VMware Cloud Community
BigBlueMike
Enthusiast
Enthusiast
Jump to solution

VCSA 6u2 check for updates fails using internet proxy

I am having this problem that if I use Check Updates -> Check URL I get the error "Download Failed." in the VMware Appliance Management Interface (VAMI)

Internet Proxy is configured in VAMI.

This problem applies to both of these versions.

VMware vCenter Server Appliance

6.0.0.20000 Build Number 3634791

VMware vCenter Server Appliance

6.0.0.10200 Build Number 3343022

I am checking

/var/log/vmware/applmgmt/software-packages.log

and find

Resolving vapp-updates.vmware.com... failed: Name or service not known.

wget: unable to resolve host address `vapp-updates.vmware.com'

Yes DNS server does not resolve internet IPs but that is no problem for vRO appliance or older vSphere Update Manager or any internet browser.

Actually nothing reaches the internet proxy (logging on firewall) it appears the VCSA does not even try to contact the internet proxy.

Anybody an idea what's wrong? I think DNS shouldn't have to forward to internet DNS, I mean VRO and older vSphere Update Manager can do without it as well.

1 Solution

Accepted Solutions
Matlock78
Contributor
Contributor
Jump to solution

I had same problem and cause is in proxy configuration. If you configure proxy using GUI, proxy are configured only for http.

In VCSA console try this command:

com.vmware.appliance.version1.networking.proxy.get

If you can set proxy for https to, you can make this throw this command:

com.vmware.appliance.version1.networking.proxy.set --protocol https --server proxy.server --port port_number

After this, Check update finish succesfully

_______________________________________________________________________________________________________

"Did you find this helpful? Let us know by completing this survey (takes 1 minute!)"

View solution in original post

17 Replies
cxo
Contributor
Contributor
Jump to solution

BigBlueMike,

Any update?  I too see the same symptoms.  running "netstat" form the shell confirms this, too.

Reply
0 Kudos
BigBlueMike
Enthusiast
Enthusiast
Jump to solution

Not really. For now we have used the CD option.

It appears that indeed the local DNS must resolve the internet addresses for the update through internet to work on vcsa.

Reply
0 Kudos
dhanarajramesh
Jump to solution

can you log in and check thru below command whether proxy server ip and ports are updated properly and also can you make sure ur proxy does not need authenticate by username and password.

/opt/vmware/share/vami/vami_proxy_port

/opt/vmware/share/vami/vami_proxy_server


if username and password is necessary to authenticate, then make sure you have added below in to  /etc/environment file


http_proxy=http://username:password@proxyserverip:port

Reply
0 Kudos
BigBlueMike
Enthusiast
Enthusiast
Jump to solution

I checked

/opt/vmware/share/vami/vami_proxy_port

/opt/vmware/share/vami/vami_proxy_server


proxy server address and port are not there. However they are in /etc/sysconfig/proxy


Nevertheless I update /opt/vmware/share/vami/vami_proxy_server with the proxy server address and port and rebooted. No change, same result.


Still getting:

Resolving vapp-updates.vmware.com... failed: Name or service not known.

wget: unable to resolve host address `vapp-updates.vmware.com'


Reply
0 Kudos
dhanarajramesh
Jump to solution

updating /opt/vmware/share/vami/vami_proxy_server will not be persistence after reboot. You have to use another VAMI command like vami_set__proxy

Reply
0 Kudos
BigBlueMike
Enthusiast
Enthusiast
Jump to solution

Actually I had checked it, after the reboot the proxy information was still there. Nevertheless I used the command vami_set__proxy now but it didn't make any difference.

Reply
0 Kudos
marcelofpjunior
Contributor
Contributor
Jump to solution

Hi,

   edit the file /etc/sysconfig/proxy and in the keys HTTPS_PROXY and FTP_PROXY add the info about you proxy server. The problem occurs because the wget command trie to get the manifest xml file in a https site and the VAMI GUI only configure the proxy for HTTP sites.

