Firewall between ESX host and vCenter update manager

Hello Experts,

There is an firewall between some of my ESX servers and the vCenter update manager. As results I get the following error every time I run the scan from the update manager for that particular host:

Scan entity
Host cannot download files from VMware vCenter Update Manager patch store.  
Check the network connectivity and firewall setup, and check esxupdate logs for details.

Can someone please advise me the network ports I should open in order to make the update manager work.

Many Thanks,
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Seth SimmonsSr. Systems AdministratorCommented:
need to have port 8084, 9084, 9087 open
update manager itself needs 80/443 to get the updates

VMware vCenter Update Manager network port requirements

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dawid FusekVirtualization Expert, Sr B&R, Storage SpecialistCommented:

VMware Update Manager needs ports 80, 443, 902, 8084, 9000-9100.

in most cases this firewall is a ESXi built in firewall, you can enable access between Vmware Update Manager and ESXi host on ESXi Configuration/Security Profile/Firewall/vCenter Update Manager, it should be enough if no other firewall is really installed between ESXi and vCenter Server, if there is one, just add these port to it.

muzzammilhussainAuthor Commented:
Thanks Seth / Dawid,

I have enabled the ports from security profile as you advised but my scan is still failing with the same error. Is there a way to check the logs and find-out more details about the failure.

Many Thanks,
Big Business Goals? Which KPIs Will Help You

The most successful MSPs rely on metrics – known as key performance indicators (KPIs) – for making informed decisions that help their businesses thrive, rather than just survive. This eBook provides an overview of the most important KPIs used by top MSPs.

muzzammilhussainAuthor Commented:
Many Thanks
Dawid FusekVirtualization Expert, Sr B&R, Storage SpecialistCommented:

generally you can check the logs on VMware Update Manager server, it's default on:
C:\ProgramData\VMware\Infrastructure\VMware Update Manager\Logs\vmware-vum-server-log4cpp.log

And the scan sometimes may not work because of naming resolution or "failed" installation of VMware Update Manager with stick to IP Address not a FQDN name, or problem with naming resolution (DNS, hosts files) between your pc/laptop when you run vSphere Console and Vmware Update Manager Server, sometimes also ESXi server.

I hope it work for You mate.

muzzammilhussainAuthor Commented:

I did the comparison between the two ESX hosts. The once that gets the updates and the other that fails. A firewall between the failing host and the update manager was blocking 8084/9084 that has now been resolved.

Many Thanks for making sure that I got the right solution.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today

From novice to tech pro — start learning today.