WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud Foundation
  • VKS
  • Homelab
    • Resources
    • Nested Virtualization
  • VMware Nostalgia
  • Apple
You are here: Home / Automation / How to change the default ports on the vCenter Server Appliance in vSphere 6.0?

How to change the default ports on the vCenter Server Appliance in vSphere 6.0?

01.20.2016 by William Lam // 13 Comments

When deploying the vCenter Server Appliance (VCSA), there are a set default network ports that are already pre-defined by VMware. It is generally recommended to stick with these defaults unless you have a really good reason to modify them. I am a big fan of strong defaults which can help reduce the number of steps it takes to deploy the VCSA, however I do understand that there are some organizations who may have specific security requirements which requires them to change some of the default ports. It is also important to note that changing the default network ports post-installation is not supported.

Disclaimer: This is not officially supported by VMware, please use at your own risk.

If you deploy the VCSA using the new Guided UI installer, you will not be able to modify the default network ports. However, if you deploy using the new Scripted CLI installer, you do have the option of overriding some of the default ports. Below is a table of the ports that can be modified which includes the variable name, default port number and their port usage which is described in the vSphere 6.0 documentation here. The variable port names are required in the JSON configuration file if you decide to modify from the default.

Variable Name Port Port Usage
rhttpproxy.ext.port1 80 HTTP Reverse Proxy Port
rhttpproxy.ext.port2 443 HTTPs Reverse Proxy Port
syslog.ext.port 514 Syslog Service Port
vpxd.ext.port1 902 ESXi Heartbeat port
syslog.ext.tls.port 1514 Syslog Service TLS port
netdumper.ext.serviceport 6500 ESXi Dump Collector port
autodeploy.ext.serviceport 6501 Auto Deploy Service port
autodeploy.ext.managementport 6502 Auto Deploy Management port
sts.ext.port1 7444 Secure Token Service port
vsphere-client.ext.port1 9443  vSphere Web Client port

Under the "Networking" section of the JSON configuration file, there is a "Ports" field which accepts a JSON encoded string of the ports you wish to modify. It actually took me a bit of time to figure out the exact syntax as this was not clearly documented anywhere. Lets say we wish to change the default HTTPS Reverse Proxy from 443 to 13443 and PSC's STS port from 7444 to 7441, you will need to specify it as shown in the example below. The key is properly escape the inner-double quotations since ports accepts a single string input.

"network": {
    "hostname": "192.168.1.140",
    "dns.servers": [
        "192.168.1.1"
    ],
    "gateway": "192.168.1.1",
    "ip": "192.168.1.140",
    "ip.family": "ipv4",
    "mode": "static",
    "prefix": "24",
    "ports": "{\"rhttpproxy.ext.port2\":\"13443\",\"sts.ext.port1\":\"7441\"}"
},

If everything was successful, when you connect to the VCSA, you should see that we no longer use the default port of 443 to connect to the vCenter Server as you can see from the screenshot below.

changing-default-vcenter-server-appliance-ports
If you ever wonder what ports were selected for either a vCenter Server or Platform Services Controller, you can easily find that by following the instructions in this article.

For customers using the Windows version of vCenter Server, you do have the option of modifying the default ports using the Guided UI since there is no guarantee these ports are not in use as VMware does not control the underlying OS. You can also use the Windows Scripted CLI to modify the default ports which you can find more information here.

vcenter-server-appliance-default-ports-1

More from my site

  • Which Platform Services Controller (PSC) is my vCenter Server pointing to?
  • All replicated Platform Services Controller should be joined to Active Directory
  • vCenter Server 6.0 Tidbits Part 10: Automating SSO Admin configurations
  • vCenter Server 6.0 Tidbits Part 8: Useful ldapsearch queries for vmdird
  • Configuring VCSA 6.0 as vSphere Web Client Server for vSphere 5.5

Categories // Automation, VCSA, vSphere 6.0, vSphere Web Client Tags // platform service controller, psc, rhttpproxy, vcenter server appliance, VCSA, vcva, vSphere 6.0

Comments

  1. *protectedMike Valley says

    01/20/2016 at 9:07 am

    Thanks for your research on this! As customers become more security focused going forward, they will want to have the flexibility to modify the default ports associated with their VCSA deployments.

