You are unable to download VIBs if vCenter Server is using a custom port for the reverse proxy.

If you configure vCenter Server reverse proxy to use a custom port, the VIB downloads fail.

If vCenter Server is using a custom port for the reverse proxy, the custom port is not automatically enabled in the ESXi firewall and the VIB downloads fail.

1

Open an SSH connection to the host and log in as root.

2

(Optional) List the existing firewall rules.

esxcli network firewall ruleset list
3

(Optional) Back up the /etc/vmware/firewall/service.xml file.

cp /etc/vmware/firewall/service.xml /etc/vmware/firewall/service.xml.bak
4

Edit the access permissions of the service.xml file to allow writes by running the chmod command.

To allow writes, run chmod 644/etc/vmware/firewall/service.xml.

To toggle the sticky bit flag, run chmod +t /etc/vmware/firewall/service.xml.

5

Open the service.xml file in a text editor.

6

Add a new rule to the service.xml file that enables the custom port for the vCenter Server reverse proxy .

<service id='id_value'>
   <id>vcenterrhttpproxy</id>
   <rule id='0000'>
     <direction>outbound</direction>
     <protocol>tcp</protocol>
     <port type='dst'>custom_reverse_proxy_port</port>
   </rule>
   <enabled>true</enabled>
   <required>false</required>
</service>

Where id_value must be a unique value, for example, if the last listed service in the service.xml file has ID 0040, you must enter id number 0041.

7

Revert the access permissions of the service.xml file to the default read-only setting.

chmod 444 /etc/vmware/firewall/service.xml
8

Refresh the firewall rules for the changes to take effect.

esxcli network firewall refresh
9

(Optional) List the updated rule set to confirm the change.

 esxcli network firewall ruleset list
10

(Optional) If you want the firewall configuration to persist after a reboot of the ESXi host, copy the service.xml onto persistent storage and modify the local.sh file.

a

Copy the modified service.xml file onto persistent storage, for example /store/, or onto a VMFS volume, for example /vmfs/volumes/volume/.

cp /etc/vmware/firewall/service.xml location_of_xml_file

You can store a VMFS volume in a single location and copy it to multiple hosts.

b

Add the service.xml file information to the local.sh file on the host.

cp location_of_xml_file /etc/vmware/firewall
esxcli network firewall refresh

Wherelocation_of_xml_file is the location to which the file was copied.