Regards

Marcelo

VMgianni
Contributor
Contributor
Jump to solution

Hi Marcelo,

I had the same issue and this is exactly what I needed to solve it!

Thanks

Regards

Gianni

--
G.
Reply
0 Kudos
Matlock78
Contributor
Contributor
Jump to solution

I had same problem and cause is in proxy configuration. If you configure proxy using GUI, proxy are configured only for http.

In VCSA console try this command:

com.vmware.appliance.version1.networking.proxy.get

If you can set proxy for https to, you can make this throw this command:

com.vmware.appliance.version1.networking.proxy.set --protocol https --server proxy.server --port port_number

After this, Check update finish succesfully

_______________________________________________________________________________________________________

"Did you find this helpful? Let us know by completing this survey (takes 1 minute!)"

Deso1ator
Enthusiast
Enthusiast
Jump to solution

Matlock78, thank you very much. That command fixed my issue with the appilance saying 'download failed'.

Reply
0 Kudos
brunofernandez1
Jump to solution

thx Matlock78

this worked for me...yeah!

------------------------------------------------------------------------------- If you found this or any other answer helpful, please consider to award points. (use Correct or Helpful buttons) Regards from Switzerland, B. Fernandez http://vpxa.info/
Reply
0 Kudos
stevespike
Contributor
Contributor
Jump to solution

Definitely worked for me.

I took this to the next stage using "Posh-SSH" module from GitHub - darkoperator/Posh-SSH: PowerShell Module for automating tasks on remote systems using SSH

Use the following PowerShell code to simplify this if configuring more than 1 vCSA.

.\Set-vCSAProxy.ps1 -Username root -Password password -ProxyProtocol https -ProxyHost proxy-fqdn -ProxyPort 80 -Appliance fqdn-of-vCSA

Optional params are ProxyUserName and ProxyPassword for proxy authentication

# Set-vCSAProxy.ps1

param (

     [Parameter(Mandatory=$true, Position=2,HelpMessage="Provide vCSA Appliance username")]

     [string] $Username,

     [Parameter(Mandatory=$true, Position=2,HelpMessage="Provide vCSA Appliance password")]

     $Password,

     [Parameter(Mandatory=$true, Position=2,HelpMessage="Provide proxy Protocol configured. Examples: HTTP, HTTPS, FTP")]

     [string] $ProxyProtocol,

     [Parameter(Mandatory=$true, Position=3,HelpMessage="Provide FQDN of proxy appliance")]

     [string] $ProxyHost,

     [Parameter(Mandatory=$true, Position=4,HelpMessage="Provide proxy port#")]

     [string] $ProxyPort,

     [Parameter(Mandatory=$true, Position=5,HelpMessage="Provide vCSA hostname")]

     [string] $Appliance,

     [Parameter(Position=6)]

     [string] $ProxyUserName,

     [Parameter(Position=7)]

     [string] $ProxyPassword

)

$Error.Clear()

$importfolder = $PSScriptRoot # Prod

Import-Module "$($importfolder)\Modules\Posh-SSH"

$Password = ConvertTo-SecureString -String $Password -AsPlainText -Force

$creds = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$Password

$sshCommand = "proxy.set --status enabled"

if ($ProxyUserName) {$sshCommand = "$($sshCommand) --protocol $($ProxyProtocol) --server $($ProxyHost) --port $($ProxyPort) --username $($ProxyUserName) --password $($ProxyPassword)"}

else {$sshCommand = "$($sshCommand) --protocol $($ProxyProtocol) --server $($ProxyHost) --port $($ProxyPort)"}

$sshSession = New-SSHSession -ComputerName $Appliance -Credential $creds -AcceptKey -ErrorAction SilentlyContinue

if ($sshSession.Connected) {

     $sshResult = (Invoke-SSHCommand -Command $sshCommand -SSHSession $sshSession).Output

     Write-Host -ForegroundColor Green "Connected via ssh to $($Appliance)"

     Write-Host -ForegroundColor Green ($sshResult | Out-String)

}

else {

Write-Host -ForegroundColor Yellow "Failed to connect via ssh to $($Appliance)"

break

}

Reply
0 Kudos
Giermann
Contributor
Contributor
Jump to solution

I have the same issue - tried to set the proxy via MUI, but it did not like my port setting. Then I changed the /etc/sysconfig/proxy file and am able to use wget in the shell now for http and https.
But trying an update results in "Could not access https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml"...

