VxRail: Unable to Deploy OVF When an HTTPS Proxy is Configured

Zusammenfassung: Unable to deploy OVF when an HTTPS proxy is configured.

Dieser Artikel gilt für Dieser Artikel gilt nicht für Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden. In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Andere Ressourcen ansehen

Symptome

Errors similar to the following are seen in /var/log/vmware/vpxd.log: 
Unrecognized SSL message, plaintext connection?, note that HTTP/s proxy is configured for the transfer
2020-09-16T14:41:59.004+02:00 info vpxd[14866] [Originator@6876 sub=Default opID=2b691553-01] [VpxLRO] -- ERROR task-1978410 -- UPSA913s-x64-VM01-noV
APP -- ResourcePool.ImportVAppLRO: vim.fault.OvfImportFailed:
--> Result:
--> (vim.fault.OvfImportFailed) {
-->  faultCause = (vmodl.fault.SystemError) {
-->   faultCause = (vmodl.MethodFault) null,
-->   faultMessage = (vmodl.LocalizableMessage) [
-->     (vmodl.LocalizableMessage) {
-->      key = "com.vmware.ovfs.ovfs-main.ovfs.transfer_failed",
-->      arg = (vmodl.KeyAnyValue) [
-->        (vmodl.KeyAnyValue) {
-->         key = "0",
-->         value = "Invalid response code: 403, note that HTTP/s proxy is configured for the transfer"
-->      message = "Transfer failed: Invalid response code: 403, note that HTTP/s proxy is configured for the transfer."
-->   reason = ""
-->   msg = "Transfer failed: Invalid response code: 403, note that HTTP/s proxy is configured for the transfer."
-->  faultMessage = <unset>

Ursache

The OVF deployment process is unable to connect to the proxy server with the error:  
Transfer failed: Invalid response code: 403, note that HTTP/s proxy is configured for the transfer.
This "Invalid response code: 403" is a response from the PROXY server indicating that the destination resource is not allowed access. 

The OVF transfer requires an HTTPS capable proxy when a proxy is in use. Ensure that the proxy is HTTPS capable or use the workarounds below to bypass the proxy.

Lösung

Caution: Changing HTTPS_PROXY to use HTTP may expose credentials in clear text on the network. Use this method only in trusted environments or when an HTTPS‑capable proxy cannot be provided.
Caution: Modifying NO_PROXY bypasses proxy filtering for the listed hosts. Ensure the listed hosts are trusted and that bypassing the proxy does not violate security policies.
Caution: Incorrect edits to /etc/sysconfig/proxy can disrupt network connectivity for the VCSA. Verify syntax carefully before saving.

Workaround 1 – Change HTTPS proxy to HTTP

When an HTTPS‑capable proxy is not available, modify the proxy definition so the VCSA uses an HTTP proxy for HTTPS traffic.

  • Edit /etc/sysconfig/proxy on the vCenter Server Appliance (VCSA).
  • Locate the HTTPS_PROXY line and replace the scheme https:// with http:// .
# Example change
HTTPS_PROXY="https://proxy.domain.tld:3128/"
# Change to
HTTPS_PROXY="http://proxy.domain.tld:3128/"
  • If the proxy’s fully‑qualified domain name (FQDN) does not resolve, use its IP address instead.
  • Restart the VCSA services to apply the change:
    • For VCSA versions prior to 7.0 U1, reboot the appliance.
    • For VCSA 7.0 U1 and later, run the service‑control command.
# Restart all VCSA services (7.0 U1+)
service-control --stop --all && service-control --start --all

Workaround 2 – Bypass the proxy for ESXi hosts

Configure the VCSA to ignore the proxy when communicating with the ESXi hosts that host the OVF.

  • Open an SSH session to the VCSA.
  • Edit /etc/sysconfig/proxy again.
  • Add each ESXi host’s FQDN or IP address to the NO_PROXY variable, separating entries with a comma and a space.
# Example addition
NO_PROXY="localhost, 127.0.0.1, ESXi-01.test.com, 10.0.0.12"
  • Save the file and restart the VCSA services as described in Workaround 1.

Verification

After applying either workaround, attempt the OVF deployment again from the Content Library or the vSphere Client. Successful deployment without the “Invalid response code: 403” error confirms the issue is resolved.

Betroffene Produkte

VxRail Appliance Family, VxRail Appliance Series, VxRail Software
Artikeleigenschaften
Artikelnummer: 000216499
Artikeltyp: Solution
Zuletzt geändert: 04 Feb. 2026
Version:  3
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.