VMware Update Manager: Release Notes
VMware Update Manager | 12/03/2007 | Build
What's in the Release Notes
The release notes cover the following topics:
These release notes provide information on the VMware Update Manager for
VirtualCenter optional module. For information on new
VirtualCenter features, requirements, and installation, see the VMware
Infrastructure 3 version 3.5 Release Notes for your product.
Introduction to Update Manager
Update Manager is a VirtualCenter plug-in patch management solution
for VMware Infrastructure. Update Manager provides a single patch
management interface for both ESX hosts and guests, allowing administrators to
ensure their virtual infrastructure is compliant with baselines they define.
Update Manager provides end-to-end patch management by downloading
updates, alerting administrators, creating baselines, and scanning and
remediation of virtual machines and hosts. Administrators can automate these
tasks by creating policies for downloading and applying certain updates
Update Manager automates creating snapshots of virtual machines for
backup recovery purposes. Guests that are offline or powered off can be scanned
for known patches and the patches can be applied, as required.
Central Management Console
Update Manager plug-in provides a single, central management console to
automatically download updates and scan and remediate hosts and guests through
the VirtualCenter UI.
Automated Patch Download and Application
Patches are downloaded on a regular basis and added to baselines, which are
administrator-defined collections of updates that are used to check virtual
machines or ESX Servers to determine update status.
Dynamic baselines requires administrators establish criteria for compliance
only once, after which new updates that meet the criteria are automatically
added to the baseline.
Patch Download Service
The Update Manager Download Service downloads patches for staging and
transfer to Update Manager servers that do not have direct Internet
Update Manager allows administrators to target any collection of hosts
or guests in the VirtualCenter interface. Deployment of patches can be done in
a one-time or recurring scheduled operation. Deployment results are reported in
a color-coded view to clearly indicate which entities are in compliance with
ESX Host Patching
Update Manager automates patch management functions for ESX Server 3.5
and ESX Server 3i. It determines which patches are required and then installs
pre-requisites the patches require and the patches themselves. These
installations are carried out in proper order, minimizing the number of
reboots, thereby reducing the overall downtime.
In fully automated DRS environments, when an ESX Server is to be remediated,
virtual machines running on that server are automatically migrated to other ESX
Servers using DRS. This helps ensure uninterrupted virtual machine
Guest OS Patching
Beginning with Windows 2000, all updates to virtual machines running Windows
operating systems can be managed by Update Manager. Managing updates
includes downloading patches, scan virtual machines, and remediating, as
required. Information for Red Hat Linux updates can be downloaded automatically
and Red Hat virtual machines can be scanned for compliance with these updates
to identify machines that should be considered for patching.
Automatic backups for Guest OS
Update Manager automatically creates a snapshot of virtual machines
before applying updates. These snapshots allow administrators to restore
virtual machines to their pre-update state if problems occur.
Update Manager enables application patching. For a complete list of
patchable applications, see Interoperability and Supported
Guest Operating Systems.
Update Manager installation requires network connectivity with an existing
VirtualCenter 2.5 or later server. Each installation of the Update Manager
module must be associated with a single VirtualCenter Server instance. The
Update Manager system consists of a plug-in that runs on VI Clients and a
server component that can be installed on the same system as VirtualCenter
server or on a different system.
Minimum Hardware Requirements
Update Manager has specific minimum hardware requirements that must be met
to ensure acceptable performance. These requirements vary based on how Update
Manager is deployed. If the database is installed on the same machine,
requirements for memory size and processor speed might be higher. Minimum
requirements are as follows:
- Processor: Intel or AMD x86 processor with 2 or more logical cores, each
with a speed of 2GHz.
- Network: 10/100 Mbps.
- 2 GB RAM if Update Manager and VirtualCenter Server are on different
- 4 GB RAM if Update Manager and VirtualCenter Server are on the same
Disk storage requirements vary depending on your deployment. Refer to the
VMware Update Manager Sizing Estimator for more
For best performance, use a Gigabit connection between Update Manager and ESX
Server hosts. 10/100 Mbps connections are also acceptable.
