I had an interesting challenge this past week. I had a development environment with a vCenter Server instance hosted on a private network. This private network connected to a corporate network connection, but had no direction connection to the Internet. My task was to configure VMware Update Manager such that it could download patches from the Internet. Sounds simple, no?
I had one of my networking colleagues configure a NAT such that the private IP address of the vCenter Server would be granted access to the corporate network. Upon doing so, I could access both corporate and Internet websites via IP address. As it turns out, VMware Update Manager requires DNS resolution in order to function properly. If you attempt to download patches without DNS resolution configuration properly, VMware Update Manager will fail with the following error message, “Metadata download failed.” I find this amusing as several VMware services including vpxa only function via IP address.
The problem I had was that the connection to the corporate network was not allowed to communicate over port 53. As such, I could not get DNS to function either through internal or Internet resolvers. This is typically not that big of a problem as DNS can be faked by updating the Windows hosts file located at C:Windowssystem32driversetchosts. The issue with this approach was I did not know the URLs necessary for VMware Update Manager to function.