"Host cannot download files from VMware vSphere Update Manager patch store. Check the network connectivity and firewall setup, and check esxupdate logs for details."
search cancel

"Host cannot download files from VMware vSphere Update Manager patch store. Check the network connectivity and firewall setup, and check esxupdate logs for details."

book

Article ID: 321520

calendar_today

Updated On: 04-02-2025

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

Symptoms:

  • The following error is observed when running "Scan for updates":
Host cannot download files from VMware vSphere Update Manager patch store.  Check the network connectivity and firewall setup, and check esxupdate logs for details.
- VUM logs also show bellow error stack:
'HostUpdateDepotManager' 14168 ERROR]  [scanHost20, 371] result for host: esxihost2.example.local (entity: host-9895) shows error :
-----Result Begin (esxihost2.example.local)-----
<esxupdate-response>
<version>1.50</version>
<error errorClass="MetadataDownloadError">
  <errorCode>4</errorCode>
  <errorDesc>Failed to download metadata.</errorDesc>
  <url>http://###.###.###.###:9084/vum/repository/hostupdate/vmw/vmw-ESXi-6.0.0-metadata.zip</url>
  <localfile>None</localfile>
  <msg>('http://###.###.###.###:9084/vum/repository/hostupdate/vmw/vmw-ESXi-6.0.0-metadata.zip', '/tmp/tmptVJYa1', '[Errno 12] Timeout: &lt;urlopen error timed out&gt;')</msg>
</error>
</esxupdate-response>
  • The following entries may be observed in vum-server.log:
vum-server.log
[YYYY-MM-DDTHH:MM:SS] warning vmware-vum-server[7F1897F5D700] [Originator@6876 sub=Libs] SSL_Connect: SECURITY WARNING: Should use SSL_ConnectAndVerify instead
[YYYY-MM-DDTHH:MM:SS] warning vmware-vum-server[7F188936E700] [Originator@6876 sub=Libs] SSL_Connect: SECURITY WARNING: Should use SSL_ConnectAndVerify instead
[YYYY-MM-DDTHH:MM:SS] warning vmware-vum-server[7F188926A700] [Originator@6876 sub=Libs] SSL_Connect: SECURITY WARNING: Should use SSL_ConnectAndVerify instead
  • The following entries may be observed in esxupdate.log:
Host cannot download files from VMware vSphere Update Manager patch store. Check the network connectivity and firewall setup, and check esxupdate logs for details.
[Errno 4] IOError: <urlopen error [Errno -3] Temporary failure in name resolution>'



Environment

VMware vSphere 6.x
VMware vSphere 7.x
VMware vSphere 8.x

Cause

  • ESXi host is unable to communicate with VC Update Manager through port 9084, 80, 443.

Resolution

Port 9084, 443 and 80 are required for VMware Update Manager. Validate the below details and if any issues found refer the related document

  1. Ensure the Ports 9084, 443 and 80 is open from ESXi to Update Manager Server or vCenter Server.  Also check TCP and UDP ports required to access VMware vSphere Update Manager
  2. Test connection for each of the ports, from ESXi putty session run the below commands to the VC
    • nc -z [VCSA_IP] 9084
      Expected response: Connection to VCSA_IP 9084 port [tcp/*] succeeded!
    • nc -z [VCSA_IP] 443
      Expected response: Connection to VCSA_IP 443 port [tcp/*] succeeded!
    • nc -z [VCSA_IP] 80
      Expected response: Connection to VCSA_IP 80 port [tcp/*] succeeded!
  3. If the above commands are not succeeded, please check the 9084, 443 and 80 port are reachable get these ports open between ESXi and VC/VUM.

Note: Make sure the forward lookup and reverse lookup for vCenter Server is working from the ESXi as expected using the nslookup command.

Additional Information

This issue is being checked by Diagnostics for VMware Cloud Foundation.

The check is as follows:

  • Product: ESXi
  • Log File: esxupdate.log
  • Log Expression Check "Host cannot download files from VMware vSphere Update Manager patch store"
Powered by Wolken Software