VMware Update Manager 1.0 Update 2 Release Notes

VMware Update Manager 1.0 Update 2 | 07/25/2008 | Build 103284

Last Document Update: 06 NOV 2008

What's in the Release Notes

The release notes cover the following topics:

These release notes provide information on VMware Update Manager, an optional module for VMware VirtualCenter. For information on new VirtualCenter features, requirements, and installation, see the VMware Infrastructure 3 Release Notes for your product.

Note: In many public documents, VMware ESX Server 3.5 is now known as VMware ESX 3.5, and VMware ESX Server 3i as VMware ESXi 3.5. These release notes use the earlier convention to match the product interfaces and documentation. The name of the Virtual Appliances Development Kit (VADK) has changed to VMware Studio, but the Update Manager documentation uses the earlier name of this product. A future release will update the product names.

Installation Notes

This section includes information about the installation of Update Manager and its optional modules.

Update Manager

Update Manager installation requires network connectivity with an existing VirtualCenter Server version 2.5 or higher. Each installation of the Update Manager module must be associated with a single VirtualCenter Server instance. The Update Manager module consists of a plug-in that runs on the VMware Infrastructure Client and a server component that can be installed on the same system as the VirtualCenter Server or on a different system.

Update Manager 1.0 Update 2 can be used only with VirtualCenter 2.5 Update 2.

Update Manager 1.0 Update 2 is compatible with VirtualCenter 2.5 Update 2 and with VI Client 2.5 Update 2:

Compatibility Matrix
VirtualCenter Server
VI Client
Update Manager
2.5 Update 1
2.5 Update 2
2.5 Update 1
2.5 Update 2
1.0 Yes No No Yes No No
1.0 Update 1 No Yes No No Yes No
1.0 Update 2 No No Yes No No Yes

Update Manager Download Service

The optional Update Manager Download Service (UMDS) installer requires a database. The installation program includes an option to create a SQL Server 2005 Express database, or you can use an existing Microsoft SQL Server or Oracle database.

VMware Infrastructure Update Manager - PowerShell Library

During the installation of the Update Manager, you can select to install the optional VMware Infrastructure Update Manager – PowerShell Library.

VMware Update Manager – PowerShell Library is a set of commandlets for scanning and remediating virtual machines or hosts, downloading software updates, and creating baselines. It can be installed and used on any machine that has VMware Infrastructure Toolkit (for Windows) installed and access to a VirtualCenter Server.

VMware Infrastructure Update Manager – PowerShell Library is an experimental feature and is supported only in English.

Upgrade Notes

This release allows upgrades from all previous Update Manager versions.

Upgrading Update Manager

To upgrade Update Manager to Update Manager 1.0 Update 2, you must first upgrade VirtualCenter to VirtualCenter 2.5 Update 2.

When a VI Client 2.5 Update 2 instance connects to the VirtualCenter Server 2.5 Update 2 instance (and Update Manager 1.0 Update 2, respectively), the VI Client detects the correct Update Manager plug-in version and tries to load it. If the necessary Update Manager 1.0 Update 2 plug-in version is not available, the VI Client prompts you to install it and provides a way to download it.

Note: Before you start the upgrade, you must stop the Update Manager service.

It is recommended to use the unified installer for the Update Manager upgrade or installation.

During the Update Manager upgrade, you cannot edit parameters such as installation path and patch download location. The system keeps the data for these parameters from the original installation. You can edit the installation and patch download location paths only when you perform a fresh Update Manager installation. On the VirtualCenter Server Information page of the upgrade wizard enter the VirtualCenter Server IP and credentials from the original installation to keep the Update Manager's registration with the VirtualCenter Server valid.

Upgrading Update Manager Download Service

Update Manager Download Service and Update Manager must be of the same version. To upgrade the UMDS do the following:

  1. Upgrade Update Manager.

    During the Update Manager upgrade, the database schema will be upgraded, but the data in the database remains the same.
  2. Upgrade Update Manager Download Service.

