Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Ports that must be open for Site Recovery Manager 1.0.x to 5.5.x, vSphere Replication 1.0.x to 5.5.x, and vCenter Server (1009562)

Symptoms

Site Recovery Manager (SRM) and vSphere Replication can experience problems if the required network ports are not open.
  • Site Recovery Manager fails to establish site pairing due to connection termination over port 8095.
  • Site Recovery Manager connection to remote site breaks frequently.

Purpose

In a SRM or vSphere Replication deployment, both the protected and recovery sites must be able to resolve their connected vCenter Server by name. The respective ports must be open on both sites for uninterrupted communication.

For the list of default ports that all VMware products use, see TCP and UDP Ports required to access vCenter Server, ESXi/ESX hosts, and other network components (1012382).
 
For the list of default ports that SRM 5.8 uses, see   Network Ports for Site Recovery Manager 5.8 (2081159)
.

For the list of default ports that vSphere Replication 5.8 and 6.0 uses, see Port Numbers that must be open for vSphere Replication 5.8.x and 6.0 (2087769).

For the list of default ports that SRM 6.0 uses, see Network Ports for Site Recovery Manager 6.0 (2103394).

Resolution

You must ensure that all the required network ports are open for Site Recovery Manager (SRM) and vSphere Replication to function correctly.
General networking guidelines:
  • When troubleshooting SRM and vSphere Replication pairing and testing issues, eliminate firewalls and security applications as a possible cause of the problem by temporarily disabling or removing the software or item in question.
  • If you are using a VPN adapter such as SonicWALL or Juniper, ensure that the timeout setting is set to the maximum for any tunnel that is open on the required ports.

Site Recovery Manager 5.0.x to 5.5.x and vSphere Replication 1.0.x to 5.5.x network ports

The different components that make up SRM and vSphere Replication deployments, namely vCenter Server, SRM Server, the vSphere Replication appliance, and vSphere Replication servers require different ports to be open.

Image of the ports that SRM and vSphere Replication use:

Note: For the full size image and other graphic representations of the port relationships, see the images attached at the bottom of this article.



vCenter Server and ESXi 5.x network ports that SRM requires

SRM and vSphere Replication require certain ports to be open on vCenter Server:

Default Port Protocol or Description Source Target Description
80 HTTP SRM Remote vCenter Server All management traffic to SRM Server goes to port 80 on the vCenter Server proxy system.
443 HTTPS SRM vCenter Server Default SSL web port
902 TCP SRM Remote ESXi host Traffic from the SRM Server on the recovery site to ESX hosts when recovering or testing virtual machines with IP customization, with configured callout commands on recovered virtual machines, or that use raw disk mapping (RDM). All NFC traffic for updating or patching the VMX files of virtual machines that are replicated using vSphere Replication use this port.

SRM Server 5.0.x to 5.5.x network ports

The SRM Server instances on the protected and recovery sites require certain ports to be open.

Note: SRM Server at the recovery site must have NFC traffic access to the target ESXi servers.

Default Port Protocol or Description Source Target Endpoints or Consumers
80 TCP SRM Remote vCenter Server All management traffic to SRM Server goes to port 80 on the vCenter Server proxy system.
80 TCP SRM Local vCenter Server Management traffic to the local vSphere Replication management server (VRMS) goes to port 80 on the local vCenter Server proxy system.
443 TCP SRM vCenter Server Default SSL web port for incoming TCP traffic
902 TCP and UDP SRM Remote ESXi host Traffic from the SRM server on the recovery site to ESXi hosts when recovering or testing virtual machines with IP customization, with configured callout commands on recovered virtual machines, or that use raw disk mapping (RDM). All NFC traffic for updating or patching the VMX files of virtual machines that are replicated using vSphere Replication use this port.
1433 TCP SRM Microsoft SQL Server SRM connectivity to Microsoft SQL Server (for SRM database)
1521 TCP SRM Oracle Database Server SRM database connectivity to Oracle
1526 TCP SRM Oracle Database Server SRM database connectivity to Oracle
5000 TCP SRM IBM DB2 Database Server SRM database connectivity to IBM DB2
8095 SOAP vCenter Server and vSphere Client SRM From the vCenter Server proxy to the SRM Server (intrasite only).
9007 TCP SRM External API Client SRM Used by external API clients for task automation.
9085 HTTP vCenter Server SRM HTTP interface for downloading the UI plug-in and icons. This port must be accessible from the vCenter Server proxy system.
9086 HTTPS vCenter Server SRM SRM client plug-in download between the vCenter Server proxy and SRM.

vSphere Replication appliance 5.1.x to 5.5.x network ports

The vSphere Replication appliance requires certain ports to be open. In SRM 5.1 and later and vSphere Replication 5.x, vSphere Replication is shipped as a combined appliance that contains both the vSphere Replication management server (VRMS) and a vSphere Replication server. SRM 5.x allows you to deploy additional vSphere Replication servers.

Note: vSphere Replication management servers must have NFC traffic access to target ESXi hosts.

