6 Replies Latest reply on Dec 8, 2017 12:03 PM by jwckauman

    Patch Manager and VMware Tools - anyone succesfully patching their VMs?

    jwckauman

      I'd like to use Patch Manager to start keeping our VMware Tools versions up to date. I had success Patch Manager deploying the latest VMware Tools version to my 32-bit VMs, but it is failing on my 64-bit VMs. 

        • Re: Patch Manager and VMware Tools - anyone succesfully patching their VMs?
          jwckauman

          BTW, when i try to install the 64-bit VMware Tools upgrade via Windows Update on a Win2016 server i get the following error:

           

          Some update files aren't signed correctly.

          Error code: (0x800b0109)

           

          I know if you look up that error there are notes about certificate issues and group policies, but if i'm able to install any other updates via Patch Manager, then doesn't that prove that the cert/policies are fine?

            • Re: Patch Manager and VMware Tools - anyone succesfully patching their VMs?
              jrouviere

              That error is specific to having the WSUS signing certificate in place and the "Allow signed content" policy enabled per the KB:

               

              Error when deploying third-party updates to client systems - SolarWinds Worldwide, LLC. Help and Support

               

              This is specifically for third party updates.  So if you've been updating these machines with Microsoft updates and this is the first Third Party update you've tried, then you do need to complete the configuration before that part will work.

               

              Since it seems to be working on 32 bit machines, but not 64 bit you may have disparate Group Policy settings for those machines or another issue, but you will want to check that the certificates are in place on the Trusted Root and Trusted Publishers stores and that the Allow Signed Content policy is enabled.

                • Re: Patch Manager and VMware Tools - anyone succesfully patching their VMs?
                  jwckauman

                  Thank you for replying. I checked one of the servers that is failing and ran "rsop.msc".  I can see the WSUS Publishing Certificate is in place in the Trusted Root Certification Authorities store AND the Trusted Publishers store.I can also see that the "Allow Signed Updates from an Intranet Microsoft update service location" is enabled. 

                   

                  If both of these are in place what might be the issue?

                    • Re: Patch Manager and VMware Tools - anyone succesfully patching their VMs?
                      jwckauman

                      Here is the info from the WindowsUpdate.log file on one of the Win2012R2 servers.

                       

                      2017-12-08 10:30:00:806  952 532c AU AU received approval from UX for 1 updates

                      2017-12-08 10:30:00:806  952 532c AU AU setting pending client directive to 'Progress Ux'

                      2017-12-08 10:30:00:900  952 532c AU BeginInteractiveInstall invoked for Download with sessionId 5

                      2017-12-08 10:30:00:900  952 532c AU Auto-approving update for download, updateId = {073589FE-6687-4A17-B0CF-87106A1D7EC7}.1, ApprovalIsForUx=1, UpdateOwner=UX, Deadline=0, IsMinor=0, UpdateFlags=16936

                      2017-12-08 10:30:00:900  952 532c AU Auto-approved 1 update(s) for download (for Ux)

                      2017-12-08 10:30:00:900  952 532c AU WARNING: Failed to get Wu Exemption info from NLM, assuming not exempt, error = 0x80240037

                      2017-12-08 10:30:00:900  952 532c AU #############

                      2017-12-08 10:30:00:900  952 532c AU ## START ##  AU: Download updates

                      2017-12-08 10:30:00:900  952 532c AU #########

                      2017-12-08 10:30:00:900  952 532c AU   # Approved updates = 1

                      2017-12-08 10:30:00:900  952 532c AU WARNING: Failed to get Wu Exemption info from NLM, assuming not exempt, error = 0x80240037

                      2017-12-08 10:30:00:900  952 532c AU WARNING: GetCurrentNetworkCostPolicy failed, error = 0x80240037

                      2017-12-08 10:30:00:900  952 532c IdleTmr Incremented idle timer priority operation counter to 2

                      2017-12-08 10:30:00:900  952 532c AU AU initiated download, updateId = {073589FE-6687-4A17-B0CF-87106A1D7EC7}.1, callId = {14F9FDC9-7622-41CB-A96E-B1FD83CCAEC3}

                      2017-12-08 10:30:00:900  952 532c AU Currently AUX is enabled - so not show any WU Upgrade notifications.

