VMware Cloud Community
dmaster
VMware Employee
VMware Employee
‎06-09-2008 04:54 AM

Update Manager baseline scan not correct

Today I tried to remediate an ESX host, but Update Manager says it is already compliant. But I am sure it is not, patches ESX350-20080440x have not been applied yet.

I also scanned a host which had already these patches installed, and the number of compliant updates dropped from 27 to 20. We have not changed our baselines (which are fixed), and I noticed new patches were available today. These new patches are replacing all 20080440x patches, and it seems Update Manages is already taking this into account when scanning hosts even if these new patches are not included in the baselines yet

Has anyone seen the same behaviour or knows if this is a known issue? Perhaps I should raise a service request for this...

Tags (1)
Reply
0 Kudos
3 Replies
kjb007
Immortal
Immortal
‎06-09-2008 06:55 AM

You should check the update manager logs. You said the baseline you're using is fixed. Is that baseline including the new patches, or just the older ones? That would make sense that your server is not seeing any new updates, it it does not include the new patches in the baseline.

Otherwise, maybe you're having connectivity problems downloading the patch metadata info.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
Reply
0 Kudos
dmaster
VMware Employee
VMware Employee
‎06-09-2008 11:41 PM

Our baseline has not yet the new patches included. Update Manager logs look ok. All new patches have been downloaded and are included in the metadata files.

I suspect the following: the new patches make some previous patches obsolete. Even if the new patches are not included in the baseline the host scan already takes this into account. I could try some more testing, but I need to modify the metadata for this..

Reply
0 Kudos
kjb007
Immortal
Immortal
‎06-10-2008 05:37 AM

This should not be the case. When a host is scanned, it should be scanned against the baseline it is attached to. In your case, since it is attached to a baseline which does not include the new patches, it should come back clean, as it does. Attach the new baseline, with the new patches, and then rescan to see if the host comes back clean still. If it does, then that would be a problem.

-KjB

vExpert/VCP/VCAP vmwise.com / @vmwise -KjB
Reply
0 Kudos