I was playing around with vSphere ESXi 4.0 and the Update Manager. As Jason Boche already reported several patches have been released and I wanted to test Update Manager. After downloading all the patches I noticed that there was a patch regarding the Cisco Nexus 1000v.
Although I did not have the 1000v installed Update Manager did want to install the patch. Kind of weird because why install the patch when you are not using the plugin? I decided to exclude it from my baseline to make sure I did not install it.
I was lucky to notice it because according to this KB article it can and probably will cause issues. If you did install it read the KB article on how to remove the patch!
Now this made me rethink my patching strategy. Normally I just install every single patch out there to make sure I am running the latest and greatest version, but apparently this is not the best practice anymore. My recommendation: review your patches and if it doesn’t apply to you exclude them!
Jason Boche says
Oh screw that. This is VMWare’s flagship bare metal enterprise product. It is the job of Update Manager to determine what patches we need and what we don’t need. I don’t want to hear that my hosts are now going to have problems because Update Manager installed the wrong updates. Who’s going to pay my $50,000 salary to babysit Update Manager? The Hyper-V team?
Duncan, please take this back to engineering. This is BS.
javellan says
Wow, thanks for the heads up. I just installed all missing patches on my lab environment and was curios to see that particular patch on there. I guess the “I guess it couldn’t hurt if VMware is telling me to patch it” doesn’t apply here. BTW I was using the vSphere Host Update Utility and that same patch was advertised to my host not using the Nexus 1000v.
@jason If that ruined my environment I’d be upset. However that’s what dev/lab environments are for, right? I do agree, VMware should not be advertising patches through Update Manager that are not applicable to a current configuration. That’s inexcusable for an enterprise product.
Keith says
Ouch!! I’ll have to check my lab as well to see if that was applied by default…
Steve Kaplan says
That’s odd. I just looked at my VUM baseline that’re setup for all of our ESX 4.0 hosts (a healthy mix of dev ESX and ESXi here), and that Nexus patch is showing as not applicable against all of my hosts in the cluster… So, I’m not entirely sure about the problem, or what’s going on there in your respective baselines.
Also, I noticed that the patch is specifically for ESXi, so it certainly isn’t applicable to ESX Classic hosts, either..
Steve Kaplan says
And I just pushed the baseline patch updates for ESXi to one of those dev boxes.. and I can confirm that the Nexus patch (VEM400-200906002-BG) was not applied to my host(s), though I was incorrect.. The status isn’t “Not applicable”, it’s “New module”.. Which probably means it determined that the Nexus package wasn’t installed on my existing host… So, I’m not sure how much concern there really is for something like this, but I’m also going to check with the folks I know at VMware, too.
Duncan Epping says
I reinstalled vCenter yesterday and tested it again. It seems like my VUM was messed up cause it’s actually working like it should. So this update doesn’t get installed when the original add-on hasn’t been installed. Weird.
Anyway, it’s good to know.
dennis says
don’t fix whats not broken ?
dennis says
and get get used to windows reboot tricks often and deciphering coded errors !
especially after un-installing things — make sure you do a reboot !