Hi,

We installed update 1 via the VUM GUI and then suffered the timetomb issue,,

Doing an esxupdate -l query revealed patches subsequent to update 1 were installed. I logged a support call and at the moment VMware are saying this should not have happened.

(They webx'd in and watch me do a remediation with update 1 and saw the same result - they could not explain this and claimed they could not reproduce this in a lab even though they agreed the update had done correctly)

However reading the above KB suggests this is by design, ie. if you create a baseline with a fixed and specifically chosen patch / update and then remediate an ESX host then that host may well be patched with patches not in that specific baseline (because the patches you added to your baseline have been superceeded and those superceeded patches are in the download depot)

this is the bit from the KB, which in my reading suggests this is by design - which is rather worrying in relation to RFCs and future similar timebomb problems.

Due to an esxupdate problem prior to Update 2, you may also be affected by the licensing issue if you meet all of the following:

• You have downloaded an ESX/ESXi 3.5 update or patch that pre-dates Update 2

• You have downloaded the affected ESX/ESXi 3.5 Update 2 (build 103908/103909)

• Both updates are in the same local depot

• You install the earlier update or patch

any comments ?