TCP and UDP ports required to access VMware vCenter Server
search cancel

TCP and UDP ports required to access VMware vCenter Server

book

Article ID: 326184

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

This article lists the TCP and UDP ports required for VMware vCenter Server.

Resolution

vCenter Server 6.5 - vCenter Server 8.0

The information has moved. Please refer to VMware Ports and Protocols for a comprehensive list of the TCP and UDP ports required for current vSphere versions.

 

vCenter Server 5.x - vCenter Server 6.0

ProductPortProtocolSourceTargetPurpose
Heartbeat52267TCPvCenter Server Heartbeat ConsolevCenter Server Heartbeat ServerClient Connection Port
Heartbeat57348TCPvCenter Server Primary ServervCenter Server Secondary ServerDefault Channel Port to communicate between Primary and Secondary server
vCenter Server 5.x25TCPvCenter ServerSMTP ServerEmail notifications
vCenter Server 5.x53UDPvCenter ServerDNS ServerDNS lookups
vCenter Server 5.x80TCPClient PCvCenter ServervCenter Server requires port 80 for direct HTTP connections.
vCenter Server 5.x80TCPvCenter ServerESXi 5.xDPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol
vCenter Server 5.x88UDPvCenter ServerActive Directory ServerAD Authentication
vCenter Server 5.x88TCPvCenter ServerActive Directory ServerAD Authentication
vCenter Server 5.x135TCPvCenter ServervCenter ServerUsed by ADAM for RPC communications between vCenter Servers in Linked Mode.
vCenter Server 5.x161UDPSNMP ServervCenter ServerSNMP Polling
vCenter Server 5.x162UDPvCenter ServerSNMP ServerSNMP Trap Send
vCenter Server 5.x389TCP/UDPvCenter ServerLinked vCenter ServersThis port must be open in the local and all remote instances of vCenter Server. This is the LDAP port number for the Directory Services for the vCenter Server group. The vCenter Server system needs to bind to port 389, even if you are not joining this vCenter Server instance to a Linked Mode group. If another service is running on this port, it might be preferable to remove it or change its port to a different port. You can run the LDAP service on any port from 1025 through 65535.
vCenter Server 5.x443TCPvSphere ClientvCenter ServervCenter Server system uses to listen for connections from the vSphere Client.
vCenter Server 5.x443TCPvCenter ServerESXi 5.xvCenter Agent. Host DPM with HP iLO Remote Management and Control Protocol
vCenter Server 5.x623UDPvCenter ServerESXi 5.xDPM with IPMI (iLO/BMC) ASF Remote Management and Control Protocol
vCenter Server 5.x636TCPvCenter ServersLinked vCenter ServersThis is the SSL port of the local instance for vCenter Server Linked Mode. If another service is running on this port, it might be preferable to remove it or change its port. You can run the SSL service on any port from 1025 through 65535.
vCenter Server 5.x902TCPvCenter ServerESXi 5.xvCenter Server system uses to send data to managed hosts. This port must not be blocked by firewalls between the server and the hosts or between hosts.
vCenter Server 5.x902TCP/UDPvSphere ClientESXi 5.xvSphere Client uses this ports to display virtual machine consoles.
vCenter Server 5.x902TCP/UDPESXi 5.xESXi 5.xHost access to other hosts for migration and provisioning
vCenter Server 5.x1024 (dynamic)RPCLinked vCenter ServersLinked vCenter ServersBi-directional RPC communication on dynamic TCP ports is required between all vCenters that need to replicate (via ADAM).
vCenter Server 5.x1433TCPvCenter ServerMicrosoft SQL ServerFor vCenter Microsoft SQL Server Database
vCenter Server 5.x1521TCPvCenter ServerOracle Database ServerFor vCenter Oracle Database
vCenter Server 5.x5988TCPESXi 5.xvCenter ServerCIM transactions over HTTP
vCenter Server 5.x5989TCPvCenter ServerESXi 5.xCIM XML transactions over HTTPS
vCenter Server 5.x5989TCPESXi 5.xvCenter ServerCIM XML transactions over HTTPS
vCenter Server 5.x7500UDPvCenter ServerLinked vCenter ServersvCenter Inventory Service Groups diagnostics port for Inventory Service instances.
vCenter Server 5.x8005TCPvCenter ServervCenter ServerInternal Communication Port
vCenter Server 5.x8006TCPvCenter ServervCenter ServerInternal Communication Port
vCenter Server 5.x8009TCPvCenter ServervCenter ServerAJP Port
vCenter Server 5.x8080TCPClient PCvCenter ServerWeb Services HTTP. Used for the VMware VirtualCenter Management Web Services
vCenter Server 5.x8083TCPvCenter ServervCenter ServerInternal Service Diagnostics
vCenter Server 5.x8085TCPvCenter ServervCenter ServerInternal Service Diagnostics/SDK
vCenter Server 5.x8086TCPvCenter ServervCenter ServerInternal Communication Port
vCenter Server 5.x8087TCPvCenter ServervCenter ServerInternal Service Diagnostics
vCenter Server 5.x8089TCPvCenter ServervCenter ServerSDK Tunneling Port
vCenter Server 5.x8443TCPClient PCLinked vCenter ServersWeb Services HTTPS. Used for the VMware VirtualCenter Management Web Services.