So I tried the API command "com.vmware.appliance.version1.networking.proxy.set", but get the error "Unknown command":

Command> com.vmware.appliance.version1.networking.proxy.get

Unknown command: `com.vmware.appliance.version1.networking.proxy.get'

Command> com.vmware.appliance.version1.networking.    <Tab><Tab>

com.vmware.appliance.version1.networking.dns.domains.add

com.vmware.appliance.version1.networking.dns.domains.list

com.vmware.appliance.version1.networking.dns.domains.set

com.vmware.appliance.version1.networking.dns.hostname.get

com.vmware.appliance.version1.networking.dns.hostname.set

com.vmware.appliance.version1.networking.dns.hostname.test

com.vmware.appliance.version1.networking.dns.servers.add

com.vmware.appliance.version1.networking.dns.servers.get

com.vmware.appliance.version1.networking.dns.servers.set

com.vmware.appliance.version1.networking.dns.servers.test

com.vmware.appliance.version1.networking.firewall.addr.inbound.add

com.vmware.appliance.version1.networking.firewall.addr.inbound.delete

com.vmware.appliance.version1.networking.firewall.addr.inbound.list

com.vmware.appliance.version1.networking.interfaces.get

com.vmware.appliance.version1.networking.interfaces.list

com.vmware.appliance.version1.networking.ipv4.get

com.vmware.appliance.version1.networking.ipv4.list

com.vmware.appliance.version1.networking.ipv4.renew

com.vmware.appliance.version1.networking.ipv4.set

com.vmware.appliance.version1.networking.ipv6.get

com.vmware.appliance.version1.networking.ipv6.list

com.vmware.appliance.version1.networking.ipv6.set

com.vmware.appliance.version1.networking.routes.add

com.vmware.appliance.version1.networking.routes.delete

com.vmware.appliance.version1.networking.routes.list

com.vmware.appliance.version1.networking.routes.test

Command> com.vmware.appliance.version1.system.version.get

Version:

   Product: VMware vCenter Server Appliance

   Installtime: 2018-08-06T08:57:25 UTC

   Version: 6.7.0.13000

   Build: 9232925

   Releasedate: July 26, 2018

   Summary: Patch for VMware vCenter Server Appliance 6.7.0

   Type: vCenter Server with an embedded Platform Services Controller

What's wrong here, where are my proxy commands?

Reply
0 Kudos
SuperCidal
Contributor
Contributor
Jump to solution

I think there is a lot of overthinking the problem here. if you read /opt/vmware/share/vami/vami_proxy_server, the variable SYSCFG_PROXY clearly points to /etc/sysconfig/proxy, which is the proxy config file.

In my case I directly edited /etc/sysconfig/proxy. Setting HTTPS_PROXY, FTP_PROXY, and HTTP_PROXY (which was already set) to my proxy server address.

The appliance is able to download update content now, additionally I was able to set my entire dns domain and IP supernet in NO_PROXY so the appliance will not try to run local traffic through the proxy server.

Reply
0 Kudos
padduz
Contributor
Contributor
Jump to solution

lifesaver

many thanks

Reply
0 Kudos
padduz
Contributor
Contributor
Jump to solution

Matlock78​  lifesaver . many thanks

Reply
0 Kudos
padduz
Contributor
Contributor
Jump to solution

cheers Smiley Happy

Reply
0 Kudos