Connection reset when trying to access the vami and ssh to vCenter
search cancel

Connection reset when trying to access the vami and ssh to vCenter

book

Article ID: 437240

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • Connectivity to the VAMI is currently unavailable.
  • Attempts to access the VAMI result in a “connection was reset” error in the browser on port 5480, and SSH access on port 22 fails with ssh_exchange_identification: read: Connection reset by peer.
  • Despite these management access issues, vCenter services remain functional and accessible within the local network segment.



  • The output of the connectivity test, from the client system, using CURL over port 5480 & 22 shows unsuccessful connection.
 

Environment

VMware vCenter Server 

Cause

  • The issue is caused by external network restrictions, typically at a physical firewall, that prevent traffic on ports 5480 and 22 from reaching the vCenter Server from external subnets.
  • This often occurs when network security policies or stateful inspection rules do not permit these management ports.

Resolution

To restore management access, follow these steps:

  1. Test Local Access:
    Attempt to log in to the VAMI (https://<vCenter-IP>:5480) and SSH from a VM located on the same Layer 2 network segment as the vCenter Server.
    Successful access from the local segment confirms that the appliance services are running and listening, narrowing the issue down to the external network path/routing, when trying to access VC from other subnet.

  2. Review Perimeter Security:
    Coordinate with the network or security team to inspect the physical firewalls between the source subnets and the vCenter appliance.

  3. Configure Firewall Rules: Ensure that the following ports are explicitly allowed in the access control lists (ACLs):

    • TCP 5480: Required for VAMI access.

    • TCP 22: Required for SSH access.

Once the port 5480 is allowed, the output of the connectivity test, from the client system, using CURL should be as below. Verify VAMI is accessible.

Example:

For VAMI (Port 5480):

PS C:\> curl -v telnet://<vCenter_URL>:5480
* Trying <vCenter_IP_Address>:5480...
* Connected to <vCenter_URL> (<vCenter_IP_Address>) port 5480 (#0)

For SSH (Port 22):

PS C:\> curl -v telnet://<vCenter_URL>:22
* Trying <vCenter_IP_Address>:22...
* Connected to <vCenter_URL> (<vCenter_IP_Address>) port 22 (#0)

Successful connection output confirms that the respective ports are reachable and accessible.

If issue persist please feel free to open a Broadcom support case.

Additional Information

Powered by Wolken Software