Configuring Virtual Machine Remote Control

Configuring Virtual Machine Remote Control

On the Virtual Machine Remote Control Server Settings page you can enable and configure Virtual Machine Remote Control (VMRC) for Virtual Server. When you enable VMRC, you must specify the options listed in the following table.


Item Description

TCP/IP address

The Transmission Control Protocol/Internet Protocol (TCP/IP) address to use for VMRC sessions. Select the TCP/IP address to use, or select (All unassigned). The TCP/IP addresses of configured network adapters appear in the list.

TCP/IP port

The TCP/IP port to use for VMRC sessions, 5900 by default. You can use a port number from 5900 through 5999. If you want to allow VMRC access from outside the firewall, you must open the specified port on your firewall. For more information about the ports to open for VMRC, see the note at the end of this topic.

Default screen resolution

The default screen resolution for the VMRC client.


The authentication method to use for VMRC: Automatic, NTLM, or Kerberos. If you specify Kerberos authentication, only users logging on with domain accounts will be able to use the VMRC client.

Disconnect idle connections

The option to disconnect a VMRC connection that has been idle for the amount of time specified in Timeout.


Time in minutes before an idle VMRC connection is disconnected.

SSL 3.0/TLS 1.0 encryption

The option to enable SSL 3.0/TLS 1.0 encryption for VMRC sessions. If you enable it, then you must specify a certificate in the SSL/TLS 1.0 certificate section.

SSL 3.0/TLS 1.0 certificate

If you enabled SSL 3.0/TLS 1.0 encryption, you must select one of the following options:

  • Keep: Retain the existing SSL 3.0/TLS 1.0 certificate that is specified in the remainder of this section.
  • Request: Create a request for a Transport Layer Security (TLS) certificate. The request is created when you complete the information in the remainder of this section and then click Apply. When you do this, Virtual Server creates and signs a temporary certificate to use until you receive the requested certificate from the certification authority.
    To obtain a certificate, you can copy the text in the request and send it to the certification authority. When you receive the certificate, you can then upload it, as described next.
  • Upload: Upload an existing certificate to Virtual Server for use with VMRC. You must specify the certificate to upload at the bottom of this page, in Upload certificate.
  • Delete: Delete the existing certificate that is specified in the remainder of this section.

Host name

Name of the computer running the Virtual Server service. Specify the name that you use to access this computer, usually the fully qualified domain name (FQDN).


Name of your organization.

Organizational unit

(Optional) Organizational unit within your organization that is making this request.


City in which your organization is located.


State or province in which your organization is located.


Country/region where your organization is located.

Key length

The length, in bits, of the public key on the certificate.

Upload certificate

The option to specify an SSL 3.0/TLS 1.0 certificate to use with VMRC. You can either enter the full path to the certificate, or you can click Browse and locate it in the file system. The certificate must be stored on the local computer (the computer running the Virtual Server service).

For instructions on configuring VMRC Server settings, see Configure Virtual Machine Remote Control. For more information about using the VMRC client, see Using the VMRC client to access virtual machines. For background information, see Virtual Machine Remote Control client.

If you are using the VMRC client behind a firewall, and the VMRC client and Virtual Server instance have an open connection to the domain controller, you must open several ports on the firewall: Port 5900, which is the default port for the VMRC server. Port 1024, which is the default port for the Administration Website. Ports 137 and 138, the TCP and User Datagram Protocol (UDP) ports, for the Kerberos V5 ticket-granting authority.

If you have changed the default port for either the VMRC server or the Administration Website then you must open those ports rather than port 5900 and port 1024. Or, if your firewall gives you the option to not block certain programs, you can add the Virtual Server service (Vssrvc.exe) to the list of programs that are not blocked by the firewall.