1 2 Previous Next 17 Replies Latest reply on May 17, 2019 4:36 AM by padduz

    VCSA 6u2 check for updates fails using internet proxy

    BigBlueMike Novice
    vExpert

      I am having this problem that if I use Check Updates -> Check URL I get the error "Download Failed." in the VMware Appliance Management Interface (VAMI)

      Internet Proxy is configured in VAMI.

       

      This problem applies to both of these versions.

      VMware vCenter Server Appliance

      6.0.0.20000 Build Number 3634791

       

      VMware vCenter Server Appliance

      6.0.0.10200 Build Number 3343022

       

      I am checking

      /var/log/vmware/applmgmt/software-packages.log

       

      and find

       

      Resolving vapp-updates.vmware.com... failed: Name or service not known.

      wget: unable to resolve host address `vapp-updates.vmware.com'

       

      Yes DNS server does not resolve internet IPs but that is no problem for vRO appliance or older vSphere Update Manager or any internet browser.

       

      Actually nothing reaches the internet proxy (logging on firewall) it appears the VCSA does not even try to contact the internet proxy.

       

      Anybody an idea what's wrong? I think DNS shouldn't have to forward to internet DNS, I mean VRO and older vSphere Update Manager can do without it as well.

        • 1. Re: VCSA 6u2 check for updates fails using internet proxy
          cxo Enthusiast

          BigBlueMike,

           

          Any update?  I too see the same symptoms.  running "netstat" form the shell confirms this, too.

          • 2. Re: VCSA 6u2 check for updates fails using internet proxy
            BigBlueMike Novice
            vExpert

            Not really. For now we have used the CD option.

             

            It appears that indeed the local DNS must resolve the internet addresses for the update through internet to work on vcsa.

            • 3. Re: VCSA 6u2 check for updates fails using internet proxy
              dhanarajramesh Expert

              can you log in and check thru below command whether proxy server ip and ports are updated properly and also can you make sure ur proxy does not need authenticate by username and password.

               

              /opt/vmware/share/vami/vami_proxy_port

              /opt/vmware/share/vami/vami_proxy_server


              if username and password is necessary to authenticate, then make sure you have added below in to  /etc/environment file


              http_proxy=http://username:password@proxyserverip:port

              • 4. Re: VCSA 6u2 check for updates fails using internet proxy
                BigBlueMike Novice
                vExpert

                I checked

                /opt/vmware/share/vami/vami_proxy_port

                /opt/vmware/share/vami/vami_proxy_server


                proxy server address and port are not there. However they are in /etc/sysconfig/proxy


                Nevertheless I update /opt/vmware/share/vami/vami_proxy_server with the proxy server address and port and rebooted. No change, same result.


                Still getting:

                Resolving vapp-updates.vmware.com... failed: Name or service not known.

                wget: unable to resolve host address `vapp-updates.vmware.com'


                • 5. Re: VCSA 6u2 check for updates fails using internet proxy
                  dhanarajramesh Expert

                  updating /opt/vmware/share/vami/vami_proxy_server will not be persistence after reboot. You have to use another VAMI command like vami_set__proxy

                  • 6. Re: VCSA 6u2 check for updates fails using internet proxy
                    BigBlueMike Novice
                    vExpert

                    Actually I had checked it, after the reboot the proxy information was still there. Nevertheless I used the command vami_set__proxy now but it didn't make any difference.

                    • 7. Re: VCSA 6u2 check for updates fails using internet proxy
                      marcelofpjunior Lurker

                      Hi,

                       

                         edit the file /etc/sysconfig/proxy and in the keys HTTPS_PROXY and FTP_PROXY add the info about you proxy server. The problem occurs because the wget command trie to get the manifest xml file in a https site and the VAMI GUI only configure the proxy for HTTP sites.

                       

                      Regards

                       

                      Marcelo

                      • 8. Re: VCSA 6u2 check for updates fails using internet proxy
                        VMgianni Lurker

                        Hi Marcelo,

                         

                        I had the same issue and this is exactly what I needed to solve it!

