vCenter VAMI fails to download patches with a proxy configuration
search cancel

vCenter VAMI fails to download patches with a proxy configuration

book

Article ID: 433904

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

  • Configured to use an https proxy.

  • Error connecting with openssl:
    openssl s_client -connect dl.broadcom.com:443
    C07190E0A97F0000:error:8000006F:system library: BIO_connect:Connection refused: crypto/bio/bio_sock2.c:114:calling connect()

  • Proxy tunnels HTTPS through HTTP.

Environment

vCenter 8.x

Cause

Depending on the configuration of the proxy, it might be using the same port to accept both HTTP and HTTPS traffic.

If this is the case, use the exact same URL for HTTPS_PROXY as is set for HTTP_PROXY, including the protocol.

Both HTTP and HTTPS should be set as http://... as in the following example:

# Example: HTTP_PROXY="http://example.com:3128/"
HTTP_PROXY="http://proxy.example.com:8080"

# Example: HTTPS_PROXY="https://example.com:3128/"
HTTPS_PROXY="http://proxy.example.com:8080"

Resolution

  • Configure vCenter's VAMI HTTPS proxy to use the HTTP url and port.

    Note, check with the local proxy admin to confirm settings, url and ports.

  • Browse to the VAMI:

    https://myvcenter.example.com:5480

    Networking > Proxy Settings

Additional Information

  • Lifecycle Manager fails with "The download source dl.broadcom.com is invalid or cannot be reached now." due to ssl interception. This can happen if there is a transparent proxy performing SSL Interception for outgoing HTTPS traffic. The certificate is being replaced by one that is signed by a Certificate Authority that is not trusted by the appliance.

  • This is how to configure proxy settings for vCenter Server to allow communication through a proxy server.

  • vCenter Lifecycle Manager uses proxy settings from vCenter Server appliance VAMI proxy configuration.
Powered by Wolken Software