Update Manager errors: Patch metadata missing

XDeus · ‎01-27-2009

I'm getting the following errors when I go to remediate my host: "Patch metadata missing 10.1.1.10 Please download updates metadata first" followed by "Failed to scan 10.1.1.10 for updates"

I checked other solutions and KBs, but they aren't working... reordered connections, checked DNS, modified vci-integrity.xml.

Some of the errors in the UM log files include:

"[2009-01-27 09:17:25.988 'Libs' 5728 warning] SSLVerifyCertAgainstSystemStore: Subject mismatch: VMware vs backup2k3.corp.XXXXX.com
[2009-01-27 09:17:25.988 'Libs' 5728 warning] SSLVerifyCertAgainstSystemStore: The remote host certificate has these problems:

* The host name used for the connection does not match the subject name on the host certificate

* A certificate in the host's chain is based on an untrusted root.
[2009-01-27 09:17:25.988 'Libs' 5728 warning] SSLVerifyIsEnabled: failed to read registry value. Assuming verification is disabled. LastError = 0"

and

" [Tue Jan 27 09:28:19 PST 2009] Could not copy file C:\WINDOWS\Temp\vmware-SYSTEM\vmware-vix* to C:\DOCUME~1\ADMINI~1.MRW\LOCALS~1\Temp\radD2D54.tmp\. Path not found"

Any suggestions on how to get this working?

chukarma · ‎01-27-2009

I had a similar problem with my ESX host on the DMZ. If you your ESX is behind the firewall, you may need to check the following:

Open port at the firewall, port could be 9000 to 9100. You would have to look at the esxupdate log in your ESX host to find out which port it is using.
Configure your ESX host Security Profile to allow updateManager connection.

Hope that helps,

Daniel

Troy_Clavell · ‎01-27-2009

just to make sure.... You have already downloaded the updates to your repository? Just to confirm go your update manager button and scheduled tasks and check to see when the last time the task ran.

mike_laspina · ‎01-27-2009

Hi,

You can ignore the cert error as it will continue unless you set it to require certs to be valid.

Basically whats happening is the ESX host passed an http url by the VC over the management agent to use as source for the metadata file. In this case the host is not reaching that path or the file is not visable/present in the expected location.

Here are some initial things to check.

1.Security at the ESX Config panel - is VUM allowed?

2. Is a proxy enabled/required/miss config'd use the VC VUM GUI Configuration tab to check it

3. The file failed to download or is corrupt/missing etc

explore to see if its readable - its a PGP signature

4. Your using a non standard port e.g 8080 and the config changed at some point. (reinstall VUM)

Regards,

Mike

http://blog.laspina.ca/ vExpert 2009

XDeus · ‎01-28-2009

Thanks for the reply and suggestions.

Here are my results:

1. VUM is allowed on ESX config

2. Proxy is not enabled/required

3. File did not fail... I'm able to view contents.xml.sig from another machine

4. I'm using the default port that it was installed with.

I went ahead and reinstalled VUM, but it seems like it didn't help. I am able to scan and remediate the VMs like before, but I can't scan or remediate the host machines. That seems pretty strange to me if the VMs work you would think the Hosts would work as well.???

A couple comments to respond to previous replies:

Daniel: The ESX Host is behind the firewall but all ports are open to the WAN... shouldn't be any need to open 9000-9100. (Am I correct in assuming those ports are going out and not coming in?)

Troy: I am getting the list of updates and they do download when run on the VMs, but not on the Hosts

mike_laspina · ‎01-28-2009

If the VM's can reach the updates then your VUM server is fine. An agent does the patch updates from the VM OS via the VUM server instance.

Have a look at /var/log/vmware/esxupdate.log

Have you rebooted the ESX host since VUM was installed?

Restarting the vpxa service could clear this up as well if you have not rebooted.

http://blog.laspina.ca/ vExpert 2009

XDeus · ‎01-29-2009

I rebooted the hosts this morning with the same results: VMs can remdiated, Host can't.

Here are the log file entries when I try to scan/remediate the host:

DEBUG: summary: /usr/sbin/esxupdate --HA --flushcache -d http://Backup2k3:9084/vci/hostupdates/hostupdate/esx/esx-3.5.0 scan

DEBUG: root: Enabling hostagent interface

DEBUG: db: dbfile = , 34 keys

DEBUG: Depot: Download Rules: {'blacklist': , 'exclusives': []}

ERROR: root: IOError: <urlopen error (-2, 'Name or service not known')>: http://Backup2k3:9084/vci/hostupdates/hostupdate/esx/esx-3.5.0/contents.xml.sig

ERROR: hostagent: BundleID:Unknown

ERROR: hostagent: File:http://Backup2k3:9084/vci/hostupdates/hostupdate/esx/esx-3.5.0/contents.xml.sig

ERROR: hostagent: Extra:()

Thanks again for your help.

XDeus · ‎02-03-2009

Does anyone have any other suggestions? VMs are still scanning/remediating but hosts are not.

sshamilt · ‎02-03-2009

I'm also getting this error. If anyone has any ideas it would be a great help.

XDeus · ‎02-03-2009

It turned out that it did have to do with the dual nics on the Virtual Center machine. Modify this entry in the vci-integrity.xml file located in the VMware/Infrastructure/Update Manager folder:

http://(IP Address of VC Machine:80)/vci/hostupdates/hostupdate

Troy_Clavell · ‎02-03-2009

good stuff!! Glad to see you got it resolved.

Your issue is also documented in this KB

http://kb.vmware.com/kb/1004330

XDeus · ‎02-03-2009

Thanks Troy. I went over that KB before I posted here, but unfortunately it wasn't clear on a couple of things. My mistake was that I used the external port number of 8084 instead of the standard 80 for <port number> in the config line. Also, the "alternatively" section did not work at all for me.

jamiecramb · ‎03-16-2009

I had the same problem after performing a fresh install of vCenter / Update Manager but changing <PatchDepotUrl/> as suggested by XDeus did the trick, Thanks!

All

Update Manager errors: Patch metadata missing