VMware Cloud Community
Texiwill
Leadership
Leadership
‎08-10-2008 01:24 PM

VUM on Fresh 3.5 update 2 oddness....

Hello,

I just ran a VUM Scan for Updates on a fresh 3.5 update 2 system and it says it is not compliant, as the 3.5.0 update 1 has not been applied. This is a Fresh install of Update 2. Now I am assuming there is something wrong with VUM.

This is an oddness that could mess with patch auditing.


Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos
3 Replies
stvkpln
Virtuoso
Virtuoso
‎08-10-2008 01:32 PM

Straight from the VUM 1.0 U2 release notes (http://www.vmware.com/support/vi3/doc/vi3_vum_10u2_rel_notes.html#issues):

After Remediation of ESX Server 3.5 with ESX350-Update02 Bundle, ESX350-Update01 Bundle Might Be Displayed as Not Compliant (KB 1006383)

After you remediate an ESX Server 3.5 host against a baseline containing the ESX350-Update02 bundle, the baseline containing the previous update (that is ESX350-Update01 bundle), might be displayed as not compliant. The ESX Server update releases are cumulative and new update releases contain all fixes in the previous update release. It is unnecessary to install ESX350-Update01 on a host that is already compliant with ESX350-Update02.

Workaround: To make the host compliant with the attached baseline, containing the ESX350-Update01 bundle, do one of the following:

1. Detach the baseline containing the ESX350-Update01 bundle from all hosts compliant with the baseline, containing the ESX350-Update02 bundle.

2. Remediate the ESX host against a baseline containing the ESX350-Update01 bundle.

-

Obviously an annoying bug that needs to get fixed, but I tried toying with it and even excluding the Update01 bundle from the dynamic baseline didn't do anything..

-Steve
Texiwill
Leadership
Leadership
‎08-11-2008 05:31 AM

Hello,

I was able to exclude that patch from the baseline and it did work fine. But I had to remove it from ALL baselines, not the one associated with just that system. Which is really annoying as I have a none U1/U2 server as well.


Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos
Texiwill
Leadership
Leadership
‎08-23-2008 08:01 AM

Hello,

The solution is to update using VUM anyway, nothing will happen on the host but VUM will then be in sync with the host. I.e. U1 will not be installed but anything that is patched since the first U2 ISO will be patched.


Best regards,

Edward L. Haletky

VMware Communities User Moderator

====

Author of the book 'VMWare ESX Server in the Enterprise: Planning and Securing Virtualization Servers', Copyright 2008 Pearson Education.

CIO Virtualization Blog: http://www.cio.com/blog/index/topic/168354

As well as the Virtualization Wiki at http://www.astroarch.com/wiki/index.php/Virtualization

--
Edward L. Haletky
vExpert XIV: 2009-2023,
VMTN Community Moderator
vSphere Upgrade Saga: https://www.astroarch.com/blogs
GitHub Repo: https://github.com/Texiwill
0 Kudos