KKvss
Enthusiast
Enthusiast

vLCM - HPe HSM - Fetching of online depot URL failed

Hello Team VMware,

today, I want to try the new vLCM in combination with HPe iLO Amplifier to firmware patching my ESXi hosts.

I successfully installed the HPe iLO Amplifier appliance and let it communicate with the vCenter.

I also uploaded the 3 latest HPe SPP firmware into the appliance but I can´t use it in the vCenter.

When I press "Add" for the Online Software Depot I get the following error:

Fetching of online depot URL failed. Depot URL not found in the SPP details.

Is somebody aware about that or got the HPe iLO Amplifier with VUM to fly?

Fetching Error.JPG

vCenter 7: 16386335
ESXi 7: 16324942
Amplifier: 1.70

I really appreciate your help in advance.

Greetings

KKvss

42 Replies
DanW2017
Contributor
Contributor

My experience is you will get this error if you try to import the standard Gen10 spp's when in fact you need to add something like VMware ESXi 7.0 Upgrade Pack

to the amp pack server,  then when you return to vCenter settings and then add that pack, it will succeed.

0 Kudos
KKvss
Enthusiast
Enthusiast

Hi DanW2017​,

sorry for my late reply I was on vacation.

I will test it during the week if it´s working.

Thanks for, now - will keep you posted.

0 Kudos
FrostByteVA
Contributor
Contributor

Any luck?  I've opened a ticket with HPE for the same issue.  I first tried the latest PSP but that failed when clicking the 'link' funciton.  I then tried the SPP-VUP version and it also failed.  HP didn't seem to have any ideas.

P35974_001_VUP11A-SPP-VUP11A.2020_0831.14.iso

https://support.hpe.com/hpsc/swd/public/detail?swItemId=MTX_cbc3c6765023429481d40e2f27

0 Kudos
KKvss
Enthusiast
Enthusiast

Hi,

same problem on my site - one week ago, I opened a HPe ticket but still no solution.

0 Kudos
ric9887
Contributor
Contributor

Hi, any luck with this ?

Ive just tried with 7.0 U1 Upgrade Pack (v1.2) dated 6th October and get the same message when pressing Add on the Online Software Depot.

0 Kudos
ric9887
Contributor
Contributor

If you get this error :-

Some error occurred while online depot registration

Then you need to import the iLo Amplifer VM certificate into vCenter.

Follow HPE Hardware Support Manager plug-in for VMwarevSphere Lifecycle Manager

https://support.hpe.com/hpesc/public/docDisplay?docId=a00097866en_us

Which details how to do it.

benbjamin624
Contributor
Contributor

Info can also be found here to add the cert via the command line.

vSphere Lifecycle Manager (vLCM) on HPE | Virtual Blocks

SSL/TLS Certificate

The iLO Amplifier Appliance Pack must be configured with its own unique SSL certificate. In the iLO Amplifier Appliance under Configuration and Settings->Security Settings click SSL Certificate then Generate Self Signed Certificate. After this you need to add the appliance’s new SSL/TLS certificate to vCenters list of trusted certificates.

Login as root on the vCenter and enter the following command
true | openssl s_client -connect :443 -showcerts >/tmp/iloamp-cert.crt

You should see something like

1

2

3

4

5

6

depth=0 C = US, O = Organization, CN = localhost, ST = State, L = Locality, OU = OrganizationalUnit

verify error:num=18:self signed certificate

verify return:1

depth=0 C = US, O = Organization, CN = localhost, ST = State, L = Locality, OU = OrganizationalUnit

verify return:1

DONE


Enter the following to add the certificate to VC’s list of known and trusted certificates:

/usr/lib/vmware-vmafd/bin/dir-cli trustedcert publish --cert /tmp/iloamp-cert.crt

You should be prompted for your password and see "Certificate published successfully"

0 Kudos
fancyusername
Contributor
Contributor

Hi,

I have the same issue.

The Certificate is correct imported.

But I still get this error " Some error occured while online depot registration. "

Is there a log file i can look into ?

0 Kudos
DDinu
Enthusiast
Enthusiast

I have the same issue too.

0 Kudos
fancyusername
Contributor
Contributor

Hi,

my issue was the Proxy Settings.

