VMware

VMware vCenter Update Manager Release Notes


VMware vCenter Update Manager 4.1 Update 2 | 27 Oct 2011 | Build 493048

Last Document Update: 25 April 2013

Check periodically for additions and updates to these release notes.

These release notes cover the following topics:

The Update Manager 4.1 Update 2 release notes provide information about VMware vCenter Update Manager, an optional module for VMware vCenter Server. For more information about Update Manager, see the VMware vCenter Update Manager Installation and Administration Guide.

What's New

  • Support for virtual machine patch scanning and virtual machine patch remediation on Windows 7 and Windows 2008 R2 guest operating systems
  • Support for VMware Tools and virtual machine hardware upgrade on Windows 7 and Windows Server 2008 R2 guest operating systems
  • Pre-remediation check detects virtual machines that run Update Manager or vCenter Server: During a pre-remediation check of the remediation task at a cluster level, Update Manager 4.1 Update 2 detects the presence of virtual machines that run Update Manager or vCenter Server. You can click Generate Report on the Cluster Remediation Options page of the Remediate wizard to view information about the virtual machines in the Current Configuration/Issues and Recommended Changes columns of the report.
  • Critical bug fixes

This release contains bug fixes described in Resolved Issues and known issues described in Known Issues.

Top of Page

Update Manager 4.1 Update 2 Feature and Support Notice

Update Manager 4.1 Update 2 and its subsequent update releases are the last releases of the product to support scanning and remediation of patches for Windows and Linux guest operating systems and applications running inside a virtual machine. (A list of such operating systems and applications is available in the section Scanning and Remediation of Virtual Machines and Applications.) This capability will be discontinued in the next major release. If you use this capability today, you should start planning your transition.

While the capability will be discontinued in the future, the ability to perform virtual machine operations such as upgrade of VMware Tools and virtual machine hardware will continue to be supported and enhanced.

Top of Page

Hardware Requirements and Sizing Estimator

Minimum hardware and disk storage requirements for Update Manager vary depending on how Update Manager is deployed.

Hardware Requirements

If the database is installed on the same machine as Update Manager, requirements for memory size and processor speed are higher. The minimum requirements to ensure acceptable performance are as follows:

  • Processor: Intel or AMD x86 processor with two or more logical cores, each with a speed of 2GHz
  • Network: 10/100 Mbps
    For best performance, use a Gigabit connection between Update Manager and ESX hosts.
  • Memory:
    • 2GB RAM if Update Manager and the vCenter Server are on different machines
    • 4GB RAM if Update Manager and the vCenter Server are on the same machine

Sizing Estimator

For more information about the disk storage requirements, see the VMware vCenter Update Manager Sizing Estimator. The sizing estimator calculates the size of the Update Manager database and patch store. The estimate is calculated from the information that you enter about your deployment, such as the number of the hosts and virtual machines. The sizing estimator also provides recommendations for the Update Manager database and server deployment models.

For information about the Update Manager performance, best practices, and recommendations, see the VMware vCenter Update Manager Performance and Best Practices white paper.

Top of Page

Installation Notes

This section includes information about the installation of Update Manager and Update Manager Download Service, an optional module of Update Manager.

Update Manager

Before you install Update Manager, you must install vCenter Server. Installation of Update Manager requires network connectivity with an existing vCenter Server system. Each installation of Update Manager must be associated with a single vCenter Server instance.

The Update Manager module consists of a client component that is a plug-in interface to a VMware vSphere Client instance, and a server component that can be installed on the same system as vCenter Server or on a different system. Update Manager and vCenter Server must be of the same version.

The Update Manager 4.1 Update 2 server can be installed only on 64-bit Windows operating systems, and the Update Manager 4.1 Update 2 Client can be installed on both 32-bit and 64-bit operating systems.

Update Manager Download Service

vCenter Update Manager Download Service (UMDS) is an optional module of Update Manager that you can use to download patch definitions and patches. Install UMDS in case your deployment system is secured and the machine on which Update Manager is installed has no access to the Internet.

UMDS 4.1 Update 2 can be installed on both 32-bit and 64-bit Windows operating systems.

To use UMDS, the download service must be of a compatible version with the Update Manager server. For more information about the compatibility between the Update Manager server and the UMDS, see the VMware vCenter Update Manager Installation and Administration Guide.

Update Manager Utility

When you install Update Manager or UMDS, vCenter Update Manager Utility is silently installed on your system as an additional component.

The Update Manager Utility allows you to change the database password and proxy authentication, re-register Update Manager with vCenter Server, and replace the SSL certificates for Update Manager. For more information about reconfiguring the Update Manager settings by using the utility, see the Reconfiguration of VMware vCenter Update Manager Guide.

Top of Page

Upgrade Notes

This release allows upgrades from Update Manager 4.0 and the subsequent update releases. Update Manager 4.1 Update 2 can be installed only on 64-bit machines. If your earlier version of Update Manager is installed on a 32-bit machine, you must migrate your data from the 32-bit machine to the 64-bit machine on which you are installing Update Manager 4.1 Update 2. To do this, you can use the data migration tool. For more information about migrating your Update Manager configuration and database, see the VMware vCenter Update Manager Installation and Administration Guide.

Before you upgrade Update Manager from an earlier version, you must upgrade vCenter Server and the vSphere Client to a compatible version. Update Manager 4.1 Update 2 is compatible only with vCenter Server 4.1 Update 2. For more information about compatibility between Update Manager, vCenter Server, and vSphere Client, see the vSphere Compatibility Matrixes.

The VMware Product Interoperability Matrix provides details about the compatibility of current and earlier versions of vSphere Update Manager with other VMware vSphere components, including ESX/ESXi, VMware vCenter Server, and the vSphere Client. In addition, this site also provides information about supported management and backup agents before installing ESXi or vCenter Server.

