Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides
 
Search the VMware Knowledge Base (KB)   View by Article ID
 

Required ports for VMware vCenter Server 5.5 (2051575)

Purpose

This article provides information on the required ports for VMware vCenter Server 5.5.

Note: For information on the required ports for vCenter Server Appliance 5.x, see Required ports for vCenter Server Appliance 5.x (2012773).

Resolution

The VMware vCenter Server system must be able to send data to every managed host and receive data from every vSphere Client. To enable migration and provisioning activities between managed hosts, the source and destination hosts must be able to receive data from each other.

VMware uses designated ports for communication. Additionally, the managed hosts monitor designated ports for data from the vCenter Server system. If a firewall exists between any of these elements and the Windows firewall service is in use, the installer opens the ports during the installation process. For custom firewalls, you must manually open the required ports. If you have a firewall between two managed hosts and you want to perform source or target activities such as migration or cloning, you must configure a means for the managed hosts to receive data.

Note: In Microsoft Windows Server 2008, a firewall is enabled by default.

This table outlines the ports required for communication between components:

Port
Protocol
Description
80
TCP
vCenter Server requires port 80 for direct HTTP connections. Port 80 redirects requests to HTTPS port 443. This redirection is useful if you accidentally use http://server instead of https://server.
 
Note: Microsoft Internet Information Services (IIS) also use port 80. For more information, see the Conflict Between vCenter Server and IIS for Port 80 section in the vSphere Installation and Setup guide.
88
TCP
vCenter Single Sign-On - VMware Kdc Service
389
TCP/UDP
This port must be open in the local and all remote instances of vCenter Server. This is the LDAP port number for the Directory Services for the vCenter Server group. The vCenter Server system needs to bind to port 389, even if you are not joining this vCenter Server instance to a Linked Mode group. If another service is running on this port, it might be preferable to remove it or change its port to a different port. You can run the LDAP service on any port from 1025 through 65535.

If this instance is serving as the Microsoft Windows Active Directory, change the port number from 389 to an available port from 1025 through 65535.
443TCPThe default port that the vCenter Server system uses to listen for connections from the vSphere Client. To enable the vCenter Server system to receive data from the vSphere Client, open port 443 in the firewall.

The vCenter Server system also uses port 443 to monitor data transfer from SDK clients.

