The "Apply Solution" task of a vSphere Supervisor upgrade process is hung while attempting to update the ESXi hosts due to the "Enforce Live Patch" option causing an incompatible cluster image
search cancel

The "Apply Solution" task of a vSphere Supervisor upgrade process is hung while attempting to update the ESXi hosts due to the "Enforce Live Patch" option causing an incompatible cluster image

book

Article ID: 412238

calendar_today

Updated On:

Products

VMware vSphere Kubernetes Service

Issue/Introduction

While performing a vSphere Supervisor upgrade, the Supervisor control plane nodes upgrade to the desired version successfully, but the "Apply Solution" task of the Supervisor upgrade process hangs while attempting to update the ESXi hosts in the cluster.

Viewing the tasks at the ESXi cluster level, there are failed tasks stating the following error message:

  • "A general system error occurred: Solution specification in the image are incompatible with hosts:"

 

The vCenter VUM logs will list entries similar to the following example:

{
--> "STRUCTURE": {
--> "com.vmware.esx.settings.notifications": {
--> "errors": {
--> "OPTIONAL": [
--> {
--> "STRUCTURE": {
--> "com.vmware.esx.settings.notification": {
--> "id": "com.vmware.vcIntegrity.lifecycle.HostScan.QuickPatch.TpmUnsupported",
--> "message": {
--> "STRUCTURE": {
--> "com.vmware.vapi.std.localizable_message": {
--> "args": [],
--> "default_message": "The image is eligible for Live Patch. However, Live Patch is currently unsupported on a host with TPM enabled.",
--> "id": "com.vmware.vcIntegrity.lifecycle.HostScan.QuickPatch.TpmUnsupported",
--> "localized": {
--> "OPTIONAL": null
--> },
--> "params": {
--> "OPTIONAL": null
--> }
--> }
--> }
--> },
--> "originator": {
--> "OPTIONAL": null
--> },
--> "resolution": {
--> "OPTIONAL": {
--> "STRUCTURE": {
--> "com.vmware.vapi.std.localizable_message": {
--> "args": [],
--> "default_message": "Disable the 'Enforce Live Patch' remediation option and retry the operation without using Live Patch.",
--> "id": "com.vmware.vcIntegrity.lifecycle.HostScan.QuickPatch.TpmUnsupported.Resolution",
--> "localized": {
--> "OPTIONAL": null
--> },
--> "params": {
--> "OPTIONAL": null
--> }
--> }
--> }
--> }
--> },
--> "retriable": {
--> "OPTIONAL": null
--> },
--> "time": "2025-09-##T##:##:##.###Z",
--> "type": {
--> "OPTIONAL": "ERROR"
--> }
--> }
--> }
--> }
--> ]
--> },

Environment

  • vSphere 8.x
  • vSphere 9.x

Cause

The cluster image incompatibility is being caused by the "Enforce Live Patch" option being selected in the Lifecycle Manager remediation settings on hosts that are TPM enabled.  The Live Patch option is not compatible with hosts that are TPM enabled.

Resolution

Disable the "Enforce Live Patch" setting in the Lifecycle Manger remediation settings which will remove the incompatibility from the cluster image, allowing the "Apply Solution" task of the Supervisor upgrade process to proceed.

Additional Information

The following blog post mentions that Live Patch is not compatible with TPM devices under the Limitations section:

The following documentation details how to enable/disable the Live Patch setting:

Powered by Wolken Software