Connecting to vCenter VMs

This topic explains how to configure vCenter VM connections, and how to open them.

In this topic:

When troubleshooting console connection issues, always try the console connection in vCenter. If you're unable to establish a console connection from vCenter, you need to troubleshoot the issue outside Commander.

Console connection methods

VMware supports both the WebMKS and VMRC (VMware Remote Console) methods for opening a console session. Each of these methods has its own set of prerequisites and limitations.

  • WebMKS console connection method

    The WebMKS method requires no additional plug-in or application to be installed, and is the default method for console connections. Commander automatically uses the WebMKS connection method for all supported versions of vCenter.

    • Secure WebSockets (wss://) must be enabled on the vCenter managed system.
    • The vCenter managed system must have a valid SSL certificate issued by a certificate authority, or from your domain.
    • When using the VM Access Proxy with WebMKS, the VM Access Proxy must have a valid SSL certificate issued by a certificate authority, or from your domain.

    If you're using WebMKS for direct console connections with ESXi 6.0 or newer hosted by vCenter 6.0 or newer and your ESXi hosts don't have CA signed certificates installed, you must add a certificate exception in your browser for Commander to open a direct console connection. See the Configuring Internet Explorer 11 for Direct Console Connections knowledge base article for setup information.

  • VMRC console connection method

    The VMRC method requires VMware Remote Console 7.0 to be installed. VMRC is a standalone Windows-only application supported on vCenter.

    The VM Access Proxy doesn't support the VMRC application.

Additional prerequisites for opening console sessions on vCenter

In addition to the requirements listed above that are specific to the WebMKS and VMRC console connection methods, note the following prerequisites:

  • For direct (non-proxied) console connections, there must be a route between the initiating user's computer and vCenter.
  • Depending on the web browser used, you may have to enable compatibility mode for connections to vCenter. Note that you can't use compatibility mode.

Configuring console credentials for connections to vCenter VMs

Console credentials are configured at the managed system level. These credentials are used for both direct (non-proxied) and secure (proxied) connections.

By default, when users open a console to a vCenter VM, they are automatically logged into vSphere using the credentials of the managed system. Allowing users to open a console on a VM means that they can carry out any command on the VM that is allowed by the managed system credentials.

Optionally, you can change the default login process used so that:

  • users are prompted for credentials. With this option, users are presented with a credentials dialog within Commander or the Service Portal.
  • users are automatically logged into vSphere using a set of credentials that you specify. This option allows you to enhance security in a VM console session. Controlling the user's credentials allows you fine-grained control over what actions they can perform on the VM.

Access through:

Views menu > Inventory > Infrastructure, Applications view, or Storage

Available to:

Commander Roles of Superuser and Enterprise Admin; must also have Administrator Access Rights on the Managed System

To configure prompting users for credentials:

  1. Right-click a managed system and select Configure Console Credentials.
  2. In the Configure Console Credentials dialog, select Prompt for credentials for Commander and/or Service Portal users.
  3. Click OK.

To configure automatic login with specific credentials:

  1. Set up one or two reduced-privilege accounts in the managed system. (You can specify separate accounts to be used by  Commander users and Service Portal users.)
  2. Right-click a managed system and select Configure Console Credentials.
  3. In the Configure Console Credentials dialog, select Use these credentials for Commander users and/or Service Portal users.
  4. Enter the user name and password for the account(s) you set up in the managed system.
  5. Click Test Credentials to ensure that these credentials can access the managed system.
  6. Click OK.

If you don't have Administrator access rights on the managed system, you can view console credentials by right-clicking a managed system and choose View Console Credentials.

Opening connections to vCenter VMs

Access through:

Views menu > Inventory > Infrastructure, Applications, or Storage

Available to:

Administrator and All Operator Levels of Access Rights

To open a connection to a vCenter VM, right-click a VM in the tree or on the Virtual Machines tab, choose Open Connection, then choose the connection type:

  • Open Console: Open a VM console. See Additional prerequisites for opening console sessions on vCenter above.
  • Open Secure Console: Open a VM console using the VM Access Proxy, in your browser.

    To open a Secure Console session in Internet Explorer, the VM Access Proxy Server's IP address must be added to either the Local Intranet zone (when on the same network as the VM Access Proxy server) or the Trusted Sites zone (when connecting from a network other than that of the VM Access Proxy server).

  • Open RDP Session: Opens an RDP connection to a running Windows VM, using the RDP client.
  • Open Secure RDP Session: Opens an RDP connection to a running Windows VM using a user name and password, in your browser, using the VM Access Proxy. In the Credentials dialog, enter the user name and password, and click OK.
  • In a secure RDP session, if Caps Lock is enabled, duplicate characters may be printed for the characters c, x, and v. Use the Shift key instead of enabling Caps Lock.

  • Open VNC Session: Opens a VNC connection to a running VM, using a VNC client.
  • Open Secure VNC Session: Opens a VNC connection to a running VM, in your browser, using the VM Access Proxy. In the Credentials dialog, enter the password and edit the default port of 5900 if required, and click OK.
  • Open Secure SSH Session: Opens an SSH connection to a running Linux or Solaris VM using a user name and password, in your browser, using the VM Access Proxy. In the Credentials dialog, enter the user name and password, and click OK.

Viewing VM consoles with screenshots

For vCenter, you can take a look, through a screenshot, at what is happening on a VM console without having to RDP into the VM.

Access through:

Views menu > Inventory > Infrastructure or Applications

Available to:

Administrator, All Operator Levels of Access Rights

To view a VM console through a screenshot:

  1. Select a powered-on VM in the tree.
  2. Right-click and select Configuration Management > View Console Screenshot.
    • If a screenshot was taken previously, that screenshot is displayed on the screen.
    • If a screenshot has not yet been taken, or if you want to update the screenshot, click Update Screenshot.
  3. Click Close to exit the screenshot.