Modifying VMware View Network Ports

In some circumstances where firewalls devices are blocking VMware View traffic, or when other network service is already making use of the VMware View default network ports you may be required to change the ports in use. Another reason for a View port change would be when an organisation have standard procedures to change default application’s port for security reasons.

Before starting, a quick note – Teradici has registered port 4172 with IANA and this is the official PCoIP port moving forward. So, from 50002 to 4172 (both TCP/UDP).

Modifying PCoIP Ports

PCoIP ports can be changed using the PCOIP.ADM templates provided with VMware View Connection Server or via a registry change at GuestOS level. If you need more information  please refer to View Administrator Guide.

Please note that ADM templates are technically not officially supported by VMware.

Modifying View Connection and Security Server Ports

VMware View 4.0 and 4.0.1 run on Apache Tomcat/6.0.20 and the default HTTP/HTTPS ports configured are as per default 80/443.

The HTTP/HTTPS listener is part of the sslgateway component, which also supports SSL tunnelling. To configure the listening port, create or edit the file %programfiles%\vmware\vmware view\server\sslgateway\conf\locked.properties

The “locked.properties” file needs to be created or copied to each connection or security server in your organisation. The contents of the file should reflect the following:
clientProtocol=https
clientHost=fqdn
clientPort=443
serverPort=80
serverProtocol=http

  • clientProtocol=https—Indicates that the client will use HTTPS.
  • clientHost=view-ext.ese.com—Indicates that the client will connect on the tunnel phase (second phase) to the DNS name that resolves to server.
  • clientPort=443—Indicates the port the client will use to connect. This entry seems redundant because the clientProtocol field is already there, but the VMware documentation states that if this entry is not defined, the client will use whatever is defined in the serverProtocol field, which will be 80.
  • serverPort=80—Indicates the port that will be used to connect to the Connection Server.
  • serverProtocol=http—This entry is not needed because HTTP is the default, but is included here for clarity.

Add or edit “serverPort=xx”, where xx is the port number you’d like to use.

You will need to stop and restart the View Connection Server service (or reboot) in order to switch the listening port. And don’t forget to change any firewall rules appropriately.

Next you should look in the debug log for a line like this: “Server listening port: xx”, where xx is the currently configured listening port. Finally if you want HTTP address to be automatically redirected to HTTPS you need to add “httpRedirectURL=https://server:8181” in the same file.

Modifying View Connection Ephemeral Ports

An ephemeral port is a short?lived endpoint that is created by the operating system when a program requests any available user port. The operating system selects the port number from a predefined range, typically between 1024 and 65535, and releases the port after the related TCP connection terminates.

You might want to increase the number of ephemeral ports if your View Manager deployment is likely to use more than 800 concurrent client connections; another reason to modify ephemeral ports would be to change the range restriction for a multi-site distributed environments where firewalls rules would have to be applied or revoked.

By default, you can create a maximum of approximately 4,000 ephemeral ports that run
concurrently on Windows Server 2003 but the VMware View Admin Guide 4.0 covers the subject in more detail and provides a formula to calculate the number of ephemeral ports.

To modify ephemeral ports you must open the registry and change on each of the VMware Connection or Security servers available in your environment.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
Value Name: MaxUserPort
Value Type: DWORD
Value data: 1024 + <calculated number of ephemeral ports>
Valid Range: 5000-65534 (decimal)

4 comments

3 pings

Skip to comment form

    • falsehope on 12/14/2011 at 11:55 am

    Can we change the PCoIP agent ports in View 4.5 back to port 50002?

  1. @falsehope
    In my article “Sneak Peek at new VMware View 5.0 PCoIP GPO” I demonstrate how to PCoIP server port bindinds can be changed via GPO. http://myvirtualcloud.net/?p=2061
    The agent will connect to whatever port the server is configured with.

    Andre

    • akfoote on 08/27/2012 at 7:20 am

    Andre, I’m trying to use your method here to redirect 80 to 443 on a view 5 connection server.
    Any idea if this trick will work with 5 series of view?

    I’ve located the ‘config.properties’ file which closely resembles the file you reference above.

    If this is the case and, adding the httpRedirectURL setting is what I need to do.. does this need to be done on the security server as well??

    akfoote

  2. @akfoote
    I am preparing a new blog post to cover the subject of changing ports in Security Server for the PCoIP gateway. As for the redirection from 80 to 443, changing config.properties parameters in each security server should do the job for you.

    Andre

  1. […] googling some scenarios I found a link to this page on myvirtualcloud.net. This is an excellent article, however it only covers View 4.0.x. In View 5.0 there is no […]

  2. […] Changing Port on PCoIP Gateway September 5th, 2012 Leave a comment Go to comments Hello there! If you are new here, you might want to subscribe to the RSS feed for updates on this topic.Powered by WP Greet Box WordPress Plugin For multiple different reasons organizations may want to change the Default ports used by VMware View. I have previously explained how to modify VMWare View default HTTP/HTTPS ports using the locked.properties file in my article Modifying VMware View Network Ports. […]

  3. […] For multiple different reasons organizations may want to change the Default ports used by VMware View. I have previously explained how to modify VMWare View default HTTP/HTTPS ports using the locked.properties file in my article Modifying VMware View Network Ports. […]

Leave a Reply