Troubleshooting Virtual Machine Remote Console (VMRC) connectivity issues in VMware vCloud Director
Article ID: 320548
Updated On:
Products
VMware Cloud Director
Issue/Introduction
Symptoms:
- The Virtual Machine Remote Console (VMRC) appears in a disconnected state when opened.
- The VMRC always shows as connected but never shows a working window.
- The VMRC shows as connecting and then it is disconnected when opened.
Environment
VMware Cloud Director for Service Provider 5.6.x
VMware Cloud Director 5.1.x
VMware Cloud Director 5.5.x
VMware Cloud Director for Service Provider 8.0.x
VMware Cloud Director 5.1.x
VMware Cloud Director 5.5.x
VMware Cloud Director for Service Provider 8.0.x
Cause
The VMRC connectivity issue occurs due to timing, naming resolution, validation, and routing.
Resolution
These factors tend to be the reason for connectivity issues with vCloud VMRC consoles.
NTP
ESXi Hosts, vCenter Server, vCloud Cells and database servers should be able to communicate effectively. If one of these entities has an inaccurate time setting by even a few seconds this can cause issues with a request being interpreted as being in the future, that is the destination entity has a time setting behind that of the source.
Ensure that a single time source is in use so that in the case of time slip it still ensures the servers remain synchronized as the single time source is serving all the hosts. In such a situation all the servers have the identical incorrect time setting.
For more information on the importance of time synchronization, see the VCDX explanation Gotcha: The Importance of NTP to VMware vCloud Director.
DNS
Forward, reverse, full and short name look-ups respond as expected. For more information, see Identifying issues with and setting p name resolution on ESX/ESXi Server (1003735).
It is essential that all facets of DNS are able to be resolved in the environment as SSL certificates rely on DNS resolving the IP addresses to their self-contained FQDN names for the device instances.
Public Address Configuration
If vCloud Director must be publicly accessible, configure Public Address within the vCloud Director UI. To configure this setting go to System > Administration > Public Addresses: Console Proxy.The end client needs to be able to resolve this address to a corresponding Console Proxy address configured on your vCloud Cell. If this field is not populated, your client is given an Internal/Private IP of the responding Cell for which it must connect.
SSL certificates
The certificates come in two formats: Self signed or Certificate Authority (CA) signed.
Note: In vCloud Director for Service Providers 5.6.x and 8.0, if using a self-signed certificate the VMRC will be disconnected. To connect, open a web browser and go to the consoleproxy IP or DNS name and accept the certificate as trusted.
Note: In vCloud Director for Service Providers 5.6.x and 8.0, if using a self-signed certificate the VMRC will be disconnected. To connect, open a web browser and go to the consoleproxy IP or DNS name and accept the certificate as trusted.
If the certificate is Self signed, it contains a single link in the certificate chain, a Root certificate needs to be added to the Trusted Root Store within your clients operating system. This shall be used by the browser to validate the chain when connecting. Self signed certs may need to contact Microsoft to validate; this generally takes place every 60 days.
If the certificate is CA signed, it contains multiple links in the certificate, a Root and one or more Intermediate certificates need to be added to the Trusted Root and Trusted Intermediate Stores within your clients operating system. If any part of the chain is not present in the Trusted Stores, the chain shall not be trusted. CA signed certs may require internet access to validate CA (the signing authorities if not already added to the local browsers) to check revocation lists.
The Common Name (CN) value of the certificate needs to match the FQDN of the Console Proxy exactly. The only time this does not apply is when Subject Alt Name is used in the certificate, where the CN is ignored. The Subject Alt Name contains the FQDN as well as other information you wish to match.
Note: When creating or requesting certificates, make the CN name unique. As this is used to validate against an FQDN, it would not make sense for two IPs in your environment to map to the same FQDN/Domain Name.
Client Browser Proxies
If you are using a proxy for internet access on a client local to vCD within the private infrastructure, you may need to omit or exclude the console proxy target address in the Proxy Configuration of the local browser. If you do not wish for the Console Proxy address to be resolved externally you need to add the FQDN of the Console Proxy to the exclusion list. If the FQDN is console.company.com, nothing other than this string is sufficient.
Local Java Client
To test if there are underlying BEAN or JDBC errors in the connection chains, add the target vCloud URL to the local Java consoles security tab exclusion list, found in the Windows control panel and drop it to low for test purposes.
Notes:
Notes:
- Only the 32-bit version of Java is supported. Ensure that the client is not engaging the x64 version of the app, uninstall the 64-bit version, if both are installed on the client.
- If all the checks pass, then gather the vCD logs as well as the VMRC client side logs. Open a Support Request with VMware Technical Support and attach the Logs to the Support Request. For more information on collecting the vCD log bundle, see Collecting diagnostic information for VMware products (1008524).
- For more information on collecting the vCloud Director VMRC client log files, see Location of vCloud Director VMRC client log files (2001071).
Additional Information
- Configuring Network Time Protocol (NTP) on ESX/ESXi hosts using the vSphere Client (2012069)
- To configure static time servers in Redhat, see Network Time Protocol Setup.
- To set static time servers in CentOS, see CentOS Linux Install and Configure NTP to Synchronize The System Clock.
- To configure NTP for Windows, vCenter Server, and DB servers, see Windows Time Service Tools and Settings.
Note: For 2008 servers or older, search the internet for configure NTP client for the required Windows OS.
- For information on supported browsers, see:
Note: The preceding links present in this article were correct as of December 09, 2015. If you find the links are broken, please provide feedback and a VMware employee will update the link.
Collecting diagnostic information for VMware products
Location of vCloud Director VMRC client log files
Web browser support in vCloud Director 1.5
Configuring Network Time Protocol (NTP) on ESX/ESXi hosts using the vSphere Client
Supported web browsers in VMware vCloud Director 5.1
VMware vCloud Director で仮想マシン Remote Console (VMRC) の接続の問題をトラブルシューティングする
对 VMware vCloud Director 中的虚拟机远程控制台 (Virtual Machine Remote Console, VMRC) 连接问题进行故障排除
Feedback
Yes
No
Powered by
