VMware Update Manager: Release Notes

VMware Update Manager | 12/03/2007 | Build 63959

What's in the Release Notes

The release notes cover the following topics:

These release notes provide information on the VMware Update Manager for VirtualCenter optional module. For information on new VirtualCenter features, requirements, and installation, see the VMware Infrastructure 3 version 3.5 Release Notes for your product.

Introduction to Update Manager

Update Manager is a VirtualCenter plug-in patch management solution for VMware Infrastructure. Update Manager provides a single patch management interface for both ESX hosts and guests, allowing administrators to ensure their virtual infrastructure is compliant with baselines they define.

Update Manager provides end-to-end patch management by downloading updates, alerting administrators, creating baselines, and scanning and remediation of virtual machines and hosts. Administrators can automate these tasks by creating policies for downloading and applying certain updates dynamically.

Update Manager automates creating snapshots of virtual machines for backup recovery purposes. Guests that are offline or powered off can be scanned for known patches and the patches can be applied, as required.

Feature Overview

 Feature  Description
Central Management Console Update Manager plug-in provides a single, central management console to automatically download updates and scan and remediate hosts and guests through the VirtualCenter UI.
Automated Patch Download and Application Patches are downloaded on a regular basis and added to baselines, which are administrator-defined collections of updates that are used to check virtual machines or ESX Servers to determine update status.
Dynamic baselines requires administrators establish criteria for compliance only once, after which new updates that meet the criteria are automatically added to the baseline.
Patch Download Service The Update Manager Download Service downloads patches for staging and transfer to Update Manager servers that do not have direct Internet access.
Controlled Deployment Update Manager allows administrators to target any collection of hosts or guests in the VirtualCenter interface. Deployment of patches can be done in a one-time or recurring scheduled operation. Deployment results are reported in a color-coded view to clearly indicate which entities are in compliance with the baseline.
ESX Host Patching Update Manager automates patch management functions for ESX Server 3.5 and ESX Server 3i. It determines which patches are required and then installs pre-requisites the patches require and the patches themselves. These installations are carried out in proper order, minimizing the number of reboots, thereby reducing the overall downtime.
DRS-enabled patching In fully automated DRS environments, when an ESX Server is to be remediated, virtual machines running on that server are automatically migrated to other ESX Servers using DRS. This helps ensure uninterrupted virtual machine availability.
Guest OS Patching Beginning with Windows 2000, all updates to virtual machines running Windows operating systems can be managed by Update Manager. Managing updates includes downloading patches, scan virtual machines, and remediating, as required. Information for Red Hat Linux updates can be downloaded automatically and Red Hat virtual machines can be scanned for compliance with these updates to identify machines that should be considered for patching.
Automatic backups for Guest OS Update Manager automatically creates a snapshot of virtual machines before applying updates. These snapshots allow administrators to restore virtual machines to their pre-update state if problems occur.
Application Patching Update Manager enables application patching. For a complete list of patchable applications, see Interoperability and Supported Guest Operating Systems.

Installation Notes

Update Manager installation requires network connectivity with an existing VirtualCenter 2.5 or later server. Each installation of the Update Manager module must be associated with a single VirtualCenter Server instance. The Update Manager system consists of a plug-in that runs on VI Clients and a server component that can be installed on the same system as VirtualCenter server or on a different system.

Minimum Hardware Requirements

Update Manager has specific minimum hardware requirements that must be met to ensure acceptable performance. These requirements vary based on how Update Manager is deployed. If the database is installed on the same machine, requirements for memory size and processor speed might be higher. Minimum requirements are as follows:

  • Processor: Intel or AMD x86 processor with 2 or more logical cores, each with a speed of 2GHz.
  • Network: 10/100 Mbps.
  • Memory:
    • 2 GB RAM if Update Manager and VirtualCenter Server are on different machines.
    • 4 GB RAM if Update Manager and VirtualCenter Server are on the same machine.

Disk storage requirements vary depending on your deployment. Refer to the VMware Update Manager Sizing Estimator for more information.

For best performance, use a Gigabit connection between Update Manager and ESX Server hosts. 10/100 Mbps connections are also acceptable.

