Enable VNC on VMware Deployments

This article outlines the steps needed to enable VNC on VMware, so that the VNC console can be used within the Platform9 UI.

Step 1 – Changes Needed on the ESXi Hosts Housing the Virtual Machines

SSH to the ESXi host (not vCenter). We need to open the VNC ports on the ESXi firewall. These steps need to be performed on all the ESX hosts that are part of the clusters authorized with Platform9 controller. An automated script for doing same is coming soon.

chmod 644 /etc/vmware/firewall/service.xml
chmod +t /etc/vmware/firewall/service.xml
vi /etc/vmware/firewall/service.xml

Create a new service block before the end of ConfigRoot tag:

<service id='new unique id within this file'>
<rule id='0000'>

Step 2 – Add Firewall Rules to the ESXi Firewall and Verify that Ports Have Been Opened

On the ESXi host, execute the following commands

esxcli network firewall refresh
esxcli network firewall ruleset set --ruleset-id VNC --enabled true

Verify that the firewall rules were applied and the ports are open by executing the following commands

esxcli network firewall ruleset list
# You should see a rule labelled VNC in the output

esxcli network firewall ruleset rule list
# You should see the details of VNC rule i.e. port range, protocol, direction, etc.

Step 3 – Enable VNC for Existing Virtual Machines (Optional)

To enable VNC console for existing VMs, power off the VM and use one of the following:

  1. Using vSphere Web Client
    Click on “edit settings”-> Select the “VM Options” tab->Expand the “Advanced” section-> click on “Edit configuration” and add the settings mentioned at the end of this step
  2. Directly on ESXi Host
    Edit the *.vmx file of the corresponding VM and the lines mentioned here.
RemoteDisplay.vnc.enabled = "TRUE"
RemoteDisplay.vnc.port = 

1. The key point in the step 3 is to make sure that the port number that you are adding does not collide with any other VM. One way to verify that is to SSH into the ESXi host and run grep on all the *.vmx files and choose a port that is not present in the output

grep "vnc.port" */*/*/*/*.vmx

2. For VNC console to work, the appliance, the ESX host, and the browser where the VNC is being accessed need to have IP connectivity to each other.

The browser you are using is outdated. For the best experience please download or update your browser to one of the following: