I had an interesting challenge this past week. I had a development environment with a vCenter Server instance hosted on a private network. This private network connected to a corporate network connection, but had no direction connection to the Internet. My task was to configure VMware Update Manager such that it could download patches from the Internet. Sounds simple, no?
I had one of my networking colleagues configure a NAT such that the private IP address of the vCenter Server would be granted access to the corporate network. Upon doing so, I could access both corporate and Internet websites via IP address. As it turns out, VMware Update Manager requires DNS resolution in order to function properly. If you attempt to download patches without DNS resolution configuration properly, VMware Update Manager will fail with the following error message, “Metadata download failed.” I find this amusing as several VMware services including vpxa only function via IP address.
The problem I had was that the connection to the corporate network was not allowed to communicate over port 53. As such, I could not get DNS to function either through internal or Internet resolvers. This is typically not that big of a problem as DNS can be faked by updating the Windows hosts file located at C:Windowssystem32driversetchosts. The issue with this approach was I did not know the URLs necessary for VMware Update Manager to function.
Upon checking the VMware communities, I came across the following post: http://communities.vmware.com/thread/117129?tstart=50. It states that the following URLs are required:
- https://www.vmware.com/PatchManagementSystem/patchmanagement
- http://download3.vmware.com
As such, I took the hostnames from the two URLs (www.vmware.com and download3.vmware.com) and performed a nslookup to determine their IP addresses and then imported that information into the hosts file on the Windows system with VMware Update Manager (remember to only input IP address and hostname; do not input the URL). Upon doing so, patches were successfully downloaded, however the Update Signature task in vCenter Server kept failing with the error message, “Web site hosting the update signatures and update packages cannot be reached. Please test the internet connection from the client.”
Looking on the communities, I could not find much more information. On a whim, I decided to visit the URLs that people in the communities stated were required. Upon opening the first URL the browser displayed the following information:
<html><body><h1>Welcome to the {urn:patchmdsvc}PatchMgmt home page<h3><a href=’/wls_utc?wsdlUrl=http%3A%2F%2Fpchmgmt-prod-wlc-vip.vmware.com%3A7004%2FpatchMdSvc%3FWSDL’>Test page</a></h3><h3><a href=’http://pchmgmt-prod-wlc-vip.vmware.com:7004/patchMdSvc?WSDL’ >WSDL page</a></h3></body></html>
From this, I gathered that the Update Manager also appeared to be resolving http://pchmgmt-prod-wlc-vip.vmware.com. I performed a nslookup on this hostname (pchmgmt-prod-wlc-vip.vmware.com) and added the appropriate information to the hosts file on the Windows system. This time running Update Manager resulted in a successfully updated signature! Hopefully someone will find this information as helpful as I do.
© 2010, Steve Flanders. All rights reserved.