WilliamLam.com

  • About
    • About
    • Privacy
  • VMware Cloud Foundation
  • VKS
  • Homelab
    • Resources
    • Nested Virtualization
  • VMware Nostalgia
  • Apple
You are here: Home / Automation / Quick Tip - Validating Broadcom Download Token 

Quick Tip - Validating Broadcom Download Token 

05.01.2025 by William Lam // 12 Comments

As of last month, customers must generate a new download token from the Broadcom Support Portal (BSP) for in-product downloads of VMware software binaries (e.g. updates, security patches using SDDC Manager, vCenter Server, ESXi, etc.). The Broadcom download token must then be appended after the new product download base URI (e.g. https://dl.broadcom.com/TOKEN/...) and this will ensure you will be able to continue to download updates directly or indirectly (via network proxy) from within the products.

UPDATE (05/02/2025) - A new Broadcom KB (395322) has also just been published with additional endpoints for troubleshooting download tokens.

Note: For customers that have setup or are using an offline method to retrieve updates, there are no changes in your workflow, this is only for those pulling software update directly from Broadcom.

A Broadcom download token is scoped to a SiteID and depending on your organization you may have one or more SiteIDs and users can generate a unique download token for each SiteID. It is important to understand that a download token itself does not contain an expiration, while you can revoke an existing token, its validity is based on whether a given SiteID has an active entitlement for the particular VMware SKU that you are attempting to download.

Each time a download request is made, the BSP backend will validate whether the token for a given SiteID has an active entitlement for the product download, if it does the download will be allowed and if not, it will fail.

An organization can create as many download tokens as needed and one question that quickly came up was how can you validate a token is still functional, without directly going into the product to test? In fact, I had the same question and knowing that most of the product repos have some sort of metadata file that we can test for connectivity, I figured this would be the quickest way to validate a download token.

Here are three different endpoints in which you can test the validity of a download token:

  • SDDC Manager (VCF):
    • https://dl.broadcom.com/${TOKEN}/PROD/COMP/SDDC_MANAGER_VCF/index.v3
  • vCenter Server:
    • https://dl.broadcom.com/${TOKEN}/PROD/COMP/VCENTER/vmw/8d167796-34d5-4899-be0a-6daade4005a3/8.0.3.00000/manifest/manifest-latest.xml
  • ESXi:
    • https://dl.broadcom.com/${TOKEN}/PROD/COMP/ESX_HOST/main/vmw-depot-index.xml

Here is an example using either cURL or PowerShell to validate the token against an SDDC Manager endpoint:

TOKEN="FILL_ME"
curl https://dl.broadcom.com/${TOKEN}/PROD/COMP/SDDC_MANAGER_VCF/index.v3
$TOKEN="FILL_ME"
Invoke-WebRequest -URI "https://dl.broadcom.com/${TOKEN}/PROD/COMP/SDDC_MANAGER_VCF/index.v3"

Here is an example using either cURL or PowerShell to validate the token against an vCenter Server endpoint:

TOKEN="FILL_ME"
curl https://dl.broadcom.com/${TOKEN}/PROD/COMP/VCENTER/vmw/8d167796-34d5-4899-be0a-6daade4005a3/8.0.3.00000/manifest/manifest-latest.xml
$TOKEN="FILL_ME"
Invoke-WebRequest -URI "https://dl.broadcom.com/${TOKEN}/PROD/COMP/VCENTER/vmw/8d167796-34d5-4899-be0a-6daade4005a3/8.0.3.00000/manifest/manifest-latest.xml"

Here is an example using either cURL or PowerShell to validate the token against an ESXi endpoint:

TOKEN="FILL_ME"
curl https://dl.broadcom.com/${TOKEN}/PROD/COMP/ESX_HOST/main/vmw-depot-index.xml
$TOKEN="FILL_ME"
Invoke-WebRequest -URI "https://dl.broadcom.com/${TOKEN}/PROD/COMP/ESX_HOST/main/vmw-depot-index.xml"

Regardless of the endpoint that you use to test the download token, you should get some output as demonstrated in the example below or you confirm that you get an HTTP 200 response:

If the download token is invalid, you will get the following error:

More from my site

  • No entitlements needed for these popular VMware downloads on Broadcom Support Portal (BSP)
  • Tips for navigating and downloading from new Broadcom Support Portal
  • Useful Links for VMware by Broadcom Day 2 Transition
  • VMworld Hackathon vSphere Client Login UI Theme
  • Quick Tip - Inventory core count for vSphere+, vSAN+ & VCF+ Cloud Service

Categories // Automation, ESXi, VMware Cloud Foundation, vSphere Tags // Broadcom

Comments

  1. *protectedSome Guy says

    05/01/2025 at 9:30 am

    Is this required for customers with perpetual licenses and no support contract?