                         

                        Thanks

                        Regards

                         

                        Gianni

                        • 9. Re: VCSA 6u2 check for updates fails using internet proxy
                          Matlock78 Novice

                          I had same problem and cause is in proxy configuration. If you configure proxy using GUI, proxy are configured only for http.

                          In VCSA console try this command:

                          com.vmware.appliance.version1.networking.proxy.get

                           

                          If you can set proxy for https to, you can make this throw this command:

                          com.vmware.appliance.version1.networking.proxy.set --protocol https --server proxy.server --port port_number

                           

                          After this, Check update finish succesfully

                          6 people found this helpful
                          • 10. Re: VCSA 6u2 check for updates fails using internet proxy
                            Deso1ator Enthusiast
                            vExpert

                            Matlock78, thank you very much. That command fixed my issue with the appilance saying 'download failed'.

                            • 12. Re: VCSA 6u2 check for updates fails using internet proxy
                              stevespike Novice

                              Definitely worked for me.

                              I took this to the next stage using "Posh-SSH" module from GitHub - darkoperator/Posh-SSH: PowerShell Module for automating tasks on remote systems using SSH

                               

                              Use the following PowerShell code to simplify this if configuring more than 1 vCSA.

                               

                              .\Set-vCSAProxy.ps1 -Username root -Password password -ProxyProtocol https -ProxyHost proxy-fqdn -ProxyPort 80 -Appliance fqdn-of-vCSA

                               

                              Optional params are ProxyUserName and ProxyPassword for proxy authentication

                               

                               

                              # Set-vCSAProxy.ps1
                              
                              param (
                                   [Parameter(Mandatory=$true, Position=2,HelpMessage="Provide vCSA Appliance username")]
                                   [string] $Username,
                                   [Parameter(Mandatory=$true, Position=2,HelpMessage="Provide vCSA Appliance password")]
                                   $Password,
                                   [Parameter(Mandatory=$true, Position=2,HelpMessage="Provide proxy Protocol configured. Examples: HTTP, HTTPS, FTP")]
                                   [string] $ProxyProtocol,
                                   [Parameter(Mandatory=$true, Position=3,HelpMessage="Provide FQDN of proxy appliance")]
                                   [string] $ProxyHost,
                                   [Parameter(Mandatory=$true, Position=4,HelpMessage="Provide proxy port#")]
                                   [string] $ProxyPort,
                                   [Parameter(Mandatory=$true, Position=5,HelpMessage="Provide vCSA hostname")]
                                   [string] $Appliance,
                                   [Parameter(Position=6)]
                                   [string] $ProxyUserName,
                                   [Parameter(Position=7)]
                                   [string] $ProxyPassword
                              )
                              
                              
                              $Error.Clear()
                              $importfolder = $PSScriptRoot # Prod
                              Import-Module "$($importfolder)\Modules\Posh-SSH"
                              $Password = ConvertTo-SecureString -String $Password -AsPlainText -Force
                              $creds = New-Object System.Management.Automation.PSCredential -ArgumentList $Username,$Password
                              $sshCommand = "proxy.set --status enabled"
                              if ($ProxyUserName) {$sshCommand = "$($sshCommand) --protocol $($ProxyProtocol) --server $($ProxyHost) --port $($ProxyPort) --username $($ProxyUserName) --password $($ProxyPassword)"}
                              else {$sshCommand = "$($sshCommand) --protocol $($ProxyProtocol) --server $($ProxyHost) --port $($ProxyPort)"}
                              $sshSession = New-SSHSession -ComputerName $Appliance -Credential $creds -AcceptKey -ErrorAction SilentlyContinue
                              if ($sshSession.Connected) {
                                   $sshResult = (Invoke-SSHCommand -Command $sshCommand -SSHSession $sshSession).Output
                                   Write-Host -ForegroundColor Green "Connected via ssh to $($Appliance)"
                                   Write-Host -ForegroundColor Green ($sshResult | Out-String)
                              }
                              else {
                              Write-Host -ForegroundColor Yellow "Failed to connect via ssh to $($Appliance)"
                              
