Enable VNC Console Access in VMware ESXi

The ability to connect to a virtual machine using a VNC client has been available since the early days of VMware GSX but is not officially supported by VMware. Use the following steps to enable VNC console Access in VMware ESXi host.

ESXi host firewall configuration

ESXi host firewall configuration

SSH to the ESXi host

chmod 644 /etc/vmware/firewall/service.xml
chmod +t /etc/vmware/firewall/service.xml
vi /etc/vmware/firewall/service.xml

Create a new service block before the end of ConfigRoot ( </ConfigRoot> ) tag and make sure service id.

<service id='new unique id within this file'>
<id>VNC</id>
<rule id='0000'>
<direction>inbound</direction>
<protocol>tcp</protocol>
<porttype>dst</porttype>
<port>
<begin>5900</begin>
<end>6199</end>
</port>
</rule>
</service>

We need to open the VNC ports on the ESXi firewall. Add the ESXi Firewall rules and Verify that Ports.

On the ESXi host, execute the following commands

esxcli network firewall refresh
esxcli network firewall ruleset set --ruleset-id VNC --enabled true

Verify that the firewall rules were applied and the ports are open by executing the following commands

esxcli network firewall ruleset list
# You should see a rule labelled VNC in the output

esxcli network firewall ruleset rule list
# You should see the details of VNC rule i.e. port range, protocol, direction, etc.

 

Enable VNC for Existing Virtual Machines

 

To enable VNC console for existing VMs, power off the VM and use one of the following:

Using vSphere Web Client

Click on “edit settings”-> Select the “VM Options” tab->Expand the “Advanced” section-> click on “Edit 
configuration” and add the settings.

Directly on ESXi Host

The required .vmx configuration can also be applied to virtual machines running on ESXi.

Edit the Virtual Machine *.vmx file directly with the lines mentioned here.
RemoteDisplay.vnc.enabled = "TRUE"
RemoteDisplay.vnc.port =

Notes:

Be sure to choose a port number within the range you specified in the VNC.xml custom firewall rule, also make sure your .vmx configuration port is a conflict with existing one. Try this to verify.

grep "vnc.port" */*/*/*/*.vmx

Also remoteDisplay.vnc.password = “password” seems to be optional.