vCenter Server 5.x8443TCPvCenter ServervCenter ServerVMware Web Management Services Linked Mode Communication port
vCenter Server 5.x9443TCPClient PCvCenter ServervSphere Web Client Access
vCenter Server 5.x10111TCPvCenter ServerLinked vCenter ServersvCenter Inventory Service Linked Mode Communication
vCenter Server 5.x10443TCPClient PCLinked vCenter ServersvCenter Inventory Service Linked Mode Communication between Inventory Service instances.This can be changed during the vCenter Server installation and should be adjusted in the firewall settings as needed.
vCenter Server 5.x51915TCPESXivSphere Authentication ProxyThis is a web service, which is used to add host to Active Directory domain.
vCenter Server 5.x60099TCPvCenter ServervCenter ServerWeb Service change service notification port
vCenter Server 5.17005TCPvCenter Server (Tomcat Server settings)vCenter Single Sign-OnBase shutdown port.
For more information, see Configuring VMware Tomcat Server Settings in vCenter Server 5.1.
vCenter Server 5.17080TCPvCenter Server (Tomcat Server settings)vCenter Single Sign-OnHTTP Port
vCenter Server 5.17009TCPvCenter Server (Tomcat Server settings)vCenter Single Sign-OnAJP Port
vCenter Server 5.149152 to 65535TCPActive DirectoryvCenter ServerAllow Active Directory authentication/communication between domain controllers and vCenter Server.
vCenter Server 5.1/5.57444TCPvCenter Server (Tomcat Server settings)vCenter Single Sign-OnLookup Service, HTTPS Port
vCenter Server 5.1/5.58003TCPvCenter Server (Tomcat Server settings)vCenter Server Management Web ServicesvCenter Server Management Web Service shutdown
vCenter Server 5.531000 to 32999TCPvCenter Single Sign-OnvCenter Single Sign-OnInternal Communication Ports for VMware Secure Token Service, which uses two available ports. One port from the 31000 to 31999 range and one port from the 32000 to 32999 range.
vCenter Server 5.588TCPvCenter ServervCenter Single Sign-OnKdc Service
vCenter Server 5.52012TCPvCenter Server (Tomcat Server settings)vCenter Single Sign-OnDirectory Service
vCenter Server 5.52013TCPvCenter Server (Tomcat Server settings)vCenter Single Sign-OnKdc Service
vCenter Server 5.52014TCPvCenter Server (Tomcat Server settings)vCenter Single Sign-OnVMware Certificate Service inter-communications with vCenter Single Sign-On
vCenter Server 5.56501TCPAuto Deploy serviceESXi HostAuto Deploy Service
vCenter Server 5.56502TCPAuto Deploy ManagervSphere ClientAuto Deploy Manager Service
vCenter Server 5.57331TCPvSphere Web ClientvCenter Server (Tomcat Server settings)HTML5 remote console for virtual machines
vCenter Server 5.5 Update 2 and later7343TCPvSphere Web ClientvCenter Server (Tomcat Server settings)HTML5 remote console for virtual machines, HTTPS
vCenter Server 5.57444TCPvCenter Server (Tomcat Server settings)vCenter Single Sign-OnLookup Service, HTTPS port
vCenter Server 5.58190TCPvCenter ServervCenter ServerStorage Policy Server HTTP
vCenter Server 5.58191TCPvCenter ServervCenter ServerStorage Policy Server HTTPS
vCenter 5.59875-9877TCPvSphere Web ClientvSphere Web ClientvSphere Web Client Java Management Extension (JMX). Dynamically acquired upon the vSphere Web Client service starting.
vCenter Server 5.59090TCPvSphere Web Client HTTPvSphere Web ClientHTTP redirect to HTTPS
vCenter Server 5.511711TCPvCenter Single Sign-OnvCenter Single Sign-OnDirectory service LDAP use for replication between vCenter Single Sign-On nodes
vCenter Server 5.511712TCPvCenter Single Sign-OnvCenter Single Sign-OnDirectory service LDAPS use for replication between vCenter Single Sign-On nodes
vCenter Server 5.512721TCPvCenter Single Sign-OnvCenter Single Sign-OnIdentity Management Service (IDM) internal client/server communication port.
Used by VMware Identity Management Service.
vCenter Server 5.512443TCPLog BrowservCenter ServerLog Browser
vCenter Server 5.522000TCPvCenter ServervCenter ServervCenter Server Storage Monitoring Service HTTP
vCenter Server 5.522100TCPvCenter ServervCenter ServervCenter Server Storage Monitoring Service HTTPS
vCenter Server 5.531000TCPvCenter ServervCenter ServerVMware vSphere Profile-Driven Storage Service HTTP
vCenter Server 5.531100TCPvCenter ServervCenter ServerVMware vSphere Profile-Driven Storage Service HTTPS
vCenter Server 5.549000 to 65000TCPActive DirectoryvCenter ServerAllow Active Directory authentication/communication between domain controllers and vCenter Server.Used by the VMware Identity Management Service
vCenter Server 6.022TCP/UDPvCenter ServerSSH ClientSystem port for SSHD. This port is only used by the vCenter Server Appliance
vCenter Server 6.080TCPClient PCvCenter ServervCenter Server requires port80for direct HTTP connections. Port80redirects requests to HTTPS port 443. This redirection is useful if you accidentally usehttp://serverinstead ofhttps://server.

WS-Management (also requires port 443 to be open).

If you use a Microsoft SQL database that is stored on the same virtual machine or physical server as vCenter Server, port 80 is used by the SQL Reporting Service.

When you install or upgrade vCenter Server, the installer prompts you to change the HTTP port for vCenter Server. Change the vCenter Server HTTP port to a custom value to ensure a successful installation or upgrade.
vCenter Server 6.088TCPvCenter ServerActive Directory ServerVMware key distribution center port
vCenter Server 6.0389TCP/UDPvCenter ServerLinked vCenter ServersThis port must be open on the local and all remote instances of vCenter Server. This is the LDAP port number for the Directory Services for the vCenter Server group.

If another service is running on this port, it might be preferable to remove it or change its port to a different port. You can run the LDAP service on any port from 1025 through 65535.
vCenter Server 6.0443TCPvSphere Web ClientvCenter ServerThe default port that the vCenter Server system uses to listen for connections from the vSphere Web Client. To enable the vCenter Server system to receive data from the vSphere Web Client, open port 443 in the firewall.
The vCenter Server system also uses port 443 to monitor data transfer from SDK clients.


Port 443 is also used for these services:

WS-Management (also requires port 80 to be open)

Third-party network management client connection to vCenter Server. 
Third-party network management clients access to host
vCenter Server 6.0514UDPSyslog CollectorSyslog CollectorvSphere Syslog Collector port for vCenter Server on Windows and vSphere Syslog Service port for vCenter Server Appliance
vCenter Server 6.0636TCPPlatform Service ControllerManagement NodesFor vCenter Server Enhanced Linked Mode, this is the SSL port of the local instance. If another service is running on this port, it might be preferable to remove it or change its port to a different port. You can run the SSL service on any port from 1025through65535. This port is also used during install to verify SSL certificates.
vCenter Server 6.0902TCP/UDPvCenter ServerESXi 6.0/5.xThe default port that the vCenter Server system uses to send data to managed hosts. Managed hosts also send a regular heartbeat over UDP port 902to the vCenter Server system. 

This port must not be blocked by firewalls between the server and the hosts or between hosts.

Port 902 must not be blocked between the vSphere Client and the hosts. The vSphere Client uses this port to display virtual machine consoles.
vCenter Server 6.010080TCPvCenter ServerInventory ServicevCenter Server vCenter Inventory Service HTTP
vCenter Server 6.01514TCP/UDPSyslog CollectorSyslog CollectorvSphere Syslog Collector TLS port for vCenter Server on Windows and vSphere Syslog Service TLS port for vCenter Server Appliance
vCenter Server 6.02012TCPvCenter Server (Tomcat Server settings)vCenter Single Sign-OnControl interface RPC for vCenter Single Sign-On(SSO).
vCenter Server 6.02014TCPvCenter Server (Tomcat Server settings)vCenter Single Sign-OnRPC port for all VMCA (VMware Certificate Authority) APIs.
vCenter Server 6.02020TCP/UDPvCenter ServervCenter ServerAuthentication framework management
vCenter Server 6.06500TCP/UDPvCenter ServerESXi hostESXi Dump Collector port
vCenter Server 6.06501TCPAuto Deploy serviceESXi HostAuto Deploy service
vCenter Server 6.06502TCPAuto Deploy ManagervSphere ClientAuto Deploy management
vCenter Server 6.07444TCP  Secure Token Service
vCenter Server 6.08009TCPvCenter ServervCenter ServerAJP Port
vCenter Server 6.08089TCPvCenter ServervCenter ServerSDK Tunneling Port
vCenter Server 6.09443TCPvSphere Web Client ServervSphere Web ClientvSphere Web Client HTTPS
vCenter Server 6.011711TCPvCenter Single Sign-OnvCenter Single Sign-OnVMware Directory service (vmdir) LDAP
vCenter Server 6.011712TCPvCenter Single Sign-OnvCenter Single Sign-OnVMware Directory service (vmdir) LDAPS


Powered by Wolken Software