    The binaries for the UMDS are located in the umds folder on the installation CD. The installation wizard upgrades the UMDS from the older to the newer version.

To obtain the new update metadata and to update the already existing information in the database, download the ESX Server patches and import them to the machine on which Update Manager server is installed.

To confirm that the upgrade of UMDS was successful, ensure it can download and import patches to Update Manager 1.0 Update 2. For example, to download the ESX Server host patches and to import them to Update Manager 1.0 Update 2 server do the following:

  1. Log in to the machine on which Update Manager Download Service is installed.
  2. Choose Start > Run, type cmd and press Enter.
  3. Change to the directory where UMDS is installed.

    The default folder is C:\Program Files\VMware\Infrastructure\Update Manager.
  4. Setup a download of all ESX Server host updates, by entering the following command:

    vmware-umds -S -h true -w false -l false
  5. Run the program to download updates by entering the following command:

    vmware-umds -D
  6. Export the patches to a portable storage device or a shared folder by entering the command:

    vmware-umds -E --dest <repository_path>

    Here <repository_path> is the full path to your export directory.

    To include only the updates downloaded in the first step, use the download start time option (-s). For example, to export only the updates downloaded after July 25, 2008, enter the following command:

    vmware-umds -E --dest <repository_path> -s 2008-07-25T00:00:00
  7. Import the patches to the machine on which Update Manager server is installed.

Minimum Hardware Requirements

Minimum hardware requirements for Update Manager vary depending on how Update Manager is deployed. If the database is installed on the same machine as Update Manager, requirements for memory size and processor speed are higher. The minimum requirements to ensure acceptable performance are as follows:

  • Processor:
      Intel or AMD x86 processor with two or more logical cores, each with a speed of 2GHz
  • Network:
    • 10/100 Mbps
    • For best performance, use a Gigabit connection between Update Manager and ESX Server hosts.
  • Memory:
    • 2GB RAM if Update Manager and VirtualCenter Server are on different machines
    • 4GB RAM if Update Manager and VirtualCenter Server are on the same machine

Disk storage requirements vary depending on your deployment. For more information, see the VMware Update Manager Sizing Estimator.

Interoperability and Supported Operating Systems

Update Manager can scan and remediate a variety of ESX Server hosts, virtual machines, virtual appliances, and applications, including:

ESX Server Scanning and Remediation

  • ESX Server 3.5 or higher
  • ESX Server 3i or higher
  • ESX Server 3.0.3

Virtual Machine Scanning and Remediation
  • Windows XP Professional, SP2 Required, 32 bit
  • Windows XP Professional 64 bit
  • Windows 2003 Datacenter
  • Windows 2000 Server, SP4 with Update Rollup 1
  • Windows 2000 Professional, SP4 Required
  • Windows Server 2003, SP1 Required
  • Windows Server 2003 R2
  • Windows Server 2003 x64
  • Windows Server 2003 Standard/Web, 32-bit and 64-bit
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Business (x64)
  • Windows Vista Enterprise (x64)

Virtual Machine Scanning
  • Red Hat Enterprise Linux AS 3.0 (Update 5 Required)
  • Red Hat Enterprise Linux ES 3.0 (Update 5 Required)
  • Red Hat Enterprise Linux AS 4.0 (Update 2 Required)
  • Red Hat Enterprise Linux ES 4.0 (Update 2 Required)

Application Scanning and Remediation:
  • Internet Information Server (IIS)
  • Windows Media Player, version 7.0 or higher
  • Microsoft SQL Server versions 7.0/2000/2005
  • Microsoft SQL Server Desktop Edition (MSDE) version 1.0 or higher
  • Exchange 2000 Server and Exchange Server 5.0
  • Internet Explorer version 4.0 or higher
  • Outlook Express version 4.01 or higher
  • Microsoft Site Server 3.0
  • ISA Server 2000
  • Microsoft .NET Framework, version 1.0 or higher
  • Microsoft Data Access Components (MDAC) 2.5 or higher
  • BizTalk Server 2000 or higher
  • SNA Server 4.0
  • Host Integration Server 2000
  • WinZip 8.1 or higher
  • Apache 1.3 and 2.0
  • Firefox 1.0 or higher
  • RealPlayer 10 or higher
  • Adobe Acrobat Reader