                      2017-12-08 10:30:00:900  952 532c AU WARNING: Failed to get Network Cost info from NLM, assuming network is NOT metered, error = 0x80240037

                      2017-12-08 10:30:00:900  952 1508 DnldMgr ***********  DnldMgr: Begin Downloading Updates [CallerId = AutomaticUpdatesWuApp]  ***********

                      2017-12-08 10:30:00:900  952 1508 DnldMgr   * Call ID = {14F9FDC9-7622-41CB-A96E-B1FD83CCAEC3}

                      2017-12-08 10:30:00:900  952 1508 DnldMgr   * Priority = 3, NetworkCostPolicy = 6, Interactive = 1, Owner is system = 1, Explicit proxy = 0, Proxy session id = 5, ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}

                      2017-12-08 10:30:00:900  952 1508 DnldMgr   * Updates to download = 1

                      2017-12-08 10:30:00:900  952 1508 Agent   *   Title = VMware Tools 10.1.15 (x64) (Upgrade)

                      2017-12-08 10:30:00:900  952 1508 Agent   *   UpdateId = {073589FE-6687-4A17-B0CF-87106A1D7EC7}.1

                      2017-12-08 10:30:00:900  952 1508 DnldMgr ***********  DnldMgr: New download job [UpdateId = {073589FE-6687-4A17-B0CF-87106A1D7EC7}.1]  ***********

                      2017-12-08 10:30:00:900  952 1508 DnldMgr   * BITS job initialized, JobId = {5A9998A9-6085-4656-AFD6-391961099A22}

                      2017-12-08 10:30:00:900  952 532c AU WARNING: Failed to get Network Cost info from NLM, assuming network is NOT metered, error = 0x80240037

                      2017-12-08 10:30:00:916  952 1508 DnldMgr   * Downloading from http://wsus04:8530/Content/AE/503725BD1840CFB372E837EB90764C740EF467AE.cab to C:\Windows\SoftwareDistribution\Download\edb2296d57230b79496b810e00af6719\503725bd1840cfb372e837eb90764c740ef467ae (full file).

                      2017-12-08 10:30:00:916  952 532c AU   # Pending download calls = 1

                      2017-12-08 10:30:00:916  952 532c AU <<## SUBMITTED ## AU: Download updates

                      2017-12-08 10:30:00:916  952 1508 IdleTmr WU operation (DownloadManagerDownloadJob) started; operation # 4557; does use network; is not at background priority; will NOT stop idle timer

                      2017-12-08 10:30:00:916  952 1508 IdleTmr Incremented idle timer priority operation counter to 3

                      2017-12-08 10:30:00:916  952 1508 DnldMgr *********

                      2017-12-08 10:30:00:916  952 1508 DnldMgr **  END  **  DnldMgr: Begin Downloading Updates [CallerId = AutomaticUpdatesWuApp]

                      2017-12-08 10:30:00:916  952 1508 DnldMgr *************

                      2017-12-08 10:30:01:306  952 256c DnldMgr BITS job {5A9998A9-6085-4656-AFD6-391961099A22} completed successfully

                      2017-12-08 10:30:01:322  952 256c IdleTmr WU operation (DownloadManagerDownloadJob, operation # 4557) stopped; does use network; is not at background priority; will NOT start idle timer (task did not previously stop it

                      2017-12-08 10:30:01:322  952 256c IdleTmr Decremented idle timer priority operation counter to 2

                      2017-12-08 10:30:01:478  952 256c Misc Validating signature for C:\Windows\SoftwareDistribution\Download\edb2296d57230b79496b810e00af6719\503725bd1840cfb372e837eb90764c740ef467ae with dwProvFlags 0x00000080:

                      2017-12-08 10:30:01:916  952 256c Misc FATAL: Error: 0x800b0109 when verifying trust for C:\Windows\SoftwareDistribution\Download\edb2296d57230b79496b810e00af6719\503725bd1840cfb372e837eb90764c740ef467ae

                      2017-12-08 10:30:01:916  952 256c Misc WARNING: Digital Signatures on file C:\Windows\SoftwareDistribution\Download\edb2296d57230b79496b810e00af6719\503725bd1840cfb372e837eb90764c740ef467ae are not trusted: Error 0x800b0109

                      2017-12-08 10:30:01:916  952 256c DnldMgr WARNING: File failed postprocessing, error = 800b0109

                      2017-12-08 10:30:01:916  952 256c DnldMgr Failed file: URL = 'http://wsus04:8530/Content/AE/503725BD1840CFB372E837EB90764C740EF467AE.cab', Local path = 'C:\Windows\SoftwareDistribution\Download\edb2296d57230b79496b810e00af6719\503725bd1840cfb372e837eb90764c740ef467ae'

                      2017-12-08 10:30:01:916  952 256c DnldMgr Error 0x800b0109 occurred while downloading update; notifying dependent calls.

                      2017-12-08 10:30:01:916  952 17f0 AU >>##  RESUMED  ## AU: Download update [UpdateId = {073589FE-6687-4A17-B0CF-87106A1D7EC7}]

                      2017-12-08 10:30:01:916  952 17f0 AU   # WARNING: Download failed, error = 0x800B0109

                      2017-12-08 10:30:01:931  952 1508 DnldMgr *********

                      2017-12-08 10:30:01:931  952 1508 DnldMgr **  END  **  DnldMgr: Download Call Complete [Call 6 for caller AutomaticUpdatesWuApp has completed; signaling completion.]

