Dell DRAC 4 behind a firewall - Unable to connect to vKVM, press OK to exit.

I have a Dell PowerEdge 2800 with the DRAC 4/I Remote Access Controller. Everything works fine from the LAN, including the console.
However, no matter what ports I've tried forwarding so far, I cannot get console to work from outside the router. When I try to open a console it gives the following error: Unable to connect to vKVM, press OK to exit.

So far I have tried forwarding ports 80, 443, 3668, 5869, 5900, 5901, 5902...

Dell fails to answer this same question at:

How about it experts? 500 big points to the first correct answer!
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Try creating a VPN tunnel to the firewall as an endpoint - after you establish your tunnel, attempt to attach to your DRAC.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
GargantubrainAuthor Commented:
Because I do not have a firewall or router that supports VPN, I need to know what specific ports need to be forwarded for the DRAC 4 to work with a remote console.

I have a contact at Dell - let me see what he has to say.

Get your problem seen by more experts

Be seen. Boost your question’s priority for more expert views and faster solutions

I have started a dialogue with my contact.

Just to be sure we have the basics covered and I can tell him so with certainty, let's go over a few things.

1)  This server is in a site and you are attempting to access it through the router/firewall from the Internet? or another site?

2)  If another site - how are the sites connected?  point-to-point frame? or through a public cloud?

3)  Since we are going through the router/firewall we'll need some access lists created or else everyone will get in.  Have you created any?  What are you running for a firewall?

4)  Ports 80 and 443 should be all you need to address for this to work - the key is making sure that your ACLs are correct and your forwarding is setup right.  At the risk of disclosing too much publicly, can you give a overview of what you have done so far as detailed as you dare?  

Once I have an idea of your setup, it will make it much easier to hash out with my contact since I will be prepared for whatever he asks me.

If it's simply a matter of fixing the access setup, then that should be easy to deal with.

Here is a link provide from Dell - I suspect you have this already, but I'm just relaying what is coming in from him.

You need port 5900 outbound also.

As well, you need Sun's JVM version 1.4.2 or later installed on the PC you are using to access the DRAC.  Clear and disable java caching from the control panel applet.

GargantubrainAuthor Commented:
As I originally noted, I have already tried forwarding the following ports: 80, 443, 3668, 5869, 5900, 5901, 5902

The Dell is in our company LAN, with private IP's and a typical NAT configuration on a Cisco router. The DRAC web pages and console work perfectly from other computers on the LAN (in the same subnet). I already have the Sun JVM installed and configured as directed.

From the Internet, the DRAC web page works after forwarding https 443, but the CONSOLE is what is not working. I am testing it from my home, which is also a LAN with NAT and firewall/router.

All I am asking is what ports need to be opened (perhaps some port(s) need to also be opened on my home router) in order for Console to work. That's it. If there is a technical reason that it won't work through NAT (ipsec headers not compatible with being NAT-ed) then I can understand that. This forum isn't the place to vent but you would think that Dell would document this better for an enterprise-class server and even the DRAC card itself not a cheap add-on at $395...

I suspect I will need to implement a VPN server but so far this is the only application I've tried to implement that absolutely requires it.
I would think that NAT might be causing this to some degree - however, the part you added about a home router stands out a little.

Have you tried opening port 5900 on your home router to the IP of your corporate router both directions?

...and yes, I agree that Dell should have some way to document the requirements better.

You can remotely reset the Drac if you telnet or Secure console into the drac and run this command
racadm serveraction racreset

GargantubrainAuthor Commented:
In the future you should consider NOT reviving discussions that are over 5.5 years old.

In addition, the original question had nothing to do with what commands are needed to reset the DRAC. In fact, with the original question in mind, which is the inability to access the DRAC, your solution is useless since it requires having access to the DRAC.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Server 2003

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.