"HTTP Cannot connect to proxy server" when configuring a proxy in vCenter VAMI UI

Products

VMware vCenter Server

Issue/Introduction

Setting proxy via VAMI UI fails with a validation error.

Environment

vCenter 7.x
vCenter 8.x
vCenter 9.x

Cause

The proxy validation logic previously used "vmware.com" or the vCenter's IP address to connect from the vCenter via proxy to validate the proxy server. This connection is failing.

Resolution

(Refer to the URL Format Guidelines below for examples of valid formatting)

vCenter 9.x

Update /var/lib/vmware-envoy-system-proxy/config.json file with the correct settings. Leave any irrelevant PROXY entries blank. Add comma-separated entries to the NO_PROXY line as needed.

Important: Do NOT update the /etc/sysconfig/proxy file.

{
"http_proxy": {
"scheme": "<the proxy url schema>", // example: http
"host": "<the proxy url host>", // example: example.com, 123.123.123.123, subdomian.example.com
"port": <port if any else null>,
"username": "<username of the proxy credential if any else null>",
"password": "<password of the proxy credential if any else null>"
}, // if exists or null
"https_proxy": {
"scheme": "<the proxy url schema>", // example: http, https
"host": "<the proxy url host>", // example: example.com, 123.123.123.123, subdomian.example.com
"port": <port if any else null>,
"username": "<username of the proxy credential if any else null>",
"password": "<password of the proxy credential if any else null>"
}, // if exists or null,
"ftp_proxy": {
"scheme": "<the proxy url schema>", // example: ftp
"host": "<the proxy url host>", // example: example.com, 123.123.123.123, subdomian.example.com
"port": <port if any else null>,
"username": "<username of the proxy credential if any else null>",
"password": "<password of the proxy credential if any else null>"
}, // if exists or null
"no_proxy": ["<comma separated values if any else leave as is>"]
}

If copied, ensure removal of '// example' sections and white space.

Service restart is not needed.

The above must be in valid JSON format

vCenter 7.x & vCenter 8.x

Update /etc/sysconfig/proxy file with the correct settings. Leave any irrelevant PROXY entries blank. Add comma-separated entries to the NO_PROXY line as needed.

For example, to enable to use of an HTTPS_PROXY, the configuration would look like this

PROXY_ENABLED="yes"
HTTP_PROXY=""
HTTPS_PROXY="https://proxy.example.com"
FTP_PROXY=""
NO_PROXY="localhost, 127.0.0.1"

Once the file is saved and closed restart the services.

service-control --stop --all && service-control --start --all

Additional Information

URL Format Guidelines

scheme:://[url_encoded_username:url_encoded_passward@]example.com[:port]

Accepted scheme values: http , https , ftp

Items inside [] are optional.

Examples:

http://example.com , https://example.com , ftp://example.com
http://example.com:3128 , https://example.com:3128 , ftp://example.com:3128
http://proxyuser:[email protected] , https://proxyuser:[email protected] , ftp://proxyuser:[email protected]
http://proxyuser:[email protected]:3128 , https://proxyuser:[email protected]:3128 , ftp://proxyuser:[email protected]:3128

NOTE: Both the username 'proxyuser' and password 'mypass123' should be url encoded strings (e.g. if the username or password has special chars like $ or ! it will be encoded as %24 and %21 respectively)