Unable to add new Patch Token URL under lifecycle Manager in vCenter Server when proxy configured
search cancel

Unable to add new Patch Token URL under lifecycle Manager in vCenter Server when proxy configured

book

Article ID: 428366

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Adding the Token URLs (https://dl.broadcom.com/<Token_ID>/PROD/COMP/ESX_HOST/main/<patch_source>.xmlto the Lifecycle manager fails with the error message:
"The Download Source https://dl.broadcom.com/<Token_ID>/PROD/COMP/ESX_HOST/main/<patch_source>.xml is invalid or cannot be reached now"

 

 

Testing network connectivity from the vCenter Server Appliance (VCSA) to dl.broadcom.com using the curl command below:

#curl -vv https://dl.broadcom.com

show the following results :

[0-x] * Uses proxy env variable https_proxy == 'https://<proxy_IP:3128>/'
[0-0] * [HTTPS-CONNECT] created with 1 ALPNs -> 0
[0-0] * [HTTPS-CONNECT] added
[0-0] * [HTTPS-CONNECT] connect, init
[0-0] *   Trying <proxy_IP>:3128...
[0-0] * [HTTPS-CONNECT] connect -> 0, done=0
[0-0] * [HTTPS-CONNECT] adjust_pollset -> 1 socks
[0-0] * ALPN: curl offers http/1.1
[0-0] * TLSv1.3 (OUT), TLS handshake, Client hello (1):
[0-0] *  CAfile: /etc/pki/tls/certs/ca-bundle.crt
[0-0] *  CApath: none
[0-0] * [HTTPS-CONNECT] connect -> 0, done=0
[0-0] * [HTTPS-CONNECT] adjust_pollset -> 1 socks
[0-0] * TLS connect error: error:0A00010B:SSL routines::wrong version number
[0-0] * [HTTPS-CONNECT] connect, all failed

Environment

  • VMware VCenter Server 8.0.x.

Cause

Depending on the configuration of the proxy, it might be using the same port to accept both HTTP and HTTPS traffic. If this is the case, you well need to use the exact same URL for HTTPS_PROXY as is set for HTTP_PROXY, including the protocol, so both should be set as http://... 

the "TLS connect error: error:0A00010B:SSL routines::wrong version number" indicate that HTTP connection is expected instead of HTTPS.

Resolution

you well need to use the exact same URL for HTTPS_PROXY as is set for HTTP_PROXY, including the protocol, so both should be set as http://... as in the following example:

# Example: HTTP_PROXY="http://example.com:3128/"
HTTP_PROXY="http://proxy.example.com:8080"

# Example: HTTPS_PROXY="https://example.com:3128/"
HTTPS_PROXY="http://proxy.example.com:8080"

Additional Information

Note: Not all possible configuration settings are exposed via VAMI UI

if you cannot change the HTTPS settings to an HTTP URL. edit the file /etc/sysconfig/proxy directly

Reference : How to configure proxy settings for vCenter Server

Powered by Wolken Software