Resolved Issues

The following known issues in Update Manager 1.0 and Update Manager 1.0 Update 1 have been resolved in Update Manager 1.0 Update 2:
  • The Remediate wizard might incorrectly display the number of updates to apply.
  • Patching ESX Server hosts might result in virtual machine VMotion that violates strict admission control.
  • Interrupting the connection between Update Manager and the patch database server causes problems, because Update Manager does not automatically reconnect to the database.
  • Paths ending with a trailing backslash cause Windows packages import to fail.
  • Upgrading Update Manager with unified installer might fail when Update Manager and VirtualCenter are installed on different machines.
  • Scanning and remediating an ESX Server host that has multiple NICs results in a Metadata for patch missing error on Update Manager.
  • Downloading patches to a directory with non-ASCII characters in its name is not possible.
  • The Schedule Updates Download wizard might contain corrupted and truncated text if you use non-ASCII characters.
  • When you upgrade Update Manager, you have to re-register the installer with VirtualCenter Server.
  • When you upgrade Update Manager, the default Scheduled Download Updates task is not localized.
  • The Schedule Updates Download wizard contains non-localized fields.
  • In the Ready to Complete page of the Remediate wizard when you configure the remediation to start immediately, the word Immediate is not localized.
  • When you assign permissions for a host in the Inventory, and select the View Compliance Status privilege for VMware Update Manager, the description of the privilege is truncated.
  • The localized text in the Ready to Complete page of the Add a Baseline wizard is truncated.
  • The localized text in the Installation wizard of the Update Manager Download Service might be truncated when you cancel the installation.

Known Issues

The Known Issues are grouped as follows:

Installing and Upgrading

Irrelevant Warning Message When Installing Update Manager on a System on Which Oracle 10g R2 version Is Installed
When you install Update Manager with the unified installer on a system on which Oracle 10g R2 v10.2.0.3 is installed, the installer displays an irrelevant warning message: Please make sure to upgrade your Oracle Server and Client to version See release notes for more information. However, you can ignore this message and successfully complete the installation of Update Manager.

Update Manager Upgrade Might Fail
Update Manager upgrade fails if the connection to the VirtualCenter Server is lost during the upgrade process.
Workaround: Run the upgrade again, after the connection between Update Manager and VirtualCenter Server is re-established.

Update Manager Upgrade Might Result in Error Messages
When you upgrade Update Manager, even if you stop the Update Manager service before the upgrade, additional error messages might appear. If the Update Manager service is performing tasks such as scanning, remediation, or update signature, the service needs time for stopping.
Workaround: Accept the messages and wait for Update Manager service to shut down to run the upgrade.

Repairing the Update Manager Installation Might Require User Input
When you repair the Update Manager installation by using the Repair option from the Add or Remove Programs functionality, the installer requires you to input some values (for example, VirtualCenter Server IP) that you entered during the installation. Enter the correct values to repair the installation.

Scanning and Remediation

Offline Scanning Might Be Slowed Down by Antivirus Software
When antivirus software, such as McAfee, is running on the machine on which Update Manager server is installed, the offline scanning of the virtual machines in your deployment system might be significantly slowed down.
Workaround: Disable the antivirus on-access scanning or exclude vmware-updatemgr.exe from the blocking functionality of the antivirus software.

Installation of Windows XP x64 SP2 During Remediation Might Fail
Windows XP x64 SP2 requires interactive desktop and the remediation process might fail.
Workaround: Manually install Windows XP x64 SP2 on the virtual machine.

Remediation Task Might Fail for Remote ESX Server Hosts
Remediating remote ESX Server hosts with large patch files might fail due to networking issues. The file transfer from the local depository to the remediated ESX Server hosts might take longer than expected, and might produce timeouts.

Datacenter Remediation Might Not Affect the Right ESX Server Hosts
When you schedule a remediation task for a datacenter, the remediation operation is performed on the ESX Server hosts that are in the datacenter when the task is scheduled. If you change the datacenter's configuration before the start of the remediation, and for example, move ESX Server hosts in or out of the datacenter, remediation is performed only on the hosts that were in the datacenter before the configuration change.

Remediation Process Might Fail to Install Patches on a Virtual Machine
The remediation process might fail to install all patches on a virtual machine in which the applications' locales differ from the operating system's locale. When you remediate virtual machines with mixed locales, patches of only one locale are applied at a time. This produces installation error for the rest of the patches that are of a different locale.
Workaround: Repeat the remediation until the baseline becomes compliant with the virtual machine.

Remediation Might Fail with File Is Not Signed Message in the Windows Event Viewer Log of the Virtual Machine
When a Windows patch file is downloaded incorrectly (for example, due to network problems, the incomplete file is downloaded), the signature verification of the patch file during the remediation fails along with the remediation. An application event is logged and shown in the Windows Event Viewer as File is not signed, followed by the file path.
Workaround: To re-download the missing patch file, delete the file by following the path shown in the Event Viewer log, and start another remediation process.

During ESX Server Host Remediation the Host Might Not Enter Maintenance Mode
During the remediation process of an ESX Server host, the host might not enter maintenance mode, and the remediation task is not completed. The Enter Maintenance Mode task shown in the Recent Tasks pane might stay at 2% for more than four hours.
Workaround: Check whether the virtual machines on the non-responsive ESX Server host are powered off. If necessary, manually power off the virtual machines to complete the Enter Maintenance Mode task. After you power off all machines, if the Enter Maintenance Mode task in not progressing, and if the ESX Server host cannot enter maintenance mode within 30 minutes, reboot the host service manually

Remediation of ESX Server 3.5 and ESX Server 3.5 Update 1 Hosts Might Install an Equivalent Newer Version of the Patch
When you remediate an ESX Server host against a baseline containing a patch that has an obsoleted prerequisite, the Events tab displays an event message that the patch and the obsoleted prerequisite are installed. However, when on the ESX Server host, the patch and the current version of the prerequisite are installed. For example, if patch A depends on patch B, and patch B is made obsolete by patch C, during the remediation against a baseline containing only patch A, Update Manager shows in the Events tab that patches A and B are installed. However, on the ESX Server machine, patches A and C are installed.

After Remediation of ESX Server 3.5 with ESX350-Update02 Bundle, ESX350-Update01 Bundle Might Be Displayed as Not Compliant (KB 1006383)
After you remediate an ESX Server 3.5 host against a baseline containing the ESX350-Update02 bundle, the baseline containing the previous update (that is ESX350-Update01 bundle), might be displayed as not compliant. The ESX Server update releases are cumulative and new update releases contain all fixes in the previous update release. It is unnecessary to install ESX350-Update01 on a host that is already compliant with ESX350-Update02.
Workaround: To make the host compliant with the attached baseline, containing the ESX350-Update01 bundle, do one of the following:

  1. Detach the baseline containing the ESX350-Update01 bundle from all hosts compliant with the baseline, containing the ESX350-Update02 bundle.
  2. Remediate the ESX host against a baseline containing the ESX350-Update01 bundle.

Scheduled Virtual Machine Remediation Might Fail
Scheduled virtual machine remediation might fail at the scheduled time with a Login failed due to a bad username or password. error message. This happens when Update Manager server and VirtualCenter Server are installed on different machines whose time settings are not synchronized.
Workaround: Ensure that the system time settings of the VirtualCenter Server and Update Manager server machines are synchronized within one minute. For example, synchronize the machines automatically with a NTP Server.

Remediation of ESX Server 3.5 and ESX 3.5 Update 1 Installs the Newer Version of a Patch
When you remediate ESX Server 3.5 and ESX 3.5 Update 1 against a fixed baseline, containing a patch that has an obsoleted prerequisite, the patch and the newer version of the prerequisite are installed on the host. This behavior has changed for ESX Server 3.5 Update 2 and only the required bundles in a fixed baseline are installed on the host during the remediation. For example, if patch A depends on patch B, and patch B is made obsolete by patch C, during the remediation of ESX Server 3.5 Update 2, patches A and B are installed on the host.

When you remediate an ESX Server host against a dynamic baseline, the behavior has not changed, and the patch and the newer version of the prerequisite are installed on the host.

ESX Server 3.5 and ESX Server 3.5 Update 1 Hosts Might Not Enter Maintenance Mode During Remediation
When you try to upgrade ESX Server 3.5 and ESX Server 3.5 Update 1 hosts to higher versions using a roll-up bundle with Update Manager 1.0 Update 2, the hosts might not enter maintenance mode. Update Manager requires new esxupdate code, which is available in the ESX Server 3.5 Update 2.
Workaround: Install the ESX350-200806202-UG bundle, or higher before applying roll-up bundles with Update Manager.

Using Update Manager

Update Manager Plug-In Might Get Disabled
If antivirus software such as McAfee or other antivirus software is running on your deployment system, the Update Manager plug-in might get disabled in the VI Client.
Workaround: Exclude the vmware-updatemgr.exe process and its ports from the scanning and blocking functionality of the antivirus software. For McAfee VirusScan Enterprise 8.5i, do the following:

  1. Select Start > Programs > McAfee > VirusScan Console.
  2. Double-click Access Protection.
  3. In the Access Protection Properties window, select the User-defined Rules category. Make sure that the Update Manager SOAP port (8084 by default), is not included in the blocking rules (double-click each rule to see its details). If you must have a rule blocking this port, add vmware-updatemgr.exe to the Processes to exclude list.

Update Downloads Task Might Be Set Incorrectly
When you edit the Update Downloads task from the Configuration tab of Update Manager and in the Schedule Task page of the Schedule Update Download wizard, set the Frequency to After Startup, the frequency is not set after startup.

Canceled Tasks Are Always Shown in the Recent Tasks Pane
Canceled tasks stay in the Recent Tasks pane of the VI Client until the VirtualCenter Server is shut down, unlike failed or completed tasks, which disappear from the VI Client after some time.

Inconsistency Between the Number of Retries in the Remediate Wizard and that in the ESX Host Settings in the Configuration Tab
In the Configuration tab of Update Manager, Number of retries in the ESX Host Settings page is initially set to 0. However, if you select an ESX Server host for remediation, the Remediate wizard shows the default number of retries as 2.
Workaround: In the Configuration tab set the number of retries to the number you want. The Remediate wizard then shows the correct default retry number.

A Wrong Target Type Might Appear in the Attach Baselines Window
After you install Update Manager and try to attach a baseline to a host by right-clicking in the Update Manager tab and selecting the Attach Baseline option, the Target Type might not be displayed as host, but as virtual machine.
Workaround: Click the Attach Baseline link in the upper-right corner of the Update Manager tab.

Some Messages in the Update Manager Plug-In Might Overlap Other Messages and Buttons
When you filter the updates in the New Baseline wizard, the message showing the number of filtered updates might overlap the Filter button.
Workaround: Enlarge the wizard window.

Special Characters Are Not Allowed in the Text Contains Field of the Updates Filter Page
When you create a dynamic baseline, you must not enter special characters (symbols) in the Text contains field. You should use only valid text strings as search criteria. If you enter special characters, the baseline is invalid, it is not displayed in the Update Manager tab, and you may not be able to attach, edit, detach or delete the other baselines.
Workaround: Delete the invalid baseline from the VCI_BASELINES table in the database.