I am having this problem that if I use Check Updates -> Check URL I get the error "Download Failed." in the VMware Appliance Management Interface (VAMI)
Internet Proxy is configured in VAMI.
This problem applies to both of these versions.
VMware vCenter Server Appliance
6.0.0.20000 Build Number 3634791
VMware vCenter Server Appliance
6.0.0.10200 Build Number 3343022
I am checking
/var/log/vmware/applmgmt/software-packages.log
and find
Resolving vapp-updates.vmware.com... failed: Name or service not known.
wget: unable to resolve host address `vapp-updates.vmware.com'
Yes DNS server does not resolve internet IPs but that is no problem for vRO appliance or older vSphere Update Manager or any internet browser.
Actually nothing reaches the internet proxy (logging on firewall) it appears the VCSA does not even try to contact the internet proxy.
Anybody an idea what's wrong? I think DNS shouldn't have to forward to internet DNS, I mean VRO and older vSphere Update Manager can do without it as well.
I had same problem and cause is in proxy configuration. If you configure proxy using GUI, proxy are configured only for http.
In VCSA console try this command:
com.vmware.appliance.version1.networking.proxy.get
If you can set proxy for https to, you can make this throw this command:
com.vmware.appliance.version1.networking.proxy.set --protocol https --server proxy.server --port port_number
After this, Check update finish succesfully
_______________________________________________________________________________________________________
"Did you find this helpful? Let us know by completing this survey (takes 1 minute!)"
BigBlueMike,
Any update? I too see the same symptoms. running "netstat" form the shell confirms this, too.
Not really. For now we have used the CD option.
It appears that indeed the local DNS must resolve the internet addresses for the update through internet to work on vcsa.
can you log in and check thru below command whether proxy server ip and ports are updated properly and also can you make sure ur proxy does not need authenticate by username and password.
/opt/vmware/share/vami/vami_proxy_port
/opt/vmware/share/vami/vami_proxy_server
if username and password is necessary to authenticate, then make sure you have added below in to /etc/environment file
http_proxy=http://username:password@proxyserverip:port
I checked
/opt/vmware/share/vami/vami_proxy_port
/opt/vmware/share/vami/vami_proxy_server
proxy server address and port are not there. However they are in /etc/sysconfig/proxy
Nevertheless I update /opt/vmware/share/vami/vami_proxy_server with the proxy server address and port and rebooted. No change, same result.
Still getting:
Resolving vapp-updates.vmware.com... failed: Name or service not known.
wget: unable to resolve host address `vapp-updates.vmware.com'
updating /opt/vmware/share/vami/vami_proxy_server will not be persistence after reboot. You have to use another VAMI command like vami_set__proxy
Actually I had checked it, after the reboot the proxy information was still there. Nevertheless I used the command vami_set__proxy now but it didn't make any difference.
Hi,
edit the file /etc/sysconfig/proxy and in the keys HTTPS_PROXY and FTP_PROXY add the info about you proxy server. The problem occurs because the wget command trie to get the manifest xml file in a https site and the VAMI GUI only configure the proxy for HTTP sites.
Regards
Marcelo
Hi Marcelo,
I had the same issue and this is exactly what I needed to solve it!
Thanks
Regards
Gianni
I had same problem and cause is in proxy configuration. If you configure proxy using GUI, proxy are configured only for http.
In VCSA console try this command:
com.vmware.appliance.version1.networking.proxy.get
If you can set proxy for https to, you can make this throw this command:
com.vmware.appliance.version1.networking.proxy.set --protocol https --server proxy.server --port port_number
After this, Check update finish succesfully
_______________________________________________________________________________________________________
"Did you find this helpful? Let us know by completing this survey (takes 1 minute!)"
Matlock78, thank you very much. That command fixed my issue with the appilance saying 'download failed'.
thx Matlock78
this worked for me...yeah!
Definitely worked for me.
I took this to the next stage using "Posh-SSH" module from GitHub - darkoperator/Posh-SSH: PowerShell Module for automating tasks on remote systems using SSH
Use the following PowerShell code to simplify this if configuring more than 1 vCSA.
