Struck by the NFS bug? Here is how to uninstall ESXi 5.5 Update 1.

There is a bug in the latest ESXi 5.5 release (Update 1 with or without the Heartbleed fix) that leads to intermittent disconnects of NFS datastores. If you are struck by this issue then you are probably already aware of that VMware has published KB2076392 for this and is "working towards providing a resolution".

In the meantime the only workaround is to downgrade your hosts to ESXi 5.5 GA (without Update 1). But how do you do this without re-installing ESXi?

You cannot do this through Update Manager, but through esxcli as follows.

Enable SSH access on your host, log in to it (e.g. using putty) and run the following commands:
# open firewall for outgoing http requests:
esxcli network firewall ruleset set -e true -r httpClient
# Install the ESXi 5.5 pre-U1 Heartbleed Fix Image Profile from the VMware Online depot
esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-5.5.0-20140401020s-standard --allow-downgrades
# Reboot your host
reboot
This will downgrade the host to the ESXi 5.5 GA version plus all security fixes that were released since then including the fix for the Heartbleed bug! If you are interested in a detailed overview of what package versions are included in each ESXi patch level then have a look at my ESXi VIB Matrix!

By the way: If you are not yet on ESXi 5.5 U1 and just want to apply the Heartbleed fix - but not U1 (because of the NFS bug) - then you can use the exact same commands (but may omit the --allow-downgrades option, because it is not needed then).

Another note: If you have 3rd-party VIBs installed then these will not be touched by this procedure. That means it is safe to use this method even if you have installed your hosts with the HP Customized installation ISO or have manually added other additional custom packages.


This post first appeared on the VMware Front Experience Blog and was written by Andreas Peetz. Follow him on Twitter to keep up to date with what he posts.



12 comments:

  1. Thanks very much for documenting and sharing this Andreas! Just used this to downgrade some systems in the work lab. Much appreciated :)

    ReplyDelete
  2. Hi Andreas,

    i have the problem that I´m sitting behind a firewall which is not under my controll.
    Is there a way to "Downgrade" with an offline Bundle?

    I found no way to pass the firewall / proxy with my esxi Hosts and I think the offline bundle is the last chance for me to downgrade without reinstalling the hosts.

    ReplyDelete
    Replies
    1. Hi Anonymous,

      yes, download the patch bundle ESXi550-201404020 from http://www.vmware.com/go/downloadpatches, upload it to a datastore of your hosts.
      Then use the same command, but replace the https://... URL with the full file path of the patch bundle.

      Andreas

      Delete
    2. Is it possible to get a statement this patch ESXi-5.5.0-20140401020s-standard does not contain any performance enhancements from update 1. It only contains security fixes ?

      Delete
    3. Does 1746974 contain any performance enhancements from update 1 or only the security patches?

      Delete
    4. Hi Anonymous,

      No.
      ESXi-5.5.0-20140401020s-standard (= Build 1746974) is the ESXi 5.5 GA code plus all security fixes, but it does not contain any non-security fixes/enhancements.

      Andreas

      Delete
  3. what build number should I have after the downgrade? Is 1746974 U1 or GA?

    ReplyDelete
    Replies
    1. You should have build number 1746974. This is neither GA nor U1.

      1746974 is a higher build number than the build number of U1 (which is 1623387), but that is irrelevant, because the complete truth is only in the complete version string of the esxbase-VIB. And this is 5.5.0-1.15.1623387 for U1 and 5.5.0-0.15.1746974 for GA+Heartbleedfix.

      For an instant reference please look at my ESXi 5.x Patch Matrix!

      Delete
    2. Or in other words: 1746974 = GA + Heartbleedfix

      Delete
  4. Thanks a lot! I've got the correct one!

    ReplyDelete
  5. Looks like the issue has been addressed
    http://kb.vmware.com/selfservice/search.do?cmd=displayKC&docType=kc&docTypeID=DT_KB_1_1&externalId=2077360

    ReplyDelete
    Replies
    1. Yes. See my post here: http://www.v-front.de/2014/06/new-esxi-55-patch-fixes-nfs-bug-and.html

      Delete

***** All comments will be moderated! *****
- Please post only comments or questions that are related to this post's contents!
- Advertising and link spamming will not be tolerated!