Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Port numbers that must be open for Site Recovery Manager, vSphere Replication, and vCenter Server (1009562)

Symptoms

Site Recovery Manager (SRM) and vSphere Replication can experience problems if the required network ports are not open.
  • Site Recovery Manager fails to establish site pairing due to connection termination over port 8095.
  • Site Recovery Manager connection to remote site breaks frequently.

Purpose

In an SRM or vSphere Replication deployment, both the protected and recovery sites must be able to resolve their connected vCenter Server by name. The respective ports must be open on both sites for uninterrupted communication.

For the list of default ports that all VMware products use, see TCP and UDP Ports required to access vCenter Server, ESXi/ESX hosts, and other network components (1012382).

Resolution

You must ensure that all the required network ports are open for SRM and vSphere Replication to function correctly.
General networking guidelines:
  • When troubleshooting SRM and vSphere Replication pairing and testing issues, eliminate firewalls and security applications as a possible cause of the problem by temporarily disabling or removing the software or item in question.
  • If you are using a VPN adapter such as SonicWALL or Juniper, ensure that the timeout setting is set to the maximum for any tunnel that is open on the required ports.

Site Recovery Manager 5.x and vSphere Replication 1.0.x and 5.x network ports

The different components that make up SRM and vSphere Replication deployments, namely vCenter Server, SRM Server, the vSphere Replication appliance, and vSphere Replication servers, require different ports to be open.

Image of the ports that SRM and vSphere Replication use:

Note: For the full size image and other graphic representations of the port relationships, see the images attached at the bottom of this article.



vCenter Server and ESXi 5.x network ports that SRM requires

SRM and vSphere Replication require certain ports to be open on vCenter Server:

Default PortProtocol or DescriptionSourceTargetDescription
80HTTPSRMRemote vCenter ServerAll management traffic to SRM Server goes to port 80 on the vCenter Server proxy system.
443HTTPSSRMvCenter ServerDefault SSL Web port
902TCPSRMRemote ESXi hostTraffic from the SRM Server on the recovery site to ESX hosts when recovering or testing virtual machines with IP customization, with configured callout commands on recovered virtual machines, or that use raw disk mapping (RDM). All NFC traffic for updating or patching the VMX files of virtual machines that are replicated using vSphere Replication use this port.

SRM Server 5.x network ports

The SRM Server instances on the protected and recovery sites require certain ports to be open.

Note: SRM Server at the recovery site must have NFC traffic access to the target ESXi servers.

Default PortProtocol or DescriptionSourceTargetEndpoints or Consumers
80TCPSRMRemote vCenter ServerAll management traffic to SRM Server goes to port 80 on the vCenter Server proxy system.
80TCPSRMLocal vCenter ServerManagement traffic to the local vSphere Replication management server (VRMS) goes to port 80 on the local vCenter Server proxy system.
443TCPSRMvCenter ServerDefault SSL Web Port for incoming TCP traffic
902TCP and UDPSRMRemote ESXi hostTraffic from the SRM Server on the recovery site to ESXi hosts when recovering or testing virtual machines with IP customization, with configured callout commands on recovered virtual machines, or that use raw disk mapping (RDM). All NFC traffic for updating or patching the VMX files of virtual machines that are replicated using vSphere Replication use this port.
1433TCPSRMMicrosoft SQL ServerSRM connectivity to Microsoft SQL Server (for SRM database)
1521TCPSRMOracle Database ServerSRM database connectivity to Oracle
1526TCPSRMOracle Database ServerSRM database connectivity to Oracle
5000TCPSRMIBM DB2 Database ServerSRM database connectivity to IBM DB2
8095SOAPvCenter Server and vSphere ClientSRMFrom the vCenter Server proxy to the SRM Server (intrasite only).
9007TCPSRM External API ClientSRMUsed by external API clients for task automation.
9085HTTPvCenter ServerSRMHTTP interface for downloading the UI plug-in and icons. This port must be accessible from the vCenter Server proxy system.
9086HTTPSvCenter ServerSRMSRM client plug-in download between the vCenter Server proxy and SRM.

vSphere Replication Appliance 5.x network ports

The vSphere Replication appliance requires certain ports to be open. In SRM 5.1 and later and vSphere Replication 5.x, vSphere Replication is shipped as a combined appliance that contains both the vSphere Replication management server (VRMS) and a vSphere Replication server. SRM 5.x allows you to deploy additional vSphere Replication servers.

Note: vSphere Replication management servers must have NFC traffic access to target ESXi hosts.

Default PortProtocol or DescriptionSourceTargetEndpoints or Consumers
80TCPvSphere Replication applianceRemote vCenter ServerAll management traffic to the vSphere Replication appliance goes to port 80 on the vCenter Server proxy system.
80HTTPvSphere Replication applianceRemote ESXi hostUsed to establish the connection before initial replication starts
902TCP and UDPvSphere Replication server in the vSphere Replication applianceRemote ESXi hostUsed by vSphere Replication servers to send replication traffic to the destination ESXi hosts.
5480vSphere Replication appliance virtual appliance management interface (VAMI) Web UI (vSphere Replication 5.x)BrowservSphere Replication 5.x applianceAdministrator's Web browser.
8043SOAPvCenter Server ProxyvSphere Replication applianceFrom the vCenter Server proxy to the vSphere Replication appliance (intrasite only).
8123SOAPvSphere Replication appliancevSphere Replication serverManagement traffic from the vSphere Replication appliance to additional vSphere Replication servers (intrasite only).
10443 HTTPSvSphere Web Client on primary site vCenter Server on secondary site

The vSphere Replication UI  uses the Inventory Service of the remote vCenter Server to list target datastores.