Top of Page

Interoperability and Supported Operating Systems

Update Manager can scan and remediate a variety of ESX/ESXi hosts, virtual machines, virtual appliances, and applications.

ESX/ESXi Hosts Scanning and Remediation

  • Host Patching
    • ESX 3.0.3 or later
    • ESX 3i Update 5 or later
    • ESX 3.5 Update 5 or later
  • Host Upgrade
    • ESX 3.5 Update 5a or later
    • ESX 3i Update 5a or later
    Note: You cannot upgrade ESX 3.0.x hosts directly to ESX 4.1. To upgrade ESX hosts that are running ESX 3.0.x to ESX 4.1, you must first upgrade them to ESX 4.0 or ESX 4.0.x and then upgrade to ESX 4.1.

Scanning and Remediation of Virtual Machines and Applications

Update Manager scans and remediates virtual machines running Windows or Linux. Update Manager supports the following types of virtual machine operations:

  • You can perform patch scan and remediation of powered on, powered off, and suspended Windows virtual machines and templates.
  • You can scan only powered on Linux virtual machines for patches.
  • You can scan and remediate powered on, suspended, or powered off Windows and Linux virtual machines and templates for VMware Tools and virtual machine hardware upgrade.

Virtual Machine Scanning and Remediation

  • Windows XP Professional 32-bit, SP2 Required
  • Windows XP Professional 64-bit
  • Windows 2000 Server, SP4 with Update Rollup 1
  • Windows 2000 Professional, SP4 Required
  • Windows Server 2003, SP1 Required
  • Windows Server 2003 R2
  • Windows Server 2003 64-bit
  • Windows Server 2003 Standard/Web, 32-bit and 64-bit
  • Windows 2003 Datacenter
  • Windows Server 2008 Enterprise
  • Windows Server 2008 Standard
  • Windows Server 2008 Datacenter
  • Windows Server 2008 Enterprise 64-bit
  • Windows Server 2008 Standard 64-bit
  • Windows Server 2008 Datacenter 64-bit
  • Windows Vista Business
  • Windows Vista Enterprise
  • Windows Vista Business 64-bit
  • Windows Vista Enterprise 64-bit
  • Windows Vista SP2 (32-bit and 64-bit)
  • Windows 7
  • Windows 2008 R2

Virtual Machine Scanning

  • Red Hat Enterprise Linux AS 3.0 (Update 5 Required)
  • Red Hat Enterprise Linux ES 3.0 (Update 5 Required)
  • Red Hat Enterprise Linux AS 4.0 (Update 2 Required)
  • Red Hat Enterprise Linux ES 4.0 (Update 2 Required)

Application Scanning and Remediation:

  • Internet Information Server (IIS)
  • Windows Media Player version 7.0 or later
  • Microsoft SQL Server versions 7.0, 2000, and 2005
  • Microsoft SQL Server Desktop Edition (MSDE) version 1.0 or later
  • Exchange 2000 Server and Exchange Server 5.0
  • Internet Explorer version 4.0 or later
  • Outlook Express version 4.0 or later
  • Microsoft Site Server 3.0
  • ISA Server 2000
  • Microsoft .NET Framework version 1.0 or later
  • Microsoft Data Access Components (MDAC) 2.5 or later
  • BizTalk Server 2000 or later
  • SNA Server 4.0
  • Host Integration Server 2000
  • WinZip 8.1 or later
  • Apache 1.3 and 2.0
  • Firefox 1.0 or later
  • RealPlayer 10 or later
  • Adobe Acrobat Reader

Top of Page

Resolved Issues

  • During host patch remediation virtual machine becomes unresponsive until you answer a modal dialog
    If the guest operating system has a locked CD-ROM, Update Manager cannot disconnect the media device during remediation and the virtual machine becomes unresponsive. A modal dialog with the error message msg.cdromdisconnect.locked appears in the guest operating system asking you to disconnect the media device. The virtual machine is unresponsive until you answer the modal dialog. The vSphere Client displays the message Cannot remediate host because error occurred during device disconnect on VMs on host.
  • Update downloads are blocked if scheduled update download task is disabled
    If the scheduled update download task is disabled, you cannot download updates by clicking Download Now on the Patch Download Settings page.
  • Upload operation fails during import of a host upgrade release ZIP file
    When you try to import a host upgrade ZIP file by using Update Manager, a Failed to login error appears with the following description: A Web exception has occurred during file upload. The file upload operation and all subsequent attempts fail.
  • You cannot add a host to a Cisco Nexus 1000V switch if HA admission control is enabled for a cluster
    You can select to temporarily disable VMware DPM, HA admission control, and FT by using the ESX Host/Cluster Settings page in the Update Manager Configuration tab. In such a scenario, if you try to add a host to a Cisco Nexus 1000V switch the operation fails and the following error message appears: vDS operation failed on host <host_name>, got (vmodl.fault.SystemError) exception.
    Note: Manual installation of the Virtual Ethernet Module (VEM) succeeds and the host can be added to the switch successfully.
  • Incorrect host conflict message appears when you scan patches against a host
    When you scan patches against ESX 4.1 or ESX 4.1 Update 1 using Update Manager, a host conflict message appears even though the conflict is resolvable. For more information about the resolved problem, see VMware KB 2000608.
  • Update download task is in queued state after restart of Update Manager
    In an environment that contains virtual appliances, after Update Manager restarts, the update download task remains in queued state.
  • The Update Manager service stops responding if within a parent vApp you create a resource pool that contains a child vApp
    You can create a vApp with default settings and then create a resource pool with default settings inside the vApp. If you create a new vApp as a child to the resource pool, the Update Manager service becomes unavailable.
  • Installation of Update Manager might fail because Update Manager cannot register with vCenter Server
    Installation of Update Manager might fail during registration with vCenter Server. The installation process rolls back and the following error message appears: Error 25085. Setup failed to register VMware vCenter Update Manager extension to VMware vCenter Server.
  • Weak and medium-strength ciphers allowed on default SSL and SOAP ports
    Connections using RC4-SHA and RC4-MD5 ciphers are allowed on the default SOAP port 8084 and the default SSL port 9087.
    Note: You can configure Update Manager 4.1 Update 2 to work only with a list of ciphers that you specify. To configure the cipher list, edit the vci-integrity.xml and jetty-vum-ssl.xml files.
    To specify the allowed ciphers for connections using the SOAP port, add or edit the following code in vci-integrity.xml:
    
    <vmacore>
        <ssl>
          <cipherList>AES128-SHA, AES256-SHA, DES-CBC3-SHA, RC4-SHA, RC4-MD5</cipherList>
        </ssl>
    </vmacore>
    

    To specify the disallowed ciphers for connections using the SSL port, add or edit the following code in jetty-vum-ssl.xml:
    
    <Set name="ExcludeCipherSuites">
      <Array type="java.lang.String">
         <Item>SSL_RSA_WITH_DES_CBC_SHA</Item>
         <Item>SSL_DHE_RSA_WITH_DES_CBC_SHA</Item>
         <Item>SSL_DHE_DSS_WITH_DES_CBC_SHA</Item>
         <Item>SSL_RSA_EXPORT_WITH_RC4_40_MD5</Item>
         <Item>SSL_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
         <Item>SSL_DHE_RSA_EXPORT_WITH_DES40_CBC_SHA</Item>
         <Item>SSL_DHE_DSS_EXPORT_WITH_DES40_CBC_SHA</Item>
      </Array>
    </Set>
    
  • Update to the Oracle (Sun) JRE package
    The Oracle (Sun) JRE package that is distributed with Update Manager 4.1 Update 2 has been updated from 1.5.0_26 to 1.5.0_30. The update addresses multiple security issues that exist in the earlier releases of Oracle (Sun) JRE.
    The Common Vulnerabilities and Exposures project has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_28: CVE-2010-4447, CVE-2010-4448, CVE-2010-4450, CVE-2010-4454, CVE-2010-4462, CVE-2010-4465, CVE-2010-4466, CVE-2010-4468, CVE-2010-4469, CVE-2010-4473, CVE-2010-4475, CVE-2010-4476.
    The Common Vulnerabilities and Exposures project has assigned the following names to the security issues fixed in Oracle (Sun) JRE 1.5.0_30: CVE-2011-0862, CVE-2011-0873, CVE-2011-0815, CVE-2011-0864, CVE-2011-0802, CVE-2011-0814, CVE-2011-0871, CVE-2011-0867 and CVE-2011-0865.
  • Installation of a Cisco Nexus 1000V Virtual Ethernet Module (VEM) might fail if you use the vmware vem upgrade proceed command
    VEM installation on ESX/ESXi hosts by using the vmware vem upgrade proceed command might fail in large vSphere environments with network delay.
  • Remediation task fails if an inaccessible virtual machine is present on a host
    In vSphere HA clusters, if an inaccessible virtual machine is present on a host, the remediation task might fail with the error vim.fault.NoHost.
  • After a restart of the Update Manager server, the Update Manager patch download task remains in the In Progress state
    In environments with virtual appliances, after a restart of the Update Manager server, the Update Manager update download task remains indefinitely in state In Progress. The details column in the Recent Tasks pane displays the message scanning virtual appliances.

Top of Page

Known Issues

The known issues in this Update Manager release are grouped as follows:

