Windows Server virtual machine on ESXi experiencing HTTPS port 443 not responding while basic connectivity works. Exchange Server or IIS services failing to accept connections on port 443 despite ping and RDP working normally. ESXi packet capture shows network traffic reaching the VM switchport but connections time out or fail.

Common error symptoms:

• "Connection timed out" when accessing HTTPS services
• IIS not responding on port 443
• Exchange Web Services unavailable
• SSL certificate errors or connection refused
• netstat shows port 443 not listening on Windows Server
• ESXi packet capture confirms traffic reaches virtual machine switchport
• Other ports like 3389 (RDP) and ping function correctly

• VMware vSphere ESXi
• Windows Server virtual machines
• IIS/Exchange Server configurations
• Standard vSwitch or Distributed Virtual Switch configurations

Port 443 HTTPS traffic reaches ESXi switchport but Windows Server VM not listening on the port. IIS service not running, misconfigured, or Windows Firewall blocking connections. SSL certificate issues or application pool stopped preventing HTTPS binding.

Use this step-by-step approach to determine if the issue is network infrastructure or Windows Server configuration:

Step 1: Perform ESXi Packet Capture

Capture traffic at VM switchport using Packet capture on ESXi using the pktcap-uw tool:

1. SSH to ESXi host and identify switchport:

net-stats -l

2. Start packet capture:

pktcap-uw --switchport [SWITCHPORT_ID] --capture VnicTx,VnicRx -o /vmfs/volumes/datastore/vm_capture.pcapng

3. Test port 443 connectivity while capture runs

Review capture results to determine next step:

• If traffic appears in capture: Continue to Step 2a (VM-level troubleshooting)
• If no traffic in capture: Continue to Step 2b (network infrastructure troubleshooting)

Step 2a: VM-Level Troubleshooting (Traffic Reaches Switchport)

Use Test-NetConnection to verify port connectivity:

Test-NetConnection -ComputerName [VM_IP] -Port 443 -InformationLevel Detailed
Test-NetConnection -ComputerName [VM_IP] -Port 3389 -InformationLevel Detailed

Check port listening status with netstat:

netstat -an | findstr :443
netstat -ano | findstr LISTENING

If traffic reaches switchport but port 443 not listening:

1. Check IIS service status and site bindings
2. Review Windows Event Viewer for system and application errors
3. Examine IIS logs for connection attempts and errors
4. Verify Windows Firewall inbound rules for port 443
5. Check SSL certificate configuration and application pool status

If issues persist, contact Microsoft Support for IIS and Windows Server configuration assistance.

Step 2b: Network Infrastructure Troubleshooting (No Traffic at Switchport)

1. Perform packet captures on ESXi host uplinks:

pktcap-uw --uplink vmnic0 --capture UplinkSndKernel,UplinkRcvKernel -o /vmfs/volumes/datastore/uplink_capture.pcapng

2. Collect ESXi host logs and vCenter logs
3. Create new Broadcom support case and provide:
   • ESXi host logs
   • vCenter logs
   • Uplink packet captures
   • VM switchport captures showing no traffic