Symptoms:
When the NO_PROXY option is set in the config file /etc/sysconfig/proxy, the python module "requests" does not use it properly. As a result, vCenter still applies proxy settings for connections where no proxy should be used. For example, downloading of depot content in Lifecycle Manager may fail during depot validation and sync, when the proxy server does not connect to the depot server or 3rd party Hardware Support Module (HSM).
Entries similar to the ones below may show up in imageservice.log:
ImageService: 35939: YYYY-MM-DD HH:MM:SS imageService:738 INFO Running command from C++: depots --validate --depot
https://hostupdate.vmware.com/software/VUM/PRODUCTION/addon-main/vmw-depot-index.xml --depot
https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml --depot
https://hostupdate.vmware.com/software/VUM/PRODUCTION/iovp-main/vmw-depot-index.xml --depot
https://hostupdate.vmware.com/software/VUM/PRODUCTION/vmtools-main/vmw-depot-index.xml
ImageService: 35939: YYYY-MM-DD HH:MM:SS imageService:346 ERROR Failed to validate depot:
('https://hostupdate.vmware.com/software/VUM/PRODUCTION/iovp-main/vmw-depot-index.xml', '', 'Could not download from depot at
https://hostupdate.vmware.com/software/VUM/PRODUCTION/iovp-main/vmw-depot-index.xml, skipping
((\'https://hostupdate.vmware.com/software/VUM/PRODUCTION/iovp-main/vmw-depot-index.xml\', \'\', "HTTPSConnectionPool(host=\'hostupdate.vmware.com\', port=443): Max retries exceeded with url: /software/VUM/PRODUCTION/iovp-main/vmw-depot-index.xml (Caused by NewConnectionError(\'<urllib3.connection.VerifiedHTTPSConnection object at 0x7f5724888ad0>: Failed to establish a new connection: [Errno 110] Connection timed out\'))"))')
VMware vSphere ESXi 7.0.x
VMware vCenter Server 7.0 Update 2
This issue has been fixed in vCenter Server 7.0 Update 2c and later versions. If you cannot patch vCenter for any reason whatsoever, please use the steps outlined in the "Workaround" section.
Should you experience something similar while vCenter is already running on 7.0 Update 2c or a newer version, please ensure that the configuration in NO_PROXY is set according to the requirements outlined in Unable to deploy OVF using vSphere Client in vCenter Server 7.0 when an HTTPS Proxy is configured (321922)
If the issue persists despite have validated this, please contact the VMware Support.
Workaround:
Download the Downloader.py available in the attachment section.
Backup the existing file /usr/lib/vmware-imagebuilder/site-packages/vmware/esximage/Downloader.py:
# cp /usr/lib/vmware-imagebuilder/site-packages/vmware/esximage/Downloader.py /usr/lib/vmware-imagebuilder/site-packages/vmware/esximage/Downloader.py.bak
Replace the original file /usr/lib/vmware-imagebuilder/site-packages/vmware/esximage/Downloader.py with the new file from this KB article.
Set the the ownership for the file to imagebuilder:cis, and verify the change:
# chown imagebuilder:cis /usr/lib/vmware-imagebuilder/site-packages/vmware/esximage/Downloader.py
# ls -l /usr/lib/vmware-imagebuilder/site-packages/vmware/esximage/Downloader.py
Restart the vSphere Lifecycle Manager service:
# service-control --restart vmware-updatemgr