Long story short; I wanted to have VNC Console access to my VMware ESXi 5.x guest systems. Now knowing what I wanted I needed to find a way out. After trying many steps I narrowed down the steps that work perfectly in ESXi 5.
First thing to know is that you require a custom firewall rule in ESXi to allow network access to your guest machines that are enabled for VNC console access. This firewall setting does not exist by default.
The following steps should help you create the new rule:
Using vi or in my case WinSCP I navigated my way to the following location /etc/vmware/firewall and created a file named VNC.xml
Using the built in editor I added the following information:
<ConfigRoot>
<service>
<id>VNC</id>
<rule id=’0000′>
<direction>inbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>
<begin>5901</begin>
<end>5910</end>
</port>
</rule>
<rule id=’0001′>
<direction>outbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>
<begin>0</begin>
<end>65535</end>
</port>
</rule>
<enabled>true</enabled>
<required>false</required>
</service>
</ConfigRoot>
After saving the VNC.xml file I logged into my ESXi Console (via SSH) and issued the following command to restart the firewall service and enable my new custom firewall rule: esxcli network firewall refresh
Next I powered off the guest virtual machine I wanted to enable VNC access for and added the following lines:
remoteDisplay.vnc.enabled = “TRUE”
remoteDisplay.vnc.password = “password”
remoteDisplay.vnc.port = “5901”
The above lines can also be added via the vCenter Interface by doing the following:
Go to ‘Edit Settings’ for the virtual machine
Then the ‘Options’ tab
Select ‘General’ under the Advanced section
Click the ‘Configuration Parameters’ button and add the lines from above 1 by 1
Notes:
- Be sure to choose a port number within the range you specified in the VNC.xml custom firewall rule. You can also specify whatever range fits your needs, as long as its not already used by ESXi.
- Also remoteDisplay.vnc.password = “password” seems to be optional, however I recommend using a password