Interoperability and Supported Operating
Update Manager can scan and remediate a variety of ESX Hosts, virtual
machines, and applications including the following:
ESX Server scanning and remediation:
- ESX Server 3.5
- ESX Server 3i
Virtual machine scanning and remediation:
- Windows XP Professional, SP2 Required, 32 bit
- Windows 2000 Server, SP4 with Update Rollup 1
- Windows 2000 Professional, SP4 Required
- Windows Server 2003, SP1 Required
- Windows Server 2003 R2
- Windows Server 2003 x64
- Windows Server 2003 Standard/Web, 32-bit and 64-bit
- Windows Vista Business
- Windows Vista Enterprise
- Windows Vista Business (x64)
- Windows Vista Enterprise (x64)
Virtual machine scanning:
- Red Hat Enterprise Linux AS 3.0 (Update 5 Required)
- Red Hat Enterprise Linux ES 3.0 (Update 5 Required)
- Red Hat Enterprise Linux AS 4.0 (Update 2 Required)
- Red Hat Enterprise Linux ES 4.0 (Update 2 Required)
Application Scanning and Remediation:
- Internet Information Server (IIS)
- Windows Media Player, version 7.0 and later
- Microsoft SQL Server versions 7.0/2000/2005
- Microsoft SQL Server Desktop Edition (MSDE) version 1.0 and later
- Exchange 2000 Server and Exchange Server 5.0
- Internet Explorer version 4.0 and later
- Outlook Express version 4.01 and later
- Microsoft Site Server 3.0
- ISA Server 2000
- Microsoft .NET Framework, version 1.0 and later
- Microsoft Data Access Components (MDAC) 2.5 and later
- BizTalk Server 2000 and later
- SNA Server 4.0
- Host Integration Server 2000
- WinZip 8.1 and later
- Apache 1.3 and 2.0
- Firefox 1.0 and later
- RealPlayer 10 and later
- Adobe Acrobat Reader
Installing and Upgrading
Installing Update Manager with Unified Installer Might Fail if Disparate
Databases Are Used
Using the custom installation option in the unified installer,
VirtualCenter can be configured to install and use a new version of the bundled
SQL Server 2005 Express database. Similarly, Update Manager can be configured
to use an Oracle database. These installation options cause Update Manager
installation to fail with the error
Setup failed to create database
To resolve this error, launch the unified installer again using autorun.exe,
and provide the same custom options for the Update Manager database. Note that
some options in the installer may change because parts of the installation
have completed successfully. The second installation typically completes
Reinstalling Update Manager Might Produce Errors
Uninstalling Update Manager might fail to stop all Update Manager services. If
you reinstall Update Manager, an error might appear at the end of the process.
The installation is successful despite this error.
Reinstalling Update Manager Might Fail
Update Manager installer might fail with the message
unable to install Update Manager. This error occurs when you attempt to
install Update Manager on a machine that previously had Update Manager
installed and then removed. To resolve this issue, reboot the machine.
Scanning and Remediation
Recursive Operations on a Host Fail After You Remove It From a
When a host is removed from a VMware Infrastructure cluster, Update Manager
might not get the latest information about the host's location. If this occurs,
Update Manager fails to execute some operations on the host. This failure
occurs during recursive operations that are initiated on any container that
contains the host. For example, you can move a host from a cluster to a folder
and then scan or remediate the folder. In such a case, the host in the folder
should be scanned or remediated, but it is not. To resolve this issue, restart
Update Manager server.
Editing a Virtual Machine That Update Manager is Scanning or Remediating
When Update Manager is scanning or remediating a virtual machine, you can
modify settings for that virtual machine. Doing so might cause the scan or
remediation to fail and the changes to the virtual machine might be lost. To
avoid this issue, do not edit virtual machine settings while scanning or
remediating that same virtual machine.
Update Manager Might Fail When Scanning or Remediating a Large Collection
Update Manager connects to its database to gather information used in scanning
and remediating VMware Infrastructure objects. By default, Update Manager
permits a maximum of 80 connections. If all these connections are used during a
scan or remediation, the process may stop making progress. To resolve this
issue, modify the vci-integrity.xml file to increase the number of connections.
Change the <initialConnections> and <maxConnections> values to some
higher value up to a maximum of 150.
Remediating a Virtual Machine or Template Might Fail if VMware Tools are
The remediation process may employ VMware Tools. In cases where this is a
requirement, remediation might fail. To resolve this issue, install or restart
VMware Tools, and then retry the remediation.
The Remediate Wizard Might Incorrectly Display the Number of Updates to
The remediate wizard includes a page that displays the number of updates
available and the number to be applied. The number of updates to be applied
might not be correct, but all selected non-compliant updates will be applied.
Baselines Might Be Non-compliant After Remediation
For remediation, Update Manager determines which patches are applicable by
comparing the virtual machine or ESX Server to be remediated with the list of
updates in a baseline. Update Manager applies all applicable patches, but the
act of applying patches might make other patches in the same baseline newly
applicable. Therefore, Update Manager reports the remediation as failed and the
baseline will still be listed as uncompliant. When this happens, it often
involves remediations that use dynamic baselines that include service packs.
Patches that are not relevant before a service pack application might become
relevant afterwards, thereby resulting in the non-compliant state. To make a
baseline compliant, repeat the process of remediation.
Remediation Tasks Fail for Some Microsoft Products
Update Manager does not remediate some Microsoft products. Details of these
failures are logged in an event which can be viewed using the VI Client.