Interoperability and Supported Operating Systems

Update Manager can scan and remediate a variety of ESX Hosts, virtual machines, and applications including the following:

ESX Server scanning and remediation:

  • ESX Server 3.5
  • ESX Server 3i

Virtual machine scanning and remediation:
  • Windows XP Professional, SP2 Required, 32 bit
  • Windows 2000 Server, SP4 with Update Rollup 1
  • Windows 2000 Professional, SP4 Required
  • Windows Server 2003, SP1 Required
  • Windows Server 2003 R2
  • Windows Server 2003 x64
  • Windows Server 2003 Standard/Web, 32-bit and 64-bit
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Business (x64)
  • Windows Vista Enterprise (x64)

Virtual machine scanning:
  • Red Hat Enterprise Linux AS 3.0 (Update 5 Required)
  • Red Hat Enterprise Linux ES 3.0 (Update 5 Required)
  • Red Hat Enterprise Linux AS 4.0 (Update 2 Required)
  • Red Hat Enterprise Linux ES 4.0 (Update 2 Required)

Application Scanning and Remediation:
  • Internet Information Server (IIS)
  • Windows Media Player, version 7.0 and later
  • Microsoft SQL Server versions 7.0/2000/2005
  • Microsoft SQL Server Desktop Edition (MSDE) version 1.0 and later
  • Exchange 2000 Server and Exchange Server 5.0
  • Internet Explorer version 4.0 and later
  • Outlook Express version 4.01 and later
  • Microsoft Site Server 3.0
  • ISA Server 2000
  • Microsoft .NET Framework, version 1.0 and later
  • Microsoft Data Access Components (MDAC) 2.5 and later
  • BizTalk Server 2000 and later
  • SNA Server 4.0
  • Host Integration Server 2000
  • WinZip 8.1 and later
  • Apache 1.3 and 2.0
  • Firefox 1.0 and later
  • RealPlayer 10 and later
  • Adobe Acrobat Reader

Known Issues

Installing and Upgrading

Installing Update Manager with Unified Installer Might Fail if Disparate Databases Are Used
Using the custom installation option in the unified installer, VirtualCenter can be configured to install and use a new version of the bundled SQL Server 2005 Express database. Similarly, Update Manager can be configured to use an Oracle database. These installation options cause Update Manager installation to fail with the error Setup failed to create database tables.

To resolve this error, launch the unified installer again using autorun.exe, and provide the same custom options for the Update Manager database. Note that some options in the installer may change because parts of the installation have completed successfully. The second installation typically completes successfully.

Reinstalling Update Manager Might Produce Errors
Uninstalling Update Manager might fail to stop all Update Manager services. If you reinstall Update Manager, an error might appear at the end of the process. The installation is successful despite this error.

Reinstalling Update Manager Might Fail
Update Manager installer might fail with the message warning 25015, unable to install Update Manager. This error occurs when you attempt to install Update Manager on a machine that previously had Update Manager installed and then removed. To resolve this issue, reboot the machine.

Scanning and Remediation

Recursive Operations on a Host Fail After You Remove It From a Cluster
When a host is removed from a VMware Infrastructure cluster, Update Manager might not get the latest information about the host's location. If this occurs, Update Manager fails to execute some operations on the host. This failure occurs during recursive operations that are initiated on any container that contains the host. For example, you can move a host from a cluster to a folder and then scan or remediate the folder. In such a case, the host in the folder should be scanned or remediated, but it is not. To resolve this issue, restart Update Manager server.

Editing a Virtual Machine That Update Manager is Scanning or Remediating Causes Problems
When Update Manager is scanning or remediating a virtual machine, you can modify settings for that virtual machine. Doing so might cause the scan or remediation to fail and the changes to the virtual machine might be lost. To avoid this issue, do not edit virtual machine settings while scanning or remediating that same virtual machine.

Update Manager Might Fail When Scanning or Remediating a Large Collection of Objects
Update Manager connects to its database to gather information used in scanning and remediating VMware Infrastructure objects. By default, Update Manager permits a maximum of 80 connections. If all these connections are used during a scan or remediation, the process may stop making progress. To resolve this issue, modify the vci-integrity.xml file to increase the number of connections. Change the <initialConnections> and <maxConnections> values to some higher value up to a maximum of 150.

Remediating a Virtual Machine or Template Might Fail if VMware Tools are Unavailable
The remediation process may employ VMware Tools. In cases where this is a requirement, remediation might fail. To resolve this issue, install or restart VMware Tools, and then retry the remediation.

The Remediate Wizard Might Incorrectly Display the Number of Updates to Apply
The remediate wizard includes a page that displays the number of updates available and the number to be applied. The number of updates to be applied might not be correct, but all selected non-compliant updates will be applied.

Baselines Might Be Non-compliant After Remediation
For remediation, Update Manager determines which patches are applicable by comparing the virtual machine or ESX Server to be remediated with the list of updates in a baseline. Update Manager applies all applicable patches, but the act of applying patches might make other patches in the same baseline newly applicable. Therefore, Update Manager reports the remediation as failed and the baseline will still be listed as uncompliant. When this happens, it often involves remediations that use dynamic baselines that include service packs. Patches that are not relevant before a service pack application might become relevant afterwards, thereby resulting in the non-compliant state. To make a baseline compliant, repeat the process of remediation.

Remediation Tasks Fail for Some Microsoft Products
Update Manager does not remediate some Microsoft products. Details of these failures are logged in an event which can be viewed using the VI Client.