                         
Default Port Protocol or Description Source Target Endpoints or Consumers
80 TCP vSphere Replication appliance Remote vCenter Server All management traffic to the vSphere Replication appliance goes to port 80 on the vCenter Server proxy system.
80 HTTP vSphere Replication appliance Remote ESXi host Used to establish the connection before initial replication starts
902 TCP and UDP vSphere Replication server in the vSphere Replication appliance Remote ESXi host Used by vSphere Replication servers to send replication traffic to the destination ESXi hosts.
5480 vSphere Replication appliance virtual appliance management interface (VAMI) web UI (vSphere Replication 5.x) Browser vSphere Replication appliance Administrator's web browser.
8043 SOAP vCenter Server Proxy vSphere Replication appliance From the vCenter Server proxy to the vSphere Replication appliance (intrasite only).
8123 SOAP vSphere Replication appliance vSphere Replication server Management traffic from the vSphere Replication appliance to additional vSphere Replication servers (intrasite only).
10443 HTTPS vSphere Web Client on the primary site vCenter Server / Inventory Service on the secondary site The vSphere Replication UI  uses the Inventory Service of the remote vCenter Server to list target datastores.
10443 HTTPS vSphere Web Client on the secondary  site vCenter Server / Inventory Service on the primary site

During recovery, if you selected the option to synchronize the latest changes, the vSphere Web Client on the secondary site requires connectivity back to the vCenter Inventory Service on the primary site.

31031 Initial replication traffic ESXi host on primary site vSphere Replication server in the vSphere Replication appliance From the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site.
44046 Ongoing replication traffic ESXi host on primary site vSphere Replication server in the vSphere Replication appliance From the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site.

 vSphere Replication management server 1.0.x network ports

The vSphere Replication appliance requires certain ports to be open. SRM 5.0.x includes vSphere Replication 1.0.x. In vSphere Replication 1.0.x, vSphere Replication consists of a vSphere Replication management server (VRMS) appliance and one or more vSphere Replication servers.

Note: vSphere Replication management servers must have NFC traffic access to target ESXi hosts.

Default Port Protocol or Description Source Target Endpoints or Consumers
80 TCP vSphere Replication management server Remote vCenter Server All management traffic to the vSphere Replication management server goes to port 80 on the vCenter Server proxy system.
80 HTTP vSphere Replication management server Remote ESXi host Used to establish the connection before initial replication starts
902 TCP and UDP vSphere Replication management server and vSphere Replication server Remote ESXi host Used by vSphere Replication servers to send replication traffic to the destination ESXi hosts.
8043 SOAP vCenter Server Proxy vSphere Replication management server From the vCenter Server proxy to the vSphere Replication management server (intrasite only).
8080 VRMS virtual appliance management interface (VAMI) web UI Browser VRMS 1.0.x Administrator's web browser.
8123 SOAP vSphere Replication management server vSphere Replication server Management traffic from the vSphere Replication management server to the vSphere Replication servers (intrasite only).

vSphere Replication server 1.0.x to 5.5.x network ports

The vSphere Replication appliance contains a vSphere Replication server. You can deploy additional vSphere Replication servers if you use vSphere Replication 5.1 with SRM 5.1 or if you use vSphere Replication 5.5. You cannot deploy additional vSphere Replication servers if you use vSphere Replication 5.1 without SRM.

SRM 5.0.x includes vSphere Replication 1.0.x. In vSphere Replication 1.0.x, vSphere Replication consists of a vSphere Replication management server (VRMS) appliance and one or more vSphere Replication server appliances that you deploy separately from the VRMS.

If you deploy additional vSphere Replication servers, ensure that the subset of the ports that vSphere Replication servers require are open on those servers.

Default Port Protocol or Description Source Target Endpoints or Consumers
902 TCP and UDP vSphere Replication server Remote ESXi host Traffic (specifically the NFC service to the destination ESXi servers) between the vSphere Replication server and the ESXi hosts on the same site.
5480 VAMI web UI for any additional vSphere Replication servers Browser vSphere Replication server Administrator's web browser.
8123 SOAP vSphere Replication management server vSphere Replication server Management traffic from the vSphere Replication appliance or VRMS to the vSphere Replication servers (intrasite only).
31031 Initial replication traffic ESXi host on primary site vSphere Replication server From the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site.
44046 Ongoing replication traffic ESXi host on primary site vSphere Replication server From the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site.

Network ports that must be open between the SRM and vSphere Replication protected and recovery sites

SRM and vSphere Replication require that the protected and recovery sites can communicate.

Port Protocol or Description Source Target Endpoints or Consumers
80 SOAP SRM and vSphere Replication appliance or VRMS Remote vCenter Server Management traffic between SRM Server instances and vSphere Replication appliances or VRMS.
8043 SOAP vSphere Client vSphere Replication appliance 5.x or VRMS 1.0.x To allow the SRM UI to verify vSphere Replication appliance or VRMS certificates.
8095 SOAP vSphere Client SRM To allow the SRM UI to verify SRM Server certificates.
31031 Initial replication traffic ESXi host vSphere Replication appliance 5.x or vSphere Replication server From the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site.
44046 Ongoing replication traffic ESXi host vSphere Replication appliance 5.x or vSphere Replication server From the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site.

Site Recovery Manager 1.0 - 4.1.x network ports

  • VMware VirtualCenter/vCenter Server:
    • 80 – HTTP
    • 443 – SSL interface
    • 902 – VMware
    • 8096 – Tomcat

    Note: The vSphere Client must be able to communicate with vCenter Server through ports 8095 and 9007 for the SRM plug-in to function.

  • VMware Site Recovery Manager:
    • 80 – HTTP
    • 8095 – SOAP interface between the vCenter Server proxy and SRM
    • 8096 – HTTP Listen
    • 9007 – SOAP interface for external API clients
    • 9008 – HTTP Listen

    Note: The vSphere Client must be able to communicate with both SRM servers through port 8095 for the SRM plug-in to function.

See Also

This Article Replaces

1021060

Attachments

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 35 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 35 Ratings
Actions
KB: