3 Replies Latest reply on Jun 10, 2008 5:37 AM by kjb007

    Update Manager baseline scan not correct

    dmaster Expert
    VMware EmployeesvExpert

       

      Today I tried to remediate an ESX host, but Update Manager says it is already compliant. But I am sure it is not, patches ESX350-20080440x have not been applied yet.

       

       

      I also scanned a host which had already these patches installed, and the number of compliant updates dropped from 27 to 20. We have not changed our baselines (which are fixed), and I noticed new patches were available today. These new patches are replacing all 20080440x patches, and it seems Update Manages is already taking this into account when scanning hosts even if these new patches are not included in the baselines yet

       

       

      Has anyone seen the same behaviour or knows if this is a known issue? Perhaps I should raise a service request for this...

       

       

        • 1. Re: Update Manager baseline scan not correct
          kjb007 Guru

           

          You should check the update manager logs.  You said the baseline you're using is fixed.  Is that baseline including the new patches, or just the older ones?  That would make sense that your server is not seeing any new updates, it it does not include the new patches in the baseline.

           

           

           

           

           

          Otherwise, maybe you're having connectivity problems downloading the patch metadata info.

           

           

           

           

           

          -KjB

           

           

          • 2. Re: Update Manager baseline scan not correct
            dmaster Expert
            vExpertVMware Employees

             

            Our baseline has not yet the new patches included. Update Manager logs look ok. All new patches have been downloaded and are included in the metadata files.

             

             

            I suspect the following: the new patches make some previous patches obsolete. Even if the new patches are not included in the baseline the host scan already takes this into account. I could try some more testing, but I need to modify the metadata for this..

             

             

            • 3. Re: Update Manager baseline scan not correct
              kjb007 Guru

               

              This should not be the case.  When a host is scanned, it should be scanned against the baseline it is attached to.  In your case, since it is attached to a baseline which does not include the new patches, it should come back clean, as it does.  Attach the new baseline, with the new patches, and then rescan to see if the host comes back clean still.  If it does, then that would be a problem.

               

               

               

               

               

              -KjB