  • Application of SP2 for Microsoft Content Management Server 2002 and SP2 for Internet Explorer 6 fail. They are for scanning only.
  • Applications of some SPs to Exchange require user-intervention, so they cannot be completed automatically.

The Remediation Wizard does not Retain Information about Selected Updates
In the baselines page of the Remediation wizard, if you select a specific number of updates from a baseline and then switch back to the baseline list view, the previous update selection is not remembered and all updates are selected again.

Update Manager Does Not Apply Windows Small Business Sever 2003 Service Packs
Update Manager can not download or install service pack 2 (SP2) for Windows Small Business Server 2003. Update Manager accurately scans and reports if the service pack is applied, but no remediation is possible.

Update Manager Might Incorrectly Report Windows Vista Guest Patches As Not Being Installed
Update Manager might report some Windows Vista virtual machines as not compliant, even after patches have been successfully installed. To resolve this condition, reboot the virtual machine. Subsequent scans will show the machine as compliant.

Remediating Suspended Windows 2003 Enterprise (x64) Virtual Machines Might Fail
Remediating Windows 2003 Enterprise x64 SP2 with patches MS06-061, MS06-071, and MS07-042 might fail under certain circumstances. If such virtual machines have 256 MB of RAM, the task stops making progress at 62% and eventually fails. Changing the RAM size to 512 MB results in success for subsequent remediations.

Remediation of KB896423 on Windows 2000 Servers SP4 Might Fail
Update Manager installs Updates on Virtual Machines in silent mode, so interactive users receive no information about updates or service pack installations. Installation of KB896423 on Windows 2000 SP4 might, on occasion, result in an error which displays a dialog box to users. The dialog box includes the message spoolsv.exe - Entry point not found. This problem is believed to result from a specific combination of patches being installed on the Virtual Machine.

Such an error might result in the particular remediation task making no progress. To enable remediation progress, close the dialog box from the virtual machine console.

Patching Hosts May Result in Virtual Machine VMotion that Violates Strict Admission Control
When hosts are remediated, Update Manager uses VMotion to migrate virtual machines to other hosts. When strict admission control is enabled for HA/DRS clusters, virtual machine migration with VMotion might be prevented if a situation would be created that could compromise the cluster's ability to recover from failures. Remediating a host in a cluster might migrate virtual machines to other hosts, violating admission control. After remediation is complete, the virtual machines might not be migrated back. If this occurs, manually invoke VMotion to migrate the virtual machines back to their original hosts.

Using Update Manager

Shutting Down a Linux Virtual Machine During Update Manager Agent Installation Causes Problems

Update Manager installs an agent on all Linux virtual machines. If you power off a Linux virtual machine while the Update Manager agent is being installed, further Update Manager operations involving that virtual machine hang.

To avoid this condition, wait for the installation to complete before powering off the virtual machine. When an installation completes, the virtual machine displays the message Guest Agent successfully installed or Failed to install Guest Agent.

If the installation is canceled and Update Manager operations fail to complete, restart Update Manager to resolve the condition.

Interrupting the Connection Between Update Manager and the Patch Database Server Causes Problems
If there is a connection failure between Update Manager and the patch database, problems might occur.

  • Update Manager might not report connectivity losses between the VMware Update Manager server and the database storing information about updates. In such a case, operations might produce no results or outdated results.
  • Loss of connection might result in operations failing with the error VMware Update Manager has a failure.
Update Manager does not automatically reconnect to the database. To resolve these issues, restart Update Manager, and then restart the VI Client.

Paths Ending With a Trailing Backslash Cause Windows Packages Import to Fail
You can import patches that were exported from Update Manager Download Service using the vmware-updateDownloadCli.exe tool. The -p or --update-path options allow you to specify the location from which to import patches. If you specify a path that ends with a backslash, the import fails. To avoid this problem, do not end paths with a backslash.

Problems With Network Connectivity Might Cause Download Tasks to Fail
Update Manager update downloads fail if there are problems with network connectivity. Mitigate this issue by changing the download settings specified in the vci-integrity.xml file. Depending on the cause of the issue, one or both of the following changes may help:

  • If the downloads are progressing but not completing, increase the download timeout. The default is 60000 milliseconds, which is equivalent to one minute. The timeout value is specified by the <recvTimeout> value.
  • If the network is intermittently unavailable, increase the number of retries. The number of retries is specified by the <UpdateDownloadReries> value.

Search Results Are Affected by Database Case-Sensitivity
Update Manager includes search functionality that allows you to find baselines with specific text in their names. This filtering technology searches the database that stores information about the baselines. If the database being used is configured to be case-sensitive, this might significantly limit the results returned. Oracle databases are case-sensitive by default. Consider disabling case-sensitivity for your database.