VMware vSphere

After finally successfully upgrading our 2.0 VI installation to 2.5, we are having problems with Update Manager. It seems updates download fine and baslines show up ok. We are able to successfully attach baselines, scan, and remediate any GUEST machines. On ESX hosts, we can attach baselines but cannot successfully scan them. Each time I see VMWARE UPDATE MANAGER HAD A FAILURE (under SCAN ENTITY) followed by METADATA FOR PATCH MISSING (under SCAN). I see a total of 10 updates on the baseline for ESX machines, but no way to apply them. Needless to say, we cannot remediate any ESX hosts (all 3.5 upgraded from 3.0.2). Any ideas ?

I'm having the same exact issue...

AK

im having the same problem....

OK,

I figured this one out... Here is a previous thread...

http://communities.vmware.com/thread/122007?tstart=0&start=0

Essentially, our Virtual Center was not using the default of port 80 for communications...

Here are the steps:

1) figure out which port your Virtual Center is using: Administration>VirtualCenter Management Server Configuration>Web Service (Note the HTTP port)

2) log into the esx server in question

3) esxcfg-firewall -o 8080,tcp,out,UpdateManager (where 8080 can be changed to the port of your Web Service port)

That fixed it for me!

I did everything of changing ports, changing <<patchstore> and <path> under <docRootHostUpdatespatchstore> .....I but....it doesnt work...any idea???

above did not fix it for me either. however, i found the following.

i did a reinstall of updatemgr (database deleted) and started from scratch. Downloading patches went ok, but when i want to start the scan for updates on a host, it times out.

During this proces, i monitored /var/log/vmware/esxupdate.log

DEBUG: summary: /usr/sbin/esxupdate --HA --flushcache -d scan

DEBUG: root: Enabling hostagent interface

DEBUG: db: dbfile = , 1 keys

DEBUG: Depot: Download Rules: {'blacklist': , 'exclusives': []}

ERROR: root: IOError: <urlopen error (110, 'Connection timed out')>

ERROR: hostagent: BundleID:Unknown

ERROR: hostagent: File:http://10.1.1.10:80/vci/hostupdates/hostupdate/esx/esx-3.5.0/contents.xml.sig

ERROR: hostagent: Extra:()

the agent uses 10.1.1.10:80, but vcserver (with updatemgr installed) runs at 10.1.0.10

resolving is ok, from both sides, forward and back. and i never made that typo. No host file entries. Always used hostnames in configuration during the installation of updatemanager.

where is this ip address configured on the host? can i delete the patchdb maybe?

I'm having the exact same issue. My esxupdate log shows that the host is trying to communicate with the VC on an IP that was used for the initial installation and I cannot figure out where the host keeps the VC IP so I can change it to the VC production IP.

Any ideas?

Thanks!

I did not find an IP yet, but the hostname for the VC is in vci-integrity.xml on the VC/Update manager host.

Duncan

My virtualisation blog:

What is the location of that file?

Thanks.

Hi Guys,

I have same issue with metadata, my VC server was on different port. After executing the command "/usr/local/esxcfg-firewall --openport

81,tcp,out,dynamicupdates" on the VM host, the error disappeared.

no thats not it. the esxupdate.log on the HOST is trying to connect to an IP address i've never configured anywhere. the vci-integrity.xml is fine

Hi people...

Finally, after check all ports and everything I know about all of this, I´ve installed a new virtual machine with XP and virtual center. I´ve keept the license server phisicall machine, and this started to work. I still having any error about not compliant one patch, but I´ll see about that...

This was the only way I found to put it working...

bye

JeffST

The IP address is configured in the VirtualCenter under the registry key: HKLM\SOFTWARE\VMware, Inc.\VmwareUpdate Manager

You have to change the Ip in the VCServer key.

I have the same problem, and after change this value and reboot the system, the update manager works fine.

Regards,

Martí

Solved!

When I orignially installed VC the server had different IP. I uninstalled VC and re-installed and re-initialized the DB. After that Update Manager worked perfectly.