31031Initial replication trafficESXi host on primary sitevSphere Replication server in the vSphere Replication applianceFrom the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site.
44046Ongoing replication trafficESXi host on primary sitevSphere Replication server in the vSphere Replication applianceFrom the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site.

vSphere Replication Management Server 1.0.x network ports

The vSphere Replication appliance requires certain ports to be open. SRM 5.0.x includes vSphere Replication 1.0.x. In vSphere Replication 1.0.x, vSphere Replication consists of a vSphere Replication management server (VRMS) appliance and one or more vSphere Replication servers.

Note: vSphere Replication management servers must have NFC traffic access to target ESXi hosts.

Default PortProtocol or DescriptionSourceTargetEndpoints or Consumers
80TCPvSphere Replication management serverRemote vCenter ServerAll management traffic to the vSphere Replication management server goes to port 80 on the vCenter Server proxy system.
80HTTPvSphere Replication management serverRemote ESXi hostUsed to establish the connection before initial replication starts
902TCP and UDPvSphere Replication management server and vSphere Replication serverRemote ESXi hostUsed by vSphere Replication servers to send replication traffic to the destination ESXi hosts.
8043SOAPvCenter Server ProxyvSphere Replication management serverFrom the vCenter Server proxy to the vSphere Replication management server (intrasite only).
8080VRMS virtual appliance management interface (VAMI) Web UIBrowserVRMS 1.0.xAdministrator's Web browser.
8123SOAPvSphere Replication management servervSphere Replication serverManagement traffic from the vSphere Replication management server to the vSphere Replication servers (intrasite only).

vSphere Replication Server 1.0.x and 5.x network ports

The vSphere Replication 5.x appliance contains a vSphere Replication server. You can deploy additional vSphere Replication servers if you use vSphere Replication 5.1 with SRM 5.1 or if you use vSphere Replication 5.5. You cannot deploy additional vSphere Replication servers if you use vSphere Replication 5.1 without SRM.

SRM 5.0.x includes vSphere Replication 1.0.x. In vSphere Replication 1.0.x, vSphere Replication consists of a vSphere Replication management server (VRMS) appliance and one or more vSphere Replication server appliances that you deploy separately from the VRMS.

If you deploy additional vSphere Replication servers, ensure that the subset of the ports that vSphere Replication servers require are open on those servers.

Default PortProtocol or DescriptionSourceTargetEndpoints or Consumers
902TCP and UDPvSphere Replication serverRemote ESXi hostTraffic (specifically the NFC service to the destination ESXi servers) between the vSphere Replication server and the ESXi hosts on the same site.
5480VAMI Web UI for any additional vSphere Replication serversBrowservSphere Replication serverAdministrator's Web browser.
8123SOAPvSphere Replication management servervSphere Replication serverManagement traffic from the vSphere Replication appliance or VRMS to the vSphere Replication servers (intrasite only).
31031Initial replication trafficESXi host on primary sitevSphere Replication serverFrom the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site.
44046Ongoing replication trafficESXi host on primary sitevSphere Replication serverFrom the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site.

Network ports that must be open between the SRM and vSphere Replication protected and recovery sites

SRM and vSphere Replication require that the protected and recovery sites can communicate.

PortProtocol or DescriptionSourceTargetEndpoints or Consumers
80SOAPSRM and vSphere Replication appliance or VRMSRemote vCenter ServerManagement traffic between SRM Server instances and vSphere Replication appliances or VRMS.
8043SOAPvSphere ClientvSphere Replication appliance 5.x or VRMS 1.0.xTo allow the SRM UI to verify vSphere Replication appliance or VRMS certificates.
8095SOAPvSphere ClientSRMTo allow the SRM UI to verify SRM Server certificates.
31031Initial replication trafficESXi hostvSphere Replication appliance 5.x or vSphere Replication serverFrom the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site.
44046Ongoing replication trafficESXi hostvSphere Replication appliance 5.x or vSphere Replication serverFrom the ESXi host at the protected site to the vSphere Replication appliance or vSphere Replication server at the recovery site.

Site Recovery Manager 1.0 - 4.1.x network ports

  • VMware VirtualCenter/vCenter Server:
    • 80 – HTTP
    • 443 – SSL interface
    • 902 – VMware
    • 8096 – Tomcat

    Note: The vSphere Client must be able to communicate with vCenter Server through ports 8095 and 9007 for the SRM plug-in to function.

  • VMware Site Recovery Manager:
    • 80 – HTTP
    • 8095 – SOAP interface between the vCenter Server proxy and SRM
    • 8096 – HTTP Listen
    • 9007 – SOAP interface for external API clients
    • 9008 – HTTP Listen

    Note: The vSphere Client must be able to communicate with both SRM servers through port 8095 for the SRM plug-in to function.

See Also

This Article Replaces

1021060

Attachments

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 26 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 26 Ratings
Actions
KB: