VMware Cloud Community
Valentini
Enthusiast
Enthusiast
‎06-06-2008 06:51 AM
Jump to solution

reinstalling update manager issues

I am attempting to reinstall update manager and receive an error stating that the HTTPS or TCPIP port is already in use. What do I need to do to get past this error?

0 Kudos
1 Solution

Accepted Solutions
azn2kew
Champion
Champion
‎06-06-2008 11:10 AM
Jump to solution

Use this instructions to see if it works.

The VMware Update Manager Virtual Center 2.5

*_If you have an established VMware Infrastructure environment, you can use the same installer to add Update Manager functionality._ *

You can install Update Manager on the same computer as the VirtualCenter Server or on a different computer.

Before you install Update Manager, gather the networking information (including the IP address and port number) about the VirtualCenter Server that Update Manager will work with. In most cases, the Web service port is used. The default for the Web service port is 443.

After the installation:

  1. The Update Manager Web server listens on 9084 TCP if the default is not changed during the installation.

  2. The Update Manager SOAP server listens on 8084 TCP if the default is not changed during the installation.

Both are accessed through a reverse proxy that listens on the standard ports 80 and 443, but there is a slight difference depending on the installation:

  1. When Update Manager and VirtualCenter Server are installed on the same machine:

    • All incoming connections to Update Manager are accessed through a reverse proxy provided by the VirtualCenter Server.

  • o ESX Server connects to port 80, and the VirtualCenter Server forwards the request to the Update Manager Web server listening on 9084 for host patch downloads.

  • o The VirtualCenter Server directly connects to Update Manager on 8084 because they are on the same machine.

  1. When Update Manager and the VirtualCenter Server are installed on two different machines:

  • o Update Manager has a reverse proxy listening on ports 80 and 443 if the default is not changed during the installation.

  • o The VirtualCenter Server connects to Update Manager through port 443. The reverse proxy forwards the request to 8084.

  • o ESX Server connects to Update Manager through port 80. The reverse proxy forwards the request to 9084.

To obtain metadata, Update Manager must be able to connect to and , and requires outbound ports 80 and 443.

For binary data, the outbound ports are 80 and 443.

For ESX Server scanning and remediation, Update Manager requires that port 80 be open on the ESX Server host.

If the default ports 80 and 443 are already in use by another application, the alternate port numbers used by Update Manager should be within the range 9000-9100. Update Manager automatically opens these ports for ESX Server scanning and remediation.

To ensure you can install patches using Update Manager:

  1. Run the vum-proxyAuthCfg.exe located in C:\Program Files\VMware\Infrastructure\Update Manager to setup the proxy correctly.

  2. Configure the proxy to allow outgoing connections on ports 80, 443 to vmware.com and shavlik.com.
    Note: 80 and 443 are the default ports, adjust the ports based on your environment.

  3. Change the VMware Update Manager service from logging on as local administrator (per normal requirements) to the same Windows authentication user that is being specified in your proxy settings:

  4. Click Start > Run.

  5. Type services.msc and press Enter.

  6. Double-click VMware Update Manager service.

  7. Log in.

  8. Re-run the VMware Update Manager Update Download task.

  9. esxcfg-firewall -openport 81,tcp,out,updatemanager Note: The port 81 above in step 9 is for VirtualCenter

  10. On the vmware infrastructure client click on Plugins -> Update Manager -> Schedule Update Download

  11. Select the updates you want to download then next

  12. Set the start time about 2 minutes past current time and select the current day of the week.

  13. This will download the metadata needed.

*_Unable to enable Update Manager plug-in_ *

Products

VMware Update Manager

Details

Consider the following scenarios: The Update Manager plug-in is installed successfully. However, the plug-in client does not appear in the Installed tab of the Plugin Manager.

The Update Manager plug-in is installed successfully. However, when you enable the plug-in, the VI Client displays "The server took too long to respond" or a similar error message.

Solution: To work around the issues above, perform these steps:

Uninstall the VI Client and Update Manager Client using Windows Add/Remove Programs in the Control Panel. Manually remove the C:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\Launcher folder. Reinstall the VI Client and Update Manager Client.

The Update Manager Client should now appear in the list of installed plug-ins in the Plugin Manager window and can be enabled successfully.

Update Manager fails to scan an ESX Server for updates when using non-default Web Services HTTP port

This error occurs if the web service HTTP port in VirtualCenter is not set to the default port (the default port is 80).

Perform one of the following workarounds based on your situation.

Workaround 1

VMware Update Manager automatically opens firewall ports 9000-9100 on ESX Server 3.5 during scan or remediation. If port 80 cannot be used as the web service HTTP port, use a port in the range of 9000-9100:

Log in to the Virtual Infrastructure Client and click Administration.

Click VirtualCenter Server Management Server Configuration.

Click Web Service.

Change the HTTP port to a new value, within the 9000-9100 range.

Click OK and restart VirtualCenter Server service.

Restart the Update Manager service.

Log in to Virtual Infrastructure Client after both VirtualCenter and Update Manager services have been restarted,

Disable the Update Manager Plug-in in the Virtual Infrastructure Client and re-enable it.

