[Guide] vSphere Lifecycle Manager and HPE OneView for vCenter - Troubleshooting

calendar Nov 20, 2024 · 3 min read · vSphere HPE OneView  ·
Share on: linkedin copy

vSphere Lifecycle Manager (vLCM)

Some Guidance when troubleshooting Issues with vSphere Lifecycle Manager and HPE OneView for vCenter as a HSM (Hardware Support Manager).

Log Files

The General Log File for vLCM is here:

Log File: /var/log/vmware/vmware-updatemgr/vum-server/vmware-vum-server.log

To see error from this log file

1cat /var/log/vmware/vmware-updatemgr/vum-server/vmware-vum-server.log | grep "error"

3rd Party Depots and their the vCenter Access to those depot is logged in the following file:

1cat /var/log/vmware/envoy/envoy-access.log | grep "hpe"

Common Errors

Cannot sync software depots

To verify that the online depot registration was successful, navigate to Menu > Lifecycle Manager > Settings > Administration > Patch Setup. The values in the Enabled and Connectivity Status columns should be Yes and Connected respectively. If the Connectivity Status is Not Connected, verify the proper settings for the vCenter proxy configuration and perform a manual sync of the updates.

Also get the log file:

1cat /var/log/vmware/vmware-updatemgr/vum-server/vmware-vum-server.log

If you see this error "A depot is inaccessible or has invalid contents. Make sure an official depot source is used and verify connection to the depot"

 1-->     "error_type": "ERROR",
 2-->     "messages": [
 3-->         {
 4-->             "args": [],
 5-->             "default_message": "A depot is inaccessible or has invalid contents. Make sure an official depot source is used and verify connection to the depot.",
 6-->             "id": "com.vmware.vcIntegrity.lifecycle.depotContent.ValidationError"
 7-->         }
 8-->     ]
 9--> }"
10--> }

Check if you can access VMware Online Depots, from vCenter run:

1 curl -vvv https://hostupdate.vmware.com

You should see a DigiCert Certificate printed:

1*  issuer: C=US; O=DigiCert Inc; CN=DigiCert TLS RSA SHA256 2020 CA1

If not, check with your Firewall Team if they do TLS Intercepts.

Check also the connection to the OneView Depot

1 curl -vvv https://oneviewforvcenter.domain.example
2 curl -vvv https://oneviewforvcenter.domain.example:3512

Also check your connected depots. Maybe there is a old depot still configured.

Running behind a HTTP(S) Forward Proxy

If your Infrastructure needs a forward proxy to access the internet, the following must be done at the vCenter Level.

  • vCenter will connect to the Internet (hostupdate.vmware.com) for ESXi updates
  • vCenter wil connect to the HPE OneView for vCenter Depots for all Firmware stuff (SPP)

So we need to set the HPE OneView in the NO_Proxy settings of the vCenter:

1 vi /etc/sysconfig/proxy

1# Example: NO_PROXY="internal.domain, internal-subnet , localhost"
2NO_PROXY="localhost, 127.0.0.1, oneviewforvcenter.domain.example, IP of the HPE-OneView"

HPE OneView for vCenter with named Certificates

Check

1cat /var/log/vmware/envoy/envoy-access.log | grep "hpe"

If you see some SSL Errors like:

1failed: cURL Error: SSL peer certificate or SSH remote key was not OK, SSL certificate problem: certificate has expired

Verify if the required certs for HPE OneView for vCenter are valid.

Further Troubleshooting Information