Just Another IT Blog

It's time to share some of my experiences, crazy ideas, tips and tricks !!!

Post Page Advertisement [Top]

Probably you guys are aware of VMWARE KB1030001, which states:
“To continue applying patches on ESX 3.5 hosts, the secure key needs to be updated before June 1, 2011. This patch updates the secure key.”

As state on the KB you need to install the patch ESX350-201012410-BG.

That’s OK so far, but, it was not clear, at least for me, how your environment will behavior in this situation: will it provide a clear message about the requirement, will just the patches released after June 01st be affected ?

I’ll try to answers these questions and how to solve it.

First, you will not be able to even scan your host, so it will affect not only the new patches but the entirely Update Manager functionality.
Second, it will not give you a clear message about this issue. Instead you get an general error, like:
“VMware vCenter Update Manager had an unknown error. Check the Tasks and Events tab and log files for details.”

It does not help much, right ?

To get the confirmation about this error is being caused by the secure keys you need to check the update manager log. (/var/log/vmware/esxupdate.log)
There you will find detailed description as bellow:
- Integrity Error!
- keyExpired

Now that you are sure about the cause, let’s see how to fix it

At this point you are unable to use Update Manager on this host, so will need to manually update the new secure keys.

Download ESX350-201012410-BG.

As you can see there’s a dependency patch called ESX350-201012404-BG.
If your host does not have it installed already, download it as well.

Unzip the packets and copy them to your destination host.
Log on the host through the console or a SSH session.
Navigate to the folder where you copied the patches to be installed and run the following command:
esxupdate--noreboot--nosig update

Again, if you don’t have ESX350-201012404-BG installed you will need to install it before you proceed with ESX350-201012410-BG.

Both patches don’t require a reboot of your host.

After the installation you should be able to use Update Manager to scan and patch your host.

Piece of Cake, right ; )

Bottom Ad [Post Page]