VMware Cloud Community
doran_lum
Contributor
Contributor

Update Manager unable to reach vmware

Hi all, I have a vCenter 5.5 Update Manager which does not have internet access. We have open up firewall rules for it to reach vmware.com

On the firewall we have allow the traffic to the below on port 80 & 443. So far we don't see any traffic blocked, except the connection attempt is incomplete

204.51.149.4

208.91.0.132

On telnet, we are able to successfully telnet most except vmware.com port 443.

Currently the Update Manager is still unable to reach vmware.com, is there any missing ports or IP ?

I have log 3 cases with VMware and looking at the alternative to build a patch repository server which have internet access.

Would anyone be able to advise what ports is required between the VC & this patch repository server ?

Reply
0 Kudos
9 Replies
MarkCains
Contributor
Contributor

You stated that you have opened up the ports for Update Manager on your firewall.....Do you also have a proxy server/web proxy/web filter? When I installed this even though during the installation of this I overlooked the Proxy settings. To fix this I setup a bypass on the proxy and was able to get updates coming in. I had a similar issue as I could not see any traffic on the firewall.

Reply
0 Kudos
doran_lum
Contributor
Contributor

There's no proxy server or web proxy that I know of. I could check with the Network Team on that.

When u mention proxy settings, do you mean the ones on IE ?

Reply
0 Kudos
rcporto
Leadership
Leadership

Take a look on this KB article: VMware KB: VMware vCenter Update Manager network port requirements

Additionally, while the Update Manager server may be able to connect to vmware.com, it is possible downloads are failing due to internet filters that can deny access to sub-domains of vmware.com.

This is the default list of download sources for Update Manager:

Alternatively, you may try install the Update Manager Download Service (UMDS) on another server with direct internet access, like a DMZ server.

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
Reply
0 Kudos
NavalgundRaj
Enthusiast
Enthusiast

Hi, please try opening Google page from IE and if you are able to open google from IE then also it is not reaching and then firewall or configuration will be the issue.

Note: If you found this correct or answer useful please consider the use of the Correct buttons to award points. Regards Basavaraj.R Navalgund
Reply
0 Kudos
doran_lum
Contributor
Contributor

Yes I wasn't able to see the xml page.. most likley we didn't allow properly on the firewall.. but the whole environment does not allow the server to have full internet access.. i was thinking the only way is to build a UMDS server in the DMZ zone with full internet access.

After reading the KB i will need to allow the VC to reach the UMDS on port 8084 & 9087 ?

Reply
0 Kudos
doran_lum
Contributor
Contributor

Yes.. google page does not work as the server is not allow to have full internet access... instead on the firewall we allow specific ports to the IP of vmware.com (204.51.149.4 & 208.91.0.132)

Reply
0 Kudos
rcporto
Leadership
Leadership

Did you already read my post above where I show additional URL that must be allowed on firewall ?

See: Re: Update Manager unable to reach vmware

---

Richardson Porto
Senior Infrastructure Specialist
LinkedIn: http://linkedin.com/in/richardsonporto
Reply
0 Kudos
doran_lum
Contributor
Contributor

Sorry i overlook it ... i will get the additional url on firewall ...

Reply
0 Kudos