Installing and Upgrading

  • Host upgrade from ESXi 4.0.x to ESXi 4.1 Update 2 might not succeed, if the ESXi 4.0.x host was upgraded from version 3.5.x
    If you upgraded a host from ESXi 3.5.x to ESXi 4.0.x and immediately attempt to upgrade it to ESXi 4.1 Update 2, the remediation does not succeed. The following message appears in the events tab: Cannot run upgrade script on host.
    Workaround: Ignore the error and attempt the remediation again. The upgrade succeeds.
    If you have applied any host patch previously to the upgrade to ESXi 4.1 Update 2, the error does not occur.
  • Installation of some Windows Server 2008 R2 patches might fail
    Installation of patches MS06-061, MS06-071, MS07-042, MS08-069 and MS11-027 might fail on Windows Server 2008 R2 machines.
    Workaround: Retry the remediation.
  • Host upgrade to ESX/ESXi 4.1 Update 1 fails if you upgrade by using Update Manager 4.1 (KB 1035436)
  • Configuration settings might be lost when you upgrade Update Manager Download Service from version 4.0 to version 4.1
    During the upgrade of UMDS 4.0 to UMDS 4.1, the settings that you have configured for UMDS 4.0 might be lost.
    Workaround: The best practice is to upgrade UMDS from version 4.0 to version 4.1 and then re-configure the UMDS settings.
    To preserve your UMDS configuration settings, you can also do the following:
    1. Back up the downloadConfig.xml file before the upgrade.
      • The default location in 32-bit Windows is C:\Program Files\VMware\Infrastructure\Update Manager.
      • The default location in 64-bit Windows is C:\Program Files (x86)\VMware\Infrastructure\Update Manager.
    2. Upgrade UMDS 4.0 to UMDS 4.1.
    3. Restore the backed up downloadConfig.xml file.
  • Upgrade of Update Manager Download Service might fail if you have never run vmware-umds.exe
    If you have never run UMDS (if you have never run vmware-umds.exe), the upgrade of UMDS to version 4.1 might fail with an installer error E25095. Please uninstall the existing VMware vCenter Update Manager Download Service since this version is not compatible with the newer version. Existing patchstore location cannot be used with the new version.
    Workaround: To upgrade UMDS to version 4.1, make sure that you run UMDS at least once before starting the upgrade.
  • Upgrade of Update Manager 1.0 Update 2 and the subsequent 1.0 update releases to Update Manager 4.1 might fail
    If your environment contains any virtual appliances, and you want to upgrade Update Manager from version 1.0 Update 2 or later to version 4.1, the upgrade might fail. The installer cannot upgrade the database of Update Manager 1.0 Update 2 or later to the 4.1 version. This issue does not apply to upgrades from Update Manager 4.0.x to Update Manager 4.1.
    Workaround: Perform a fresh install of Update Manager 4.1.
  • You might not be able to enable the Update Manager plug-in on the vSphere Client
    If the Update Manager database is located on a separate machine and the system DSN uses Windows authentication, you cannot enable the Update Manager plug-in on the vSphere Client. The error message you receive is There was an error connecting to VMware vCenter Update Manager. Database temporarily unavailable or has network problems.
    Workaround: Ensure that the Update Manager database uses SQL Server authentication.
  • Old Update Manager plug-in is still enabled in the Plug-in Manager of vSphere Client 4.0 Update 1
    After you upgrade vSphere Client and vCenter Server to version 4.0 Update 1, the earlier version of Update Manager is still enabled in the Plug-in Manager. For correct functionality, you must upgrade Update Manager to version 4.0 Update 1.
  • If the password for vCenter Server or the database server contains a semicolon, installation of Update Manager fails
    When you install the Update Manager server version 4.0 Update 1, if the password provided for authentication to vCenter Server or the database server contains a semicolon, the installation fails.
    Workaround: Change the vCenter Server or database server password to exclude the semicolon and run the installation again.
  • A minimum of 600MB of free space for Update Manager on the boot drive is required to install Update Manager
    Although Update Manager does not need to be installed on the boot drive, some required components must be installed on the boot drive. 600MB of space for Update Manager is required at installation time to accommodate these required components, as well as temporary files used during the installation.
    Workaround: Ensure at least 600MB of free space on the boot drive before installing Update Manager.
  • After installing Update Manager 4.0 Client plug-in, you cannot enable Update Manager Client 1.0 or Update Manager Client 1.0 Update 1 on the same computer
    Update Manager Client 1.0 (or Update Manager Client 1.0 Update 1) might be represented as installed on the VI Client Plug-in Manager although you have not installed it in the following scenario:
    1. You install VirtualCenter 2.5 (or VirtualCenter 2.5 Update 1), Update Manager server 1.0 (or Update Manager server 1.0 Update 1), and VI Client 2.5 (or VI Client 2.5 Update 1), but do not install Update Manager Client 1.0 (or Update Manager Client 1.0 Update 1).
    2. You upgrade the VI Client to vSphere Client (formerly VI Client) 4.0.
    3. You connect the vSphere Client to a vCenter Server system with which Update Manager 4.0 is registered.
    4. You download and install the VMware vCenter Update Manager Client 4.0 plug-in.
    5. You connect the vSphere Client 4.0 to VirtualCenter Server 2.5 (or VirtualCenter 2.5 Update 1).
    The vSphere Client Plug-in Manager shows the Update Manager Client 1.0 (or Update Manager Client 1.0 Update 1) as installed although you have not installed it. You cannot enable the plug-in either.
    Workaround: Uninstall vCenter Update Manager Client 4.0 plug-in. Connect the VI Client 2.5 (or VI Client 2.5 Update 1) to VirtualCenter 2.5 (or VirtualCenter 2.5 Update 1) and install Update Manager Client 1.0 (or Update Manager Client 1.0 Update 1). After this, install VMware vCenter Update Manager Client 4.0 plug-in again. Both versions of the client plug-ins can co-exist on one computer. This issue has been fixed in VI Client 2.5 Update 2 and later releases.

