RDU fails with "Failed to load repository manifest data" error due to vCenter Server proxy configuration
search cancel

RDU fails with "Failed to load repository manifest data" error due to vCenter Server proxy configuration

book

Article ID: 418332

calendar_today

Updated On:

Products

VMware vCenter Server 8.0

Issue/Introduction

When performing a Reduced Downtime Upgrade (RDU) on vCenter Server, the process fails at the "Plugin Upgrade" step. The error message "Failed to load repository manifest data for the configured upgrade" is displayed.

An environment where vCenter Server is configured to use a proxy for external access

Environment

VMware vCenter Server 8.0

 

Cause

When a proxy is configured on vCenter Server, the RDU process incorrectly routes internal communication (requests to the vCenter Server itself for manifest files) through the external proxy.

This internal traffic passing through the proxy causes an SSL/TLS communication issue (e.g., OpenSSL/3.0.14: error: 04000108:SSL routines::wrong version number). This results in the manifest file download failing (e.g., exit status 35), which stops the upgrade process.

YYYY-MM-DDTHH:MM:SS error vlcm [exec/exec.go:115] [opID=7aeb486a-ef81-4962-973d-1846d0a7f942-1f8b] Run command [/usr/bin/curl --capath /etc/ssl/certs -L -C - --retry 0 --verbose --fail -w vlcm_http_code: %{http_code}n --connect-timeout 15 --proxy <proxy_ip>:<proxy_port> --noproxy , localhost, 127.0.0.1 --tlsv1.2 --tls-max 1.3 --tls13-ciphers TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 --ciphers ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES1
28-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES128-GCM-SHA256:AES256-GCM-SHA384:AES128-GCM-SHA256:ECDHE-RSA-AES256-SHA:ECDHE-RSA-AES128-SHA:ECDHE-ECDSA-AES256-SHA:ECDHE-ECDSA-AES128-SHA:AES256-SHA:AES128-SHA:TLS_AES_256_GCM_SHA384:TLS_AES_128_GCM_SHA256 --curves prime256v1:secp384r1:secp521r1 -o /tmp/custom-repo-updates-<ID>/rpm-manifest.json https://<vCenter_FQDN>:443/lcm-ui/repos/patcher_repo/p
ackage-pool/rpm-manifest.json] failed (duration: 57ms)
YYYY-MM-DDTHH:MM:SS error vlcm [logger/multiline.go:17] [opID=7aeb486a-ef81-4962-973d-1846d0a7f942-1f8b] curl failed
YYYY-MM-DDTHH:MM:SS error vlcm [logger/multiline.go:43] [opID=7aeb486a-ef81-4962-973d-1846d0a7f942-1f8b] ERR:001 exit status 35
YYYY-MM-DDTHH:MM:SS error vlcm [logger/multiline.go:51] [opID=7aeb486a-ef81-4962-973d-1846d0a7f942-1f8b] ERR:002-
YYYY-MM-DDTHH:MM:SS error vlcm [logger/multiline.go:43] [opID=7aeb486a-ef81-4962-973d-1846d0a7f942-1f8b] OUT:001 % Total % Received % Xferd Average Speed Time Time Time Current
YYYY-MM-DDTHH:MM:SS error vlcm [logger/multiline.go:43] [opID=7aeb486a-ef81-4962-973d-1846d0a7f942-1f8b] OUT:002 Dload Upload Total Spent Left Speed
YYYY-MM-DDTHH:MM:SS error vlcm [logger/multiline.go:43] [opID=7aeb486a-ef81-4962-973d-1846d0a7f942-1f8b] OUT:003 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0* Trying <proxy_ip>:<proxy_port>...