                      2017-12-08 10:30:01:931  952 1508 DnldMgr *************

                      2017-12-08 10:30:01:931  952 17f0 AU Download call completed, hr = 0x800B0109

                      2017-12-08 10:30:01:931  952 17f0 AU #########

                      2017-12-08 10:30:01:931  952 17f0 AU ##  END  ##  AU: Download updates

                      2017-12-08 10:30:01:931  952 17f0 AU #############

                      2017-12-08 10:30:01:931  952 17f0 AU Currently AUX is enabled - so not show any WU Upgrade notifications.

                      2017-12-08 10:30:01:931  952 17f0 AU WARNING: Failed to get Network Cost info from NLM, assuming network is NOT metered, error = 0x80240037

                      2017-12-08 10:30:01:931  952 17f0 AU WARNING: Failed to get Network Cost info from NLM, assuming network is NOT metered, error = 0x80240037

                      2017-12-08 10:30:01:947  952 17f0 IdleTmr Decremented idle timer priority operation counter to 1

                      2017-12-08 10:30:02:900  952 532c AU BeginInteractiveInstall invoked for Install with sessionId 5

                      2017-12-08 10:30:02:900  952 532c AU Auto-approved 0 update(s) for install (for Ux), installType=0

                      2017-12-08 10:30:02:900  952 532c AU WARNING: BeginInteractiveInstall failed, error = 0x8024000C

                      2017-12-08 10:30:02:931  952 522c AU AU received handle event

                      2017-12-08 10:30:02:931  952 522c AU WARNING: Failed to get Wu Exemption info from NLM, assuming not exempt, error = 0x80240037

                      2017-12-08 10:30:02:931  952 522c AU Triggering Offline detection (non-interactive)

                      2017-12-08 10:30:02:931  952 522c AU Adding timer:

                      2017-12-08 10:30:02:931  952 522c AU     Timer: 31DA7559-FE27-4810-8FF6-987195B1FD98, Expires 2017-12-08 15:30:02, not idle-only, not network-only

                      2017-12-08 10:30:02:931  952 522c AU Currently AUX is enabled - so not show any WU Upgrade notifications.

                      2017-12-08 10:30:02:931  952 522c AU WARNING: Failed to get Network Cost info from NLM, assuming network is NOT metered, error = 0x80240037

                      2017-12-08 10:30:02:947  952 522c AU WARNING: Failed to get Network Cost info from NLM, assuming network is NOT metered, error = 0x80240037

                      2017-12-08 10:30:02:947  952 522c AU #############

                      2017-12-08 10:30:02:947  952 522c AU ## START ##  AU: Search for updates

                      2017-12-08 10:30:02:947  952 522c AU #########

                      2017-12-08 10:30:02:947  952 522c IdleTmr WU operation (CSearchCall::Init ID 7) started; operation # 5059; does not use network; is at background priority

                      2017-12-08 10:30:02:947  952 522c Agent *** START ***  Queueing Finding updates [CallerId = AutomaticUpdates  Id = 7]

                      2017-12-08 10:30:02:947  952 522c AU <<## SUBMITTED ## AU: Search for updates  [CallId = {5C93D289-0FDC-40AA-9656-2FDF4D976D2D} ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}]

                      2017-12-08 10:30:02:947  952 3268 Agent ***  END  ***  Queueing Finding updates [CallerId = AutomaticUpdates  Id = 7]

                      2017-12-08 10:30:02:947  952 3268 Agent *************

                      2017-12-08 10:30:02:947  952 3268 Agent ** START **  Agent: Finding updates [CallerId = AutomaticUpdates  Id = 7]

                      2017-12-08 10:30:02:947  952 3268 Agent *********

                      2017-12-08 10:30:02:947  952 3268 Agent   * Online = No; Ignore download priority = No

                      2017-12-08 10:30:02:947  952 3268 Agent   * Criteria = "IsInstalled=0 and DeploymentAction='Installation' or IsPresent=1 and DeploymentAction='Uninstallation' or IsInstalled=1 and DeploymentAction='Installation' and RebootRequired=1 or IsInstalled=0 and DeploymentAction='Uninstallation' and RebootRequired=1"

                      2017-12-08 10:30:02:947  952 3268 Agent   * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed

                      2017-12-08 10:30:02:947  952 3268 Agent   * Search Scope = {Machine & All Users}

                      2017-12-08 10:30:02:947  952 3268 Agent   * Caller SID for Applicability: S-1-5-18

                        • Re: Patch Manager and VMware Tools - anyone succesfully patching their VMs?
                          jasweat

                          Is it just the one x64 update that is failing? You can try deleting the update out and republishing to the WSUS server.

                          Are you sure that the correct WSUS certificates are installed and those aren't old certificates or from a different WSUS server? That's what the error looks like. You can also try directly publishing the certificates from the WSUS server those VMs point to using the Client Certificates Management action in the menu on the right. I don't know if your 32-bit VMs point to a different WSUS server or not.