Re: ESXi 3.5 esxupdate "desperate" help required.

fishbat · ‎06-28-2011

Hi, I have a couple of ESXi hosts that have been running for a couple of years and were so reliable that I never restarted/patched them. They are currently running ESX Server 3i 3.5.0, 207095. I know, I know but these are my own machines, not customers machines (cobblers shoes I think). I missed the bulletin with regard to the update/patch that had to be applied before June 1 or update signatures would fail (\ESXe350-201012401-I-BG). I have spent the whole day trying to update the servers with this (or any patch). I have stopped NTP, reset date to 1 Jan 2011 and still I have no success. It is obvious that the ESXi esxupdate utility is not the same as the utility provided with ESX as many of the switches and options do not work, I have tried with local files on the /vmfs/volumes/... path, ftp, http, vmupdate manager and vihostupdate using the CLI. I have had no success with any method. I have shown below an extract from the esxupdate log, and also from the vihostupdate screen shot. I have crawled all over the web trying to find an answer but I am beaten on this one.

I would be very, very, grateful if anyone could help me out on this as I must get these servers patched up to date.

Thanks in advance for any help offered.

Output from VIHostupdate and CLI.

C:\Program Files\VMware\VMware VI Remote CLI\bin>vihostupdate.pl -server svr-esx
1 -username root -password xxxxxxxxxxxxx -i -b D:\Software\VMWare\ESXe350-2010124
01-O-BG.zip
unpacking D:\Software\VMWare\ESXe350-201012401-O-BG.zip ...
( skipping verification : ESXe350-201012401-O-BG/ESXe350-201012401-I-BG.zip.si
g )
unpacking ESXe350-201012401-O-BG/ESXe350-201012401-I-BG.zip ...
( skipping verification : ESXe350-201012401-O-BG/ESXe350-201012402-T-BG.zip.si
g )
unpacking ESXe350-201012401-O-BG/ESXe350-201012402-T-BG.zip ...
( skipping verification : ESXe350-201012401-O-BG/ESXe350-200911203-C-UG.zip.si
g )
unpacking ESXe350-201012401-O-BG/ESXe350-200911203-C-UG.zip ...
Installing : ESXe350-201012401-I-BG
Copy to server : VMware-image.tar.gz ...
Copy to server : VMware-OEM-image.tar.gz ...
Copy to server : descriptor.xml ...
Copy to server : install.sh ...
Copy to server : contents.xml.sig ...
Copy to server : contents.xml ...
Operation failed : fault.PatchIntegrityError.summary

ESXUPDATE.log

Sat Jan 1 20:35:00 UTC 2011
~ # esxupdate -N -d http://10.0.1.10 update ~ # less /var/log/vmware/esxupdate.log
~ # esxupdate -N -d http://10.0.1.10/vmupdates update
~ # less /var/log/vmware/esxupdate.log
~ # esxupdate -N -d http://10.0.1.10/vmupdates/ update
~ # less /var/log/vmware/esxupdate.log
~ # esxupdate -N -d http://10.0.1.10/vmupdates/ESXe350-201012401-I-BG.zip update~ # less /var/log/vmware/esxupdate.log
[2011-05-20 20:35:36] Retrieval failed for URL /vmfs/volumes/48c6d4a5-a25b20a4-0
489-001b21225b64/ISO_Images/Updates/ESXe350-201012401-I-BG.zip/contents.xml
[2011-05-20 20:35:36] ERROR: unable to download depot contents.xml to cache, /vm
fs/volumes/48c6d4a5-a25b20a4-0489-001b21225b64/ISO_Images/Updates/ESXe350-201012
401-I-BG.zip/contents.xml
[2011-01-01 20:35:41] Checking signatures of bundle metadata :ESXe350-200912401-
I-BG
[2011-01-01 20:35:41] Checking signature of contents.xml...
[2011-01-01 20:35:41] Checking signature of descriptor.xml...
[2011-01-01 20:35:41] Verifying files...
[2011-01-01 20:35:41] Checking signature of package file :
[2011-01-01 20:35:41] Checking signature of package file :
[2011-01-01 20:35:42] Digest mismatch :48a4237a176ee7cbcf0d690728a263b4194a03ab
[2011-01-01 20:35:42] Signature checking failed on file :/tmp/rcli_patch/VMware-
image.tar.gz
[2011-01-01 20:35:42] Expected digest :cbddd355d00a70d78aa50d8205c25f9a4f5286af
[2011-01-01 20:35:42] Public key id :0BFA1C860F0B0A6CF5CD5D2AEE7835B14789B619
[2011-01-01 20:35:42] Signature value :-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

sha1 gpg cbddd355d00a70d78aa50d8205c25f9a4f5286af
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQCVAwUBSy90ge54NbFHibYZAQIfLgQAoGSGubPu8okSdK4/qOhiwy8e4OqfvwM4
wF5cpZWXidvBl6MhK0oRx4/VqBpXN3rlkqLBbZ5Gk3fcnWvLydo9Ay7J38+UPQvu
QB/rFbGNTpcwz474bOwpyLywScZAueJ95NZK/Lfk1CBUGH4OSp5fNUzTXUoFkp4x
XCTprFrmYcI=
=vFt3
-----END PGP SIGNATURE-----

[2011-01-01 20:35:42] ERROR :Signature check failed.
[2011-01-01 20:35:42] Signature checking failed for :/tmp/rcli_patch/VMware-imag
e.tar.gz
[2011-01-01 20:40:31] Http download failed with error code 404
[2011-01-01 20:40:31] Retrieval failed for URL http://10.0.1.10/contents.xml
[2011-01-01 20:40:31] ERROR: unable to download depot contents.xml to cache, htt
:

DSTAVERT · ‎06-28-2011

I would give this a try. http://www.vm-help.com/esx/esx3i/Patch_3i_without_VC.php I would restart the host after changing the date. I would also change the date on the workstation you are using to update.

