Firewall between ESX host and vCenter update manager

Hello Experts,

There is an firewall between some of my ESX servers and the vCenter update manager. As results I get the following error every time I run the scan from the update manager for that particular host:

Scan entity
Host cannot download files from VMware vCenter Update Manager patch store.  
Check the network connectivity and firewall setup, and check esxupdate logs for details.

Can someone please advise me the network ports I should open in order to make the update manager work.

Many Thanks,
LVL 1
muzzammilhussainAsked:
Who is Participating?
 
Seth SimmonsSr. Systems AdministratorCommented:
need to have port 8084, 9084, 9087 open
update manager itself needs 80/443 to get the updates

VMware vCenter Update Manager network port requirements
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1004543
0
 
Dawid FusekVirtualization Expert, Sr B&R, Storage SpecialistCommented:
mate,

VMware Update Manager needs ports 80, 443, 902, 8084, 9000-9100.

in most cases this firewall is a ESXi built in firewall, you can enable access between Vmware Update Manager and ESXi host on ESXi Configuration/Security Profile/Firewall/vCenter Update Manager, it should be enough if no other firewall is really installed between ESXi and vCenter Server, if there is one, just add these port to it.

regards
NTShad0w
0
 
muzzammilhussainAuthor Commented:
Thanks Seth / Dawid,

I have enabled the ports from security profile as you advised but my scan is still failing with the same error. Is there a way to check the logs and find-out more details about the failure.

Many Thanks,
0
Ultimate Tool Kit for Technology Solution Provider

Broken down into practical pointers and step-by-step instructions, the IT Service Excellence Tool Kit delivers expert advice for technology solution providers. Get your free copy now.

 
muzzammilhussainAuthor Commented:
Many Thanks
0
 
Dawid FusekVirtualization Expert, Sr B&R, Storage SpecialistCommented:
Mate,

generally you can check the logs on VMware Update Manager server, it's default on:
C:\ProgramData\VMware\Infrastructure\VMware Update Manager\Logs\vmware-vum-server-log4cpp.log

And the scan sometimes may not work because of naming resolution or "failed" installation of VMware Update Manager with stick to IP Address not a FQDN name, or problem with naming resolution (DNS, hosts files) between your pc/laptop when you run vSphere Console and Vmware Update Manager Server, sometimes also ESXi server.

I hope it work for You mate.

regards
NTShad0w
0
 
muzzammilhussainAuthor Commented:
Hello,

I did the comparison between the two ESX hosts. The once that gets the updates and the other that fails. A firewall between the failing host and the update manager was blocking 8084/9084 that has now been resolved.

Many Thanks for making sure that I got the right solution.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.