Sync update task fails at 10%.
Full error reads "A general system error occurred: A depot is inaccessible or has invalid contents. Make sure an official depot is used and verify the connectivity to the depot"
Checking the /var/log/vmware/vmware-updatemgr/vum-server/vmware-vum-server.log show errors related to certificate validation
2024-10-24T06:17:39.295Z warning vmware-vum-server[2222127] [Originator@6876 sub=VumVapi::Lib::Utils] [EmbeddedPyServiceProvider 472] Connecting to DOWNLOAD_SOURCE/software/VUM/PRODUCTION/addon-main/vmw-depot-index.xml failed, err: curl_easy_perform() failed: cURL Error: SSL peer certificate or SSH remote key was not OK, SSL certificate problem: unable to get local issuer certificate
VMware vCenter Server 8.x
vCenter Server is configured with a proxy which has SSL Inspection enabled
When SSL inspection is enabled, Proxy uses two connection for each request.
Configure the Proxy to disable SSL Inspection for the download sources used by Life Cycle Manager. Please see the respective documentation for the proxy on configuration details.
You can use wget command on the vCenter Server Appliance shell to verify if the certificate verifiable.
Output:
wget https://DOWNLOAD_SOURCE/software/VUM/PRODUCTION/addon-main/vmw-depot-index.xml
--2024-10-23 08:17:00-- https://DOWNLOAD_SOURCE/software/VUM/PRODUCTION/addon-main/vmw-depot-index.xml
Connecting to 192.168.246.9:8080... connected.
ERROR: cannot verify hostupdate.vmware.com's certificate, issued by ‘CN=locaCA,DC=LocalDomain,DC=DOMAIN’:
Unable to locally verify the issuer's authority.
It is expected that the certificate for the download sources are issued by a trusted root CA and publicly verifiable.
Note: An example of DOWNLOAD_SOURCE is hostdupdate.vmware.com