"Host cannot download files from VMware vSphere Update Manager patch store. Check the network connectivity and firewall setup, and check esxupdate logs for details."
Article ID: 321520
Updated On:
Products
VMware vCenter Server
VMware vSphere ESXi
Issue/Introduction
Symptoms:
- The following error is observed when running "Scan for updates" or attempting to stage baseline patch for ESXi host
Host cannot download files from VMware vSphere Update Manager patch store. Check the network connectivity and firewall setup, and check esxupdate logs for details.
- On the vum-server.log on vCenter Server errors similar to below are observed:
var/log/vmware/vmware-updatemgr/vum-server/vum-server.log
'HostUpdateDepotManager' 14168 ERROR] [scanHost20, 371] result for host: esxihost1.example.local (entity: host-<id>) shows error :-----Result Begin (esxihost1.example.local)-----<esxupdate-response><version>###</version><error errorClass="MetadataDownloadError"> <errorCode>4</errorCode> <errorDesc>Failed to download metadata.</errorDesc> <url>http://###.###.###.###:9084/vum/repository/hostupdate/vmw/vmw-ESXi-###-metadata.zip</url> <localfile>None</localfile> <msg>('http://###.###.###.###:9084/vum/repository/hostupdate/vmw/vmw-ESXi-###-metadata.zip', '/tmp/tmptVJYa1', '[Errno 12] Timeout: <urlopen error timed out>')</msg></error></esxupdate-response>YYYY-MM-DDThh:mm:ss info vmware-vum-server [2568740] [Originator@6876 sub-VciScanTask. ScanTask(22}] [vciTaskBase 1496] SerializeToVimFault fault:--> (integrity.fault.HostPatchEsxFile DownloadFailure) {--> faultCause = (vmodl.MethodFault) null,--> faultMessage = <unset> --> msg =--> }--> Converted fault:--> (vim.fault.ExtendedFault) {--> faultCause = (vmodl.MethodFault) null,--> faultMessage = <unset>,--> faultTypeId = "com.vmware.vcIntegrity.HostPatchEsxFileDownloadFailure",
[YYYY-MM-DDThh:mm:ss] warning vmware-vum-server[7F1897F5D700] [Originator@6876 sub=Libs] SSL_Connect: SECURITY WARNING: Should use SSL_ConnectAndVerify instead[YYYY-MM-DDThh:mm:ss] warning vmware-vum-server[7F188936E700] [Originator@6876 sub=Libs] SSL_Connect: SECURITY WARNING: Should use SSL_ConnectAndVerify instead[YYYY-MM-DDThh:mm:ss] warning vmware-vum-server[7F188926A700] [Originator@6876 sub=Libs] SSL_Connect: SECURITY WARNING: Should use SSL_ConnectAndVerify instead- The following entries may be observed in esxupdate.log on the affected ESXi host:
var/run/log/esxupdate.log
Host cannot download files from VMware vSphere Update Manager patch store. Check the network connectivity and firewall setup, and check esxupdate logs for details.[Errno 4] IOError: <urlopen error [Errno -3] Temporary failure in name resolution>'
Environment
VMware vSphere 6.x , 7.x , 8.x
Cause
ESXi host is unable to communicate with VMware Update Manager running on vCenter Server through port 9084, 80, 443.
Resolution
Port 9084, 443 and 80 are required for VMware Update Manager. Validate the below details and if any issues found refer the related document
- Ensure the Ports 9084, 443 and 80 is open from ESXi to Update Manager Server or vCenter Server, check TCP and UDP ports required to access VMware vSphere Update Manager for more details
- Test connection for each of the ports, from ESXi putty session run the below commands to the VC
nc -z [VCSA_IP] 9084Expected response: Connection to VCSA_IP 9084 port [tcp/*] succeeded!nc -z [VCSA_IP] 443Expected response:Connection to VCSA_IP 443 port [tcp/*] succeeded!nc -z [VCSA_IP] 80Expected response:Connection to VCSA_IP 80 port [tcp/*] succeeded!
- If the above commands are not succeeded, please check the 9084, 443 and 80 port are reachable get these ports open between ESXi and vCenter/VUM.
Note: Make sure both vCenter Server and ESXi hosts have proper DNS entries and the forward lookup and reverse lookup for vCenter Server is working from the ESXi as expected using the nslookup command
Feedback
Yes
No
Powered by
