Configuring Proxy on vCenter Server via VAMI returns error "HTTPS: Cannot connect to proxy server." while testing connection to http://vmware.com through proxy
search cancel

Configuring Proxy on vCenter Server via VAMI returns error "HTTPS: Cannot connect to proxy server." while testing connection to http://vmware.com through proxy

book

Article ID: 380932

calendar_today

Updated On: 07-01-2025

Products

VMware vCenter Server

Issue/Introduction

  • Attempting to configure proxy settings in vCenter Server using the vCenter Appliance Management Interface (VAMI), it may fail with "HTTPS: Cannot connect to proxy server."

  • /var/log/vmware/applmgmt/applmgmt.log (Prior to VC 8.0U3e):

YYYY-MM-DDTHH:MM:SS [1955902]INFO:vmware.vherd.base.proxy_utils:Testing connection to http://vmware.com through proxy
YYYY-MM-DDTHH:MM:SS [1955902]DEBUG:urllib3.connectionpool:Starting new HTTP connection (1): <Proxy IP/FQDN>:<Proxy Port>
YYYY-MM-DDTHH:MM:SS [1955902]ERROR:vmware.vherd.base.proxy_utils:Connection to proxy failed with error HTTPConnectionPool(host='<Proxy IP/FQDN>', port=<Proxy Port>): Read timed out. (read timeout=30)
YYYY-MM-DDTHH:MM:SS [1955902]DEBUG:vmware.appliance.networking.proxy.proxy_impl:ProxyPingStatus: server = http://<Proxy IP/FQDN>
 status = SERVER_UNREACHABLE
message = {'id': 'com.vmware.appliance.proxy.connect_failure', 'default_message': 'Cannot connect to proxy server.', 'args': []}

  • /var/log/vmware/applmgmt/applmgmt.log (VC 8.0 U3e and later):

YYYY-MM-DDTHH:MM:SS [819636]DEBUG:vmware.appliance.networking.proxy.proxy_impl:method=test, host={'v4': '<VC IP address>', 'v6': None}, config=Config(server='http://<Proxy IP/FQDN>', port=<Proxy port>, username='', password='', enabled=True)
YYYY-MM-DDTHH:MM:SS [819636]DEBUG:vmware.appliance.networking.proxy.proxy_impl:config: Config(server='http://<Proxy IP/FQDN>', port=<Proxy port>, username='', password='', enabled=True)
YYYY-MM-DDTHH:MM:SS [819636]INFO:vmware.appliance.networking.proxy.proxy_impl:Test hosts to test proxy on ['https://<VC IP address>']
YYYY-MM-DDTHH:MM:SS [819636]INFO:vmware.vherd.base.proxy_utils:Testing connection to https://<VC IP address> through proxy
YYYY-MM-DDTHH:MM:SS [819636]DEBUG:urllib3.connectionpool:Starting new HTTPS connection (1): <VC IP address>:443
YYYY-MM-DDTHH:MM:SS [819636]ERROR:vmware.vherd.base.proxy_utils:Connection to proxy failed with error HTTPSConnectionPool(host='<VC IP address>', port=443): Max retries exceeded with url: / (Caused by ProxyError('Cannot connect to proxy.', TimeoutError('timed out')))
YYYY-MM-DDTHH:MM:SS [819636]INFO:vmware.appliance.networking.proxy.proxy_impl:Test Host used = None
YYYY-MM-DDTHH:MM:SS [819636]DEBUG:vmware.appliance.networking.proxy.proxy_impl:ProxyPingStatus: server = http://<Proxy IP/FQDN>
 status = SERVER_UNREACHABLE
message = {'id': 'com.vmware.appliance.proxy.connect_failure', 'default_message': 'Cannot connect to proxy server.', 'args': []}

Environment

vSphere vCenter Server 8.x

Cause

In vCenter Server 8.0 Update3e build 24674346, VC uses its own IP address to test proxy. In earlier patches of vCenter server 8.0, the test was configured to use https://vmware.com 

Resolution

Broadcom is working towards a permanent fix for this issue.

In order to resolve the issue (Prior to VC 8.0U3e), proceed with the below steps:

  • Log in to the VCSA VM via SSH with root credentials.
  • Back up the proxy validation script with the below command:

    # cp -p /usr/lib/applmgmt/networking/py/vmware/appliance/networking/proxy/proxy_impl.py /usr/lib/applmgmt/networking/py/vmware/appliance/networking/proxy/proxy_impl.py.old
  • Update the proxy validation script with the below command:

    # sed -i -e 's/vmware.com/broadcom.com/g' /usr/lib/applmgmt/networking/py/vmware/appliance/networking/proxy/proxy_impl.py

  • Restart Appliance Management with the below command:

# service-control --restart applmgmt

  • Proceed to configure the proxy on VCSA
  •  

In case of vCenter Server 8.0 U3e and later, proceed with the below steps:

  • Log in to the VCSA VM via SSH with root credentials.
  • Back up the proxy validation script with the below command:

# cp -p /usr/lib/applmgmt/networking/py/vmware/appliance/networking/proxy/proxy_impl.py /usr/lib/applmgmt/networking/py/vmware/appliance/networking/proxy/proxy_impl.py.old

  • Validate the entry in the script

# sed -n 175p /usr/lib/applmgmt/networking/py/vmware/appliance/networking/proxy/proxy_impl.py

Sample Output:

# sed -n 175p /usr/lib/applmgmt/networking/py/vmware/appliance/networking/proxy/proxy_impl.py

        d = self.test(get_system_ips(), protocol, config)

  • Update the proxy validation script with the below command:

# sed -i -e '175s/get_system_ips()/"broadcom.com"/g' /usr/lib/applmgmt/networking/py/vmware/appliance/networking/proxy/proxy_impl.py

  • Restart Appliance Management with the below command:

# service-control --restart applmgmt

  • Proceed to configure the proxy on VCSA

Additional Information

Optionally, as a workaround, the user can directly update the /etc/sysconfig/proxy file by following the Option 2 steps in article How to configure Proxy Settings for vCenter Server