Upgrading an ESXi 6.0 host to Update 2 with Lock Down mode enabled using vCenter Update Manager fails with the error: The host returns esxupdate error code:18
search cancel

Upgrading an ESXi 6.0 host to Update 2 with Lock Down mode enabled using vCenter Update Manager fails with the error: The host returns esxupdate error code:18

book

Article ID: 315358

calendar_today

Updated On:

Products

VMware vSphere ESXi 6.0 VMware vCenter Server 6.0

Issue/Introduction

Symptoms:
Attempting to scan and remediate an ESXi 6.0 to 6.0 Update 2 using vCenter Update Manager (VUM) 6.0 Update 2 while Normal or Strict Lockdown Mode is enabled, you experience these symptoms:

  • Within the VUM Compliance View, the host's Compliance Status always reports Non-Compliant. This includes after the host has been upgraded to 6.0 Update 2.

    Note: Although host compliance status reports non-compliant, ESXi host upgrade to ESXi 6.0 Update 2 is completed.
     
  • The Scan entity task within the vSphere Web Client or vSphere Client fails with the error:

    The host returns esxupdate error code:18. Maintenance mode is not enabled or could not be determined. Check the Update Manager log files and esxupdate log files for more details
     
  • In the /var/log/esxupdate.log on the ESXi host, you see similar to:

    [YYYY-MM-DDTHH:MM:SS]Z esxupdate: vmware.runcommand: INFO: runcommand called with: args = '['/usr/bin/vim-cmd', 'hostsvc/runtimeinfo']', outfile = 'None', returnoutput = 'True', timeout = '0.
    [YYYY-MM-DDTHH:MM:SS]Z esxupdate: HostInfo: ERROR: vim-cmd returned nonzero status 255</time></time>

     
  • In the %ProgramData%\VMware\Infrastructure\VMware Update Manager\Logs\vmware-vum-server-log4cpp.log on the VUM server, you see similar to:

    [YYYY-MM-DDTHH:MM:SS]Z'HostUpdateDepotManager' 3568 ERROR] [scanHostxx, 366] result for host: <ESXi Host FQDN or IP> (entity: host-xx) shows error :
    ...
    <error errorClass="MaintenanceModeError">
    <errorCode>18</errorCode>
    <errorDesc>Maintenance mode is not enabled or could not be determined.</errorDesc>
    <msg>Unable to determine if the system is in maintenance mode: vim-cmd returned error (255). Please see esxupdate logs for more details. To be safe, installation will not continue.</msg>
    </error>
    </esxupdate-response>


    Note: This log excerpt is an example. Date, time, and environmental variables may vary depending on your environment.



Environment

VMware vCenter Update Manager 6.0.x
VMware vSphere ESXi 6.0

Cause

This issue is caused by the vim-cmd API call issued from VUM to the ESXi host returning a non-zero code due to Lock Down Mode being enabled.

Resolution

This is a known issue affecting vCenter Update Manager 6.0 Update 2.
 
This issue is resolved in VMware ESXi 6.0, Patch Release ESXi600-201605001.
 

Workaround:

Disable Lockdown mode on the ESXi 6.0 hosts prior to patching. Once lockdown mode has been disabled, re-scan the ESXi hosts and update the hosts to 6.0 Update 2. After the ESXi hosts have been remediated, re-enable Lockdown mode. For more information, see Enabling or disabling Lockdown mode on an ESXi host

 
Note: With Lockdown mode enabled, both strict and normal, the ESXi 6.0 Update 2 hosts will continue to report as Non-Compliant. Disabling Lockdown mode will allow for a successful Compliant status.



Additional Information