    Reply
    • William Lam says

      05/01/2025 at 9:41 am

      This is global change for everyone, you need an active entitlement to download updates

      Reply
      • *protectedSome Guy says

        05/01/2025 at 11:19 am

        VMware has been supplying patches for the high severity security threats through lifecycle manager (and the vcenter update function in the appliance). These will require a token to receive?
        Sorry if this seems like a redundant question.

        Reply
      • *protectedLTech says

        05/02/2025 at 6:32 am

        What about the promise to provide zero day / critical security patches for vSphere perpetual license customers with expired support contracts that is documented in this KB article? https://knowledge.broadcom.com/external/article/314603

        Reply
        • *protectedSome Guy says

          05/02/2025 at 12:37 pm

          just got off a chat with broadcom support. The support person told me you can't have one without an active support contract. I asked how to get the high sev patches as you note. Was told that VMware will provide announcements when these happen on how to obtain the patch. Should be interesting...

          Reply
    • *protectedCasper042 says

      05/01/2025 at 12:28 pm

      The previous unauthenticated method of pulling patches via hostupdate.vmware.com was shutdown by Broadcom on April 24 2025

      Reply
  2. *protectedDade says

    05/01/2025 at 9:53 am

    Yeah, it's a Catch 22 for anyone using VMUG Advantage licensing. You have a valid license key, but VMUG licensing doesn't come with any entitlements, so no access to patches anymore.

    Reply
  3. *protectedAndré Ewert says

    05/01/2025 at 12:11 pm

    So running a perpetual license without active support means any errors and flaws in Broadcom’s code, any security issue will stay un-mitigated?

    Time for some drastic changes in liability for software, imho.

    Even people *with* active contracts will not have working automatic updates since 4/24 and will probably never notice.

    Reply
  4. *protectedIan says

    05/01/2025 at 3:36 pm

    A common issue is that people don’t have the required rights in their support portal.

    It’s a requirement you have this permission as per the Auth Token KB.

    How can one validate they have admin rights in their portal?

    Only way to validate this I’ve seen is the token panel isn’t present. Wondering if there’s a clearer way.

    Also to add to validating the token.

    The initial step should be seeing if your envt can access the dl.broadcom.com endpoint before validating the token.

    EG: curl dl.broadcom doesn’t work , but curl -k on this address works.

    This simple step can validate if you have a proxy to address first and foremost.

    Reply
  5. *protectedRalf says

    05/08/2025 at 1:56 am

    Support is totally unprepared for issues after this change.

    I adjusted the URLs, sync in vCenter was ok, but vLCM failed to patch and download patches.

    I tested the URLs with curl on cli and get a 200 for the index and manifest. But a 403 Not Entitled for vib packages. We have v7 and v8 entitlements and I can download ISOs etc just fine via portal.

    So this looks not like a technical issue as it even fails with curl. I opened a non technical case with all the debug information. It was immediately transferend without any further check to a new technical case.

    And as always when update manager is involved the next step from support is... please reset update DB. Even after multiple mails and explanations that this happens even without update manger involved on cli, there is 0 understanding how to debug this and that this will not help. I don't think this will be solved quickly.

    Reply
  6. *protectedRico says

    05/10/2025 at 3:32 am

    So free users aren't able to patch their environments? What a shame. Will make the step to Proxmox soon. Bye VMware, with thanks to Broadcom :(.

    Reply
  7. *protectedA sad lab hypervisor user says

    05/20/2025 at 8:19 pm

    Sad times - home lab will now have to switch to another hypervisor

    Reply

Thanks for the comment!Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Search

Thank Author

Author

William is Distinguished Platform Engineering Architect in the VMware Cloud Foundation (VCF) Division at Broadcom. His primary focus is helping customers and partners build, run and operate a modern Private Cloud using the VMware Cloud Foundation (VCF) platform.

Connect

  • Bluesky
  • Email
  • GitHub
  • LinkedIn
  • Mastodon
  • Reddit
  • RSS
  • Twitter
  • Vimeo

Recent

  • VMware Flings is now available in Free Downloads of Broadcom Support Portal (BSP) 05/19/2025
  • VMUG Connect 2025 - Minimal VMware Cloud Foundation (VCF) 5.x in a Box  05/15/2025
  • Programmatically accessing the Broadcom Compatibility Guide (BCG) 05/06/2025
  • Quick Tip - Validating Broadcom Download Token  05/01/2025
  • Supported chipsets for the USB Network Native Driver for ESXi Fling 04/23/2025

Advertisment

Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use.
To find out more, including how to control cookies, see here: Cookie Policy

Copyright WilliamLam.com © 2025

 

Loading Comments...