Workaround 2

If port range 9000-9100 cannot be used as web service HTTP port in VirtualCenter:

Enable the custom VirtualCenter web service HTTP ports in the ESX Server's firewall by entering the following command in the service console:

esxcfg-firewall --openport ####,tcp,out,dynamicupdates

Note: #### is the custom port being used by VirtualCenter.

You can check the custom port by logging into VirtualCenter and clicking Administration Menu > VirtualCenter Management Server Configuration > Web Service.

Restart the Update Manager service.

Log off and log in to VirtualCenter using the Virtual Infrastructure Client.

Disable and re-enable the Update Manager plug-in.

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!!

Regards,

Stefan Nguyen

iGeek Systems Inc.

VMware, Citrix, Microsoft Consultant

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!! Regards, Stefan Nguyen VMware vExpert 2009 iGeek Systems Inc. VMware vExpert, VCP 3 & 4, VSP, VTSP, CCA, CCEA, CCNA, MCSA, EMCSE, EMCISA

View solution in original post

0 Kudos
6 Replies
azn2kew
Champion
Champion
‎06-06-2008 11:10 AM
Jump to solution

Use this instructions to see if it works.

The VMware Update Manager Virtual Center 2.5

*_If you have an established VMware Infrastructure environment, you can use the same installer to add Update Manager functionality._ *

You can install Update Manager on the same computer as the VirtualCenter Server or on a different computer.

Before you install Update Manager, gather the networking information (including the IP address and port number) about the VirtualCenter Server that Update Manager will work with. In most cases, the Web service port is used. The default for the Web service port is 443.

After the installation:

  1. The Update Manager Web server listens on 9084 TCP if the default is not changed during the installation.

  2. The Update Manager SOAP server listens on 8084 TCP if the default is not changed during the installation.

Both are accessed through a reverse proxy that listens on the standard ports 80 and 443, but there is a slight difference depending on the installation:

  1. When Update Manager and VirtualCenter Server are installed on the same machine:

    • All incoming connections to Update Manager are accessed through a reverse proxy provided by the VirtualCenter Server.

  • o ESX Server connects to port 80, and the VirtualCenter Server forwards the request to the Update Manager Web server listening on 9084 for host patch downloads.

  • o The VirtualCenter Server directly connects to Update Manager on 8084 because they are on the same machine.

  1. When Update Manager and the VirtualCenter Server are installed on two different machines:

  • o Update Manager has a reverse proxy listening on ports 80 and 443 if the default is not changed during the installation.

  • o The VirtualCenter Server connects to Update Manager through port 443. The reverse proxy forwards the request to 8084.

  • o ESX Server connects to Update Manager through port 80. The reverse proxy forwards the request to 9084.

To obtain metadata, Update Manager must be able to connect to and , and requires outbound ports 80 and 443.

For binary data, the outbound ports are 80 and 443.

For ESX Server scanning and remediation, Update Manager requires that port 80 be open on the ESX Server host.

If the default ports 80 and 443 are already in use by another application, the alternate port numbers used by Update Manager should be within the range 9000-9100. Update Manager automatically opens these ports for ESX Server scanning and remediation.

To ensure you can install patches using Update Manager:

  1. Run the vum-proxyAuthCfg.exe located in C:\Program Files\VMware\Infrastructure\Update Manager to setup the proxy correctly.

  2. Configure the proxy to allow outgoing connections on ports 80, 443 to vmware.com and shavlik.com.
    Note: 80 and 443 are the default ports, adjust the ports based on your environment.

  3. Change the VMware Update Manager service from logging on as local administrator (per normal requirements) to the same Windows authentication user that is being specified in your proxy settings:

  4. Click Start > Run.

  5. Type services.msc and press Enter.

  6. Double-click VMware Update Manager service.

  7. Log in.

  8. Re-run the VMware Update Manager Update Download task.

  9. esxcfg-firewall -openport 81,tcp,out,updatemanager Note: The port 81 above in step 9 is for VirtualCenter

  10. On the vmware infrastructure client click on Plugins -> Update Manager -> Schedule Update Download

  11. Select the updates you want to download then next

  12. Set the start time about 2 minutes past current time and select the current day of the week.

  13. This will download the metadata needed.

*_Unable to enable Update Manager plug-in_ *

Products

VMware Update Manager

Details

Consider the following scenarios: The Update Manager plug-in is installed successfully. However, the plug-in client does not appear in the Installed tab of the Plugin Manager.

The Update Manager plug-in is installed successfully. However, when you enable the plug-in, the VI Client displays "The server took too long to respond" or a similar error message.

Solution: To work around the issues above, perform these steps:

Uninstall the VI Client and Update Manager Client using Windows Add/Remove Programs in the Control Panel. Manually remove the C:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\Launcher folder. Reinstall the VI Client and Update Manager Client.

The Update Manager Client should now appear in the list of installed plug-ins in the Plugin Manager window and can be enabled successfully.

Update Manager fails to scan an ESX Server for updates when using non-default Web Services HTTP port

This error occurs if the web service HTTP port in VirtualCenter is not set to the default port (the default port is 80).

Perform one of the following workarounds based on your situation.

