Troubleshooting OVF Tool Uploads with ESXi Firewalls

In a recent blog post, William from Virtually Ghetto discussed the new pull mechanism in OVF Tool 4.4.1 that allows for directly deploying OVF/OVA files from a remote URL. I decided to try out this feature and see if it works as expected. However, I encountered some issues during my testing, which I will outline in this blog post.

Testing the OVF Tool Upload with a Local OVA File

First, I downloaded an OVA file from VMware’s website and imported it locally to verify that the OVF Tool was working correctly. The import process completed without any issues, confirming that the tool was functioning as expected.

Testing the OVF Tool Upload with a Remote OVA File

Next, I uploaded the OVA file to a web server running in my lab to test the OVF Tool’s ability to upload files from a remote URL. Unfortunately, this attempt failed, and the ESXi host gave an error message indicating that it could not find the file.

Troubleshooting the Issue with ESXi Firewalls

After some troubleshooting, I discovered that the issue was caused by the ESXi firewall blocking the upload. To resolve this, I quickly disabled the firewall on my ESXi host using the vSphere Client.

Testing with the Original URL and SSL Thumbprint

With the firewall disabled, I tried again to upload the OVA file using the original URL. This time, the upload was successful, but only after I added the SSL thumbprint for packages.vmware.com to my call. The ESXi host was able to verify the SSL certificate and complete the upload.

Conclusion

In conclusion, when using the OVF Tool with ESXi hosts, it is essential to ensure that the firewall is properly configured to allow for remote uploads. Additionally, including the SSL thumbprint in the call can help resolve any issues related to SSL verification. With these tips in mind, you should be able to successfully deploy OVF/OVA files from remote URLs using the OVF Tool 4.4.1.