UMDS synchronization fails with HTTP 401 Unauthorized error when Basic Authentication is enabled for the UMDS directory in an Offline Depot
search cancel

UMDS synchronization fails with HTTP 401 Unauthorized error when Basic Authentication is enabled for the UMDS directory in an Offline Depot

book

Article ID: 434716

calendar_today

Updated On:

Products

VMware SDDC Manager

Issue/Introduction

UMDS sync fails in SDDC Manager or VCF Operations.
The lcm-debug.log contains errors such as cURL Error: Authentication failure or 401 Unauthorized.

<YYYY-MM-DD>T<time>Z error vmware-downloadService[<PID>] [Originator@<PID> sub=Default] [hostUpdate20Downloader <line>] VVS download failed. Message: Error occured while downloading VVS bundle from URL: https://<offline-depot-url>/umds-patch-store/hostupdate/../vvs/vvs-consolidated-bundle.zip. Download error: HTTP Error Code: 401

Environment

VMware Cloud Foundation 9.0.x 
Using an Offline Depot for upgrade binaries, including UMDS.

Cause

UMDS does not support Basic Authentication. The official VCF documentation ("Connect to an Offline Depot for a VCF Instance") instructs customers to connect to the offline depot using Basic Authentication. If this Basic Authentication is applied to the UMDS directory within the offline depot, it blocks UMDS access and causes the 401 error.

Resolution

Update the Web Server (e.g., Apache httpd.conf) configuration to explicitly allow anonymous access to the UMDS patch store directory only. However, other component directories in the offline depot must use Basic Authentication.
See the configuration sample below based on the official documentation. Ensure that the UMDS directory explicitly uses Require all granted and does not inherit Basic Authentication:

<Directory /var/www/html/PROD/COMP>
        AuthType Basic
        AuthName "Basic Authentication"
        AuthUserFile /etc/httpd/conf/.htpasswd
        require valid-user
</Directory>
<Directory /var/www/html/PROD/metadata>
        AuthType Basic
    AuthName "Basic Authentication"
    AuthUserFile /etc/httpd/conf/.htpasswd
    require valid-user
</Directory>
<Directory "/var/www/html/PROD/COMP/Compatibility/VxrailCompatibilityData.json">
        # VxRail VVS Cookie Validation (VCF 5.0)
        <If "%{HTTP:Cookie} == 'ngssosession=ngsso-token' ">
        Require all granted
        </If>
</Directory>
<Directory /var/www/html/PROD/vsan/hcl>
        Require all granted
</Directory>
        # Those Alias statements are needed only for VCF 5.1.0.0.
        Alias /products/v1/bundles/lastupdatedtime /var/www/html/PROD/vsan/hcl/lastupdatedtime.json
        Alias /products/v1/bundles/all /var/www/html/PROD/vsan/hcl/all.json
        # Needed only if UMDS downloads are presented
<Directory /var/www/html/umds-patch-store>
        # Explicitly allow anonymous access for UMDS. Do not use Basic Authentication here.
        Require all granted     
</Directory>

Additional Information

For more details on the official setup, refer to: Set Up an Offline Depot Web Server for VMware Cloud Foundation

オフライン デポの UMDS ディレクトリに対して Basic 認証が有効になっていると、UMDS の同期が HTTP 401 Unauthorized エラーで失敗する

Powered by Wolken Software