Scanning, Staging, and Remediation

  • Incorrect error messages are displayed when scanning or remediating hosts earlier than ESX 3i Update 5 against ESX 4.1 Update 1 baseline.
    During a host remediation, you receive this error message The host upgrade baseline does not contain the right upgrade package to upgrade host to version 4.1.0. You can import the correct upgrade package. For information about the supported host upgrades, see the vCenter Update Manager documentation.
    During a host scan, the status is displayed correctly as Incompatible. However, when you navigate to the Patch Details window, it dispalys the message The upgrade has a missing package for host.
  • During an offline scan for patches of a Windows virtual machine, the operating system where Update Manager is installed might display an error message
    During an offline scan of a Windows virtual machine for patches, the operating system on which the Update Manager server is installed might display an error message stating that the registry hive is corrupted. If the registry hive has not been correctly downloaded from the host, the Windows registry might not be able to mount it properly. Because Update Manager mounts the target virtual disk read-only with a REDO log, offline scanning does not change the state of the virtual machine.
    Workaround: Retry the offline scanning.
  • Virtual machine patch remediation might fail to complete
    After you install a patch on a virtual machine using Update Manager, the Windows guest operating system might fail to restart. Update Manager times out and the remediation is not completed.
    Workaround: Manually check the state of the guest operating system, restart it, and rescan.
  • Remediation might not complete if you delete upgrade releases during remediation
    Host upgrade remediation might not complete if you try to delete a host upgrade release during the remediation process. Update Manager does not guarantee correct behavior if an upgrade release is deleted during host upgrade remediation tasks that use the same upgrade release you try to delete.
  • Host remediation might not complete if the host contains powered on fault tolerant virtual machines
    Host remediation might not complete if there are any Primary virtual machines with disabled FT on the host, and you select Fail Task or Retry on the Host Remediation Options page of the Remediate wizard. In such a scenario, powered on Primary virtual machines with disabled FT cannot be powered off or migrated in a DRS cluster. The host cannot enter maintenance mode while there are powered on virtual machines on it, and the remediation cannot be completed.
    Workaround: When you remediate hosts containing Primary or Secondary virtual machines, you can use one of the following workarounds:
    • Select Power Off virtual machines and Retry or Suspend virtual machines and Retry on the Host Remediation Options page of the Remediate wizard.
    • Manually migrate the fault tolerant virtual machine to another host before you start a remediation.
    • If EVC is enabled on a DRS cluster, virtual machines with disabled FT can be automatically migrated when the host tries to enter maintenance mode. This is possible only if DRS is not disabled on the particular host.
  • Host remediation might fail when VMware DPM is using the Wake-on-LAN mechanism
    If you configure Update Manager to disable VMware DPM on a cluster during remediation, and the cluster contains hosts in standby mode, Update Manager tries to power on the hosts before remediation. When VMware DPM is using the Wake-on-LAN mechanism to power on hosts in standby mode, if you try to disconnect any powered-on host in the cluster while the other hosts are powering on, the Exit Stand By Host operation might fail.
    Workaround: Ensure that powered-on hosts in a cluster stay connected while the other hosts in standby mode are powering on.
  • Host remediation might fail, if vCenter Server does not properly update the power state of the host
    When a host is powering on (exiting standby mode), the host power state might not get updated in vCenter Server and host remediation cannot finish or times out. When the power state of a host is not updated properly, in the vSphere Client inventory the host might be displayed as if it is in standby mode, but actually the host is powered on.
    Workaround: To remediate the host, remove the host from the inventory and add it again so that vCenter Server refreshes the power state of the host. Then start the remediation process.
  • Upgrade of VMware Tools might fail with error The operation is not supported on this object
    The upgrade failure might occur in clusters containing both ESX 3.x and ESX 4.x hosts, with DRS enabled in automatic mode. After completing the upgrade of VMware Tools, Update Manager first shuts down the guest operating system and then powers it on. DRS selects the best suited host, on which to power on the remediated virtual machine. If the selected host is running ESX 3.x, the post-scan test of the VMware Tools upgrade task results in error message VMware Tools upgrade was not performed on <VM name>. VMware Tools upgrade is supported only for VMs on ESX 4.0 hosts and higher.
    Workaround: Before you upgrade VMware Tools in a cluster with both ESX 3.x and ESX 4.x hosts, disable DRS or switch DRS to manual mode.
  • The Remediation Selection page might display an incorrect number of patches for the selected baselines
    When you remediate a vSphere inventory object against a patch or extension baseline preselected in Compliance view, the initial page of the remediation wizard might show an incorrect number of patches that need to be remediated. In this case, when the inventory object has multiple attached patch and extension baselines, the number of patches corresponds to the number of compliant patches from all attached baselines, and not just from the selected baselines.
    Workaround: Either change the selection of baselines or groups in the Remediation Selection page, or first click Next to go to the next page and then click Back to return to the selection page.
  • When you scan an offline virtual machine, the state of the VMware Tools Upgrade to Match Host baseline might be displayed as Unknown
    When you scan an offline virtual machine with VMware Tools version corresponding to ESX 2.5.x against the VMware Tools Upgrade to Match Host baseline, the VMware Tools Upgrade to Match Host baseline state is Unknown.
    Workaround: Perform a scan when the virtual machine is powered on. Update Manager will display the correct compliance state.
  • Remediation tasks fail for some Microsoft products
    Update Manager does not remediate some Microsoft products. Details of these failures are logged in an event, and can be viewed using the vSphere Client.
    • Application of SP2 for Microsoft Content Management Server 2002 and SP2 for Internet Explorer 6 fails. You can only scan for them.
    • Application of some service packs to Exchange requires user intervention, and cannot be completed automatically.
  • Host upgrade scan and remediation might fail if there is not enough free space on the host
    Host upgrade scan and remediation might fail with the AgentInstallFailed error message. This error might result from insufficient free space on the ESX/ESXi host.
    Workaround: To upgrade ESX/ESXi hosts, ensure you have at least 20MB free space in the /tmp directory of the host.
  • Update Manager remediation process might fail when installing Windows Vista or Windows Server 2008 guest patches
    The Update Manager remediation process might fail when installing some Windows Vista or Windows Server 2008 guest patches and report the Windows Vista and Windows Server 2008 virtual machines as not compliant.
    Workaround: Reboot the virtual machine and perform a scan. The scan will show the virtual machine as compliant.
  • VMware Tools upgrade fails for virtual machines created on hosts of versions 2.5.x
    When you scan a virtual machine with the VMware Tools version corresponding to ESX 2.5.x against a VMware Tools Upgrade to Match Host baseline, the VMware Tools Upgrade to Match Host baseline state is Non-Compliant. Although the state is Non-Compliant, the VMware Tools upgrade fails with a VM Tools installed in the VM doesn't support automatic upgrade error message. Automatic upgrade for VMware Tools is supported only for virtual machines created on hosts running versions ESX 3.0.x, ESX 3.5 or later, and ESX 3i version 3.5 or later.
    Workaround: Upgrade VMware Tools manually by right-clicking the virtual machine in the inventory and selecting Guest > Install/Upgrade VMware Tools.
  • Patch remediation might fail when you upgrade the virtual hardware and apply patches at the same time
    When you remediate a Windows 2000 Professional SP4 virtual machine with virtual hardware version 3 against a baseline group containing the VM Hardware Upgrade to Match Host baseline and patch baselines, the patch remediation might fail. After upgrading the virtual hardware, Update Manager powers the virtual machine on and displays a System Settings Change dialog box asking you to restart the system. If you do not click Yes, the machine does not restart, causing a stop of the remediation process. Patch remediation fails, because the process times out. The error message you receive is: VMware vCenter Update Manager Guest Agent failed to respond in time on <virtual_machine_name>. Please check if the VM is powered on and Guest Agent is running.
    Workaround: Click Yes in the System Settings Change dialog box to restart the virtual machine.
  • Host remediation might fail for some patches because of irresolvable conflict with the patches on the host
    Patch remediation of a host might fail when a patch (for example, patch A) in a baseline input conflicts with the host and the conflict cannot be resolved by the other patches in the baseline input.
    Workaround: The Patch Details window for patch A displays a recommendation to use another patch to resolve the conflict. The recommendation might also contain many patches. Including one or all of the recommended patches into the baseline might resolve the conflict. For more information, refer to the KB article associated with patch A and the recommended patches.
  • You must not use a shared datastore for ESX host upgrade remediation
    When you remediate a cluster or folder of ESX hosts against an upgrade baseline, in the Remediation wizard you can specify the VMDK location to which to migrate the COS of the ESX host. You should use a local datastore, not a specific datastore, which is shared by the hosts.
    Workaround: If the ESX hosts you want to upgrade have local storage, you can successfully upgrade them individually by selecting to use a local datastore.
  • ESX host upgrade remediation fails for diskless hosts
    When you remediate ESX hosts against an upgrade baseline, in the Remediation wizard you can specify the VMDK location to which to migrate the COS of the ESX host. If you want to perform the remediation at a cluster or folder level, VMware recommends that you use a local datastore. It is not recommended to use a datastore shared within many hosts, because the upgrade fails for the diskless hosts in the container object.
    Workaround: Upgrade the diskless ESX hosts individually. In such a case you can select a specific network datastore as long as it is not shared with other hosts.
  • Timezone patches 931836 and 933360 are displayed as missing, although they are not applicable
    Timezone patches 931836 and 933360 are obsolete patches, which were recalled shortly after the Update Manager 1.0 Update 2 release and are no longer available for downloading. Shavlik provides the functionality to check if you have these patches installed on your virtual machines. If they are installed on a virtual machine, Update Manager reports the patches as Installed. Otherwise, the patches are reported as Missing, although they should be marked as Not Applicable. Patch 931836 is superseded by patch 933360, which is superseded by patch 942763, and patch 942763 is superseded by 951072. If patch 951072 is installed, then the other patches are not needed.
    Workaround: To obtain the correct compliance state for a virtual machine, remove the above mentioned patches from the patch baseline defined in your environment and perform the scan again.
  • You cannot stage patches to ESX/ESXi 3.x hosts
    Staging patches to individual ESX/ESXi 3.x hosts or container objects containing ESX/ESXi 3.x and ESX/ESXi 4.0 hosts might fail. The Recent Tasks pane displays the error message: There are errors during staging operation. vCenter Update Manager supports staging patches only to hosts running ESX/ESXi 4.0 and later.

