VMware Cloud Community
Abhijith_UAE
Contributor
Contributor

VCSA 7 Lifecycle Manager - Ensure that vSphere Lifecycle Manager is officially signed

I'm getting an error when trying to scan my hosts for update compliance. the error states:

"Cannot deploy host upgrade agent. Ensure that vSphere Lifecycle Manager is officially signed. Check the network connectivity and logs of host agent and vpxa for details."

My Center server does have a valid signed SSL certificate so I'm not sure what else needs to be "officially signed". Can anyone points me in the right direction for this? Thanks for your time!

my environment is:

vCenter 7 Server 1:
-ESXi 6.5 host  x 3 

 
Here is what I did as a workaround.
 
Upgraded the individual Esxi using CLI
 
Upload the vmware esxi zip file to datastore
set the host in maintenance mode
enable SSH
putty to it
 
find the volume id using 
esxcli storage vmfs extent list
Browse the list of updates on the zip by providing the path
esxcli software sources profile list -d /vmfs/volumes/5a9e8725-db43c4e1-7a73-801844e970c6/VMware-ESXi-7.0U1c-17325551-depot.zip
install the update with the path, without signature check
esxcli software profile update -d /vmfs/volumes/5a9e8725-db43c4e1-7a73-801844e970c6/VMware-ESXi-7.0U1c-17325551-depot.zip -p ESXi-7.0U1c-17325551-standard --no-sig-check
reboot the host if is successful.
 
It worked for me, and was able to apply newer patches once the esxi is up. please try it at your own risk. 
Labels (4)
12 Replies
ryan_e
Contributor
Contributor

Run this command from a putty session:

esxcli system settings kernel list -o execinstalledonly

if the runtime is set to TRUE then you have to turn off the execinstalledOnly kernel setting:

esxcli system settings kernel set -s execinstalledonly -v FALSE

Reboot

Then see if the lifecycle manager can patch the hosts.

 

likeahoss
Enthusiast
Enthusiast

Had the same issue: 

"Cannot deploy host upgrade agent. Ensure that vSphere Lifecycle Manager is officially signed. Check the network connectivity and logs of host agent and vpxa for details."

I set the kernel execinstalledonly option to FALSE and it worked.  How did you determine the cause and resolution?

Thank you.

Reply
0 Kudos
Ink_Global
Contributor
Contributor

This gave me a PSOD until I turned it back on via boot options.

Any other ideas?

Reply
0 Kudos
Jake223
Contributor
Contributor

I'm having the same issue. My execinstalledonly is set to false already and still get the error message. I have a ticket open with VMware but they have not replied to me yet.

Reply
0 Kudos
likeahoss
Enthusiast
Enthusiast

Are you running any unsigned VIBs?

What does the PSOD say?

Reply
0 Kudos
ryan_e
Contributor
Contributor

Did they find out what the issue was for you?

Reply
0 Kudos
yannism22
Contributor
Contributor

Did you get any useful reply from VMware support about this ?

Reply
0 Kudos
Jake223
Contributor
Contributor

No update yet. Support has been slow to respond. 

Reply
0 Kudos
ShineYu
Contributor
Contributor

update? I get the same error.
Reply
0 Kudos
Campos69
Enthusiast
Enthusiast


@Abhijith_UAE wrote: West Penn Power Bill Pay

I'm getting an error when trying to scan my hosts for update compliance. the error states:

"Cannot deploy host upgrade agent. Ensure that vSphere Lifecycle Manager is officially signed. Check the network connectivity and logs of host agent and vpxa for details."

My Center server does have a valid signed SSL certificate so I'm not sure what else needs to be "officially signed". Can anyone points me in the right direction for this? Thanks for your time!

my environment is:

vCenter 7 Server 1:
-ESXi 6.5 host  x 3 

 
Here is what I did as a workaround.
 
Upgraded the individual Esxi using CLI
 
Upload the vmware esxi zip file to datastore
set the host in maintenance mode
enable SSH
putty to it
 
find the volume id using 
esxcli storage vmfs extent list
Browse the list of updates on the zip by providing the path
esxcli software sources profile list -d /vmfs/volumes/5a9e8725-db43c4e1-7a73-801844e970c6/VMware-ESXi-7.0U1c-17325551-depot.zip
install the update with the path, without signature check
esxcli software profile update -d /vmfs/volumes/5a9e8725-db43c4e1-7a73-801844e970c6/VMware-ESXi-7.0U1c-17325551-depot.zip -p ESXi-7.0U1c-17325551-standard --no-sig-check
reboot the host if is successful.
 
It worked for me, and was able to apply newer patches once the esxi is up. please try it at your own risk. 

I set the kernel execinstalledonly option to FALSE and it worked. How did you determine the cause and resolution?

Reply
0 Kudos
Jake223
Contributor
Contributor

Support suggest the same workaround as the previous post. I should install the updates/patches via the CLI command. I will be trying that this weekend.

To be honest I'm frustrated with the response. It sounded like this was a issues for others and no real idea of the true cause.

 

Reply
0 Kudos
ShineYu
Contributor
Contributor

I feel the same way. So, What Lifecycle Manager can do?
Reply
0 Kudos