SDDC Manager bundle and patch downloads fail with HTTP 403 Forbidden after transition to VCF Authenticated Tokens
search cancel

SDDC Manager bundle and patch downloads fail with HTTP 403 Forbidden after transition to VCF Authenticated Tokens

book

Article ID: 395734

calendar_today

Updated On:

Products

VMware SDDC Manager / VCF Installer

Issue/Introduction

Following the transition to VCF authenticated download tokens, bundle downloads fail across all methods, including the SDDC Manager UI, the Offline Bundle Transfer Utility (OBTU), and direct CLI tools like wget.

For downloading via SDDC Manager UI -

/var/log/vmware/vcf/lcm/lcm.log:

YYYY-MM-DDTHH:MM:SS DEBUG [vcf_lcm,############,bundleId=########-####-####-####-############] [c.v.e.s.l.b.d.depot.DepotDownloader,Scheduled-9] Getting file size for [/COMP/SDDC_MANAGER_VCF/bundles/bundle-######.tar] from  URL[https://dl.broadcom.com:443/<token>/PROD/COMP/SDDC_MANAGER_VCF/bundles/bundle-######.tar]
YYYY-MM-DDTHH:MM:SS DEBUG [vcf_lcm,############,bundleId=########-####-####-####-############] [c.v.e.s.l.b.d.depot.DepotDownloader,Scheduled-9] Got response: 403 Forbidden HTTP/1.1
YYYY-MM-DDTHH:MM:SS ERROR [vcf_lcm,############,bundleId=########-####-####-####-############] [c.v.e.s.l.b.d.depot.DepotDownloader,Scheduled-9] Error getting file size, got response: 403 Forbidden HTTP/1.1
YYYY-MM-DDTHH:MM:SS ERROR [vcf_lcm,############,bundleId=########-####-####-####-############] [c.v.e.s.l.b.d.d.DepotBundleDownloadServiceImpl,Scheduled-9] Got Http error[403] while downloading bundle [/COMP/SDDC_MANAGER_VCF/bundles/bundle-######.tar]
YYYY-MM-DDTHH:MM:SS ERROR [vcf_lcm,############] [c.v.e.s.l.s.i.BundleDownloadExceptionHandlerImpl,Scheduled-9] Bundle download failed
com.vmware.evo.sddc.lcm.model.depot.exception.BundleDownloadFailureException: Error [403] downloading bundle [/COMP/SDDC_MANAGER_VCF/bundles/bundle-######.tar] from dl.broadcom.com:443

Using wget:

root@vcf [ /home/vcf ]# wget -v -e use_proxy=no --user=USERNAME --ask-password https://dl.broadcom.com:443/<token>/PROD/COMP/SDDC_MANAGER_VCF/bundles/bundle-######.tar
Password for user 'USERNAME':
--YYYY-MM-DDTHH:MM:SS--  https://dl.broadcom.com/<token>/PROD/COMP/SDDC_MANAGER_VCF/bundles/bundle-######.tar
Resolving dl.broadcom.com... 162.159.140.167, 172.66.0.165, 2606:4700:7::a5, ...
Connecting to dl.broadcom.com|162.159.140.167|:443... connected.
HTTP request sent, awaiting response... 403 Forbidden
YYYY-MM-DDTHH:MM:SS ERROR 403: Forbidden.

Using OBTU:

Downloading bundle: bundle-######
Error getting file size, got response: 403 Forbidden HTTP/1.1
Got Http error[403] while downloading bundle [/COMP/SDDC_MANAGER_VCF/bundles/bundle-######.tar]
Error in reading the bundle in index file Error [403] downloading bundle [/COMP/SDDC_MANAGER_VCF/bundles/bundle-######.tar] from dl.broadcom.com:443
INFO   --- [           main] com.vmware.vipclient.i18n.VIPCfg         : Formatting cache created.Formatting cache created.
INFO   --- [           main] com.vmware.vipclient.i18n.VIPCfg         : Translation Cache created.Translation Cache created.
Bundle Transfer Utility Tool failed with error : Error [403] downloading bundle [/COMP/SDDC_MANAGER_VCF/bundles/bundle-######.tar] from dl.broadcom.com:443

Environment

SDDC Manager 4.x
SDDC Manager 5.x

Cause

This issue occurs when the Broadcom user account used to generate the VCF authenticated download token is not associated with a Site ID that contains active VMware Cloud Foundation (VCF) entitlements. Without the correct Site ID linkage, the generated token lacks the required permissions, resulting in an HTTP 403 Forbidden error during download attempts.

Resolution

Follow the below given steps to resolve this issue:

  1. Request that the appropriate Site ID (containing active VCF entitlements) be added to your Broadcom Support Portal profile. KB: Adding additional Broadcom Site IDs to an existing profile on the Broadcom Support Portal
  2. Once the correct Site ID and admin rights are active on your profile, log into the Broadcom Support Portal and generate a new VCF authenticated download token.
  3. Input the newly generated token into the SDDC Manager UI (or apply it to your OBTU/CLI configurations). KB: SDDC fails to download the updates from online repositories
  4. Attempt the bundle or patch download again to confirm the 403 error is resolved.

Additional Information

You might see the same 403 error, if the location has not been updated properly or the old values are not removed from the below file. Refer KB: No patches available even after downloading patch bundles

 

Powered by Wolken Software