-- David -- VMware Communities Moderator

fishbat · ‎06-28-2011

Hi, thanks for the prompt response. I have followed that link before. I just tried disabling NTP, rebooting, checking date 1.1.2011 checking workstation date 1.1.2011 and then running vihostupdate.pl. Update failed, see output below. I would appreciate any more suggestions.

Output from VIHostupdate:

C:\Program Files\VMware\VMware VI Remote CLI\bin>vihostupdate.pl -server svr-esx
1 -username root -password xxxxxxxxx -i -b D:\Software\VMWare\ESXe350-2010124
01-O-BG.zip
unpacking D:\Software\VMWare\ESXe350-201012401-O-BG.zip ...
( skipping verification : ESXe350-201012401-O-BG/ESXe350-201012401-I-BG.zip.si
g )
unpacking ESXe350-201012401-O-BG/ESXe350-201012401-I-BG.zip ...
( skipping verification : ESXe350-201012401-O-BG/ESXe350-201012402-T-BG.zip.si
g )
unpacking ESXe350-201012401-O-BG/ESXe350-201012402-T-BG.zip ...
( skipping verification : ESXe350-201012401-O-BG/ESXe350-200911203-C-UG.zip.si
g )
unpacking ESXe350-201012401-O-BG/ESXe350-200911203-C-UG.zip ...
Installing : ESXe350-201012401-I-BG
Copy to server : VMware-image.tar.gz ...
Copy to server : VMware-OEM-image.tar.gz ...
Copy to server : descriptor.xml ...
Copy to server : install.sh ...
Copy to server : contents.xml.sig ...
Copy to server : contents.xml ...
Operation failed : fault.PatchIntegrityError.summary

esxupdate.log:

[2011-01-01 22:31:02] Checking signatures of bundle metadata :ESXe350-201012401-
I-BG
[2011-01-01 22:31:02] Checking signature of contents.xml...
[2011-01-01 22:31:02] Checking signature of descriptor.xml...
[2011-01-01 22:31:02] Verifying files...
[2011-01-01 22:31:02] Checking signature of package file :
[2011-01-01 22:31:02] Checking signature of package file :
[2011-01-01 22:31:03] Digest mismatch :1025f434d68013f152eb5074e0b8ddea9e4ddc47
[2011-01-01 22:31:03] Signature checking failed on file :/tmp/rcli_patch/VMware-image.tar.gz
[2011-01-01 22:31:03] Expected digest :a1b17eec027c923cd17d7e45e5a3fad4a3665443
[2011-01-01 22:31:03] Public key id :0BFA1C860F0B0A6CF5CD5D2AEE7835B14789B619
[2011-01-01 22:31:03] Signature value :-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

sha1 gpg a1b17eec027c923cd17d7e45e5a3fad4a3665443
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iQCVAwUBTNiAjO54NbFHibYZAQJP0gP/byqeckum1354ODL/jfRDgRMjDLs52lSA
EYsk0Y5Fnv1mjo+xCDSlWeAG9/qG9U8epEeMdKrMVv5kpRpJ1t7K7XnS4C/G6h5/
/OUs9Ifw7XH5Nr7Ae1AfwjE8sbyLRiB5Ed4EsMs64+dIF6BzpKBoJlDK9DY9dOht
d5TVX9wntYA=
=VPSV
-----END PGP SIGNATURE-----

[2011-01-01 22:31:03] ERROR :Signature check failed.
[2011-01-01 22:31:03] Signature checking failed for :/tmp/rcli_patch/VMware-image.tar.gz

DSTAVERT · ‎06-28-2011

Double check the patch to make sure it is the correct one. Do an MD5 checksum on the file.

-- David -- VMware Communities Moderator

fishbat · ‎06-28-2011

Checked file and checksum 7368e581637082059cdbd1311b7de8f8 is okay. Also tried other patches in case this one was corrupted/damaged in some other way but results are the same.

DSTAVERT · ‎06-28-2011

This is a link to the 3.5 u2 expiration issue. I would have a look through here to see if there is anything of value in your situation.

http://communities.vmware.com/message/1021550

You might want to consider a repair install. It would wipe your configuration but it should preserve your VMs. If it were me I would install ESXi to a USB stick 1 GB or larger. No chance of overwriting the datastore. Again you would loose the configuration although you could do a configuration backup and restore.

http://www.vladan.fr/howto-install-esxi-35-update-3-on-usb-memory-key/

ESXi works well from USB since it loads directly into RAM and does not do much beyond an hourly configuration backup.

-- David -- VMware Communities Moderator

fishbat · ‎06-28-2011

The ESXi is embedded on 1GB USB stick. Came with server, Dell PE1950III. VM images are on SAN so they are safe. How do I backup my config and which version of ESXi 3.5 do I reinstall? I would like to keep 3.5 rather than move to 4.x as I am licenced for HA and DRS on 3.5. In reality I would clean install to new USB stick then restore config - in case anything goes wrong I will have my original ESXi intact.

DSTAVERT · ‎06-28-2011

You can use the vicfg-cfgbackup tool from the vCLI tools or the vMA appliance. http://vmware.com/go/vma

Install to a new stick for sure. I would install the latest and immediately patch since the certificates have expired.

-- David -- VMware Communities Moderator

All

ESXi 3.5 esxupdate "desperate" help required.