                              break
                              }
                              
                              • 13. Re: VCSA 6u2 check for updates fails using internet proxy
                                Giermann Lurker

                                I have the same issue - tried to set the proxy via MUI, but it did not like my port setting. Then I changed the /etc/sysconfig/proxy file and am able to use wget in the shell now for http and https.
                                But trying an update results in "Could not access https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml"...

                                 

                                So I tried the API command "com.vmware.appliance.version1.networking.proxy.set", but get the error "Unknown command":

                                 

                                Command> com.vmware.appliance.version1.networking.proxy.get

                                Unknown command: `com.vmware.appliance.version1.networking.proxy.get'

                                 

                                Command> com.vmware.appliance.version1.networking.    <Tab><Tab>

                                com.vmware.appliance.version1.networking.dns.domains.add

                                com.vmware.appliance.version1.networking.dns.domains.list

                                com.vmware.appliance.version1.networking.dns.domains.set

                                com.vmware.appliance.version1.networking.dns.hostname.get

                                com.vmware.appliance.version1.networking.dns.hostname.set

                                com.vmware.appliance.version1.networking.dns.hostname.test

                                com.vmware.appliance.version1.networking.dns.servers.add

                                com.vmware.appliance.version1.networking.dns.servers.get

                                com.vmware.appliance.version1.networking.dns.servers.set

                                com.vmware.appliance.version1.networking.dns.servers.test

                                com.vmware.appliance.version1.networking.firewall.addr.inbound.add

                                com.vmware.appliance.version1.networking.firewall.addr.inbound.delete

                                com.vmware.appliance.version1.networking.firewall.addr.inbound.list

                                com.vmware.appliance.version1.networking.interfaces.get

                                com.vmware.appliance.version1.networking.interfaces.list

                                com.vmware.appliance.version1.networking.ipv4.get

                                com.vmware.appliance.version1.networking.ipv4.list

                                com.vmware.appliance.version1.networking.ipv4.renew

                                com.vmware.appliance.version1.networking.ipv4.set

                                com.vmware.appliance.version1.networking.ipv6.get

                                com.vmware.appliance.version1.networking.ipv6.list

                                com.vmware.appliance.version1.networking.ipv6.set

                                com.vmware.appliance.version1.networking.routes.add

                                com.vmware.appliance.version1.networking.routes.delete

                                com.vmware.appliance.version1.networking.routes.list

                                com.vmware.appliance.version1.networking.routes.test

                                 

                                Command> com.vmware.appliance.version1.system.version.get

                                Version:

                                   Product: VMware vCenter Server Appliance

                                   Installtime: 2018-08-06T08:57:25 UTC

                                   Version: 6.7.0.13000

                                   Build: 9232925

                                   Releasedate: July 26, 2018

                                   Summary: Patch for VMware vCenter Server Appliance 6.7.0

                                   Type: vCenter Server with an embedded Platform Services Controller

                                 

                                What's wrong here, where are my proxy commands?

                                • 14. Re: VCSA 6u2 check for updates fails using internet proxy
                                  SuperCidal Lurker

                                  I think there is a lot of overthinking the problem here. if you read /opt/vmware/share/vami/vami_proxy_server, the variable SYSCFG_PROXY clearly points to /etc/sysconfig/proxy, which is the proxy config file.

                                   

                                  In my case I directly edited /etc/sysconfig/proxy. Setting HTTPS_PROXY, FTP_PROXY, and HTTP_PROXY (which was already set) to my proxy server address.

                                   

                                  The appliance is able to download update content now, additionally I was able to set my entire dns domain and IP supernet in NO_PROXY so the appliance will not try to run local traffic through the proxy server.

                                  1 2 Previous Next