Workaround 1

VMware Update Manager automatically opens firewall ports 9000-9100 on ESX Server 3.5 during scan or remediation. If port 80 cannot be used as the web service HTTP port, use a port in the range of 9000-9100:

Log in to the Virtual Infrastructure Client and click Administration.

Click VirtualCenter Server Management Server Configuration.

Click Web Service.

Change the HTTP port to a new value, within the 9000-9100 range.

Click OK and restart VirtualCenter Server service.

Restart the Update Manager service.

Log in to Virtual Infrastructure Client after both VirtualCenter and Update Manager services have been restarted,

Disable the Update Manager Plug-in in the Virtual Infrastructure Client and re-enable it.

Workaround 2

If port range 9000-9100 cannot be used as web service HTTP port in VirtualCenter:

Enable the custom VirtualCenter web service HTTP ports in the ESX Server's firewall by entering the following command in the service console:

esxcfg-firewall --openport ####,tcp,out,dynamicupdates

Note: #### is the custom port being used by VirtualCenter.

You can check the custom port by logging into VirtualCenter and clicking Administration Menu > VirtualCenter Management Server Configuration > Web Service.

Restart the Update Manager service.

Log off and log in to VirtualCenter using the Virtual Infrastructure Client.

Disable and re-enable the Update Manager plug-in.

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!!

Regards,

Stefan Nguyen

iGeek Systems Inc.

VMware, Citrix, Microsoft Consultant

If you found this information useful, please consider awarding points for "Correct" or "Helpful". Thanks!!! Regards, Stefan Nguyen VMware vExpert 2009 iGeek Systems Inc. VMware vExpert, VCP 3 & 4, VSP, VTSP, CCA, CCEA, CCNA, MCSA, EMCSE, EMCISA
0 Kudos
Valentini
Enthusiast
Enthusiast
‎06-07-2008 08:21 AM
Jump to solution

Thanks for all of the information, I appreciate it.

I had a second nic that was providing access for a virtual router and that was eating up a 443 port. I disabled it and was able to proceed with the reinstall.

Thank you,

0 Kudos
Valentini
Enthusiast
Enthusiast
‎06-09-2008 02:39 PM
Jump to solution

I recently discovered that update manager is not downloading patches. I discovered in one of the log files that there is a warning stating that sslverifyCertAgainstStytemStore: the remote host certificate has these problems:

  • the host name used for the connection does not match the subject name on the host certificate

Do you have an idea of what may be causing me to not be able to download / detect new patches? I can access vmware.com and shavlik.com from the virtual center server they are also trusted websites. ( not seeing current patches from june) Another thing I noticed is that the infrastructure update client is only listing 3 hosts, shouldn't is see all my hosts? How do I fix this?

0 Kudos
wtreutz
Enthusiast
Enthusiast
‎06-17-2008 12:34 AM
Jump to solution

I had install VMCS 2.5 u1 on two different Systems in different Network-configurations an see an effect compareable to Valenini. On both VCMS-Systems the VMware Update Manager Service started, the Download for the LINUX and WIN32 patches / filerepositories works fine and the Information are placed in the /Vmware Update Manager/Data/metadata Directory.

The directory hostupdate for the esx / esxi Server leaded empty and the file update_metadata.xml did not "grow"

In the LOG-Files is the following "error"-message seen:

>>[2008-06-16 19:03:47.167 'BaseLibs' 1764 warning] SSLVerifyCertAgainstSystemStore: The remote host certificate has these problems:<<

Are there Information, what does this mean???

thanks a lot

0 Kudos
wtreutz
Enthusiast
Enthusiast
‎06-17-2008 12:35 AM
Jump to solution

I had install VMCS 2.5 u1 on two different Systems in different Network-configurations an see an effect compareable to Valenini. On both VCMS-Systems the VMware Update Manager Service started, the Download for the LINUX and WIN32 patches / filerepositories works fine and the Information are placed in the /Vmware Update Manager/Data/metadata Directory.

The directory hostupdate for the esx / esxi Server leaded empty and the file update_metadata.xml did not "grow"

In the LOG-Files is the following "error"-message seen:

>>[2008-06-16 19:03:47.167 'BaseLibs' 1764 warning] SSLVerifyCertAgainstSystemStore: The remote host certificate has these problems:<<

Are there Information, what does this mean???

thanks a lot

0 Kudos
wtreutz
Enthusiast
Enthusiast
‎06-17-2008 12:36 AM
Jump to solution

I had install VMCS 2.5 u1 on two different Systems in different Network-configurations an see an effect compareable to Valenini. On both VCMS-Systems the VMware Update Manager Service started, the Download for the LINUX and WIN32 patches / filerepositories works fine and the Information are placed in the /Vmware Update Manager/Data/metadata Directory.

The directory hostupdate for the esx / esxi Server leaded empty and the file update_metadata.xml did not "grow"

In the LOG-Files is the following "error"-message seen:

>>[2008-06-16 19:03:47.167 'BaseLibs' 1764 warning] SSLVerifyCertAgainstSystemStore: The remote host certificate has these problems:<<

Are there Information, what does this mean???

thanks a lot

0 Kudos