• When updating a vCenter Server within a VMware Cloud Foundation (VCF) environment, the SDDC Manager task fails during the VCENTER_UPGRADE_PRECHECK phase.

  Task Status Details
  Subtask: Upgrade - VCENTER vCenter_FQDN
  Reference Token: LTFOPA
  Error Message: Error (com.vmware.vapi.std.errors.error) => { messages = [LocalizableMessage { id = com.vmware.appliance.update.precheck_operation_description, defaultMessage = Run update prechecks, args = [], params = <null>, localized = <null> }], data = <null>, errorType = ERROR }

• Reviewing the LCM debug log(/var/log/vmware/vcf/lcm/lcm-debug.log) confirms the failure occurs when the SDDC Manager attempts to execute remote pre-upgrade checks on the vCenter appliance:

  Upgrade error occured: Reason is: Error (com.vmware.vapi.std.errors.error) => { messages = [LocalizableMessage (com.vmware.vapi.std.localizable_message) => { id = com.vmware.appliance.update.precheck_operation_description, defaultMessage = Run update prechecks, args = [], params = <null>, localized = <null> }], data = <null>, errorType = ERROR}
  DEBUG [vcf_lcm,...] Upgrade error occured: vCenter upgrade failed at the VCENTER_UPGRADE_PRECHECK stage.
  Caused by: com.vmware.vapi.std.errors.error: Error (com.vmware.vapi.std.errors.error) => { messages = [LocalizableMessage { id = com.vmware.appliance.update.precheck_operation_description, defaultMessage = Run update prechecks } ] }

• vCenter Appliance Management Logs (/var/log/vmware/applmgmt/applmgmt.log) The failure is typically linked to vCenter's inability to resolve the update repository or a failure in the SSL handshake with the download server:

  DEBUG:vmware.appliance.update.update_functions:Running /usr/bin/wget ... https://vapp-updates.vmware.com/vai-catalog/valm/vmw/...
  DEBUG:vmware.appliance.update.update_functions:runCommandAndCheckResult failed: '--YYYY-MM-DDTHH:MM:SS--  https://vapp-updates.vmware.com/vai-catalog/valm/vmw/...
  Resolving vapp-updates.vmware.com... failed: Name or service not known.
  wget: unable to resolve host address ‘vapp-updates.vmware.com’

VMware vCenter Server

VMware Cloud Foundation

The failure occurs because the vCenter Appliance Management (applmgmt) service attempts to reach the legacy VMware update repository (vapp-updates.vmware.com) to execute internal update prechecks. This repository has been migrated to the Broadcom endpoint (dl.broadcom.com). The inability to resolve the legacy hostname prevents the precheck from downloading the required manifest files.

To resolve the precheck failure, ensure the vCenter can reach the Broadcom update repository by following steps mentioned below:

1. Access the vCenter Server Appliance Management Interface (VAMI) via a web browser at https://<vCenter_FQDN_or_IP>:5480 as the root user.

2. Navigate to the Update section and select Settings.

3. Modify the repository URL to use the Broadcom authenticated URL following KB: vCenter update fails

4. On the network firewall and perimeter security appliances routing outbound vCenter traffic, configure a stateful allow rule for <vCenter_IP_Address> to dl.broadcom.com over TCP 443, and simultaneously implement an explicit SSL inspection bypass (do-not-decrypt) for this destination to prevent the TLS "Server Hello" from being blocked or modified during the repository handshake.

5. Establish an SSH session to the affected vCenter Server Appliance as the root user and execute openssl s_client -connect dl.broadcom.com:443 to validate repository reachability, ensuring the output indicates a CONNECTED state with a valid certificate chain and no self-signed proxy interception warnings.

6. Once connectivity is restored and validated, return to the SDDC Manager UI and navigate to Inventory > Workload Domains, select the target Workload Domain, click the Updates/Patches tab, locate the target vCenter Server update bundle, and select Update Now to initiate a new update task