This port is also used for the these services:
  • WS-Management (also requires port 80 to be open)
  • vSphere Client access to vSphere Update Manager
  • Third-party network management Client connections to vCenter Server
  • Third-party network management Clients access to hosts
902
TCP/UDP
This is the default port used by the vCenter Server system to send data to managed hosts. Managed hosts also send a regular heartbeat over UDP port 902 to the vCenter Server system. This port must not be blocked by firewalls between the server and the hosts or between hosts.
903TCPAccess a virtual machine console from the vSphere Client when the vSphere Client is connected directly to the ESXi host (no vCenter Server).
1234, 1235TCPvSphere Replication
2012
TCP
vCenter Single Sign-On - VMware Directory Service
2013
TCP
vCenter Single Sign-On - VMware Kdc Service
2014
TCP
vCenter Single Sign-On - VMware Certificate Service
8080
TCP
Web Services HTTP. Used for the VMware VirtualCenter Management Web Services.
8443
TCP
Web Services HTTPS. Used for the VMware VirtualCenter Management Web Services.
60099
TCP
Web Service change service notification port
6501
TCP
Auto Deploy service
6502
TCP
Auto Deploy management
7005TCPvCenter Single Sign-On
7009TCPvCenter Single Sign-On
7080
TCP
vCenter Single Sign-On HTTP Port
7331TCP
vSphere Web Client - HTML5 Remote Console
7343
TCP
vSphere Web Client - HTML5 Remote Console, HTTPS (vCenter 5.5 Update 2 and later)
7444
TCP
vCenter Single Sign-On - VMware Secure Token Service
8000TCPRequests from vMotion
8009TCPAJP connector port for vCenter Server Appliance communication with Tomcat
8100TCPTraffic between ESXi hosts for vSphere Fault Tolerance (FT)
8182TCPTraffic between ESXi hosts for vSphere High Availability (HA)
8200TCPTraffic between ESXi hosts for vSphere Fault Tolerance (FT)
9000 -9010
TCP
Port range used if 80 and 443 are unavailable for communication to the ESXi hosts.
9443
TCP
vSphere Web Client HTTPS
9875 - 9877TCPvSphere Web Client Java Management Extension (JMX). Dynamically acquired upon the vSphere Web Client service starting.
9090
TCP
vSphere Web Client HTTP
10080
TCP
vCenter Inventory Service HTTP
10111
TCP
vCenter Inventory Service Linked Mode Communication
10443
TCP
vCenter Inventory Service HTTPS
11711
TCP
vCenter Single Sign-On - VMware Directory Service (LDAP)
11712
TCP
vCenter Single Sign-On - VMware Directory Service (LDAPS)
12721
TCP
vCenter Single Sign-On - VMware Identity Management Service
49000 - 65000
TCP
vCenter Single Sign-On - VMware Identity Management Service. Dynamically acquired upon the VMware Identity Management Service starting.
8190
TCP
Storage Policy Server HTTP
8191
TCP
Storage Policy Server HTTPS
22000
TCP
vCenter Server Storage Monitoring Service HTTP
22100
TCP
vCenter Server Storage Monitoring Service HTTPS
31010
TCP
VMware vSphere Profile-Driven Storage Service HTTP
31100TCPVMware vSphere Profile-Driven Storage Service HTTPS
32010
TCP
VMware Storage Management Service HTTP
32100
TCP
VMware Storage Management Service HTTPS
12443TCPLog Browser
 
Note: If you want the vCenter Server system to use a different port to receive the vSphere Web Client data, see the vCenter Server and Host Management Guide.

vCenter Server 5.5 Linked Mode specific ports:

This table contains the ports that need to opened through the firewall for Linked Mode.

Note:  All ports need to be opened for bi-directional communication on all Linked mode nodes.

PortProtocolDescription
135TCP/UDPUsed by ADAM for RPC communications between vCenter Servers in Linked Mode.
389TCP/UDP
This port must be open in the local and all remote instances of vCenter Server. This is the LDAP port number for the Directory Services for the vCenter Server group. The vCenter Server system needs to bind to port 389, even if you are not joining this vCenter Server instance to a Linked Mode group. If another service is running on this port, it might be preferable to remove it or change its port to a different port. You can run the LDAP service on any port from 1025 through 65535.

If this instance is serving as the Microsoft Windows Active Directory, change the port number from 389 to an available port from 1025 through 65535.
636TCPThis is the SSL port of the local instance for vCenter Server Linked Mode. If another service is running on this port, it might be preferable to remove it or change its port. You can run the SSL service on any port from 1025 through 65535.
1024TCPRPC communication on dynamic TCP ports is required between all vCenters that need to replicate (through ADAM).
7500UDPvCenter Inventory Service Groups diagnostics port for Inventory Service instances.
8443TCPVMware Web Management Services Linked Mode Communication port.
10111TCPvCenter Inventory Service Linked Mode Communication.
10443TCPvCenter Inventory Service Linked Mode Communication between Inventory Service instances.

This can be changed during the vCenter Server installation and should be adjusted in the firewall settings as needed.

Note:  For more information on the ports used for ADAM, see Network Ports Used by ADAM.

Note: The preceding link was correct as of August 26, 2015. If you find the link is broken, provide a feedback and a VMware employee will update the link.

Additional Information

For information on port requirements for vCenter Server 5.1, see Required ports for vCenter Server 5.1.x (2031843).

See Also

Update History

03/26/2014 - Added Port 443 details

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 31 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)
  • 31 Ratings
Actions
KB: