VMware Cloud Community
MattHumphreys
Contributor
Contributor
Jump to solution

Confusing Finding - Actual results dont match

So we had a critical finding come up for our hosts, some are 6.5 and some are 6.7 that there is a driver update required to correct an issue.

I download the package and create a baseline, attach it to the identified hosts and then check for compliance

Some indeed do come up as non-compliant which is great

However more than half of them (all the 6.5 hosts) come up as compliant with the baseline.

Download VMware vSphere

https://my.vmware.com/group/vmware/details?downloadGroup=DT-ESXI60-INTEL-IGBN-1410&productId=743#pro...

Both download links are above (there doesnt appear to be a specific 6.5 version of the driver the 6.0 version says in its description that it contains the 6.5 version.

I query the hosts manually to just make sure and the result I get back is that version 1.4.6 is installed yet it is "compliant" with the baseline that has version 1.4.10 which includes the fix.

How is this even possible?

Am I downloading the wrong package

Also surely if skyline picks up multiple hypervisor versions are installed including the correct download link for all versions of the hypervisor detected rather than just 6.7 would be advisable?

Reply
0 Kudos
1 Solution

Accepted Solutions
Vijay2027
Expert
Expert
Jump to solution

MattHumphreys​ I attached driver with this post. Please check and let me know if this works.

______________________________________________________________________________

"Did you find this helpful? Let us know by completing this survey (takes 1 minute!)"

View solution in original post

Reply
0 Kudos
14 Replies
ashwin_prakash
VMware Employee
VMware Employee
Jump to solution

Moderator: Moved to vSphere Community as the issue reported is related to the driver

Sincerely,
Ashwin Prakash
Skyline Support Moderator
Reply
0 Kudos
scott28tt
VMware Employee
VMware Employee
Jump to solution

Are the baselines etc using Update Manager?


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
Reply
0 Kudos
MattHumphreys
Contributor
Contributor
Jump to solution

I uploaded the driver package to update manager and created a baseline with just the driver package in and scanned it against the reported hosts and it said "Compliant" so it thinks nothing needs to be updated but version 1.4.6 is installed not 1.4.10 which is in the package.

Reply
0 Kudos
MattHumphreys
Contributor
Contributor
Jump to solution

Ashwin, the issue is with both the driver and with skyline, skyline does not include the right packages for all the versions of hypervisor that this has been detected against, it only provided me with the download link for 6.7 when it was detecting it against 6.7 and 6.5 hosts.

The resolution instructions in skyline need to be updated or modified to include resolutions/patches for all versions of the hypervisor it was detected against not just the latest one.

Reply
0 Kudos
ashwin_prakash
VMware Employee
VMware Employee
Jump to solution

Hello MattHumphreys​,

Thank you for notifying, request you to share the Findings ID along with that request you to also fill the details requested on the Smart Sheet below so that we could check the details as per your environment.

https://app.smartsheet.com/b/form/9e31b64730f2419ba2aa50f6c72e66a3

Sincerely,
Ashwin Prakash
Skyline Support Moderator
Reply
0 Kudos
MattHumphreys
Contributor
Contributor
Jump to solution

I have completed the form as requested, I have reviewed the patch and baseline and investigating the patch it shows as "Not Applicable" for any 6.5 hosts, it sees the patch ID as VMW-ESX-6.0.0-igbn-1.4.10 and I think it doesn't think this patch applies to 6.5 hosts so there might be something wrong with the bundle you are directing us to from the finding which is:

Download VMware vSphere

I do believe its because the patch only lists "product" as "embeddedEsx 6.0.0" when you check it against 6.5 hosts it comes up as not applicable because 6.5.0 is not included in the product definition for the patch bundle above.

Reply
0 Kudos
ashwin_prakash
VMware Employee
VMware Employee
Jump to solution

Hi MattHumphreys

Thank you for sharing all the required details.

As per the Findings ID which you shared I did check the details and found there is only 2 link for the downloads

As per the link which is available for 6.0 it does say that it is the same driver which is compatible with 6.5 version as well.

pastedImage_0.png

If this is not the correct link, Could you please share the exact error that you received while trying to implement.

As this would be helpful for the VC team to check why its not supported and if this is not the correct link then they would be able to have the correct driver updated.

Sincerely,
Ashwin Prakash
Skyline Support Moderator
Reply
0 Kudos
MattHumphreys
Contributor
Contributor
Jump to solution

That was the link that i use, however I upload the patch to vmware update manager and create a baseline with that patch in, I then attach that baseline to 6.5.0 hosts and scan it and it says that the patch is not applicable to that version of esxi so there is nothing to update, I have verified manually using esxcli that the old incorrect version of the driver is installed, I believe that this is due to the fact that the only version listed in the offiline package metadata is embeddedesxi 6.0.0 it does not mention at all anything about 6.5.0 in that driver package.

Reply
0 Kudos
ashwin_prakash
VMware Employee
VMware Employee
Jump to solution

Hi MattHumphreys​,

While we were investigating the issue with our vCenter Support team, we found that currently there is no resolution, VMware Engineering Team is investigating this issue where importing VIB into VUM the Intel driver shown as "Not applicable".

To workaround the issue, edit the following files:

  1. vendor-index.xml
  2. vmware.xml from metadata.zip
  3. xml file from metadata.zip/bullitens (<patch-name>.xml)
  4. Modify VIB file name as mentioned in the below example:
    1. From:
    2. "VMW-ESX-6.0.0-ixgben-1.7.15.zip"
    3. To:
    4. "VMW-ESX-6.5.0-ixgben-1.7.15.zip"
  5. Edit vendor-index.xml file
    1. From:
    2. <version>6.0.0</version>
    3. To:
    4. <version>6.5.0</version>
  6. Edit vmware.xml from metadata.zip
    1. From:
    2. <softwarePlatform locale="" version="6.0.0" productLineID="embeddedEsx"/>
    3. To:
    4. <softwarePlatform locale="" version="6.5.0" productLineID="embeddedEsx"/>
  7. Edit xml file from metadata.zip/bullitens (<patch-name>.xml)
    1. From:
    2. <softwarePlatform locale="" version="6.0.0" productLineID="embeddedEsx"/>
    3. To:
    4. <softwarePlatform locale="" version="6.5.0" productLineID="embeddedEsx"/>
  8. Now, proceed to upload the VIB to VUM patch repository and scan the host for this VIB you should see compliant status as "Non-compliant" instead of "Not applicable"

Or

You could Install the VIB via esxcli as it should work perfectly fine.

Sincerely,
Ashwin Prakash
Skyline Support Moderator
MattHumphreys
Contributor
Contributor
Jump to solution

I followed your steps and it throws an error saying its not a valid offline bundle file.

Step 4 where you say to rename the vib file name, the filename in the offline bundle is called VMW-ESX-6.5.0-igbn-1.4.10-offline_bundle-14160633\vib20\igbn\INT_bootbank_igbn_1.4.10-1OEM.600.0.0.2768847.vib

If I rename that file then the numerous references to that in the metadata will break.

Do you mean to rename the offline bundle zip? VMW-ESX-6.5.0-igbn-1.4.10-offline_bundle-14160633.zip (i changed that so that I could keep track of which was the un-edited one

VMware update manager anyway says it cannot upload my edited file because it is not a valid package.

Reply
0 Kudos
Vijay2027
Expert
Expert
Jump to solution

MattHumphreys​ I attached driver with this post. Please check and let me know if this works.

______________________________________________________________________________

"Did you find this helpful? Let us know by completing this survey (takes 1 minute!)"

Reply
0 Kudos
Vijay2027
Expert
Expert
Jump to solution

And I'm not too sure if this has to be done but you may need to reset VUM DB and reset patch-repository: https://kb.vmware.com/s/article/2147284

Take snapshot before you make any changes.

Reply
0 Kudos
Vijay2027
Expert
Expert
Jump to solution

did you get this sorted?

Reply
0 Kudos
MattHumphreys
Contributor
Contributor
Jump to solution

I did get this sorted out yes, your patch file is correctly showing "non-compliant"

Reply
0 Kudos