Internationalization Issues

  • Inconsistent remediation error message might appear when in German operating system locale the vSphere Client locale is switched to English
    In German operating system locale, when you do a locale forcing to change the vSphere Client user interface and related messages into English, an error message might be wrong. The error message is related to the remediation of Linux virtual machines. The wrong error message No entities for this operation might appear, when the correct message is Operation on the inventory object is not supported.
  • When you double-click VMware vCenter Update Manager.msi, the hint message is not localized
    When you extract to a local folder all components, required for the installation of Update Manager, either from a .zip file or an .iso image, you can run the VMware vCenter Update Manager.msi application by double-clicking it. When you run the application, the hint pop-up displays the message The installer should be started using VMware-UpdateManager.exe. The message is in English and not localized.
  • When you double-click VMware vCenter Update Manager Download Service.msi, the hint message is not localized
    When you extract to a separate folder all components, required for the installation of UMDS, either from a .zip file or an .iso image, you can run the VMware vCenter Update Manager Download Service.msi application by double-clicking it. When you run the application, the hint pop-up displays the message The installer should be started using VMware vCenter Update Manager Download Service.msi. The message is in English and not localized.
  • You cannot install Update Manager and download patches to directories with non-ASCII characters in their names
    In the installation wizard of Update Manager, you can change the installation and patch download locations of the Update Manager. Changing the installation and patch download locations to folders containing non-ASCII characters in their names might result in errors. Only ASCII characters are supported in installation paths and user names. However, non-ASCII characters are supported in passwords.
  • You cannot install Update Manager in Simplified Chinese language on Japanese operating systems
    If you select Simplified Chinese as the installation language on a Japanese operating system, an error 1158 appears and the installation fails. You can select Japanese, German, or English as the installation language on a Japanese operation system.
  • Virtual machine patch remediation might fail if a localized version of the patch is not available
    When you apply patches to a localized guest operating system, the remediation process might fail if a patch for the specific locale has not been released by the vendor. Update Manager reports the error: Failed to install patch <patch_name>.
    Workaround: Contact the patch vendor for localization-specific information.
  • Remediation might fail for some localized patches for Windows
    Due to patch installer issues, Update Manager might fail to install some localized patches for Windows with error code 1618 - another installation is already in progress.
    Workaround: Retry the remediation operation.
  • Update Manager online help might fail to open on some localized Windows systems
    If you install Update Manager on a Windows operating system different from English, Deutsch, Japanese, and Simplified Chinese, you cannot open the Update Manager Online Help from the Help menu. In addition, if you click other links or buttons for Help within the Update Manager Client, the following error message appears: Missing help file.
    Workaround: Navigate to the Update Manager help directory (the default folder is C:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\Plugins\Update Manager 4.0\Help\en\) and double-click index.html, or copy the Update Manager online help files from
    C:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\Plugins\Update Manager 4.0\Help\en\
    to
    C:\Program Files\VMware\Infrastructure\Virtual Infrastructure Client\Plugins\Update Manager 4.0\Help\.
    Have in mind that copying the files up one level is not always recommended.

