On 25th October VMware released a Security Advisory (https://www.vmware.com/security/advisories/VMSA-2023-0023.html) about two vulnerabilities in vCenter. One of them had a CVSS score of 9,8 (out of 10) so it was very important to patch the vCenter servers in the environment.

The environment was based on VCF so you cannot just install a patch on vCenter. You must do it through VCF.

For this situation, VMware has a tool available: the Async Patch Tool.

From https://docs.vmware.com/en/VMware-Cloud-Foundation/services/ap-tool/GUID-49818DF1-94EA-4C85-8CB6-6EFFCE5F8060.html:

The Async Patch Tool is a utility that allows you to apply critical patches to certain VMware Cloud Foundation components (NSX Manager, vCenter Server, and ESXi) outside of VMware Cloud Foundation releases.

On the previous page, there are links to both online and offline methods for applying patches. I chose the online method.

I could do all the steps but I got an error when I actually wanted to install the patch. The first step you do when performing an upgrade (or patch) is to do a pre-check on the environment. And the pre-check failed.

The error message was “Pre-check error Manifest XML file not found in . Please upload the bundle again”.

After this message, I tried other methods including the offline method but the error appeared every time I did the pre-check. Eventually I called VMware.

The VMware engineer I talked to, could tell me this was a known issue and that he had a workaround for this.

The failure of the pre-check is due to a new radar check running in the VxRail Managers called vxm_root_disk_space_check. The check expects an upgrade bundle to be uploaded to the VxRail Manager and fails with an ERROR/RED result if there is no VxRail upgrade bundle uploaded.

The VxRail Manager’s /var/log/mystic/radar.log will contain the following output:

"check_id": "vxm_root_disk_space_check",
"result": "ERROR",
"messages": [
{
"id": "VXR304VXMD0002",
"alphaid": "vxm_root_disk_space_check_missing_manifest_file",
"symptom": "Manifest xml file not found in [].",
"action": "Please upload the bundle again.",
"kb": "",
"severity": "Error",
"extension": {
"symptom_params": [
"[]"
]
}
}
]
}

He told me the issue would be fixed in a future VxRail code. There are currently two options to work around this pre-check error:

1. Ignore the error and proceed with any pending upgrade.
2. We can bypass the test by commenting out the radar test’s name in the VxRail Manager’s /mystic/radar/conf/profile/pre-upgrade.yml file.

I performed option 2 in our VxRail Manager and confirmed that the SDDC Manager upgrade pre-checks then passed with a warning instead of an error.