The ability to connect to a virtual machine using a VNC client has been available since the early days of VMware GSX but is not officially supported by VMware. Use the following steps to enable VNC console Access in VMware ESXi host.
SSH to the ESXi host
chmod 644 /etc/vmware/firewall/service.xml chmod +t /etc/vmware/firewall/service.xml vi /etc/vmware/firewall/service.xml
Create a new service block before the end of ConfigRoot ( </ConfigRoot> ) tag and make sure service id.
<service id='new unique id within this file'> <id>VNC</id> <rule id='0000'> <direction>inbound</direction> <protocol>tcp</protocol> <porttype>dst</porttype> <port> <begin>5900</begin> <end>6199</end> </port> </rule> </service>
We need to open the VNC ports on the ESXi firewall. Add the ESXi Firewall rules and Verify that Ports.
On the ESXi host, execute the following commands
esxcli network firewall refresh esxcli network firewall ruleset set --ruleset-id VNC --enabled true
Verify that the firewall rules were applied and the ports are open by executing the following commands
esxcli network firewall ruleset list # You should see a rule labelled VNC in the output esxcli network firewall ruleset rule list # You should see the details of VNC rule i.e. port range, protocol, direction, etc.
Enable VNC for Existing Virtual Machines
To enable VNC console for existing VMs, power off the VM and use one of the following:
Using vSphere Web Client
Click on “edit settings”-> Select the “VM Options” tab->Expand the “Advanced” section-> click on “Edit configuration” and add the settings.
Directly on ESXi Host
The required .vmx configuration can also be applied to virtual machines running on ESXi.
Edit the Virtual Machine *.vmx file directly with the lines mentioned here. RemoteDisplay.vnc.enabled = "TRUE" RemoteDisplay.vnc.port =
Be sure to choose a port number within the range you specified in the VNC.xml custom firewall rule, also make sure your .vmx configuration port is a conflict with existing one. Try this to verify.
grep "vnc.port" */*/*/*/*.vmx
Also remoteDisplay.vnc.password = “password” seems to be optional.