TL;DR - the vSAN HCL Database update from vCenter requires port 80 outbound to http://partnerweb.vmware.com/service/vsan/all.json. A little while ago, a customer of mine, in a restricted environment, was having issues getting the vSAN HCL Database updated in vCenter. Following https://kb.vmware.com/s/article/2109870 didn’t address the issue, but allowed them to update the DB manually. Outbound HTTPS traffic to partnerweb.vmware.com was whitelisted on the proxy, and 443 allowed on the firewall. Testing DNS and ports using curl showed that everything should be working, but we still couldn’t update the HCL DB.