Drastic mesure, but it did the trick.

Same problem. My VC ip has never changed and everything looks to be correct that has already been posted. Any other resolutions?

was able to resolve this problem by rescheduling the update downloads:

on the vmware infrastructure client click on Plugins -> Update Manager -> Schedule Update Download

Select the updates you want to download then next

Set the start time about 2 minutes past current time and select the current day of the week.

This will download the metadata needed.

Scheduling the updates worked. Not a resolution that I would have even considered. I'm curious to know what the difference is between the manual vs. scheduled updater.

Anyhow, this is an awesome edition that has been needed for a long time. Updates fixed a couple other issues I was having...

Just speculation, but I believe that the Scheduled Update goes to the VMware website and downloads a file with the list of current updates. Then the scan for updates uses this list to check the ESX servers and/or virtual machines for any need service packs, updates, and/or hot fixes..

Note: For those using proxy servers read pages 15 and 16 of the update manager administration guide.

http://www.vmware.com/pdf/vi3_vum_10_admin_guide.pdf

Hi

I had also this strange problem but i have solved it for my company.

Go to the vci-integrity.xml file and look for the following :

<!-- HostUpdate Management Configuration -->

<HostConfig>

In the Next Line Try something like that:

<PatchDepotURL>http://VCServerHostName:80/vci/hostupdates/hostupdate</PatchDepotURL>

restart the VMWare update manager service and then try to scan again.

Hope it works for you

Thank you very much to Aldaendi.... the suggestion to adding in the PatchDepotURL solved my problem.

THANK YOU!!! :smileylaugh:

Hi

I had also this strange problem but i have solved it for my company.

Go to the vci-integrity.xml file and look for the following :

<!-- HostUpdate Management Configuration -->

<HostConfig>

In the Next Line Try something like that:

<PatchDepotURL>[http://VCServerHostName:80/vci/hostupdates/hostupdate]</PatchDepotURL>

restart the VMWare update manager service and then try to scan again.

Hope it works for you

thanks aldaendi, your solution worked for me!

Just upgraded to VC 2.5 Update 1 and all of a sudden had the same issue with updates, even though everything worked before and no modifications were done. Could be that I missed something in documentation, but anyway here is what was the problem in my case and what fixed it...

On the initial install of VC 2.5 we have specified a non-default location for updates and metadata - we placed the folder in the root of the drive. When faced with the this problem not being able to scan for updates - I went to vci-integrity.xml and noticed that this setting was pointing to a wrong place:

<docRootHostUpdates>

<namespace>"/vci/hostupdates"</namespace>

<path>C:\Documents and Settings\All Users\Application Data\VMware\VMware Update Manager\Data\</path>

</docRootHostUpdates>

</docRootMap>

Once I changed the path back to the correct folder - everything started working again. And this might explain why manual scans didn't work, whereas automatic did. With automatic it would download the metadata from vmware servers servers and place it into a new folder - but with manual it relies on whatever there is already. Or am I mistaken? Anyway - could help somebody else :smileyhappy:

YEAH!!! dmgenesys, you're a star! It helped me! :smileycool:

I also installed Update1 and the path was wrong. Well spotted!!!

Cheers

I am having the same issue. Is there a solution yet?

C

While working with VMWare on the issue we found that this fixed my problem. It was trying to connect to our VC Admin server over a network that the ESX Hosts did not have access too. We needed to change the order of the network connections that the service bound to.

VirtualCenter setup has three different IP address.

During scan of ESX Host(s) using Update Manager, after a few minutes, an error comes up on recent tasks "Metadata for patch missing."

After reviewing Update Manager logs, it indicated that Update Manager is trying to contact wrong IP address configured for VirtualCenter.

Scanning then fails.

Resolution

On the VirtualCenter Server, changed the Binding order of the Network adapter to reflect the proper IP Address.

How to change the binding order of network adapters

1. Click Start, click Run, type ncpa.cpl , and then click OK.

You can see the available connections in the LAN and High-Speed Internet section of the Network Connections window.

