The token update process for VCenter Lifecycle Manager Patch Setup fails with error "The download source (...) is invalid or cannot be reached now".
search cancel

The token update process for VCenter Lifecycle Manager Patch Setup fails with error "The download source (...) is invalid or cannot be reached now".

book

Article ID: 393951

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Updating the newly acquired token on the VCenter lifecycle manager patch setup fails using the manual and scripted method. Below is the sample failure error message.

Error message while updating the depot URL using the manual method:

The download source https://dl.broadcom.com/<Newly Generated Token ID>/PROD/COMP/ESX_HOST/main/vmw-depot-index.xml is invalid or cannot be reached now.
 
Error output while updating the depot URL using the scripted method: 
INFO] vCenter "VCenter-FQDN" depot URL "https://dl.broadcom.com/<Newly Generated Token ID>/PROD/COMP/ESX_HOST/addon-main/vmw-depot-index.xml" is reachable from script execution machine < Name-fqdn > (it received a HTTP/200 message)
[ERROR] https://dl.broadcom.com/<Newly Generated Token ID>/PROD/COMP/ESX_HOST/addon-main/vmw-depot-index.xml is invalid.  Please make sure your token is correct and re-try.
[INFO] vCenter "VCenter-FQDN" depot URL "https://dl.broadcom.com/<Newly Generated Token ID>/PROD/COMP/ESX_HOST/main/vmw-depot-index.xml" is reachable from script execution machine < Name-fqdn >  (it received a HTTP/200 message)
[ERROR] https://dl.broadcom.com/<Newly Generated Token ID>/PROD/COMP/ESX_HOST/main/vmw-depot-index.xml is invalid.  Please make sure your token is correct and re-try.
[INFO] vCenter "VCenter-FQDN" depot URL "https://dl.broadcom.com/<Newly Generated Token ID>/PROD/COMP/ESX_HOST/iovp-main/vmw-depot-index.xml" is reachable from script execution machine < Name-fqdn >  (it received a HTTP/200 message)
[ERROR] https://dl.broadcom.com/<Newly Generated Token ID>/PROD/COMP/ESX_HOST/iovp-main/vmw-depot-index.xml is invalid.  Please make sure your token is correct and re-try.
[INFO] vCenter "VCenter-FQDN" depot URL "https://dl.broadcom.com/<Newly Generated Token ID>/PROD/COMP/ESX_HOST/vmtools-main/vmw-depot-index.xml" is reachable from script execution machine < Name-fqdn >   (it received a HTTP/200 message)
[ERROR] https://dl.broadcom.com/<Newly Generated Token ID>/PROD/COMP/ESX_HOST/vmtools-main/vmw-depot-index.xml is invalid.  Please make sure your token is correct and re-try

Environment

  • VMware VCenter Server 6.7.x.
  • VMware VCenter Server 7.0.x.
  • VMware VCenter Server 8.0.x.

Cause

The proxy settings are missing or incorrectly configured in the vCenter Appliance Management Interface (VAMI) page.

For example, the proxy might only be offering an HTTP interface to tunnel traffic to the outside, so only an HTTP proxy was configured.

However, because the download URLs in the Lifecycle Manager configuration will be set to HTTPS, VLCM is querying HTTPS_PROXY in /etc/sysconfig/proxy when trying to access the URLs. If the option is left empty, VLCM will assume that there is no proxy requirement for HTTPS URLs and instead tries to connect directly - which fails.

Meaning, even if the proxy server is only offering an HTTP interface to tunnel traffic to the outside, it is still necessary to configure that tunnel as HTTPS_PROXY.

Resolution

Post generating the token  as per the guidelines mentioned in the KB  VCF Authenticated downloads Configuration Update Instructions

If the depot URL update fails with the error message as mentioned in the issue description. Then follow the below steps to fix the issue.

1. Log into vSphere client
2. On the vSphere Client Home page, Navigate to Lifecycle Manager.
3. Click 'settings' tab. Under 'settings' tab,
4. Go to Administration → Patch Setup. Check Depot Connectivity: Ensure the Depot Status shows as Connected. If it is not connected, proceed with the following steps to troubleshoot the connection.

 5. Check the Online Connection Status: Confirm the online connection status in vCenter is active and can reach external URLs, especially for the depot server that hosts the tokens and patches.

6. Validate Proxy Settings using Management Interface, refer  Manage vCenter Server Using the Management Interface

  • Log into the VAMI page: Go to https://<vCenter-Hostname>:5480.
  • Once logged in, check the Networking section to validate the Proxy Settings.
  • Ensure that the correct proxy server and port information is configured to allow vCenter to reach external resources.

7. Update Proxy Information (If Needed), refer to Configure the DNS, IP Address, and Proxy Settings and to How to configure Proxy Settings for vCenter Server

  • If the proxy settings are incorrect or missing, update them with the correct values.
  • Make sure that the HTTPS_PROXY option is properly configured - when you configure HTTPS URLs in Lifecycle Manager, VLCM will only use the proxy URL configured in this option.
  • If we don't have the correct proxy details, reach out to there internal network/firewall team to get the necessary proxy server settings.

8. Test Connectivity:

  • After updating the proxy, try to test connectivity again to ensure that vCenter can connect to external resources, such as the depot for patch updates.

9. Reattempt Token Update:



Additional Information

Powered by Wolken Software