Using VNC in VMWare ESXi 5.0

| Comments

VNC can be enabled on ESXi hosts to enable remote console connections to virtual machines; this is useful for Mac users who do not have a native VMWare vSphere client or to provide console access for users who are otherwise without the vSphere client.

Verify Host Firewall Settings

The VMWare host needs a custom firewall rule to allow VNC connections, to verify if this already exists browse to the host in the inventory, go to the configuration tab, and click ‘Security Profile’ under the Software section of links:

VNC Firewall Rule

You should see the VNC firewall rule shown above, if not then the rule needs to be configured: (If the rule already exists, skip to ‘Configure a Virtual Machine for VNC’ section.)

*In the ‘Services’ section of the security profile window shown above, click Properties

*Select SSH and click the options button, then start SSH

*SSH to the IP address of the VMWare host and enter the following command:

1
vi /etc/vmware/firewall/VNC.xml

This will create a new firewall rule file, press ‘a’ on your keyboard to enter edit mode. (vi is a CLI based text editor)

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
<ConfigRoot>
<service>
<id>VNC</id>
<rule id='0000'>
<direction>inbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>
<begin>2000</begin>
<end>2099</end>
</port>
</rule>
<rule id='0001'>
<direction>outbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>
<begin>0</begin>
<end>65535</end>
</port>
</rule>
<enabled>true</enabled>
<required>false</required>
</service>
</ConfigRoot>

Paste the above into the file (opens ports 2000 - 2099), then press the escape key and enter ‘:wq’ (without the quotes) to save the file and exit the text editor. Now you need to refresh the firewall rules:

1
esxcli network firewall refresh

Now if you refresh the firewall rules in vSphere the new VNC rule should appear.

Configure a Virtual Machine for VNC

Now that the firewall rule is enabled all that is left is to enable VNC on the virtual machine. The VM needs to be shut down to edit this setting.

  1. Go to ‘Edit Settings’ for the virtual machine

  2. Go to the ‘Options’ tab

  3. Select ‘General’ under the Advanced section

  4. Click the ‘Configuration Parameters’ button

  5. Add rows to the list as shown in the image below:

VMWare Enable VNC on VM

Be sure to choose a port number within the range 2000 - 2099 as these are the ports we opened on the firewall. ‘RemoteDisplay.vnc.password’ is optional, if you do not add it then VNC will work without any authentication.

That’s it! You should now be able to VNC to the IP address of the VMWare host, with the port number you configured for the VM!

Comments