In my case the Hostname and the IP Address of the ILO Amplifier needs to be added to the file /etc/sysconfig/proxy in the Variable NO_PROXY

After that the vCenter needs to be rebooted.

Now the repo is added but i can't refresh it with the Error:

Depot Validation: Problems found while validating depot content

: {"info": [], "warnings": [], "errors": [{"id": "com.vmware.vcIntegrity.lifecycle.EsxImage.MetadataDownloadError", "message": {"id": "com.vmware.vcIntegrity.life

cycle.EsxImage.MetadataDownloadError", "default_message": "An error occurred while downloading depot metadata from https://IP/baselines/SPPs/869073c25

fe4bdd6a660b2702534f16d/vmw/HPE-700.0.0.10.5.5.46-Jun2020-Addon-HSM-depot/index.xml.", "args": ["https://10.134.240.237/baselines/SPPs/869073c25fe4bdd6a660b270253

4f16d/vmw/HPE-700.0.0.10.5.5.46-Jun2020-Addon-HSM-depot/index.xml"]}, "resolution": null, "time": "2020-10-29T11:12:54.077Z"}]}

0 Kudos
fancyusername
Contributor
Contributor

Hi everybody,

the issue is still the Proxy Server.

Een with the correct exceptions the VUM uses the Proxy.

When the Proxy Settings are removed from /etc/sysconfig/proxy it is working fine.

A Support Request is already open with VMware SR 20166981210

0 Kudos
jheikkila
Contributor
Contributor

Anyone have any success with this? I am having the same issue as everyone else and have completed all the recommended actions. I have a ticket open with HPE and VMware, no luck in the past week.

0 Kudos
manfriday
Enthusiast
Enthusiast

I am having issues with this as well, and the issues seem certificate related.

I can add the VUM in the HSM plugin page, but when I attempt to SYNC the updates in vLCM, it fails.

SSHd into the vCenter, and tried a wget to the full path of the index.xml file on the ilo-amp and it connects OK and downloads the xml file.

However, if I try a CURL I get:

curl: (60) SSL certificate problem: self signed certificate
More details here: https://curl.haxx.se/docs/sslcerts.html

curl failed to verify the legitimacy of the server and therefore could not
establish a secure connection to it. To learn more about this situation and
how to fix it, please visit the web page mentioned above.

Not sure what vLCM is doing behind the scenes, but like I said, it seems certificate related.

Oh, and yes, I did import the self-signed certificate into the Trusted Roots.

 

0 Kudos
AMLpetecullen
Contributor
Contributor

I'm having the exact same issue happening when I try and import OneView Support Packs into vCenter.  Same responses that manfriday has too.

I really hope there's going to be an easy answer to this one, I've done everything we're told to do.

0 Kudos
marcohald
Contributor
Contributor

we got it working with these steps:

true | openssl s_client -connect ip_of_amplifier:443 -showcerts >/tmp/iloamp-cert.crt
/usr/lib/vmware-vmafd/bin/dir-cli trustedcert publish --cert /tmp/iloamp-cert.crt
cat /tmp/iloamp-cert.crt >> /usr/lib/python3.7/site-packages/certifi/cacert.pem
cat /tmp/iloamp-cert.crt >> /etc/pki/tls/certs/ca-bundle.crt

Would be great if you can report if this works for you.

manfriday
Enthusiast
Enthusiast

Yes! That fixed it!

I never would have worked out to copy the certs to the python directory or the pki directory.

My Google-FU failed me. awesome job @marcohald !

 

Thanks!

0 Kudos
AMLpetecullen
Contributor
Contributor

This is awesome, I just need to work this out for cert of the VCSA plugin.

Tags (1)
0 Kudos
AMLpetecullen
Contributor
Contributor

This now works absolutely perfectly thanks so much for sharing this.

Seems the 02 01 2021 Synergy support pack had an issue with VLCM as well and the new 01 02 release works perfectly.

0 Kudos
KKvss
Enthusiast
Enthusiast

Hi,

a couple of months, I was able to test it again.

I installed the iLO Amplifier Appliance 1.71 and put the VUP1.2A on it.
I also generate a self signed certificate, CN = the IP of the iLO Amplifier Appliance how the hint is in vCenter.

I still can´t add the firmware, so I opened a ticket, now.

0 Kudos