2. On the Advanced menu, click Advanced Settings, and then click the Adapters and Bindings tab.

3. In the Connections area, select the connection that you want to move higher in the list. Use the arrow buttons to move the connection.

Notes

• The Adapters and Bindings tab lists the connections in the order in which the connections are accessed by network services. The order of these connections reflects the order in which TCP/IP or the next available protocol is bound to the network adapters. The bindings for remote access connections apply to all remote access connections.

• The Provider Order tab lists the network providers for this computer. You can use the arrow buttons to change the order in which these providers are accessed. You can arrange the order in which the computer accesses information about the network. Providers and other connections are accessed in the order in which the providers and the connections are listed.

http://support.microsoft.com/kb/894564

hi madhattr!

yes, i think you're right, that if the ip shown in the logs is not the one your esx servers are being managed by, the problem can be solved with this.

unfortunatly i found no way to make VC listen/bind on all ip's

if you have other services running on the box where vc runs on, it might be difficult to change the nic bindings, because that might interrupt other services, which then listen to the wrong ip...

if somebody knows a way to explicitly tell VC which ip to use, i would love to hear it!

thanks

DAAT,

You got a very good point there, you may want to open up a ticket with VMWare and see what the resolution to that is then post it.

Hope that helped. :smileyhappy:

just filed a sr

i'll let you all know

here's the reply from support:

If Updatemanager is binding the wrong nic you have two possible workarounds.

The preferred method is to edit the Update Manager configuration file, located on the Update Manager Server.

1.Launch the windows service management console and stop VMware Update Manager Service.

+ Start -> Run -> type 'services.msc' -> press 'Enter'.+

2.Edit the Update Manager configuration file.

+ Note: the default location is C:\Program Files\VMware\Infrastructure\Update Manager\vci-integrity.xml file. Change the drive letter and/or path as required.+

3.Locate the section named "HostConfig". It should look something like this:

+ <HostConfig>+

+ <PatchDepotUrl></PatchDepotUrl>+

+ Note: Update Manager ignores the information about the hostname during installation and leaves this section empty. That causes the Update Manager to use the first NIC in the binding order on the Windows machine that runs VirtualCenter and Update Manager.+

4.If your VirtualCenter hostname is for example "vcServer", enter the address as noted below:

+ <HostConfig>+

+ <PatchDepotUrl>http://vcserver/vci/hostupdates/hostupdate</PatchDepotUrl>+

+ Note: This VirtualCenter host name should be pingable from your ESX Server hosts.+

5.Save and exit the configuration file.

6.Restart VMware Update Manager from the service management console.

Alternatively, you can change the binding order of the network adapters on the machine running VMware Update Manager.

1.Open the Network Connections control panel.

+ Start -> Run -> type 'ncpa.cpl' -> press 'Enter'.+

2.You can see the available connections in the LAN and High-Speed Internet section of the Network Connections window.

3.From the Advanced menu, select Advanced Settings.

4.Select the Adapters and Bindings tab.

5.In the Connections area, select the connection you wish to move higher in the list and use the arrow buttons to move the connection.

Note: Place the NIC that is accessible by ESX server as the first NIC in the list.

Note:

* The Adapters and Bindings tab lists the connections in the order in which the connections are accessed by network services. The order of these connections reflects the order in which TCP/IP or the next available protocol is bound to the network adapters. The bindings for remote access connections apply to all remote access connections.

* The Provider Order tab lists the network providers for this computer. You can use the arrow buttons to change the order in which these providers are accessed. You can arrange the order in which the computer accesses information about the network. Providers and other connections are accessed in the order in which the providers and the connections are listed.

I've found on my server the vci-integrity.xml file is ignored when the service starts in favour of the registry settings which are found at:

So if changing the xml file doesn't fix it, try editing the registry (and restarting the service)

I found the following kb article. Basically, in my situation, the default port of 80 was not being used. The article details 2 workarounds.

http://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=1003943

The NIC binding order made the difference for me. Thanks for the solution. I reconfigured the NIC binding order, rebooted the server (restart of services did not work for me) and then I was good to go with no other modifications. I had already created a scheduled task last week manually for the update download, so that could still be something to watch for with others. Cheers!

