vMotion fails if remoteSerialPort firewall rule set is enabled on ESXi
search cancel

vMotion fails if remoteSerialPort firewall rule set is enabled on ESXi

book

Article ID: 415276

calendar_today

Updated On:

Products

VMware vSphere ESXi VMware vCenter Server

Issue/Introduction

vMotion fails if remoteSerialPort firewall rule set is enabled on ESXi.

If the ESXi firewall rule set remoteSerialPort is enabled, connecting to the ESXi via SSH will result in the following communication check status for vMotion:

  • vmkping is able to communicate
  • Communication failure on port 8000 used for vMotion 
    nc -vz <IP address> 8000 -w 1
nc: connect to <IP address> port 8000 (tcp) timed out: Operation now in progress

Environment

VMware ESXi

Cause

Port 8000 is used for vMotion.
Port 8000 is included in the input/output port range of the remoteSerialPort firewall rule set. Therefore, when the rule set is enabled, the vMotion port 8000 will be blocked.

Resolution

Workaround 1:

Specify the IP address of the VMK used for vMotion in the remoteSerialPort rule set.

    1. Log in to the vSphere Client > Select the target ESXi host > Configure > Firewall > Click Edit

    2. Quick Filter: VM serial port connected over networ

    3. Add the IP address of the vMotion VMK adapter to the IP list

    4. Make sure VM serial port connected over network is checked and click OK

Workaround 2:

Disable the [remoteSerialPort] firewall rule set.

    1. Log in to the vSphere Client > Select the target ESXi host > Configure > Firewall > Click Edit

    2. Quick Filter: VM serial port connected over networ

    3. Uncheck VM serial port connected over network
Powered by Wolken Software