    Reply
  2. *protecteddaiyu hayashi says

    01/20/2016 at 9:08 am

    so how can i change that background like you did?

    Reply
    • William Lam says

      01/20/2016 at 9:17 am

      Take a look at this article here http://www.virtuallyghetto.com/2015/02/how-to-customize-the-new-vsphere-6-0-web-client-login-ui.html for the details

      Reply
  3. *protectedMike says

    01/20/2016 at 12:39 pm

    Is there any way to firewall the ports so only certain IPs have access? This is possible on the ESXi host, but the GUI firewall options for VCSA are much more simplistic.

    Reply
    • William Lam says

      01/20/2016 at 1:38 pm

      Yes, have a look at the appliancesh interface which allows you to specify which inbound IPs are whitelisted. Page 27 for more info https://pubs.vmware.com/vsphere-60/topic/com.vmware.ICbase/PDF/vsphere-esxi-vcenter-server-60-appliance-configuration-guide.pdf

      Reply
  4. *protectedBill says

    01/20/2016 at 1:23 pm

    What port or ports is used during the VCSA GUI Install to communicate between the installer location and the ESX target host?

    Reply
    • *protectedBill says

      01/20/2016 at 1:25 pm

      example: my laptop at the office to the server in the DC. 🙂

      Reply
    • William Lam says

      01/20/2016 at 1:36 pm

      Everything goes across 443 to either vCenter Server or ESXi endpoint for deploying VCSA

      Reply
  5. *protectedTodd says

    03/11/2016 at 2:31 pm

    For 6.0 you can change the webconsole port in VCSA in:
    /etc/vmware/vsphere-client/webclient.properties

    Add this line:

    html.console.port = 8081

    Then make sure to open the firewall to this port. I'm not certain if the firewall rules in the vcenter application will work, but they should. Alternatively that file suggests a generic iptables rule:

    sudo iptables -A INPUT -p tcp --dport -j ACCEPT

    I'm wary about the iptables route above because typically these will not be static and will be erased on reboot unless you do an iptables-save, but I don't know 100% how iptables works on the VCSA appliance - VMWare likes to heavily customize it's os and packages.

    Reply
  6. *protectedJorge says

    07/04/2017 at 7:08 pm

    Willia, hi, I need to change default ssh port in ESXi 6.5, Can I you help me? Regards

    Reply
  7. *protectedArun says

    07/17/2017 at 2:49 pm

    How do I do the same in vcsa 6.5? When I tried what was illustrated here, the system said that it cant identify the key "ports" in the json file.

    Reply
    • *protectedAngel says

      04/17/2018 at 5:20 pm

      I have same problem

      Reply
  8. *protectedMarco Marzola says

    09/25/2017 at 5:56 am

    hi,
    i need to restore as default 7444 the security token port . Atm is 1744.
    The vcenter server 5.5 is installed on one windows server.
    Anyone can help me ?

    thanks 🙂

    Reply

Thanks for the comment!Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Thank Author

Author

William is Distinguished Platform Engineering Architect in the VMware Cloud Foundation (VCF) Division at Broadcom. His primary focus is helping customers and partners build, run and operate a modern Private Cloud using the VMware Cloud Foundation (VCF) platform.

Connect

  • Bluesky
  • Email
  • GitHub
  • LinkedIn
  • Mastodon
  • Reddit
  • RSS
  • Twitter
  • Vimeo

Recent

  • Programmatically accessing the Broadcom Compatibility Guide (BCG) 05/06/2025
  • Quick Tip - Validating Broadcom Download Token  05/01/2025
  • Supported chipsets for the USB Network Native Driver for ESXi Fling 04/23/2025
  • vCenter Identity Federation with Authelia 04/16/2025
  • vCenter Server Identity Federation with Kanidm 04/10/2025

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2025

 

Loading Comments...