- Application of SP2 for Microsoft Content Management Server 2002 and SP2 for
Internet Explorer 6 fail. They are for scanning only.
- Applications of some SPs to Exchange require user-intervention, so they
cannot be completed automatically.
The Remediation Wizard does not Retain Information about Selected
In the baselines page of the Remediation wizard, if you select a specific
number of updates from a baseline and then switch back to the baseline list
view, the previous update selection is not remembered and all updates are
Update Manager Does Not Apply Windows Small Business Sever 2003
Update Manager can not download or install service pack 2 (SP2) for
Windows Small Business Server 2003. Update Manager accurately scans and
reports if the service pack is applied, but no remediation is possible.
Update Manager Might Incorrectly Report Windows Vista Guest Patches
As Not Being Installed
Update Manager might report some Windows Vista virtual machines as not
compliant, even after patches have been successfully installed. To resolve this
condition, reboot the virtual machine. Subsequent scans will show the machine
Remediating Suspended Windows 2003 Enterprise (x64) Virtual Machines
Remediating Windows 2003 Enterprise x64 SP2 with patches MS06-061, MS06-071,
and MS07-042 might fail under certain circumstances. If such virtual machines
have 256 MB of RAM, the task stops making progress at 62% and eventually fails.
Changing the RAM size to 512 MB results in success for subsequent remediations.
Remediation of KB896423 on Windows 2000 Servers SP4 Might Fail
Update Manager installs Updates on Virtual Machines in silent mode, so
interactive users receive no information about updates or service pack
installations. Installation of KB896423 on Windows 2000 SP4 might, on occasion,
result in an error which displays a dialog box to users. The dialog box
includes the message
spoolsv.exe - Entry point not found. This
problem is believed to result from a specific combination of patches being
installed on the Virtual Machine.
Such an error might result in the particular remediation task making no
progress. To enable remediation progress, close the dialog box from the virtual
Patching Hosts May Result in Virtual Machine VMotion that Violates Strict
When hosts are remediated, Update Manager uses VMotion to migrate virtual machines to other hosts. When
strict admission control is enabled for HA/DRS clusters, virtual machine
migration with VMotion might be prevented if a situation would be created that could
compromise the cluster's ability to recover from failures. Remediating a host
in a cluster might migrate virtual machines to other hosts, violating admission
control. After remediation is complete, the virtual machines might not be
migrated back. If this occurs, manually invoke VMotion to migrate the virtual machines back to
their original hosts.
Using Update Manager
Shutting Down a Linux Virtual Machine During Update Manager Agent
Installation Causes Problems
Update Manager installs an agent on all Linux virtual machines. If you power
off a Linux virtual machine while the Update Manager agent is being installed,
further Update Manager operations involving that virtual machine hang.
To avoid this condition, wait for the installation to complete before powering
off the virtual machine. When an installation completes, the virtual machine
displays the message
Guest Agent successfully installed or
Failed to install Guest Agent.
If the installation is canceled and Update Manager operations fail to complete,
restart Update Manager to resolve the condition.
Interrupting the Connection Between Update Manager and the Patch Database
Server Causes Problems
If there is a connection failure between Update Manager and the patch database,
problems might occur.
Update Manager does not automatically reconnect to the database. To resolve
these issues, restart Update Manager, and then restart the VI Client.
- Update Manager might not report connectivity losses between the VMware
Update Manager server and the database storing information about updates. In
such a case, operations might produce no results or outdated results.
- Loss of connection might result in operations failing with the error
VMware Update Manager has a failure.
Paths Ending With a Trailing Backslash Cause Windows Packages Import to
You can import patches that were exported from Update Manager Download Service
vmware-updateDownloadCli.exe tool. The
--update-path options allow you to specify the location from
which to import patches. If you specify a path that ends with a backslash, the
import fails. To avoid this problem, do not end paths with a backslash.
Problems With Network Connectivity Might Cause Download Tasks to Fail
Update Manager update downloads fail if there are problems with network
connectivity. Mitigate this issue by changing the download settings specified
in the vci-integrity.xml file. Depending on the cause of the issue, one or both
of the following changes may help:
- If the downloads are progressing but not completing, increase the download
timeout. The default is 60000 milliseconds, which is equivalent to one minute.
The timeout value is specified by the <recvTimeout> value.
- If the network is intermittently unavailable, increase the number of
retries. The number of retries is specified by the <UpdateDownloadReries>
Search Results Are Affected by Database Case-Sensitivity
Update Manager includes search functionality that allows you to find baselines
with specific text in their names. This filtering technology searches the
database that stores information about the baselines. If the database being
used is configured to be case-sensitive, this might significantly limit the
results returned. Oracle databases are case-sensitive by default. Consider
disabling case-sensitivity for your database.