Error: "Host cannot download files from VMware vSphere Update Manager patch store. Check the network connectivity and firewall setup, and check esxupdate logs for details."

search cancel

Error: "Host cannot download files from VMware vSphere Update Manager patch store. Check the network connectivity and firewall setup, and check esxupdate logs for details."

book

Article ID: 321520

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

The following error is observed when running "Scan for updates" or attempting to stage baseline patch for ESXi host

Host cannot download files from VMware vSphere Update Manager patch store.  Check the network connectivity and firewall setup, and check esxupdate logs for details.

On the vum-server.log on vCenter Server errors similar to below are observed:

var/log/vmware/vmware-updatemgr/vum-server/vum-server.log

'HostUpdateDepotManager' 14168 ERROR]  [scanHost20, 371] result for host: esxihost1.example.local (entity: host-<id>) shows error :
-----Result Begin (esxihost1.example.local)-----
<esxupdate-response>
<version>###</version>
<error errorClass="MetadataDownloadError">
  <errorCode>4</errorCode>
  <errorDesc>Failed to download metadata.</errorDesc>
  <url>http://###.###.###.###:9084/vum/repository/hostupdate/vmw/vmw-ESXi-###-metadata.zip</url>
  <localfile>None</localfile>
  <msg>('http://###.###.###.###:9084/vum/repository/hostupdate/vmw/vmw-ESXi-###-metadata.zip', '/tmp/tmptVJYa1', '[Errno 12] Timeout: &lt;urlopen error timed out&gt;')</msg>
</error>
</esxupdate-response>

YYYY-MM-DDThh:mm:ss info vmware-vum-server [2568740] [Originator@6876 sub-VciScanTask. ScanTask(22}] [vciTaskBase 1496] SerializeToVimFault fault:
--> (integrity.fault.HostPatchEsxFile DownloadFailure) {
-->     faultCause = (vmodl.MethodFault) null,
-->     faultMessage = <unset> 
-->     msg =
--> }
-->     Converted fault:
-->     (vim.fault.ExtendedFault) {
-->     faultCause = (vmodl.MethodFault) null,
-->     faultMessage = <unset>,
-->     faultTypeId = "com.vmware.vcIntegrity.HostPatchEsxFileDownloadFailure",



[YYYY-MM-DDThh:mm:ss] warning vmware-vum-server[7F1897F5D700] [Originator@6876 sub=Libs] SSL_Connect: SECURITY WARNING: Should use SSL_ConnectAndVerify instead
[YYYY-MM-DDThh:mm:ss] warning vmware-vum-server[7F188936E700] [Originator@6876 sub=Libs] SSL_Connect: SECURITY WARNING: Should use SSL_ConnectAndVerify instead
[YYYY-MM-DDThh:mm:ss] warning vmware-vum-server[7F188926A700] [Originator@6876 sub=Libs] SSL_Connect: SECURITY WARNING: Should use SSL_ConnectAndVerify instead

The following entries may be observed in esxupdate.log on the affected ESXi host:

var/run/log/esxupdate.log

Host cannot download files from VMware vSphere Update Manager patch store. Check the network connectivity and firewall setup, and check esxupdate logs for details.
[Errno 4] IOError: <urlopen error [Errno -3] Temporary failure in name resolution>'

Environment

vSphere vCenter server 8.X

vSphere vCenter server 7.X

VMware ESXi host 8.X

VMware ESXi host 7.X

Cause

ESXi host is unable to communicate with VMware Update Manager running on vCenter Server through port 9084, 80, 443.

Resolution

Port 9084, 443 and 80 are required for VMware Update Manager. Validate the below details and if any issues found refer the related document

Ensure the Ports 9084, 443 and 80 is open from ESXi to Update Manager Server or vCenter Server, check TCP and UDP ports required to access VMware vSphere Update Manager for more details
Test connection for each of the ports, from ESXi putty session run the below commands to the VC

- nc -z [VCSA_IP] 9084
  Expected response: Connection to VCSA_IP 9084 port [tcp/*] succeeded!
- nc -z [VCSA_IP] 443
  Expected response: Connection to VCSA_IP 443 port [tcp/*] succeeded!
- nc -z [VCSA_IP] 80
  Expected response: Connection to VCSA_IP 80 port [tcp/*] succeeded!
If the above commands are not succeeded, please check the 9084, 443 and 80 port are reachable get these ports open between ESXi and vCenter/VUM.

Note: Make sure both vCenter Server and ESXi hosts have proper DNS entries and the forward lookup and reverse lookup for vCenter Server is working from the ESXi as expected using the nslookup command

Additional Information

This kb is also applicable in scenarios where customer is upgrading host from SDDC manager(Dark Site) and all the updates are imported manually to SDDC-M.

Error while scanning: lcm.log:

"errorCode":"com.vmware.vcf.error.runtime.esx.update.vum.scan.error","errorDescription":"VUM Scan for ESX host failed

"upgradeStatus":"COMPLETED_WITH_FAILURE" com.vmware.vcIntegrity.HostPatchEsxFileDownloadFailure

Feedback

thumb_up Yes

thumb_down No