After upgarding VCSA to version 6.5 at one of my clients, I’ve tried to upgrade also the ESXi Hosts. I’ve made the Baselines in VUM and attached them to the hosts. So far everything went smooth. After that I’ve scanned the hosts for updates and this is the moment when the error came up: “Host cannot download files from VMware vSphere Update Manager patch store.  Check the network connectivity and firewall setup, and check esxupdate logs for details“.

Note: I’ll add some screenshots, but I’ll protect some sensible infos. Though the settings should still be understandable .

Starting with version VCSA 6.5, VUM is embedded in VCSA, so it will have the same IP address and host name as VCSA. We can check this by selecting a host in the left window, then going in the main window to Update Manager.

Step one – Check Update Manager

After that click Go to Admin View -> Manage -> Settings -> Network Connectivity and check IP address or host name for the patch store.

I can confirm that in my case it has the same FQDN as vCenter and the port is 9084. I suspect that the problem I am having is related to DNS configuration, but I would also like to check this to be sure. So let’s see how we do the checks.

Step two – Connect to ESXi Host

In order to check the problem with VUM, we’ll connect first to the ESXi host via SSH and check if ESXi can reach patch store .
Check before if SSH server is enabled on ESXi, otherwise you’ll not be able to connect.

Then connect to ESXi via SSH and issue the Netcat command (replace IP or FQDN with yours):

#nc -z 10.20.10.55 9084 
or
#nc -z patchstore.domain.com 9084

As you see, the ESXi host is able to reach the patch store through the IP address, but is unable to do it through FQDN. We can also use nslookup command to query the DNS configured on the ESXi host.

#nslookup patchstore.domain.com 

OK, now it’s obvious that the problem lies in DNS configuration. In my case, the customer did not set yet the DNS.

I read that in some cases it would be also possible to change the patch store from FQDN to IP address in this menu here. Though, for me is not working, the IP address is not appearing, I am only having the name.

Because I don’t want to wait for the DNS configuration, I’d like to do the ESXi upgrades soon, I will do a workaround in order to reach the patch store.

Step three – Edit hosts file on ESXi

So yes, as the title is saying, I will edit the hosts file on each ESXi host and I will do the mapping IP to name (FQDN) of the patch store. I’ll use vi to edit the /etc/hosts file.

Note: IP address that ends with 34 is the ESXi host, this line was already in the file. I’ve added the line with the IP that ends with 55, this is the patch store.

After that, I’ll check again if the patch store is reachable through FQDN.

Succeeded, now the patch store is reachable. I’ll return to vCenter web client and I’ll try to scan the ESXi host again.

This task completed successfully as well, meaning I can reach patch store now and I can start upgrading my ESXi hosts. That was it!

---