Using Update Manager

  • The warning message about the free space on the machine on which you are installing Update Manager contains an incorrect link
    When you install Update Manager on a machine with less than 20GB free space, the installer displays a message that the minimum recommended free space is 20GB. The warning message provides an incorrect link to the Update Manager sizing estimator. The correct link to the sizing estimator for Update Manager 4.1 is http://www.vmware.com/support/vsphere4/doc/vsp_vum_41_sizing_estimator.xls.
  • Invalid email addresses in the email notification settings prevent Update Manager from sending email messages
    In the patch and notification download schedules, you can configure Update Manager to send emails when new patches or notifications are downloaded. If you enter invalid email addresses, Update Manager might not send emails. If you enter an invalid email address with the same domain name as the SMTP Server sender account in vCenter Server mail sender setting, Update Manager does not deliver emails to any of the email addresses (including the valid ones). If the domain name of the invalid email addresses is different from the SMTP Server sender account in vCenter Server mail sender setting, email notifications can be successfully delivered to the valid email addresses entered in the Update Manager email notification settings.
    Workaround: Remove the invalid email addresses from the email notification settings.
  • Update Manager might not restore the original power state of fault tolerant virtual machines after remediation
    When you remediate a fault tolerant virtual machine that is in suspended or powered-off state, the machine might remain powered-on after the remediation is completed.
    Workaround: Manually suspend or power off the virtual machine after remediation.
  • In large environments, the Update Manager Client plug-in might temporarily lose connection to the Update Manager server
    VMware Tools operations, such as scanning for the VMware Tools version and upgrading VMware Tools, use the same system resources as the Update Manager Client plug-in. If you run many VMware Tools operations at the same time, the Update Manager Client plug-in might disconnect from the Update Manager server. This issue does not occur with other operations such as host and virtual machine patching, host upgrade, or virtual appliance upgrade.
    Workaround: Do not try to perform many VMware Tools operations at the same time. If you must perform many VMware Tools operations at the same time, increase the thread count on the server. You can also wait for the VMware Tools operations to complete. The VMware Tools operations are displayed as tasks in the vSphere Client, although the Update Manager plug-in might be nonresponsive.
  • In Windows Vista, all Help buttons in the Update Manager Client open the default Update Manager help page
    If you are using Internet Explorer 7 browsers installed on Windows Vista machines, the vCenter Update Manager context-sensitive help does not display the required help pages. Instead, the help displays the default vCenter Update Manager help page.
    Workaround: Apply Service Pack 2 to Windows Vista. For more details, see the following Microsoft knowledge base article http://support.microsoft.com/kb/942172.
  • Notification emails might be blocked by antivirus software
    You might not receive any email notifications from Update Manager if you have certain antivirus software installed on your vCenter Server system. Update Manager can be configured to send email notifications, such as notifications for newly downloaded patches and other scheduled tasks. If you have installed antivirus software (for example, McAfee) that monitors and blocks email traffic, you might not be able to receive the notifications from Update Manager.
    Workaround: Disable the antivirus software rule that blocks the email traffic.
  • Powered-off virtual machines are not migrated to other hosts in a DRS enabled cluster
    Update Manager puts hosts into maintenance mode during remediation but it does not migrate powered-off virtual machines to other hosts in a DRS enabled cluster.
    Workaround: Manually put the host into maintenance mode before remediation and select the option to migrate the powered-off virtual machines.
  • ESX 4.0 hosts might lose network connectivity after remediation, if the VMkernel is configured to use DHCP
    When Update Manager patches ESX hosts, the patches might require host reboot. After rebooting, vCenter Server might be unable to add the ESX host to the vSphere inventory if the VMkernel of the host is configured to use DHCP.
    Workaround: Configure the VMkernel of the host to use a static IP address or install patch ESX400-200906402-BG, which fixes the ESX 4.0 issues. You can find patch ESX400-200906402-BG in the ESX400-200906001.zip bundle.
  • Switching between Compliance view and Administration view might navigate you to the wrong location
    When you select a datacenter object in the VMs and Templates inventory view of the vSphere Client and use the Admin view and Compliance view quick links to navigate to the Update Manager Administration view and the Update Manager Compliance view, you might go to the wrong vSphere Client view. For example, select Home > Inventory > VMs and Templates in the navigation bar. Select a datacenter object in the inventory and click the Update Manager tab to open the Update Manager Compliance view. When you click Admin view and then go back by clicking the Compliance view link, you navigate to the Host and Clusters inventory view instead of the VMs and Templates view.
    Workaround: Manually navigate from the Hosts and Clusters inventory view to the VMs and Templates view by selecting Home > Inventory > VMs and Templates in the navigation bar.
  • Cluster remediation options report is not generated if the cluster is under remediation
    If you try to generate a cluster remediation options report while the cluster is being remediated, the report will be generated and displayed only after the remediation is completed.
  • Update Manager does not take snapshots of virtual machines on which FT is turned on before remediation
    You cannot take snapshots of virtual machines on which FT is enabled. If you remediate a virtual machine on which FT is turned on and in the Remediate wizard choose to take a snapshot before remediation, Update Manager ignores this setting and does not take a snapshot of the virtual machine.
    Workaround: Disable FT, configure Update Manager to take a snapshot of the virtual machine, and remediate the machine. If you want to turn on FT after the remediation, delete the snapshot and then enable FT.
