vCenter Server/vSphere Client keeps losing connection to ESXi 5 host

funasset
funasset used Ask the Experts™
on
In vSphere Client I keep losing the connection to a remote ESXi 5 host. It seems to happem every couple of minutes. I can got to Connect in vSphere and it will reconnect OK but then the connection gets lost again. If I vSphere to the host directly the connection is fine.

The remote host has been reset manually and I've also restarted it from the direct vSphere session but it still keeps dropping out.

Any idea why?

Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Andrew Hancock (VMware vExpert / EE Fellow)VMware and Virtualization Consultant
Fellow 2018
Expert of the Year 2017

Commented:
if you ping the server, or connect with ssh, do you also lose ping (timeouts) or connectivity?

any firewalls in place?

Author

Commented:
a continuous Ping shows no problems and I've had problems with my PuTTY session dropping out.

I'm not aware of any firewalls being added recently - if there were wouldn't it just refuse connection from one or all of vSphere, ping and PuTTY?
Andrew Hancock (VMware vExpert / EE Fellow)VMware and Virtualization Consultant
Fellow 2018
Expert of the Year 2017

Commented:
depends on the firewall, if ssh (tcp, port 22), and SSL (tcp port 443) are having connectivity issues, this is the issue, which leads to firewall issue or rules?
Acronis in Gartner 2019 MQ for datacenter backup

It is an honor to be featured in Gartner 2019 Magic Quadrant for Datacenter Backup and Recovery Solutions. Gartner’s MQ sets a high standard and earning a place on their grid is a great affirmation that Acronis is delivering on our mission to protect all data, apps, and systems.

Author

Commented:
How can I check that the required ports are open and available? Sorry - I need some dummy instructions.
Andrew Hancock (VMware vExpert / EE Fellow)VMware and Virtualization Consultant
Fellow 2018
Expert of the Year 2017

Commented:
just telnet to IP address 443 and 22, this should stay connected

Author

Commented:
Hmm. Not familiar with telnet so can't say if what I'm seeing is correct or not but my feeling is 'not'.

If I type telnet 123.123.123.1 443 I just get a blank screen with the cursor top left and not blinking.  If I type the same but using 22 I get 'SSH-2.0-OpenSSH_5.6' and nothing much going on.

Does that provide a big clue?
Andrew Hancock (VMware vExpert / EE Fellow)VMware and Virtualization Consultant
Fellow 2018
Expert of the Year 2017

Commented:
okay, use telnet as follows:-

telnet <ip address of host server> 22

telnet <ip address of host server> 443

telnet <ip address of host server> 80

and wait, how long do they stay connected?

also run ping  <ip address of host server> -t at the same time as above, does ping timeout, at the same time connection is dropped.

all the above should stay connected, until you exit from telnet program.

Author

Commented:
OK, will do.

Is the attached what I should expect to see when testing port 22? I was expecting some sort of prompt but this is all I get for this port.

Thanks
Telnet-on-port-22.jpg

Author

Commented:
Update - with continuous ping going OK the port 22 session reported Connection to Host Lost after a minute or so - which is roughly the same time I can connect to the ESXi host in vSphere. I'll try the other ports now.

Author

Commented:
All 3 Telnet sessions appear to drop out after 1-2 minutes. Is that down to a possible firewall at the remote hosting site or something I can investigate and change myself?

Author

Commented:
I tried similar to local ESXi hosts which are connecting OK and saw the exact same behaviour which suggests that what I saw in the previous test was telnet's behaviour and not an indication of an error.

I can still connect fine to the remote host directly using vSphere and by PuTTY - it just seems to be when I logon to our local vCentre Server that I have problems with the connection being dropped after a minute or so.
Andrew Hancock (VMware vExpert / EE Fellow)VMware and Virtualization Consultant
Fellow 2018
Expert of the Year 2017

Commented:
after the connection has dropped can you connect back to the server okay immediately after?

and if you connect using telnet <ip address> 443 (this is the same port client connects to) it remains connected?

Author

Commented:
If I'm looking at the vSphere client session which connects to our vCentre Server and shows local and the problem remote host, I can connect to the remote host for maybe 1 minute then it drops out but I can reconnect again straight away.

If I telnet <ip address> 443 I get a blank screen with a static cursor top left of the screen. This drops back to the command prompt after a minute or so and if I repeat the exercise straight away it just does the same thing.

Author

Commented:
BTW - not ideal I know but just to try and get this working again I've temporarily disabled all firewall settings on the Win2008 box running vCentre Server in case that was hindering things but it didn't seem to help. Another straw grasped........
Andrew Hancock (VMware vExpert / EE Fellow)VMware and Virtualization Consultant
Fellow 2018
Expert of the Year 2017

Commented:
interesting both you stay connected.

Author

Commented:
I'll have to open a call with VMware and see if they can shed any light.

Author

Commented:
After a bit more digging around it seems that the most likely cause is that there is a NAT in use between our office LAN and the LAN that sits behind the hosting company's firewall. There was some configuration required of my firewall but as far as the remote host is concerned I followed this article -

http://www.vmskills.com/2010/09/using-nat-between-vcenter-server-system.html

VMware states that using an ESXi host behind a NAT is not supported which I find rather strange in this day and age. At the time of writing I implemented the changes outlined in the article and the remote host has been connected OK for over an hour now.

Author

Commented:
I've requested that this question be closed as follows:

Accepted answer: 0 points for funasset's comment #a38751401

for the following reason:

The last post gives the useful information requried to workaround this 'feature'.
Andrew Hancock (VMware vExpert / EE Fellow)VMware and Virtualization Consultant
Fellow 2018
Expert of the Year 2017

Commented:
In http:#a38726628 I state

"any firewalls?"

In http:#a38726762

I state

"depends on the firewall, if ssh (tcp, port 22), and SSL (tcp port 443) are having connectivity issues, this is the issue, which leads to firewall issue or rules?"

Author

Commented:
To be honest I don't fully understand (is network address translation the same as firewalls and ports?) but I'll be happy to assign you the points for the help you offered.
VMware and Virtualization Consultant
Fellow 2018
Expert of the Year 2017
Commented:
NAT (network address translation) is a part of Firewalls, modiying the packet headers.

e.g. some device is blocking, direct commuinications between client and server.

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial