Update Manager only downloads Windows patches and ...

Salcin · ‎02-08-2008

Hello

I've just upgraded from VC 2.0.2 to VC 2.5 and part of our hosts from ESX 3.0.1 to 3.5

Our VC database wouldnt upgrade and VMWare support had no direct solution but thats no biggie, just started with a fresh one since we didnt have anything in it that I couldn't configure easily again. Anyway, the problem that I'm experienceing is that the Windows patches shows up but none of the ESX patches. Scanning and remediating VM's works just fine but when I try to scan one of the 3.5 hosts I only get "metadata for patch missing" and "VMWare Update Manager had a failure". Judging from the error messages I'm pretty sure the server never have been able to reach the ESX patch download site.

I've created a scheduled task that is supposed to download all ESX server updates and ran it but then I get "Web site hosting the update signatures and update packages cannot be reached". I'm not the one responsible for the proxy and the firewall, is there any way I can test this with like an URL in the browser just to make sure its reachable. I can use a browser on the VC server to reach www.vmware.com, are there any other ports involved other than 80 and 443? Notable is that I have no scheduled task to download windows patches.

I'm pretty sure I ve gotten the proxy settings on the VC server correct since the VM update procedure works.

any suggestions are more than welcome

Thanks in advance

divintas · ‎02-11-2008

*

I found this in the Update Manager Admin Guide

Using Update Manager Download Service

*

If you elected to use the Update Manager Download Service, initiate downloads and exports. Establish a depot

on which to place the updates. After updates are on the depot, export the newly downloaded updates to some

portable storage device like a CD or USB key and import them to the Update Manager server. If Update

Manager is installed on a machine that is not connected to the Internet, the scheduled update checks fail. In

such a case, disable the scheduled update checks and use the Download Service as the only means to

download and transfer updates to Update Manager.

*

To use the Update Manager Download Service

*

1 Log in to the machine on which Update Manager Download Service is installed.

2 Choose Start > Run, type cmd and press Enter.

3 Change to the directory where Download Service is installed.

4 Enter commands to start a Download Service process. For example:

To download updates: vmware-umds --download

To export updates for the year 2007 to e:\export-depot:

vmware-umds -E --dest e:\export-depot -s 2007-01-01T00:00:00 -t

2007-12-31T23:59:59

5 After exporting downloads to a folder, physically move them to the Update Manager machine.

6 Import the updates to Update Manager using the vmware-updateDownloadCli.exe utility in the Update

Manager installation folder. For example, to import Windows and ESX host updates from the 😧 drive,

use the following command:

vmware-updateDownloadCli.exe --update-path d:\ --config-import windows esx --vc-user administrator

BLipman · ‎02-26-2008

I am having the same issue and I am now going through the steps of configuring the Update Manager Download Service...what a pain, seriously. The real question here is this: why do I need to use some command line utility (which cannot be on the same box as update mgr btw) simply to download ESX 3.5 patches? The Update Manager let's you schedule ESX downloads but I can't get it to work...you posted directions on how to use the UMDS but no one here is explaining why Update Manager can download Windows patches but not VMWare ESX patches.

I am new to this so forgive my ignorance but this seems like a huge step backwards from how I update my Windows servers. Let me lay it out from how a newb sees it:

Hey, update manager, cool stuff, I will give it a try. 6 hours later...am I slow or is something wrong here...I can't get ESX updates to load even though I selected them in the scheduled download. Ahh, here is a thread with a similar issue...solution...a command line driven service that says it needs SQL Express on the local box (but doesn't really when you install it, you can use SQL 2005). Ok, I got it running, now I can load the one critical update that my ESX hosts need...so I run the vmware-umds --download (low and behold, not only is it downloading the one patch I am looking for, but every other patch known to mankind...even Linux patches I will never need).

Honestly, this stinks, for what VMWare costs you would think they could build in a user friendly update mechanism...maybe, right click on an ESX host in the VI client and say "check for updates"...then let me choose the one I need and load it. I tried the manual update process to load the one update I need but the directions ASSUME you have some Linux knowledge (tar this, change directories that, ftp here, apply patch command...WTF)?

Anyhow, sorry if I sound frustrated but a process that should be simple is proving to be a multi-day, multi-server boondogle for me.

VMGenie · ‎05-19-2008

Hi,

Took me weeks to figure it out...

Download and take time to read

http://www.vmware.com/pdf/vi3_vum_10_admin_guide.pdf

To try and simplify it. You could either use three machine or two or just up....

3 Servers Architecture - High Security

1. VirtualCenter

2. Update Manager

3. Download Service - Direct internet connection or thru proxy server

-: Install a database server. Create 3 DBs (1 VirtualCenter, 2. UpdateManager and 3. DownloadService)

-: Setup a Windows Server 2003 Std -> Install VirtualCenter -> Configure DB connection as necessary

-: Setup a Windows Server 2003 Std -> Install Update Manager -> Configure DB connection as necessary -> Point to VirtualCenter server

-: Setup a Windows Server 2003 Std -> Install DownloadService -> Configure DB connection as necessary -> Ensure that Internet access

-: From the Downloading server use the "vmware-umds" tool to configure and download your patches. After downloading then export to "UpdateManager" server

-: From UpdateManager server, import using the "vmware-updateDownloadCli.exe" into the UpdateManager DB. Create Baselines and apply patches

See "http://communities.vmware.com/docs/DOC-2505;jsessionid=2BEC660D4B44F69608AD038C3DF666BA" for more info

2 Servers Architecture

1. VirtualCenter with UpdateManager and UpdateManagerClient installed

2. Download Service - Direct internet connection or thru proxy server

1 Servers Architecture

1. VirtualCenter with UpdateManager and UpdateManagerClient installed... plus direct internet access

Depending how secure your environment is or you want it to be.... more servers mean more security

Harpstein · ‎06-10-2008

Try with this on your ESX hosts:

esxcfg-firewall --openport 81,tcp,out,dynamicupdates

Worked for me.

lovecisco · ‎05-18-2009

on your post and in the document:

"Run the program: vmware-umds -E --dest <FULL PATH TO YOUR REPOSITORY> -s 2007-01-01T00:00:00 -t 2007-12-31T23:59:59"

1. on the first time how do you export everything from update manager?

2. for each update how do you export just newer update not entire updates

I am setting up a close network and running ESX 3.5. I want to set this up to save times to do patching to ESX. I don't use update manager to patch VM windows server.

Thank you

LC

Texiwill · ‎05-19-2009

Hello,

Moved to Update Manager forum.

Best regards, Edward L. Haletky VMware Communities User Moderator, VMware vExpert 2009, DABCC Analyst[/url]
Now Available on Rough-Cuts: 'VMware vSphere(TM) and Virtual Infrastructure Security: Securing ESX and the Virtual Environment'[/url]
Also available 'VMWare ESX Server in the Enterprise'[/url]
[url=http://www.astroarch.com/wiki/index.php/Blog_Roll]SearchVMware Pro[/url]|Blue Gears[/url]|Top Virtualization Security Links[/url]|Virtualization Security Round Table Podcast[/url]

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill

All

Update Manager only downloads Windows patches and no ESX patches