YYYY-MM-DDTHH:MM:SS error vlcm [logger/multiline.go:43] [opID=7aeb486a-ef81-4962-973d-1846d0a7f942-1f8b] OUT:004 * Connected to <proxy_ip> (<proxy_ip>) port <proxy_port>
YYYY-MM-DDTHH:MM:SS error vlcm [logger/multiline.go:43] [opID=7aeb486a-ef81-4962-973d-1846d0a7f942-1f8b] OUT:005 * ALPN: curl offers http/1.1
YYYY-MM-DDTHH:MM:SS error vlcm [logger/multiline.go:43] [opID=7aeb486a-ef81-4962-973d-1846d0a7f942-1f8b] OUT:006 * TLSv1.3 (OUT), TLS handshake, Client hello (1):
YYYY-MM-DDTHH:MM:SS error vlcm [logger/multiline.go:43] [opID=7aeb486a-ef81-4962-973d-1846d0a7f942-1f8b] OUT:007 * CAfile: /etc/pki/tls/certs/ca-bundle.crt
YYYY-MM-DDTHH:MM:SS error vlcm [logger/multiline.go:43] [opID=7aeb486a-ef81-4962-973d-1846d0a7f942-1f8b] OUT:008 * CApath: /etc/ssl/certs
YYYY-MM-DDTHH:MM:SS error vlcm [logger/multiline.go:43] [opID=7aeb486a-ef81-4962-973d-1846d0a7f942-1f8b] OUT:009 * OpenSSL/3.0.14: error:0A00010B:SSL routines::wrong version number
YYYY-MM-DDTHH:MM:SS error vlcm [logger/multiline.go:43] [opID=7aeb486a-ef81-4962-973d-1846d0a7f942-1f8b] OUT:010 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0
YYYY-MM-DDTHH:MM:SS error vlcm [logger/multiline.go:43] [opID=7aeb486a-ef81-4962-973d-1846d0a7f942-1f8b] OUT:011 * Closing connection
YYYY-MM-DDTHH:MM:SS error vlcm [logger/multiline.go:43] [opID=7aeb486a-ef81-4962-973d-1846d0a7f942-1f8b] OUT:012 curl: (35) OpenSSL/3.0.14: error:0A00010B:SSL routines::wrong version number
YYYY-MM-DDTHH:MM:SS error vlcm [logger/multiline.go:43] [opID=7aeb486a-ef81-4962-973d-1846d0a7f942-1f8b] OUT:013 vlcm_http_code: 000
YYYY-MM-DDTHH:MM:SS error vlcm [logger/multiline.go:51] [opID=7aeb486a-ef81-4962-973d-1846d0a7f942-1f8b] OUT:014-
YYYY-MM-DDTHH:MM:SS info vlcm [retry/retry.go:128] [opID=7aeb486a-ef81-4962-973d-1846d0a7f942-1f8b] retry: failed, limit 5 reached
YYYY-MM-DDTHH:MM:SS error vlcm [upgraderepo/downloadfile.go:77] [opID=7aeb486a-ef81-4962-973d-1846d0a7f942-1f8b] Download file [https://<vCenter_FQDN>:443/lcm-ui/repos/patcher_repo/package-pool/rpm-manifest.json] failed: download: exit status 35
YYYY-MM-DDTHH:MM:SS error vlcm [upgraderepo/downloadmanifest.go:35] [opID=7aeb486a-ef81-4962-973d-1846d0a7f942-1f8b] Download manifest [https://<vCenter_FQDN>:443/lcm-ui/repos/patcher_repo/package-pool/rpm-manifest.json] failed: download: exit status 35

Resolution

  1. Temporarily disable or remove the proxy configuration from the vCenter Server, typically via the VAMI (Virtual Appliance Management Interface) or console.

  2. Initiate the Reduced Downtime Upgrade (RDU) again.

  3. Once the RDU has completed successfully, re-enable the proxy settings that were previously removed.

Additional Information

Japanese version: vCenter Server のプロキシ設定が原因で RDU が Failed to load repository manifest data エラーで失敗する

In log files, such as vlcm.log, you may find curl commands attempting to access the vCenter Server's own FQDN (e.g., https://<vCenter_FQDN>:443/.../rpm-manifest.json) but being routed to the configured proxy (e.g., <proxy_ip>:<proxy_port>) and failing.

Powered by Wolken Software