- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So we had a critical finding come up for our hosts, some are 6.5 and some are 6.7 that there is a driver update required to correct an issue.
I download the package and create a baseline, attach it to the identified hosts and then check for compliance
Some indeed do come up as non-compliant which is great
However more than half of them (all the 6.5 hosts) come up as compliant with the baseline.
Both download links are above (there doesnt appear to be a specific 6.5 version of the driver the 6.0 version says in its description that it contains the 6.5 version.
I query the hosts manually to just make sure and the result I get back is that version 1.4.6 is installed yet it is "compliant" with the baseline that has version 1.4.10 which includes the fix.
How is this even possible?
Am I downloading the wrong package
Also surely if skyline picks up multiple hypervisor versions are installed including the correct download link for all versions of the hypervisor detected rather than just 6.7 would be advisable?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Moderator: Moved to vSphere Community as the issue reported is related to the driver
Ashwin Prakash
Skyline Support Moderator
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are the baselines etc using Update Manager?
-------------------------------------------------------------------------------------------------------------------------------------------------------------
Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I uploaded the driver package to update manager and created a baseline with just the driver package in and scanned it against the reported hosts and it said "Compliant" so it thinks nothing needs to be updated but version 1.4.6 is installed not 1.4.10 which is in the package.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ashwin, the issue is with both the driver and with skyline, skyline does not include the right packages for all the versions of hypervisor that this has been detected against, it only provided me with the download link for 6.7 when it was detecting it against 6.7 and 6.5 hosts.
The resolution instructions in skyline need to be updated or modified to include resolutions/patches for all versions of the hypervisor it was detected against not just the latest one.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello MattHumphreys,
Thank you for notifying, request you to share the Findings ID along with that request you to also fill the details requested on the Smart Sheet below so that we could check the details as per your environment.
https://app.smartsheet.com/b/form/9e31b64730f2419ba2aa50f6c72e66a3
Ashwin Prakash
Skyline Support Moderator
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have completed the form as requested, I have reviewed the patch and baseline and investigating the patch it shows as "Not Applicable" for any 6.5 hosts, it sees the patch ID as VMW-ESX-6.0.0-igbn-1.4.10 and I think it doesn't think this patch applies to 6.5 hosts so there might be something wrong with the bundle you are directing us to from the finding which is:
I do believe its because the patch only lists "product" as "embeddedEsx 6.0.0" when you check it against 6.5 hosts it comes up as not applicable because 6.5.0 is not included in the product definition for the patch bundle above.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi MattHumphreys
Thank you for sharing all the required details.
As per the Findings ID which you shared I did check the details and found there is only 2 link for the downloads
As per the link which is available for 6.0 it does say that it is the same driver which is compatible with 6.5 version as well.
If this is not the correct link, Could you please share the exact error that you received while trying to implement.
As this would be helpful for the VC team to check why its not supported and if this is not the correct link then they would be able to have the correct driver updated.
Ashwin Prakash
Skyline Support Moderator
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That was the link that i use, however I upload the patch to vmware update manager and create a baseline with that patch in, I then attach that baseline to 6.5.0 hosts and scan it and it says that the patch is not applicable to that version of esxi so there is nothing to update, I have verified manually using esxcli that the old incorrect version of the driver is installed, I believe that this is due to the fact that the only version listed in the offiline package metadata is embeddedesxi 6.0.0 it does not mention at all anything about 6.5.0 in that driver package.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi MattHumphreys,
While we were investigating the issue with our vCenter Support team, we found that currently there is no resolution, VMware Engineering Team is investigating this issue where importing VIB into VUM the Intel driver shown as "Not applicable".
To workaround the issue, edit the following files:
- vendor-index.xml
- vmware.xml from metadata.zip
- xml file from metadata.zip/bullitens (<patch-name>.xml)
- Modify VIB file name as mentioned in the below example:
- From:
- "VMW-ESX-6.0.0-ixgben-1.7.15.zip"
- To:
- "VMW-ESX-6.5.0-ixgben-1.7.15.zip"
- Edit vendor-index.xml file
- From:
- <version>6.0.0</version>
- To:
- <version>6.5.0</version>
- Edit vmware.xml from metadata.zip
- From:
- <softwarePlatform locale="" version="6.0.0" productLineID="embeddedEsx"/>
- To:
- <softwarePlatform locale="" version="6.5.0" productLineID="embeddedEsx"/>
- Edit xml file from metadata.zip/bullitens (<patch-name>.xml)
- From:
- <softwarePlatform locale="" version="6.0.0" productLineID="embeddedEsx"/>
- To:
- <softwarePlatform locale="" version="6.5.0" productLineID="embeddedEsx"/>
- Now, proceed to upload the VIB to VUM patch repository and scan the host for this VIB you should see compliant status as "Non-compliant" instead of "Not applicable"
Or
You could Install the VIB via esxcli as it should work perfectly fine.
Ashwin Prakash
Skyline Support Moderator
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I followed your steps and it throws an error saying its not a valid offline bundle file.
Step 4 where you say to rename the vib file name, the filename in the offline bundle is called VMW-ESX-6.5.0-igbn-1.4.10-offline_bundle-14160633\vib20\igbn\INT_bootbank_igbn_1.4.10-1OEM.600.0.0.2768847.vib
If I rename that file then the numerous references to that in the metadata will break.
Do you mean to rename the offline bundle zip? VMW-ESX-6.5.0-igbn-1.4.10-offline_bundle-14160633.zip (i changed that so that I could keep track of which was the un-edited one
VMware update manager anyway says it cannot upload my edited file because it is not a valid package.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MattHumphreys I attached driver with this post. Please check and let me know if this works.
______________________________________________________________________________
"Did you find this helpful? Let us know by completing this survey (takes 1 minute!)"
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
And I'm not too sure if this has to be done but you may need to reset VUM DB and reset patch-repository: https://kb.vmware.com/s/article/2147284
Take snapshot before you make any changes.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
did you get this sorted?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I did get this sorted out yes, your patch file is correctly showing "non-compliant"