Recently I began testing the Core Dump Collector Service 5.0 (not for Auto Deploy) and discovered that the netdumpfirewall ruleset is missing from the base rulesets located in /etc/vmware/firewall/service.xml. Additionally, there is not an option to enable netdump within Security Profile Configuration via the vSphere Client on the host. Without UDP port 6500 opened outbound, the core dump will be unable to reach the Core Dump Collector Service.
You can list the active firewall rulesets by issuing this command:
esxcli network firewall ruleset list
In my case (confirmed on several ESXi 5.0-469512, 474610 & 504890 hosts), the netdump ruleset was not there.
Failure of the Core Dump Collection communication can be verified by generating a PSOD or using the testmessage method in KB2003042.
PSODs for testing purposes can be generated by issuing this command within the ESXi shell or via SSH:
vsish -e set /reliability/crashMe/Panic (Warning: will PSOD your ESXi host!)
What's odd is that the netdumpruleset was present in previous builds of ESXi 5.0. I'm using builds 469512, 474610 & 504890.
I confirmed that the Core Dump Collector Service was indeed running and the port was listening on 6500 UDP.
As a workaround, using vi , I created a new netdump.xml file in /etc/vmware/firewall/
Here are the contents of netdump.xml:
<!-- Firewall rule to allow core dump traffic -->
<ConfigRoot>
<service id="0000">
<!-- NetDump UDP traffic outdound port 6500 -->
<id>netdump</id>
<rule id='0000'>
<direction>outbound</direction>
<protocol>udp</protocol>
<porttype>dst</porttype>
<port>6500</port>
</rule>
<enabled>true</enabled>
<required>false</required>
</service>
</ConfigRoot>
To refresh the ESXi firewall, issue this command:
esxcli network firewall refresh
To ensure the rule persists across reboots, Go HERE:
Once this new netdump ruleset is in place, the core dump collection communication occurred as expected.
Hope this helps someone!