• Configuring the proxy in SDDC Manager fails with one of these messages
  • "Cannot validate proxy configuration. Proxy server didn't allow connection from VCF SDDC Manager to destination URL"
  • "Can't validate proxy configuration. Destination test URL https://depot.vmware.com returned unexpected HTTP Status. Call VMWARE Support."
  • "Can't validate proxy configuration. Proxy server was not reachable with specified host and port. Please check Proxy host, port and protocol are correct, and connectivity from VCF SDDC Manager to Proxy Server."


• This issue is observed on VCF SDDC Manager 5.2 / 5.2.1 / VCF 9.0.

VMware SDDC Manager 5.2
VMware SDDC Manager 5.2.1
VCF 9.0

This issue is caused due to recent change of authentication method in Broadcom depot dl.broadcom.com. During proxy configuration, VCF SDDC Manager try to validate proxy configuration by using it to connect to dl.broadcom.com (depot.vmware.com) and expect specific HTTP Status codes as response. Depot hosting changed this code from 401 AuthRequired for unauthenticated connection to 403 Forbidden or 404 Not found or code 500.

May see the following log messages in operationsmanager.log:

YYYY-MM-DDT20:26:23.740+0000 ERROR [vcf_om,a660a2387ec74456,6742] [c.v.e.s.e.h.LocalizableRuntimeExceptionHandler,http-nio-127.0.0.1-7300-exec-5] [I6RUEJ] PROXY_HOST_NOT_REACHABLE Proxy validation error. Status: PROXY_CONNECTION_ERROR
com.vmware.evo.sddc.common.core.error.InvalidInputException: Proxy validation error. Status: PROXY_CONNECTION_ERROR

YYYY-MM-DDT20:26:23.735+0000 INFO  [vcf_om,a660a2387ec74456,6742] [o.a.h.c.h.i.c.HttpRequestRetryExec,http-nio-127.0.0.1-7300-exec-5]
 Recoverable I/O exception (org.apache.hc.core5.http.NoHttpResponseException) caught when processing request to {tls}->http://111.22.333.444:8443->https://dl.broadcom.com:443
YYYY-MM-DDT20:26:23.738+0000 DEBUG [vcf_om,a660a2387ec74456,6742] [c.v.vcf.secure.http.ProxyValidator,http-nio-127.0.0.1-7300-exec-5]
 Error testing proxy at 111.22.333.444:8443 connecting to https://dl.broadcom.com. org.apache.hc.core5.http.NoHttpResponseException: dl.broadcom.com:443 failed to respond

YYYY-MM-DDT20:26:23.741+0000 DEBUG [vcf_om,a660a2387ec74456,6742] [c.v.e.s.e.h.LocalizableRuntimeExceptionHandler,http-nio-127.0.0.1-
7300-exec-5] Handler Error Response: {"errorCode":"PROXY_HOST_NOT_REACHABLE","arguments":["111.22.333.444","8443","HTTP",null,"https://dl.broadcom.com"],"message":"Can't validate proxy configuration. Proxy server was not reachable with specified host and port.","remediationMessage":"Please, check Proxy host, port and protocol are correct, and connectivity from VCF SDDC Manager to Proxy Server.","referenceToken":"I6RUEJ"}

SSL traffic is not allowed through the proxy, even after importing the proxy certificate to the SDDC trust stores.

1. SSH in VCF Installer/SDDC Manager appliance
2. Change to root
   
   su -
   
   
3. Edit the file /etc/vmware/vcf/operationsmanager/application.properties
   
   vi /etc/vmware/vcf/operationsmanager/application.properties
   
   
4. Add following line
   
   proxy.configuration.validation.expected.http.statuses=401,403,404,500
proxy.configuration.validation.test.url=https://dl.broadcom.com
   
   
5. Save the file and exit the editor (use Esc key + :wq!)  
6. Restart operationsmanager service
   
   systemctl restart operationsmanager
   
   
7. Try to set proxy configuration again
   
   
   

The same behavior could be observed in cloud builder proxy validation. If failure is encountered in cloud builder during bringup the following steps need to be followed:

1. Edit the cloud builder application.properties file: 
   vi /opt/vmware/bringup/webapps/bringup-app/conf/application.properties
   
   
   
2. Add following lines
   proxy.configuration.validation.expected.http.statuses=401,403,404,500
proxy.configuration.validation.test.url=https://dl.broadcom.com
   
   
3. Restart bringup service
   systemctl restart vcf-bringup