Updating VMware Tools with Protect and Patch for Windows Servers FAQ

Version 17



    When updating VMware Tools with, Protect and Patch for Windows Servers, there may be a couple quirks you will come across. Below is a FAQ list to help address questions you may have.




    Frequently Asked Questions


    Q: Does the version of VMware Tools need to match a specific version of ESXi or vCenter host?


    A: No. The VMware Tools versions should be backward compatible with all product supported versions. VMware has to make it backward compatible since there may be mixed hypervisor versions on the same vCenter and DRS can move VMs from one host to another. See the excerpt below from the VMware 5.0 upgrade guide: http://www.vmware.com/files/pdf/techpaper/vSphere-5-Upgrade-Best-Practices-Guide.pdf


    "The first step in upgrading virtual machines is to upgrade VMware Tools. vSphere 5.0 supports virtual machines running both VMware Tools version 4.x and 5.0. Running virtual machines with VMware Tools version 5.0 on older ESX/ESXi 4.x hosts is also supported. Therefore, virtual machines running VMware Tools 4.x or higher do not require upgrading following the ESXi host upgrade. However, only the upgraded virtual machines will benefit from the new features and latest performance benefits associated with the most recent version of VMware Tools."


    Q: Why does my VMware host show VMware Tools version out of date or missing when Protect shows it is now up-to-date, or Why does Protect show VMware Tools missing when the VMware host shows the version is already up-to-date?


    A: VMware Tools assessment in vSphere is comparing against the local version on the hypervisor the VM resides on. The ESXi host or vCenter may need to be updated. Often, it will help if you perform a Hypervisor bulletin scan and deployment to correct these inconsistencies. As long as your patch definitions in Shavlik Protect are up to date the scan information from Protect should be correct in this regard.


    More information on how to scan and deploy to ESXi hosts can be found in the following Help articles:


    Scanning VMware hosts for bulletins:



    Deploying bulletins to VMware hosts:



    Q: After updating Vmware Tools with Protect I no longer have access to the VMware Tools UI and Settings within a patched VM. Why is this happening?


    A: This is a change put into place by VMware. The behavior is intentional. Additional information on this is provided by VMware in a KB article, here:



    Q: Originally VMware Tools support was added to Protect as a Non-Security Patch. Why was this changed to a Security Patch type?


    A: More than anything the decision to change VMware Tools to a 'Security Patch' in Protect's scans is based on the fact that it is a requirement to have the latest version of VMware Tools installed on guest operating systems to be able to use the full functionality of patching hosted VM's using Protect, especially offline VMs or templates. Since this is a requirement for Protect's features to work - we consider these updates important enough to be included in Security patches.


    If you do not wish for this to be scanned along with other security patches you can create a custom scan template, and set the Product Filter to 'Skip Selected' for VMware, or you can use other filtering options to exclude VMware Tools updates from the scan.


    Q: How can I make a request for a change or addition to any features around patching VMware Tools?


    A: Please feel free to submit any feature or change requests at our Shavlik Feature Requests site.


    Q: If patching VMware Tools how is it determined that the update is needed?


    A: A virtual machine that has a previous version of VMware Tools installed that is in the affected products section of the particular patch being deployed would show the patch as needed. Physical machines will not get the patch as the vendors installer will not install on a physical machine.


    Affected Products


    Ivanti Patch for Windows Servers 9.x

    Shavlik Protect 9.x