Thursday, June 16, 2011

Update Manager not working after June 01st.

Probably you guys are aware of VMWARE KB1030001, which states:
“To continue applying patches on ESX 3.5 hosts, the secure key needs to be updated before June 1, 2011. This patch updates the secure key.”

As state on the KB you need to install the patch ESX350-201012410-BG.

That’s OK so far, but, it was not clear, at least for me, how your environment will behavior in this situation: will it provide a clear message about the requirement, will just the patches released after June 01st be affected ?

I’ll try to answers these questions and how to solve it.

First, you will not be able to even scan your host, so it will affect not only the new patches but the entirely Update Manager functionality.
Second, it will not give you a clear message about this issue. Instead you get an general error, like:
“VMware vCenter Update Manager had an unknown error. Check the Tasks and Events tab and log files for details.”

It does not help much, right ?

To get the confirmation about this error is being caused by the secure keys you need to check the update manager log. (/var/log/vmware/esxupdate.log)
There you will find detailed description as bellow:
- Integrity Error!
- keyExpired

Now that you are sure about the cause, let’s see how to fix it

At this point you are unable to use Update Manager on this host, so will need to manually update the new secure keys.

Download ESX350-201012410-BG.

As you can see there’s a dependency patch called ESX350-201012404-BG.
If your host does not have it installed already, download it as well.

Unzip the packets and copy them to your destination host.
Log on the host through the console or a SSH session.
Navigate to the folder where you copied the patches to be installed and run the following command:
esxupdate--noreboot--nosig update

Again, if you don’t have ESX350-201012404-BG installed you will need to install it before you proceed with ESX350-201012410-BG.

Both patches don’t require a reboot of your host.

After the installation you should be able to use Update Manager to scan and patch your host.

Piece of Cake, right ; )

1 comment:

Anonymous said...

This post was a great help when I recently encountered this error. Clear instructions, with the very important dependency information, and the NO REBOOT requirement :)


Post a Comment

Who am I

My photo
I’m an IT specialist with over 15 years of experience, working from IT infrastructure to management products, troubleshooting and project management skills from medium to large environments. Nowadays I'm working for VMware as a Consulting Architect, helping customers to embrace the Cloud Era and make them successfully on their journey. Despite the fact I'm a VMware employee these postings reflect my own opinion and do not represents VMware's position, strategies or opinions. Reach me at @dumeirell

Most Viewed Posts

Blog Archive