• When attempting to download bundles (e.g., ESX, vCenter, NSX) using the SDDC Manager Lifecycle Management to prepare for a VMware Cloud Foundation (VCF) upgrade, the task fails.
  
  
• The following error is observed in the logs and SDDC Manager UI: BundleDownloadFailureException: Error [403] downloading bundle [/COMP/...] from dl.broadcom.com:443. Please retry download.
  
  
• The Repository Settings may still report "Depot Connection Active".
  
  
• vCenter downloads may also report the following error "HTTPException: 500 Internal Server Error HTTP/1.1. Please retry download."

• 9.0.1.0
• 9.x

The 403 Forbidden HTTP status code explicitly indicates an authorization failure.

The root cause is an invalid, expired, or incorrectly entitled Broadcom Download Token configured in the SDDC Manager repository settings. Specifically, the token is not associated with a Site ID that has active entitlements for the VCF product versions being downloaded, preventing access to the paid/licensed bundles.

The resolution requires generating a new, valid token from the correctly entitled Site ID and reconfiguring the SDDC Manager repository credentials.

1. Generate New Token:

   1. Log in to the Broadcom Support Portal.

   2. Identify the Site ID that holds the active entitlement for the VCF/VMware software.

   3. Generate a new download token (a long string of characters) associated with this correctly entitled Site ID.

2. Update SDDC Manager Credentials:

   1. Log in to the SDDC Manager UI as vcfuser.

   2. Navigate to Administration > Repository Settings.

   3. Click Update Credentials and paste the new download token.

   4. Click Save.

3. Verify Connection: The SDDC Manager will re-test the connection. Ensure the connection status remains active and no further errors are reported.

4. Retry Download: Navigate back to Lifecycle Management and retry the failed bundle download operation.

The "Depot Connection Active" status only verifies that the SDDC Manager can reach dl.broadcom.com:443 over the network (L3/L4 connectivity). The 403 Forbidden error verifies that the authorization phase (L7/Application Layer) failed due to invalid credentials (token).