Hi all - I'm attempting to automate the upgrade of our ESXi hosts from 5.5.x and 6.0.x to 6.5.0 Update 1. Almost every single host has come back "incompatible" after a scan against the HPE Custom ISO of ESXi 6.5.0 Update 1 due to "conflicting VIBs." From what I can tell the workaround is to remove the VIBs, reboot, then rescan and retry the installation of 6.5.
What I can't figure out is how to access the name of the conflicting VIBs in an automated fashion; it doesn't seem to be exposed through any of the PowerCLI cmdlets. Does anyone know if there's an API reference somewhere for Update Manager that may be able to get more info?
Any help is greatly appreciated!
PS C:\WINDOWS> $Compliance
Entity Baseline Status
------ -------- ------
esxi02 ESXi 6.5 Update 1 - HPE Custom ISO Incompatible
Does this help?
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
That seems to be more about listing patches from a patch baseline that are non-compliant. I'm looking at a host upgrade baseline which doesn't seem to have the seem detailed info for conflicting VIBs when testing compliance.
Can you see the info when you do
$esx = Get-VMHost -Name MyEsx
Get-Compliance -Entity $esx -Detailed | %{
$_.IncompatibleHardwarePatches
}
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference
Unfortunately it does not. It didn't return anything.
PS C:\WINDOWS> Get-Compliance -Entity $esx -Detailed | %{
$_.IncompatibleHardwarePatches
}
WARNING: There were one or more problems with the Update Manager Server certificate:
* The X509 chain could not be built up to the root certificate.
Here is the detailed output from get-compliance -detailed:
PS C:\WINDOWS> Get-Compliance -Entity $esx -Detailed | Ft -AutoSize
Entity Baseline Status CompliantPatches NotCompliantPatches UnknownPaches NotApplicablePatches
------ -------- ------ ---------------- ------------------- ------------- --------------------
esxi01 Critical Host Patches (Predefined) NotCompliant 5 4 0 39
esxi01 Non-Critical Host Patches (Predefined) NotCompliant 27 23 0 291
Entity : esxi01
Status : Incompatible
Baseline : VMware.VumAutomation.Types.HostUpgradeBaselineImpl
I have exactly the same issue. I'd like to audit all the ESXi hosts that have conflicting VIBs preventing VUM from pushing out a new ESXi vendor ISO image.
I can use the commands
$Result = Get-Compliance -Entity $VmHost -Detailed -Baseline $PreGen9BaseLine
$Result | Get-Member
TypeName: VMware.VumAutomation.Types.BaselineCompliance
Name MemberType Definition
---- ---------- ----------
Equals Method bool Equals(System.Object obj)
GetHashCode Method int GetHashCode()
GetType Method type GetType()
ToString Method string ToString()
Baseline Property VMware.VumAutomation.Types.Baseline Baseline {get;}
Entity Property VMware.VimAutomation.ViCore.Types.V1.Inventory.InventoryItem Entity {get;}
Status Property VMware.VumAutomation.Types.ComplianceStatus Status {get;}
LucD is correct when suggesting:
$esx = Get-VMHost -Name MyEsx
Get-Compliance -Entity $esx -Detailed | %{
$_.IncompatibleHardwarePatches
}
But '-detailed' provides no additional fidelity when the baseline is an UPGRADE baseline.
I guess perhaps, using a combination of Get-EsxCli to scan ESXi hosts for the known conflicting VIBs will do. Just a shame that I cannot get a report directly from VUM, both via Web-client nor PowerCli.
Unless you guys did manage to figure this out??? (Or anyone else)
I'm afraid not me
Blog: lucd.info Twitter: @LucD22 Co-author PowerCLI Reference