Awesome post. Thanks

was able to resolve this problem by rescheduling the update downloads:

on the vmware infrastructure client click on Plugins -> Update Manager -> Schedule Update Download

Select the updates you want to download then next

Set the start time about 2 minutes past current time and select the current day of the week.

This will download the metadata needed.

Thanks - I had this same issue. I went to scheduled tasks and right-clicked - selected "run now" - it did the update and now everything is working again.

Hi All

I had a same issue and fixed it following all instructions uptill where someone mentioned about scheduling update manager. So I am not sure which one fixed this may scheduling of updates or network preference. Thanks to all of you for your help

Ajay

I've found that the hosts communicate through the "reverse proxy service" port may be blocked by a firewall between the Virtual Center server and the host. Scanning / Remediating appears to automatically open up the port in the ESX firewall, but if you have the windows firewall enabled this may cause the error. Alternatively you may find you config is attempting to run this reverse proxy service on a port that's already in use, so it isn't starting correctly.

I also had this error message on a fresh install of ESX Server 3.5 Update 1 and VirtualCenter 2.5 Update 1. I checked all the solutions listed here, but everything I had was bone-stock.

Then I noticed that I had the directory C:\Documents and Settings\All Users\Application Data\VMware\VMware Update Manager\Data\hostupdate\, but it didn't contain esx\esx-3.5.0\contents.xml.sig. I manually created esx\esx-3.5.0\, downloaded the latest contents.zip file, and extracted it there.

After that, Update Manager detected that it had patches to download and I'm off and running.

I have a three node cluster that I was updating during the long weekend. The first two machines updated w/o any issue; the third machine complained about the metadata missing just like what you all have run into.

I perused many of the problems and solutions in this thread to no avail. What finally fixed it: restarting the update manager service. That's it. It seems that in my installation I have to do that periodically or the system won't download updates from VMware.com as well. Hopefully the next version will put this right.

Hi, I was reading all the posted answerd to this issue and after spending 2 days with VMware support which included steps like renaming the metadata folder, uninstalling the update manager service, client and all kind of things I resolved the problem the easiest way possible.

I believe that this issue can be caused by very different reasons but reading this thread really gave me the idea that resolve the problem in my case.

Simply, my ESX 3.5.0 host wasn't communicating properly back to the vCenter server eventhough it registered perfectly and made it to the inventory.

While I was trying to resolve the problem only from the vCenter perspective, the problem really was at the host.

Solution: I am not using a DNS to resolve and servers are in different vlans but they are routable in my network. I went to the /etc/hosts file and viola! no entry for the vCenter server, so, I added the entry with the right IP address and next time I scan the host from update manager in the vCenter server it completed the scan!

Thank you all for giving ideas on how to resolve and I hope this help others as well. Check always everything.

Yep, this worked for me too. With help from VMware support, we did a tail -f on the esxupdate.log in the var/log/vmware dir and when I ran a scan, it was trying to access the virtualcenter server name without the fully qualified name. When I performed a ping before, it could not resolve that name. For some reason, updating update manager with the IP did not resolve the issue, so adding the VC name and IP to hosts file fixed it for me.

We had multiple nic's configured on our VCenter server. We have not as yet input the 'permanent' solution in the link below.

We did a work-around by:

Disabling the secondary nic

Stopping/starting the vmware update manager service

exiting/entering the VIC and retrying the scan

Updating /etc/hosts with my vCenter server + hostname solved this issue for me. I've tried about everything, and nothing worked. This was an easy fix that should be in documentation. I've spent far to long working on this dumb issue.

So in /etc/hosts...

10.10.10.10 hostname.domain.com hostname

-saved file

-sync

-Selected host, and scanned for updates. Worked!!