Setup:
vCSA 6.5 with embedded VUM
Intro:
At one of my customers, I had a weird problem that one of the hosts couldn’t updated through VUM. Time to investigate.
Error:
“Host cannot download files from VMware vSphere Update Manager patch store. Check the network connectivity and firewall setup, and check esxupdate logs for details.”
When you look closer in the logfiles, you will see somewhere around the line that the host cannot connect to the VUM repository, or that it fails to download metadata. In vCenter 6.5, VUM is by default installed on the vCSA, but if you don’t know for sure, go check out the Update Manager page in “Admin View”. There you will see the settings under network settings.
So first thing first, you should check if your host can reach the destination of the patch store. This can be by IP or DNS name. The default port is 9084 that the ESXi hosts use to connect towards the patch store. If your firewall is blocking that port on DNS or IP level, then that is most probably your problem. You should therefor check your firewall if you see some packages that are being denied by the host. If however, you do not have access to the firewall, you can still verify from an ESXi host standpoint, if it can reach the destination.
Turn on SSH & Bash Shell and login to your host.
Then execute the following command:
nc -z (ip/DNS) (port)
Ex: nc -z 192.168.10.5 9084
Ex2: nc -z vCenter.company 9084
In the example you’ll see how I try to connect the VUM repository. The first time through DNS which fails. Second time through IP address which succeeds, and a third time again with DNS but this time on a different host which also succeeds.
Since this was a customer environment I had to blur a lot of stuff but it should still be readable.
So my conclusion was that my host couldn’t reach the repository through dns, but it could through IP. This could be solved by allowing the port number on the firewall, but since I wanted to quickly update the hosts, I simply changed the settings within VUM. This can be done in the admin page as well and it is really simple. At “Update Manager patch store used by the ESXi host” Just simply click on “Edit”. Then you can select
Then you can select if you want the repository be reached by IP or DNS. Changing the port can ofcourse also help if you’re firewall allows it.
After that, you need to restart the VUM service.
In 6.5 this can be done under: Home –> Administration –> System Configuration 
Then go to services and right click on VMware vSphere Update Manager and restart the service.
That’s it. Your host will now connect to the VUM repository through IP or DNS depending on your change.
Samir is the author of vSAM.Pro & a Life enthusiast who works as a consultant in the field of IT. With a great passion for Tech & Personal Development, he loves to help people with their problems, but also inspire them with a positive outlook on life.
Besides that, he is also a big Sport & Music junky that loves to spend a big chunk of his time on producing music or physically stretching himself.
Thank you Samir, worked great!!
For VCSA 6.7 I didn’t have to restart VUM.
Hey Greg,
Thank you for letting me know, and great that the article helped.
Have a great day.
Best Regards,
Samir