.\Set-vCSAProxy.ps1 -Username root -Password password -ProxyProtocol https -ProxyHost proxy-fqdn -ProxyPort 80 -Appliance fqdn-of-vCSA
Optional params are ProxyUserName and ProxyPassword for proxy authentication
# Set-vCSAProxy.ps1
param (
[Parameter(Mandatory=$true, Position=2,HelpMessage="Provide vCSA Appliance username")]
[string] $Username,
[Parameter(Mandatory=$true, Position=2,HelpMessage="Provide vCSA Appliance password")]
$Password,
[Parameter(Mandatory=$true, Position=2,HelpMessage="Provide proxy Protocol configured. Examples: HTTP, HTTPS, FTP")]
[string] $ProxyProtocol,
[Parameter(Mandatory=$true, Position=3,HelpMessage="Provide FQDN of proxy appliance")]
[string] $ProxyHost,
[Parameter(Mandatory=$true, Position=4,HelpMessage="Provide proxy port#")]
[string] $ProxyPort,
[Parameter(Mandatory=$true, Position=5,HelpMessage="Provide vCSA hostname")]
[string] $Appliance,
[Parameter(Position=6)]
[string] $ProxyUserName,
[Parameter(Position=7)]
[string] $ProxyPassword
)
$Error.Clear()
$importfolder = $PSScriptRoot # Prod
Import-Module "$($importfolder)\Modules\Posh-SSH"
$Password = ConvertTo-SecureString -String $Password -AsPlainText -Force
$creds = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$Password
$sshCommand = "proxy.set --status enabled"
if ($ProxyUserName) {$sshCommand = "$($sshCommand) --protocol $($ProxyProtocol) --server $($ProxyHost) --port $($ProxyPort) --username $($ProxyUserName) --password $($ProxyPassword)"}
else {$sshCommand = "$($sshCommand) --protocol $($ProxyProtocol) --server $($ProxyHost) --port $($ProxyPort)"}
$sshSession = New-SSHSession -ComputerName $Appliance -Credential $creds -AcceptKey -ErrorAction SilentlyContinue
if ($sshSession.Connected) {
$sshResult = (Invoke-SSHCommand -Command $sshCommand -SSHSession $sshSession).Output
Write-Host -ForegroundColor Green "Connected via ssh to $($Appliance)"
Write-Host -ForegroundColor Green ($sshResult | Out-String)
}
else {
Write-Host -ForegroundColor Yellow "Failed to connect via ssh to $($Appliance)"
break
}
I have the same issue - tried to set the proxy via MUI, but it did not like my port setting. Then I changed the /etc/sysconfig/proxy file and am able to use wget in the shell now for http and https.
But trying an update results in "Could not access https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml"...
So I tried the API command "com.vmware.appliance.version1.networking.proxy.set", but get the error "Unknown command":
Command> com.vmware.appliance.version1.networking.proxy.get
Unknown command: `com.vmware.appliance.version1.networking.proxy.get'
Command> com.vmware.appliance.version1.networking. <Tab><Tab>
com.vmware.appliance.version1.networking.dns.domains.add
com.vmware.appliance.version1.networking.dns.domains.list
com.vmware.appliance.version1.networking.dns.domains.set
com.vmware.appliance.version1.networking.dns.hostname.get
com.vmware.appliance.version1.networking.dns.hostname.set
com.vmware.appliance.version1.networking.dns.hostname.test
com.vmware.appliance.version1.networking.dns.servers.add
com.vmware.appliance.version1.networking.dns.servers.get
com.vmware.appliance.version1.networking.dns.servers.set
com.vmware.appliance.version1.networking.dns.servers.test
com.vmware.appliance.version1.networking.firewall.addr.inbound.add
com.vmware.appliance.version1.networking.firewall.addr.inbound.delete
com.vmware.appliance.version1.networking.firewall.addr.inbound.list
com.vmware.appliance.version1.networking.interfaces.get
com.vmware.appliance.version1.networking.interfaces.list
com.vmware.appliance.version1.networking.ipv4.get
com.vmware.appliance.version1.networking.ipv4.list
com.vmware.appliance.version1.networking.ipv4.renew
com.vmware.appliance.version1.networking.ipv4.set
com.vmware.appliance.version1.networking.ipv6.get
com.vmware.appliance.version1.networking.ipv6.list
com.vmware.appliance.version1.networking.ipv6.set
com.vmware.appliance.version1.networking.routes.add
com.vmware.appliance.version1.networking.routes.delete
com.vmware.appliance.version1.networking.routes.list
com.vmware.appliance.version1.networking.routes.test
Command> com.vmware.appliance.version1.system.version.get
Version:
Product: VMware vCenter Server Appliance
Installtime: 2018-08-06T08:57:25 UTC
Version: 6.7.0.13000
Build: 9232925
Releasedate: July 26, 2018
Summary: Patch for VMware vCenter Server Appliance 6.7.0
Type: vCenter Server with an embedded Platform Services Controller
What's wrong here, where are my proxy commands?
I think there is a lot of overthinking the problem here. if you read /opt/vmware/share/vami/vami_proxy_server, the variable SYSCFG_PROXY clearly points to /etc/sysconfig/proxy, which is the proxy config file.
In my case I directly edited /etc/sysconfig/proxy. Setting HTTPS_PROXY, FTP_PROXY, and HTTP_PROXY (which was already set) to my proxy server address.
The appliance is able to download update content now, additionally I was able to set my entire dns domain and IP supernet in NO_PROXY so the appliance will not try to run local traffic through the proxy server.
lifesaver
many thanks
Matlock78 lifesaver . many thanks
cheers