VMware Tools for nested ESXi - and how to make an Offline bundle for them

Recently William Lam announced the availability of a VIB package that installs VMware Tools inside an ESXi host. This is very useful if you run virtualized (or so-called nested) ESXi hosts on a real physical ESXi machine, because then you can reboot the nested ESXi host using the vSphere client (connected to the hosting physical host). The package also implements the VIX API that you can use to trigger scripts running inside the nested ESXi host.

The VMware Tools for nested ESXi are provided as a VMware Labs fling. While it is very useful it is currently only available in the format of a VIB file. William correctly pointed out that you can use my ESXi-Customizer tool to build an ESXi installation ISO with the VIB file included (and Vladan wrote a nice walk-through of how to actually do this), but there are situations where you need to have the package available in the format of an Offline Bundle: E.g. when you want to build a customized ESXi installation ISO using PowerCLI ImageBuilder, or if you want to create an ImageProfile for vSphere Auto Deploy (and this is a must in my test lab ;-).

So, how can you make an Offline Bundle from this VIB file?

Building an Offline Bundle from the VMware Tools VIB

Well, this is easy using my ESXi5 Community Packaging Tools:

1. Create a new empty directory and download the VMware Tools VIB file into it.
2. Download my packaging tools and unpack them on your hard disk. Launch the included vib2zip.cmd script. This will show the following GUI:

3. In the GUI select the directory from step 1 as the source VIB directory (C:\temp\2 in the example). Then click on the Load from VIB button to load the VIB's metadata into the GUI and reuse it for the Offline Bundle:

This will populate the data fields like this:

4. All you need to add manually is the Vendor code which is mandatory for an Offline Bundle, but not included in the VIB file: Enter VMW for VMware here. Then press the Run! button.

Guess what? That's all! The script will run and output the Offline Bundle into the directory that was selected as working directory in the GUI:

How to use the Offline Bundle in ImageBuilder

Once you have the Offline Bundle it is also easy to create an ESXi Installation ISO that already includes the package with the help of PowerCLI ImageBuilder. This is a script to do it:
# Add VMware Online depot
Add-EsxSoftwareDepot https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml

# Clone the ESXi 5.5 GA profile into a custom profile
$CloneIP = Get-EsxImageProfile ESXi-5.5.0-1331820-standard
$MyProfile = New-EsxImageProfile -CloneProfile $CloneIP -Vendor $CloneIP.Vendor -Name (($CloneIP.Name) + "-customized") -Description $CloneIP.Description

# Add the Nested ESXi VMTools Offline bundle
Add-EsxSoftwareDepot C:\TEMP\esx-tools-for-esxi-9.7.0-0.0.00000-offline_bundle.zip

# Add the esx-tools-for-esxi package to the custom profile
Add-EsxSoftwarePackage -SoftwarePackage esx-tools-for-esxi -ImageProfile $MyProfile

# Export the custom profile into an ISO file
Export-EsxImageProfile -ImageProfile $MyProfile -ExportToISO -NoSignatureCheck -FilePath c:\temp\ESXi-5.5.0-1331820-standard-customized.iso
Please note: You need to use the -NoSignatureCheck switch with the Export-EsxImageProfile cmdlet, because the VMware Tools VIB was signed with a test signature only that is not valid for production use (after all it's an unsupported fling!).

Usage with Auto Deploy

Due to the test signature you will also get the error message "Could not find a trusted signer" when you use the Auto Deploy New-DeployRule cmdlet with an ImageProfile that includes the VMware Tools package. As a workaround use the command
in your PowerCLI session to override the signature check.

This post first appeared on the VMware Front Experience Blog and was written by Andreas Peetz. Follow him on Twitter to keep up to date with what he posts.


  1. Works great, just one thing that I encountered is that when I did the "-ExportToIso" he was compaining about the "Could not find a trusted signer" even though I was using the $DeployNoSignatureCheck=$true just before the export.

    What worked was a -NoSignatureCheck switch -:).
    Thanks Andre for the write up!

    1. Hi Vladan,

      Yes, I have that already in the ImageBuilder script (see the post). $DeployNoSignatureCheck=$true is only required for the New-DeployRule cmdlet of Auto Deploy. That cmdlet does not accept the -NoSignatureCheck switch.

      - Andreas

  2. Hello,

    I am trying to make a new customized image with the latest version of ESXi Hypervisor 6.0.0, does this script work with the last version of ESXi?

    I tried to change "ESXi-5.5.0-1331820-standard" with VMware-VMvisor-Installer-6.0.0-2494585 but I couldn't manage to run the script. I copied and pasted this script to a new txt file and named the extension .ps1 but I am not sure if this can work.

    Can you help me please?

    Much appriciate it.


    1. Hi George,

      you don't need the esx-tools-for-esxi package with ESXi 6.0!
      For more information please read my post here.


  3. Andreas, after creating an offline bundle how can these be imported into the vSphere Client to apply with an Update Manager baseline. I get an error during the import...invalid vendor code VMW in patch metadata, another vendor code with different capitalization already exists in database. Is there a way to determine which vendor code is in the metadata?

    1. Hi Alex,

      good catch. I was not aware that capitalization of the vendor code matters...
      Please try to build the Offline bundle with the vendor code "vmw". I think this is what is used in the VMware Online Depot.


  4. Hi Andreas,

    Yep, that did the trick! Thanks as always and keep up the great work!


***** All comments will be moderated! *****
- Please post only comments or questions that are related to this post's contents!
- Advertising and link spamming will not be tolerated!