VxRail: Unable to Deploy OVF When an HTTPS Proxy is Configured

Summary: Unable to deploy OVF when an HTTPS proxy is configured.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Errors similar to the following are seen in /var/log/vmware/vpxd.log: 
Unrecognized SSL message, plaintext connection?, note that HTTP/s proxy is configured for the transfer
2020-09-16T14:41:59.004+02:00 info vpxd[14866] [Originator@6876 sub=Default opID=2b691553-01] [VpxLRO] -- ERROR task-1978410 -- UPSA913s-x64-VM01-noV
APP -- ResourcePool.ImportVAppLRO: vim.fault.OvfImportFailed:
--> Result:
--> (vim.fault.OvfImportFailed) {
-->  faultCause = (vmodl.fault.SystemError) {
-->   faultCause = (vmodl.MethodFault) null,
-->   faultMessage = (vmodl.LocalizableMessage) [
-->     (vmodl.LocalizableMessage) {
-->      key = "com.vmware.ovfs.ovfs-main.ovfs.transfer_failed",
-->      arg = (vmodl.KeyAnyValue) [
-->        (vmodl.KeyAnyValue) {
-->         key = "0",
-->         value = "Invalid response code: 403, note that HTTP/s proxy is configured for the transfer"
-->      message = "Transfer failed: Invalid response code: 403, note that HTTP/s proxy is configured for the transfer."
-->   reason = ""
-->   msg = "Transfer failed: Invalid response code: 403, note that HTTP/s proxy is configured for the transfer."
-->  faultMessage = <unset>

Cause

The OVF deployment process is unable to connect to the proxy server with the error:  
Transfer failed: Invalid response code: 403, note that HTTP/s proxy is configured for the transfer.
This "Invalid response code: 403" is a response from the PROXY server indicating that the destination resource is not allowed access. 

The OVF transfer requires an HTTPS capable proxy when a proxy is in use. Ensure that the proxy is HTTPS capable or use the workarounds below to bypass the proxy.

Resolution

  1. Work around this issue by using one of the two methods below. The following is case-sensitive:
  • Modify the HTTPS PROXY configuration to use HTTP:
  1. Modify the /etc/sysconfig/proxy file. Change the HTTPS_PROXY line to update the value from https to http:
From:
HTTPS_PROXY="https://proxy.domain.tld:3128/"

To:
HTTPS_PROXY="http://proxy.domain.tld:3128/"
  1. If the FQDN of the proxy server does not work, alternatively use its IP address.
  2. Reboot the VCSA if you are on a version prior to 7.0 U1. Otherwise, Restart services with the command:
# service-control --stop --all && service-control --start --all
  • Add the hosts to the NO_PROXY config to bypass the proxy:
  1. Use an SSH session to Connect to the vCenter Server.
  2. Modify the /etc/sysconfig/proxy file. Add the ESXi host FQDNs or IPs to the following line, separated by a comma followed by a space character. For Example:
NO_PROXY="localhost, 127.0.0.1, ESXi-01.test.com"
  1. Attempt the OVF deployment from the content library and the vSphere Client.

Affected Products

VMWare Cloud on Dell EMC VxRail E560F, VMWare Cloud on Dell EMC VxRail E560N, VxRail Appliance Family, VxRail Appliance Series, VxRail G Series Nodes, VxRail D Series Nodes, VxRail E Series Nodes, VxRail P Series Nodes, VxRail S Series Nodes , VxRail Software ...

Products

XC Core Systems, XC Series Appliances, VxRail V Series Nodes, VxRail VD Series Nodes
Article Properties
Article Number: 000216499
Article Type: Solution
Last Modified: 19 Aug 2023
Version:  2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.