Why vSphere Web Client runs on port 9443

Admittedly, I’ve been on this issue far too long. And by issue, I should say issues, all of which may/not resemble the following:

  • Administrator@vsphere.local lacks basic permissions.
  • vCenter Server doesn’t appear in inventory, or is invisible.
  • ERROR: Failed to connect to host _______ in the bottom-right corner (notification)
  • Failed to verify the SSL certificate for one or more vCenter Server Systems: https://vCenterServerFQDN:443/sdk
  • [00404 error 'Default'] Failed to intialize VMware VirtualCenter. Shutting down... from vpxd logs.

 

BACKGROUND:

My goal was to migrate my vCenter Server 5.5U2 environment to Windows Server 2012.

Instead, I ended up setting up a new vCenter Server instance with all 4 services installed on the same host. The host is a fresh VM hosted upon ESXi 5.5, and connected to a respected domain & DNS server.

The issues begin rolling in when attempting to use the vSphere Web Interface to add my ESXi host to the data center.

However, I found myself unable to do anything but login into the web client (cannot change roles/permissions, create data centers, create VMs, add hosts, look at logs, and more).

 

APPARENT PROBLEM:

vSphere’s Web Client runs on port 9443, which is a bit of a pain to see and enter as a URL. As such, I decided to change it to port 443, commonly used by HTTPS and recognized by browsers, eliminating the need to enter a port after my web client’s address. This was done by editing vCenter’s Tomcat Server config (seen more below).

However, vSphere’s decision to use 9443 was not out of spite. Port 443 was used for:several other services, including:

  • WS-Management (also requires port 80 to be open)
  • vSphere Client access to vSphere Update Manager
  • Third-party network management Client connections to vCenter Server
  • Third-party network management Clients access to hosts
  • Monitor data transfer from SDK clients.

All of which are present and accounted in Required ports for VMware vCenter Server 5.5 (2051575).

 

SOLUTION:

Revert the port-change in the Tomcat Server’s config back to 9443.

  1. Launch services.msc [START>RUN>services.msc].
  2. Stop the service VMware VirtualCenter Server service.
  3. Navigate to C:\Program Files\VMware\Infrastructure\vSphereWebClient\server\configuration\
  4. Copy the file tomcat-server.xml to a readable/writable location (e.g. Documents or Desktop.
  5. Open the copied tomcat-server.xml with a text editor, such as Notepad, Notepad++, or Sublime.
  6. Within the <Service name="Canalina"> container, look for the following line (for me, it was the second line): <Connector port="####" protocol="HTTP/1.1" SSLEnabled="true" ...>
  7. Change the port listed (####) back to 9443.
  8. Rename C:\Program Files\VMware\Infrastructure\vSphereWebClient\server\configuration\tomcat-server.xml to tomcat-server_BACKUP.xml
  9. Copy the copied tomcat-server.xml file to C:\Program Files\VMware\Infrastructure\vSphereWebClient\server\configuration\
  10. Restart the vCenter Server.

I’m sure that there’s a way to safely change this port (maybe by NOT doing the ‘simple’ installation!), but for now, I’ll settle with entering 5 characters after my vCenter server address. I’ll continue to toy around with this, and see if I could figure it out.

I’m also quite sure that this process varies for the vCenter Server APPLIANCE. As such, please don’t follow this with intentions to fix a similar issue on said appliance.

And please, don’t be frustrated if this isn’t the solution you’re looking for, or if it breaks something (that’s what tomcat-server_BACKUP.xml is for). I’d suggest reading further at KB2050273 or KB1010837.

 

Anyways, good luck with setting up your vCenter Server environment!

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.