VUM cmdlets - get name of "conflicting VIBs" on ES...

stephenrbarry · ‎08-30-2017

Hi all - I'm attempting to automate the upgrade of our ESXi hosts from 5.5.x and 6.0.x to 6.5.0 Update 1. Almost every single host has come back "incompatible" after a scan against the HPE Custom ISO of ESXi 6.5.0 Update 1 due to "conflicting VIBs." From what I can tell the workaround is to remove the VIBs, reboot, then rescan and retry the installation of 6.5.

What I can't figure out is how to access the name of the conflicting VIBs in an automated fashion; it doesn't seem to be exposed through any of the PowerCLI cmdlets. Does anyone know if there's an API reference somewhere for Update Manager that may be able to get more info?

Any help is greatly appreciated!

PS C:\WINDOWS> $Compliance

Entity Baseline Status

------ -------- ------

esxi02 ESXi 6.5 Update 1 - HPE Custom ISO Incompatible

LucD · ‎08-31-2017

Does this help?

4. Re: Get-Compliance Report for a List of ESX Hosts in 1 vCenter?

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

stephenrbarry · ‎08-31-2017

That seems to be more about listing patches from a patch baseline that are non-compliant. I'm looking at a host upgrade baseline which doesn't seem to have the seem detailed info for conflicting VIBs when testing compliance.

LucD · ‎09-03-2017

Can you see the info when you do

$esx = Get-VMHost -Name MyEsx

Get-Compliance -Entity $esx -Detailed | %{

$_.IncompatibleHardwarePatches

}

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

stephenrbarry · ‎09-07-2017

Unfortunately it does not. It didn't return anything.

PS C:\WINDOWS> Get-Compliance -Entity $esx -Detailed | %{

$_.IncompatibleHardwarePatches

}

WARNING: There were one or more problems with the Update Manager Server certificate:

* The X509 chain could not be built up to the root certificate.

Here is the detailed output from get-compliance -detailed:

PS C:\WINDOWS> Get-Compliance -Entity $esx -Detailed | Ft -AutoSize

Entity Baseline Status CompliantPatches NotCompliantPatches UnknownPaches NotApplicablePatches

------ -------- ------ ---------------- ------------------- ------------- --------------------

esxi01 Critical Host Patches (Predefined) NotCompliant 5 4 0 39

esxi01 Non-Critical Host Patches (Predefined) NotCompliant 27 23 0 291

Entity : esxi01

Status : Incompatible

Baseline : VMware.VumAutomation.Types.HostUpgradeBaselineImpl

stevespike · ‎01-30-2019

I have exactly the same issue. I'd like to audit all the ESXi hosts that have conflicting VIBs preventing VUM from pushing out a new ESXi vendor ISO image.

I can use the commands

$Result = Get-Compliance -Entity $VmHost -Detailed -Baseline $PreGen9BaseLine

$Result | Get-Member

TypeName: VMware.VumAutomation.Types.BaselineCompliance

Name MemberType Definition

---- ---------- ----------

Equals Method bool Equals(System.Object obj)

GetHashCode Method int GetHashCode()

GetType Method type GetType()

ToString Method string ToString()

Baseline Property VMware.VumAutomation.Types.Baseline Baseline {get;}

Entity Property VMware.VimAutomation.ViCore.Types.V1.Inventory.InventoryItem Entity {get;}

Status Property VMware.VumAutomation.Types.ComplianceStatus Status {get;}

LucD is correct when suggesting:

$esx = Get-VMHost -Name MyEsx

Get-Compliance -Entity $esx -Detailed | %{

$_.IncompatibleHardwarePatches

}

But '-detailed' provides no additional fidelity when the baseline is an UPGRADE baseline.

I guess perhaps, using a combination of Get-EsxCli to scan ESXi hosts for the known conflicting VIBs will do. Just a shame that I cannot get a report directly from VUM, both via Web-client nor PowerCli.

Unless you guys did manage to figure this out??? (Or anyone else)

LucD · ‎01-30-2019

I'm afraid not me

Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference

All

VUM cmdlets - get name of "conflicting VIBs" on ESXi hosts?

4. Re: Get-Compliance Report for a List of ESX Hosts in 1 vCenter?