So, we upgraded hosts from Dell image of 5.5.0 to 5.5.0U1 using Update manager to remediate. After upgrade, it shows non-compliant. Another host which had ESXi installed from scratch with the same ISO image (Not through update manger) shows compliant. When I compare the VIB versions of the two hosts, I see the following differences.
elxnet
sesxm02: 10.0.575.7-1OEM.550.0.0.1198611
sesxc08: 10.0.783.13-1OEM.550.0.0.1331820
lpfc
sesxm02: 10.0.575.8-1OEM.550.0.0.1198611
sesxc08: 10.0.727.44-1OEM.550.0.0.1331820
net-be2net
sesxm02: 3.2.0.0-1OEM.500.0.0.472560
sesxc08: 4.6.100.0v-1vmw.550.0.0.1331820
net-r8168
sesxm02: 8.013.00-3vmw.510.0.0.799733
sesxc08: Missing
net-r8169
sesxm02: 6.011.00-2vmw.510.0.0.799733
sesxc08: Missing
net-s2io
sesxm02: 2.1.4.13427-3vmw.510.0.0.799733
sesxc08: Missing
net-sky2
sesxm02: 1.20-2vmw.510.0.0.799733
sesxc08: Missing
scsi-bfa
sesxm02: 3.2.1.0-1OEM.500.0.0.472560
sesxc08: Missing
scsi-lpfc820
sesxm02: Missing
sesxc08: 8.2.3.1-129vmw.550.0.0.1331820
scsi-qla2xxx
sesxm02: 2.4.10-1OEM.500.0.0.472560
sesxc08: 902.k1.1-9vmw.550.0.0.1331820
scsi-qla2xxx
sesxm02: 934.5.20.0-1OEM.500.0.0.472560
sesxc08: Missing
tools-light
sesxm02: 5.5.0-1.16.1746018
sesxc08: 5.5.0-2.39.2143827
vcloud-agent
sesxm02: Missing
sesxc08: 5.5.0-1280396
What can cause this? What's the difference between upgrading vs install from scratch? Is this expected behavior?
The new ESXi 5.5 Update 01 ISO you're using to remediate is the Dell customized ISO or the default VMware ISO ?
Both the original and remediate image are Dell image.
5.5 is ESXi-5.501331820(A01)
5.5U1 is ESXi-5.5U1-1746018-A01
Both from Dell.
I know this is an older post, but the issue is possibly the same with U2 -
I just went thru the same issue with my 4 host servers reading as "Non-compliant" when I scanned & remediated via Update Manager. I didn't let it go because I wanted to know that everything was working as it should with regards to Update Manager - Because I had just upgrade vCenter and each of the hosts from 5.0 to 5.5 and then focused on ensuring Update Manager was all set up for the future updates.
Longer story shorter... after three tech's and two weeks of waiting because I wanted the ESX 5.5.0 imported ISO to show as compliant on my hosts, I spoke to a third and final tech who made it more clear to me.... not sure if I just wanted it to be clear so I could finally just accept it and move on.... but, it worked for me
Hope this is your solution as well...
When you have Update manage configured to download updates on a scheduled basis as I do, those updates appear in the "Patch Repository" tab with Update Manager's Admin view.
When you import a newly downloaded ISO (I tested both the Dell ISO & the VMware ISO with the same results), and attach to a host, it is compared to the updates within the "Patch Repository" , causing the attached ISO baseline as non-compliant. The way the tech put it was to compare it to a Microsoft CD, as soon as it ships, there are updates to it (don't we all know that). The mounted ISO, when you've installed via CD and then import and attach as a host baseline, will show as non-compliant when you have newer patches downloaded by Update Manager. Simply because the ISO will always be out of date compared to the patch repository contents.
So, he showed me that after I imported the ISO, attached as a baseline to the host and ran a scan/remediation/Install/reboot - It showed as non-compliant because I had newer patches for that same ISO version in the patch repository - He said, do the scan/remediation/install/reboot on the ISO, then after the reboot, remove the baseline from the host and add the critical and non-critical patches (not ISO) to the host, then run the scan/remediation/reboot/install on the host and you will see the patches are all reporting as compliant.
Worked for me! I used the ISO just for the simplicity of deploying the U2 update, then removed the baseline and now rely solely on the critical and non-critical to show proper compliance.
As a side note, my NetScaler broke after migrating it to a 5.5.0, 2143827 host - I migrated it back to the 5.5.0, 2068190 (U2 only) host and it works again - no solution currently.
If that was true, one of the host where we installed 5.5U1 from scratch (And not updated from lower version) should also show non-compliant but it shows compliant on the base image. This is also after the critical updates have been installed on top of the base image.
Thank you. you save me probably....2 to three hours (being optimistic) with VMware support
Thank you for the post
I'm having the exact same problem, and I don't buy support's answer here either.
I have 1 ISO. If I "upgrade" via VUM, hosts come up upgraded, but non-compliant in VUM. If I install fresh via booting the *EXACT* same ISO, it comes back up compliant. I haven't installed a single patch after the ISO on any of these hosts.
Follow this instructions from "pparkeriipparkerii" answer
So, he showed me that after I imported the ISO, attached as a baseline to the host and ran a scan/remediation/Install/reboot - It showed as non-compliant because I had newer patches for that same ISO version in the patch repository - He said, do the scan/remediation/install/reboot on the ISO, then after the reboot, remove the baseline from the host and add the critical and non-critical patches (not ISO) to the host, then run the scan/remediation/reboot/install on the host and you will see the patches are all reporting as compliant.
I shouldn't have to remove the baseline, the whole point is that you apply the baseline and leave it there. I didn't remove the baseline on the server that I installed from scratch, and it shows as compliant.
If your theory about the patches being the problem, then I should be seeing the opposite -- the server installed from scratch would be non-compliant and the one I upgraded would be compliant.
If you want to see why it's reporting as non-compliant, try checking esxupdate.log on the hosts.
Regardless, I'd recommend not mixing install methods on hosts from the same cluster when you have the option. I.E., either install them all, or upgrade them all, using the same method.