Yesterday I noticed something strange while updating a VI3 environment to vSphere with Update Manager 4.0
The update of update manager went fine as well as the creation of new baselines.
Whenever I remediated a Host, the Host went into maintenance mode and the remediate process hangs on 33%. This same behaviour occured when I first staged the updates towards the ESX Host. Checking the network performance chart I noticed a spike in performance and after that nothing else happened. Checking the log files I noticed several timeouts while transferring the packages towards the ESX Host.
After doing some further research I noticed something that was completely new for me: The “VMware Update Manager” option in the Security Profile (Firewall) of the ESX 4.0 Host:
This is mentioned in the Update Manager Manual:
Server port (range: 9000–9100) Listening port for the Web server that provides access to the plug-in client installer, and provides access to the patch depot for ESX/ESXi hosts.
Update Manager automatically opens ESX/ESXi firewall ports in this range to allow outbound HTTP traffic to the patch store. Listening port for the Web server that provides access to the plug-in client.
While checking VI3.5 environment I noticed that ESX3.5 also has a profile for “updateManager” which I never ever used before. (and which isn’t even enabled on the VI3 environment on where Update Manager just works fine)
Conclusions:
– I needed to I enabled the “VMware Update Manager”-service in the ESX 4.0 firewall for the Update Manager to work!
– Apparently the Update Manager didn’t automatically opened the ESX firewall ports as stated in the manual.
– Apparently this firewall setting isn’t required on ESX 3.5 (and isn’t automatically opened as well)
Markus Siegl-Hahm
/ December 1, 2009Thank you very much for this helpful hint.
really crazy but now it works
dkraut
/ October 26, 2010Thank you for this info. This was about the 15th hurdle I hit tonight while trying to upgrade a few hosts. I was about to take a bat to my system, but you prevented that! 🙂 BTW, important to note that simply enabling this under Config / Security was not enough. Also required canceling the existing staging process, which was stuck at 33%. After restarting the process, voilà! it worked… Cheers!