  • Virtual machine hardware upgrade or VMware Tools upgrade might fail with error fault.com. - vmware.vc - Integrity.V - MToolsRemediationFault.summary
    The upgrade failure might occur on virtual machines migrated with vMotion from ESX 3.0.x hosts to ESX 4.0.x hosts. In this situation, the guest ID property of the virtual machine is unset, but a new ID is not assigned. Update Manager attempts to read the guest ID during VMware Tools upgrade, and the task fails. The same issue might occur on virtual machines that are reverted to a snapshot, or resumed from suspended state on ESX 4.0.x hosts.
    Workaround: First manually upgrade VMware Tools, and then upgrade the virtual hardware of the virtual machine.
  • When multiple users attempt to create a baseline with the same name simultaneously, Update Manager displays an ambiguous error message
    When multiple users attempt to create a baseline with the same name simultaneously, Update Manager displays the message The specified key, name, or identifier already exists. The message does not inform you explicitly that another user is attempting to create a baseline with the same name.
  • The vSphere Client might display the error message Exception has been thrown by the target of an invocation When an Old Version of Update Manager Is Installed
    When you connect the vSphere Client to a vCenter Server 4.0.x instance, with a registered old version of the Update Manager server, the vSphere Client displays the error message Exception has been thrown by the target of an invocation.
    Workaround: Either first upgrade the Update Manager server to version 4.0.x and then reinstall the Update Manager plug-in from the vSphere Client Plug-in Manager, or uninstall the legacy versions of the Update Manager server and plug-in.
  • When you stage a baseline that contains multiple bulletins, some bulletins might be shown as missing
    After the successful staging of a baseline that contains multiple bulletins, some bulletins might be shown as Staged and others as Missing. For more information, see After you stage a baseline, a bulletin might be shown as Missing instead of Staged (KB 1018530).
  • Update Manager fails to install and upgrade the Cisco Nexus 1000V VEM, if the ESX host is running on an IPv6 networking stack
    When an ESX host is added to a Cisco Nexus 1000V DVS, Update Manager installs the Cisco Nexus 1000V VEM on the host. Upgrading the Cisco Nexus 1000V VSM to the latest version invokes Update Manager to upgrade the VEM on the host attached to the DVS. Both the installation and the upgrade operations might fail if the host is running on an IPv6 networking stack.
    Workaround: Install or upgrade the VEM on the host manually, by using the offline bundle.
  • During VMware Tools upgrade you might see a misleading error message in Recent Tasks pane
    When you perform a VMware Tools upgrade of a virtual machine, you might see a misleading error message Cannot complete operation because VMware Tools is not running in this VM even though the remediation is successful.
  • Scheduling a remediation task generates a set of tasks
    When you schedule a remediation task, several active tasks appear in the Recent Tasks pane. One of these tasks is Remediate Entity. This task appears when you create a new remediation task and is not an actual remediation task in which the objects are remediated. The Remediate Entity task creates sub-tasks for the scheduled remediation based on your input in the Remediate wizard.
  • Administration view and Compliance view quick-switch links might not work properly if your environment is in linked mode
    If your vCenter Server system is part of a connected group in vCenter Linked Mode and you have an Update Manager instance registered with each vCenter Server system, the Admin view and Compliance view navigation links might not work properly. For example, consider a scenario in which Update Manager instance 1 is registered with vCenter Server system 1 and Update Manager instance 2 is registered with vCenter Server system 2. When you select an object managed by vCenter Server system 1, click the Update Manager tab, and then click Admin view in the upper-right corner, you see the Administrator's view of Update Manager instance 1. When you click Compliance view, select an object from the inventory managed by vCenter Server 2, and click Admin view in the upper-right corner, you see the Administration view of Update Manager instance 1 again.
    Workaround: Click Compliance view and then click Admin view again to see the Administration view of the second Update Manager instance.
  • When you perform a VMware Tools upgrade you might see a misleading error message
    When you perform a VMware Tools upgrade of a virtual machine with insufficient free space, the remediation fails because of the lack of space with a wrong error message The VMware Tools operation was canceled.
  • Conflicting patches are counted in the remediation wizard
    After you scan a selected object against a patch baseline, you might see a number of conflicting patches in the Patch Baselines window. When you try to remediate the selected object, the conflicting patches are counted in the Remediation wizard as patches that are going to be installed on the object, but only some or none of the conflicting patches are installed during the remediation process.
  • Update Manager Service might fill the \Temp directory with many temporary system files
    You might see many files with names like ufa{*}.tmp and ufa{*}.tmp.LOG{*} in the Windows \Temp directory (the default location is C:\WINDOWS\Temp).
    • ufa{*}.tmp files – These files are created when the Update Manager service becomes unavailable in the middle of an offline virtual machine scan. To delete the ufa{*}.tmp files (for example, to delete a ufa729F.tmp file):
      1. Select Start > Run.
      2. In the Run window enter regedit.
      3. In Registry Editor, navigate to the My Computer\HKEY_LOCAL_MACHINE folder and select the ufa729F.tmp file.
      4. Select File > Unload Hive.
      5. Open a Command Prompt window.
      6. Navigate to C:\ and run the following command:
        del C:\Windows\Temp\ufa729F.tmp
    • ufa{*}.tmp.LOG{*} files – These files are Windows transaction log files for registry operations. They can be generated as a result of Windows logging registry transactions, and are removed after use. ufa{*}.tmp.LOG{*} files are like any other Windows temporary files and can be deleted as a part of a Windows Disk Cleanup task.
      To delete the ufa{*}.tmp.LOG{*} files (for example, to delete a ufaFF50.tmp.LOG2 file):
      1. Open a Command Prompt window.
      2. Navigate to C:\ and run the following command:
        del C:\Windows\Temp\ufaFF50.tmp.LOG2

Top of Page