Critical baseline & Non-Critical baseline may become Compliant only after multiple remediations
search cancel

Critical baseline & Non-Critical baseline may become Compliant only after multiple remediations

book

Article ID: 344833

calendar_today

Updated On:

Products

VMware vCenter Server VMware vSphere ESXi

Issue/Introduction

Scenario 1 :
  • Critical baseline may remain Non-compliant after remediation
  • Update with Critical baselines will apply vSphere 7.0U2d content on the host, after which Intel-i40en_1.11 driver becomes applicable. Critical baseline is reported as Non-compliant
Scenario 2 :
  • Non-critical baseline may remain non-compliant after first remediation
  • Pensando released an ionic driver Pensando-ionic-en_18.0.0 which is being picked by Non-Critical baseline in VUM. 
    In the first round of remediation, this driver is detected as Not Applicable
Scenario 3 :
  • Hitachi Custom Addon for vSphere ESXi 7.0 introduced the VIB hti-upgrade-vib 1.1.0-8OEM.700.1.0.15843807 with blanket replacement for nmst
  • In vSphere 7.0 U1 Hitachi released updated Addon "Hitachi HA8000V Gen10 and RV3000 A1" with hti-upgrade-vib 1.2.0-2OEM.701.0.0.16850804 that removed replaces for nmst
  • Thus, VIB metadata of hti-upgrade-vib result in a 3-step remediation of non-critical baseline to install hti-upgrade-vib, upgrade hti-upgrade-vib and re-install nmst driver.
Initial vib name in vSphere 7.0 GA
Hitachi Custom Addon for ESXi 7.0 introduced the VIB hti-upgrade-vib 1.1 with blanket replacement for nmst.
<name>hti-upgrade-vib</name>
<version>1.1.0-8OEM.700.1.0.15843807</version>

VIB is now replaced with :-
<constraint name="scsi-hpdsa"/>
<constraint name="scsi-hpvsa"/>
<constraint name="nmst"/>
<constraint name="intelcim-provider"/>

In vSphere 7.0 U1 Hitachi released updated Addon "Hitachi HA8000V Gen10 and RV3000 A1" with hti-upgrade-vib 1.2 that removed replaces for nmst

<name>hti-upgrade-vib</name>
<version>1.2.0-2OEM.701.0.0.16850804</version>
<vendor>HTI</vendor>
<summary>Hitachi component to replace vib at upgrade</summary>
.
<replaces>
<constraint name="scsi-hpdsa"/>
<constraint name="scsi-hpvsa"/>
<constraint name="intelcim-provider"/>
</replaces>
 


Symptoms:
Scenario 1 :
  • This driver shows as non-compliant after first remediation with Non-critical baseline:
image2022-1-24_15-7-17.png
Scenario 2 :
  • Non-critical baseline may remain Non-compliant after first remediation (due to async ionic driver release)
image2022-1-24_14-47-18.png
Scenario 3 :
  • Post ESX upgrade on host with nmst async driver, non-critical baseline is non-compliant despite a second remediation" 


Environment

VMware vCenter Server 7.0.0
VMware vSphere 7.0.x

Resolution

Resolution:

The below resolution applies to both Scenario 1 & Scenario 2
  • Perform a Second remediation to bring baseline to compliance
Product Versions:
Scenario 1 :- 
ESXi versions: ESXi 7.0 to ESXi 7.0 U1 when upgrading to U3

Scenario 2 :- 

ESXi versions: ESXi 7.0 to ESXi 7.0 U2 when upgrading to U3

The below resolution applies to Scenario 3
  • Perform the third remediation with non-critical baseline to bring non-critical baseline to COMPLIANT state."
Product Versions:
vCenter versions : vCenter 7.0U1 to vCenter 7.0U3
ESXi versions: ESXi 7.0U1 to ESXi 7.0U3


Powered by Wolken Software