Remediate ESXi Hosts Via vSphere Update Manager Not Working

After upgrading VMware vCenter Server to version 6.7 U2c I ran into a problem with vSphere Update Manager (VUM) when trying to both Check Compliance and Remediate ESXi hosts.

After clicking the CHECK COMPLIANCE shown in the above figure I got error:

“VMware vSphere Update Manager had an unknown error. Check the events and log files for details”

The vSphere Web Client UI logs and events didn’t help but the vCenter Server Appliance, VCSA, log file vmware-vum-server-7.log which you can find in directory “/storage/log/vmware/vmware-updatemgr/vum-server/” provided some good info. And yes /var/log/vmware/vmware-updatemgr/vum-server/ will get you to same directory since /var/log/vmware is a link to /storage/log/vmware. However the log file said:

2019-XX-YYT09:46:15.755+02:00 warning vmware-vum-server[06521] [Originator@6876 sub=Default] Failed to connect socket; <io_obj p:0x00007f6f64015140, h:21, <TCP ‘ : 37720′>, <TCP ‘ : 80′>>, e: 110(Connection timed out) is the vCenter Server and is the ESXi host being checked for compliance. This means the vCenter Server tries to connect to the ESXi host on port 80. That was not the case before vCenter Server was upgraded to 6.7 U2 since both the physical firewall was blocking port 80 from the vCenter Server network and the ESXi hosts didn’t allow connections on port 80.

Opening up the physical firewall port 80 and doing the same for the ESXi hosts via the vSphere Client UI according to the below two figures solved the problem.

  1. Click the ESXi host -> Configure -> Firewall -> Edit
  2. Find “vSphere Web Access” and click the check box plus Ok

Now VUM works like a charm.