhanced Linked Mode, this is the SSL port of the local instance. If another service is running on this port, it might be preferable to remove it or change its port to a different port. You can run the SSL service on any port from 1025through65535. This port is also used during install to verify SSL certificates.
vCenter Server 6.0 902 TCP/UDP vCenter Server ESXi 6.0/5.x The default port that the vCenter Server system uses to send data to managed hosts. Managed hosts also send a regular heartbeat over UDP port 902to the vCenter Server system. 

This port must not be blocked by firewalls between the server and the hosts or between hosts.

Port 902 must not be blocked between the vSphere Client and the hosts. The vSphere Client uses this port to display virtual machine consoles.
vCenter Server 6.0 10080 TCP vCenter Server Inventory Service vCenter Server vCenter Inventory Service HTTP
vCenter Server 6.0 1514 TCP/UDP Syslog Collector Syslog Collector vSphere Syslog Collector TLS port for vCenter Server on Windows and vSphere Syslog Service TLS port for vCenter Server Appliance
vCenter Server 6.0 2012 TCP vCenter Server (Tomcat Server settings) vCenter Single Sign-On Control interface RPC for vCenter Single Sign-On(SSO).
vCenter Server 6.0 2014 TCP vCenter Server (Tomcat Server settings) vCenter Single Sign-On RPC port for all VMCA (VMware Certificate Authority) APIs.
vCenter Server 6.0 2020 TCP/UDP vCenter Server vCenter Server Authentication framework management
vCenter Server 6.0 6500 TCP/UDP vCenter Server ESXi host ESXi Dump Collector port
vCenter Server 6.0 6501 TCP Auto Deploy service ESXi Host Auto Deploy service
vCenter Server 6.0 6502 TCP Auto Deploy Manager vSphere Client Auto Deploy management
vCenter Server 6.0 7444 TCP     Secure Token Service
vCenter Server 6.0 8009 TCP vCenter Server vCenter Server AJP Port
vCenter Server 6.0 8089 TCP vCenter Server vCenter Server SDK Tunneling Port
vCenter Server 6.0 9443 TCP vSphere Web Client Server vSphere Web Client vSphere Web Client HTTPS
vCenter Server 6.0 11711 TCP vCenter Single Sign-On vCenter Single Sign-On VMware Directory service (vmdir) LDAP
vCenter Server 6.0 11712 TCP vCenter Single Sign-On vCenter Single Sign-On VMware Directory service (vmdir) LDAPS