- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Good news. After 2.5 months, I have a working solution for this. The binary download repository for vRLCM is https://download2.vmware.com. There are a large number of other VMware download repositories that constantly change IP addresses, but we won't get into that here. First make sure your DNS server can resolve VMware's plethora of download repositories. But my vRLCM DNS could so this was not the issue.
What pointed me in the right direction was running the command: curl -v https://download2.vmware.com. This output a refused TLS 1.2 connection. I fixed a similar issue on my vIDM appliance by modifying the /etc/ssh/sshd_config file line 117 to remove some troublesome ciphers. So I accessed my vRLCM sshd_config file located in /etc/ssh/sshd_config and scrolled down to line 117. The first two ciphers listed are aes256-gcm@openssh.com and aes128-gcm@openssh.com. By removing these two ciphers and saving the sshd_config file I was able to finally open a TLS session with https://download2.vmware.com and download the binary files I needed to upgrade my managed vRealize appliance from the vRLCM. My cipher list on line 117 of sshd_config only contains aes256-ctr,aes192-ctr,aes128-ctr now and this seems to work. I'm not sure what the issue with the first two ciphers mentioned above was or why they were allowed to certain VMware update repositories (such as vrealize-update.vmware.com) but not download2.vmware.com. Furthermore I'm not sure why these two ciphers by default do not affect other users but affected my appliance. I requested answers to these questions from my open VMware support ticket but they have not been able to provide answers at this time. Still I hope this information is useful to any users who experience update issues with vRealize appliances. I have used it to fix update issues on both vRLCM and vIDM in my environment.