• vCenter Server Lifecycle Manager (vLCM) is failing to download the patch from the online repository as it is behind a proxy configured in the network.
• when trying to manually trigger a patch sync, it fails for all external download sources
• Additionally, when reviewing /var/run/log/lifecyle.log on ESXi, you find errors similar to the following example:

  ImageManagerCTL: 52656: YYYY-MM-DD HH:MM:SS imagemanagerctl:976 INFO Calling with arguments: depots --validate --depot https://dl.broadcom.com/<Download Token>/PROD/COMP/ESX_HOST/main/vmw-depot-index.xml --depot https://dl.broadcom.com/<Download Token>/PROD/COMP/ESX_HOST/addon-main/vmw-depot-index.xml --depot https://dl.broadcom.com/<Download Token>/PROD/COMP/ESX_HOST/iovp-main/vmw-depot-index.xml --depot https://dl.broadcom.com/<Download Token>/PROD/COMP/ESX_HOST/vmtools-main/vmw-depot-index.xml --depot /storage/updatemgr/patch-store/hostupdate/__hostupdate20-consolidated-index__.xml
  ImageManagerCTL: 52656: YYYY-MM-DD HH:MM:SS Downloader:262 INFO Opening https://dl.broadcom.com/<Download Token>/PROD/COMP/ESX_HOST/iovp-main/vmw-depot-index.xml for download
  ImageManagerCTL: 52656: YYYY-MM-DD HH:MM:SS DepotCollection:271 INFO Could not download from depot at https://dl.broadcom.com/<Download Token>/PROD/COMP/ESX_HOST/iovp-main/vmw-depot-index.xml, skipping (('https://dl.broadcom.com/<Download Token>/PROD/COMP/ESX_HOST/iovp-main/vmw-depot-index.xml', '', '<urlopen error [Errno -2] Name or service not known>'))
  ...
  Traceback (most recent call last):
  File "/usr/lib/vmware-imagebuilder/site-packages/vmware/esximage/ImageManager/DepotMgr.py", line 144, in _connect
  validate=validate)
  File "/usr/lib/vmware-imagebuilder/site-packages/vmware/esximage/DepotCollection.py", line 239, in ConnectDepots
  ignoreerror, validate)
  File "/usr/lib/vmware-imagebuilder/site-packages/vmware/esximage/DepotCollection.py", line 275, in _connectDepots
  raise err
  vmware.esximage.Errors.MetadataDownloadError: ('https://dl.broadcom.com/<Download Token>/PROD/COMP/ESX_HOST/addon-main/vmw-depot-index.xml', '', "Could not download from depot at https://dl.broadcom.com/<Download Token>/PROD/COMP/ESX_HOST/addon-main/vmw-depot-index.xml
  ImageManagerCTL: 56624: YYYY-MM-DD HH:MM:SS imagemanagerctl:244 ERROR Load data from depot failed: ([MetadataDownloadError('https://dl.broadcom.com/<Download Token>/PROD/COMP/ESX_HOST/addon-main/vmw-depot-index.xml
  ImageManagerCTL: 56624: YYYY-MM-DD HH:MM:SS imagemanagerctl:146 ERROR [DepotConnectError]

• Depot validation using the below commands fails:

  /usr/lib/vmware-updatemgr/image-manager/image-manager-ctl depots --validate --depot https://dl.broadcom.com/<Download Token>/PROD/COMP/ESX_HOST/main/vmw-depot-index.xml --depot https://dl.broadcom.com/<Download Token>/PROD/COMP/ESX_HOST/addon-main/vmw-depot-index.xml --depot https://dl.broadcom.com/<Download Token>/PROD/COMP/ESX_HOST/iovp-main/vmw-depot-index.xml --depot https://dl.broadcom.com/<Download Token>/PROD/COMP/ESX_HOST/vmtools-main/vmw-depot-index.xml --depot /storage/updatemgr/patch-store/hostupdate/__hostupdate20-consolidated-index__.xml

To solve this issue, please make sure to update the proxy configuration in /etc/sysconfig/proxy as defined in How to configure Proxy Settings for vCenter Server

Take especially care of the HTTPS_PROXY option. If the same proxy port is used for both HTTP and HTTPS traffic, you need to configure HTTPS_PROXY with an http:// URL as in the following example:

# Example: HTTP_PROXY="http://example.com:3128/"
HTTP_PROXY="http://proxy.example.com:8080"

# Example: HTTPS_PROXY="https://example.com:3128/"
HTTPS_PROXY="http://proxy.example.com:8080"

When using an FQDN (fully qualified domain name) for the proxy, please ensure that it can be resolved to an IP address. Alternatively use the proxy IP in the above URLs instead.

Once the configuration file has been properly updated,

1. if the vCenter version is below 7.0 Update 1, reboot the vCenter Server Appliance
2. for vCenter versions above 7.0 Update 1, restart the services using the following command:

   # service-control --stop --all && service-control --start --all