asked on
TPM Driver Removed after 3f update?
Follow on to post - ESXi 7 Profile Update - follow up question
I applied the ESXi 7 patch security profile as in:
esxcli software profile update -p ESXi-7.0U3sf-20036586-standard -d "/vmfs/volumes/61cc503r-c98c8a1f-f4cc-6805caf6e246/patches/VMware-ESXi-7.0U3f-20036589-depot.zip"
the result came back --
VMware-ESXi-7.0U3f-20036589-depot.zip"
Update Result
Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.
Reboot Required: true
However, after reboot, i see in the Web Client sumamry:
TPM 2.0 device detected but a connection cannot be established.
As if the TPM driver was removed...
ASKER
.already contacted Dell..
I may roll back one host and try again..it still shows the error, try the security and bugfix,,,,
Applying security and bugfix would also do the drivers?
I may roll back one host and try again..it still shows the error, try the security and bugfix,,,,
Applying security and bugfix would also do the drivers?
Yes.
ASKER
not sure where or if TPM driver 2.0 is in skip or remove
VIBs Installed: VMware_bootbank_bmcal_7.0.3-0.45.20036586, VMware_bootbank_cpu-microcode_7.0.3-0.45.20036586, VMware_bootbank_crx_7.0.3-0.45.20036586, VMware_bootbank_esx-base_7.0.3-0.45.20036586, VMware_bootbank_esx-dvfilter-generic-fastpath_7.0.3-0.45.20036586, VMware_bootbank_esx-ui_1.43.8-19798623, VMware_bootbank_esx-update_7.0.3-0.45.20036586, VMware_bootbank_esx-xserver_7.0.3-0.45.20036586, VMware_bootbank_esxio-combiner_7.0.3-0.45.20036586, VMware_bootbank_gc_7.0.3-0.45.20036586, VMware_bootbank_loadesx_7.0.3-0.45.20036586, VMware_bootbank_native-misc-drivers_7.0.3-0.45.20036586, VMware_bootbank_trx_7.0.3-0.45.20036586, VMware_bootbank_vdfs_7.0.3-0.45.20036586, VMware_bootbank_vsan_7.0.3-0.45.20036586, VMware_bootbank_vsanhealth_7.0.3-0.45.20036586, VMware_locker_tools-light_12.0.0.19345655-20036586
VIBs Removed: VMware_bootbank_bmcal_7.0.3-0.40.19898904, VMware_bootbank_cpu-microcode_7.0.3-0.40.19898904, VMware_bootbank_crx_7.0.3-0.40.19898904, VMware_bootbank_esx-base_7.0.3-0.40.19898904, VMware_bootbank_esx-dvfilter-generic-fastpath_7.0.3-0.40.19898904, VMware_bootbank_esx-ui_1.36.0-18403931, VMware_bootbank_esx-update_7.0.3-0.40.19898904, VMware_bootbank_esx-xserver_7.0.3-0.40.19898904, VMware_bootbank_esxio-combiner_7.0.3-0.40.19898904, VMware_bootbank_gc_7.0.3-0.40.19898904, VMware_bootbank_loadesx_7.0.3-0.40.19898904, VMware_bootbank_native-misc-drivers_7.0.3-0.40.19898904, VMware_bootbank_trx_7.0.3-0.40.19898904, VMware_bootbank_vdfs_7.0.3-0.40.19898904, VMware_bootbank_vsan_7.0.3-0.40.19898904, VMware_bootbank_vsanhealth_7.0.3-0.40.19898904, VMware_locker_tools-light_11.3.5.18557794-19482531
VIBs Skipped: VMW_bootbank_atlantic_1.0.3.0-8vmw.703.0.20.19193900, VMW_bootbank_bnxtnet_216.0.50.0-41vmw.703.0.20.19193900, VMW_bootbank_bnxtroce_216.0.58.0-23vmw.703.0.20.19193900, VMW_bootbank_brcmfcoe_12.0.1500.2-3vmw.703.0.20.19193900, VMW_bootbank_elxiscsi_12.0.1200.0-9vmw.703.0.20.19193900, VMW_bootbank_elxnet_12.0.1250.0-5vmw.703.0.20.19193900, VMW_bootbank_i40en_1.11.1.31-1vmw.703.0.20.19193900, VMW_bootbank_iavmd_2.7.0.1157-2vmw.703.0.20.19193900, VMW_bootbank_icen_1.4.1.7-1vmw.703.0.20.19193900, VMW_bootbank_igbn_1.4.11.2-1vmw.703.0.20.19193900, VMW_bootbank_ionic-en_16.0.0-16vmw.703.0.20.19193900, VMW_bootbank_irdman_1.3.1.20-1vmw.703.0.20.19193900, VMW_bootbank_iser_1.1.0.1-1vmw.703.0.20.19193900, VMW_bootbank_ixgben_1.7.1.35-1vmw.703.0.20.19193900, VMW_bootbank_lpfc_14.0.169.25-5vmw.703.0.35.19482537, VMW_bootbank_lpnic_11.4.62.0-1vmw.703.0.20.19193900, VMW_bootbank_lsi-mr3_7.718.02.00-1vmw.703.0.20.19193900, VMW_bootbank_lsi-msgpt2_20.00.06.00-4vmw.703.0.20.19193900, VMW_bootbank_lsi-msgpt35_19.00.02.00-1vmw.703.0.20.19193900, VMW_bootbank_lsi-msgpt3_17.00.12.00-1vmw.703.0.20.19193900, VMW_bootbank_mtip32xx-native_3.9.8-1vmw.703.0.20.19193900, VMW_bootbank_ne1000_0.8.4-11vmw.703.0.20.19193900, VMW_bootbank_nenic_1.0.33.0-1vmw.703.0.20.19193900, VMW_bootbank_nfnic_4.0.0.70-1vmw.703.0.20.19193900, VMW_bootbank_nhpsa_70.0051.0.100-4vmw.703.0.20.19193900, VMW_bootbank_nmlx4-core_3.19.16.8-2vmw.703.0.20.19193900, VMW_bootbank_nmlx4-en_3.19.16.8-2vmw.703.0.20.19193900, VMW_bootbank_nmlx4-rdma_3.19.16.8-2vmw.703.0.20.19193900, VMW_bootbank_nmlx5-core_4.19.16.11-1vmw.703.0.20.19193900, VMW_bootbank_nmlx5-rdma_4.19.16.11-1vmw.703.0.20.19193900, VMW_bootbank_ntg3_4.1.7.0-0vmw.703.0.20.19193900, VMW_bootbank_nvme-pcie_1.2.3.16-1vmw.703.0.20.19193900, VMW_bootbank_nvmerdma_1.0.3.5-1vmw.703.0.20.19193900, VMW_bootbank_nvmetcp_1.0.0.1-1vmw.703.0.35.19482537, VMW_bootbank_nvmxnet3-ens_2.0.0.22-1vmw.703.0.20.19193900, VMW_bootbank_nvmxnet3_2.0.0.30-1vmw.703.0.20.19193900, VMW_bootbank_pvscsi_0.1-4vmw.703.0.20.19193900, VMW_bootbank_qcnic_1.0.15.0-14vmw.703.0.20.19193900, VMW_bootbank_qedentv_3.40.5.53-22vmw.703.0.20.19193900, VMW_bootbank_qedrntv_3.40.5.53-18vmw.703.0.20.19193900, VMW_bootbank_qfle3_1.0.67.0-22vmw.703.0.20.19193900, VMW_bootbank_qfle3f_1.0.51.0-22vmw.703.0.20.19193900, VMW_bootbank_qfle3i_1.0.15.0-15vmw.703.0.20.19193900, VMW_bootbank_qflge_1.1.0.11-1vmw.703.0.20.19193900, VMW_bootbank_rste_2.0.2.0088-7vmw.703.0.20.19193900, VMW_bootbank_sfvmk_2.4.0.2010-6vmw.703.0.20.19193900, VMW_bootbank_smartpqi_70.4149.0.5000-1vmw.703.0.20.19193900, VMW_bootbank_vmkata_0.1-1vmw.703.0.20.19193900, VMW_bootbank_vmkfcoe_1.0.0.2-1vmw.703.0.20.19193900, VMW_bootbank_vmkusb_0.1-6vmw.703.0.20.19193900, VMW_bootbank_vmw-ahci_2.0.11-1vmw.703.0.20.19193900, VMware_bootbank_elx-esx-libelxima.so_12.0.1200.0-4vmw.703.0.20.19193900, VMware_bootbank_lsuv2-hpv2-hpsa-plugin_1.0.0-3vmw.703.0.20.19193900, VMware_bootbank_lsuv2-intelv2-nvme-vmd-plugin_2.7.2173-1vmw.703.0.20.19193900, VMware_bootbank_lsuv2-lsiv2-drivers-plugin_1.0.0-10vmw.703.0.35.19482537, VMware_bootbank_lsuv2-nvme-pcie-plugin_1.0.0-1vmw.703.0.20.19193900, VMware_bootbank_lsuv2-oem-dell-plugin_1.0.0-1vmw.703.0.20.19193900, VMware_bootbank_lsuv2-oem-hp-plugin_1.0.0-1vmw.703.0.20.19193900, VMware_bootbank_lsuv2-oem-lenovo-plugin_1.0.0-1vmw.703.0.20.19193900, VMware_bootbank_lsuv2-smartpqiv2-plugin_1.0.0-8vmw.703.0.20.19193900, VMware_bootbank_qlnativefc_4.1.14.0-26vmw.703.0.20.19193900, VMware_bootbank_vmware-esx-esxcli-nvme-plugin_1.2.0.44-1vmw.703.0.20.19193900
ASKER
if so, you'll need to wait and discuss with Dell.
It could be another bugged release. Do you have TPM or using TPM v2 ?
otherwise it's just cosmetic.
ASKER
Still waiting on Dell
I can open an SR to VMware and ask about it,,seems that a drive should not be removed when applying a security only profile
Yes,,we have the TPM 2.0 chip on the Dell r750s
Not yet known if we are required to use it as we are just now setting up
Well to use the TPM v2.0 chip, you need to enable it, and then re-install ESXi.
If you enable TPM v2.0 after installing ESXi, OS fails to start Secure Boot!
So "as is" it sounds like you are not using it, so this is purely cosmetic. If you intend to use TPM v2.0 and Secure BOOT, you need to enable and re-install.
ASKER
ASKER
Based on a conversations with a Dell rep, they only provide VMware updated ISO on major releases...so there would be a Dell ESXi 7.0u4 ISO (if that is what is next)
Using the ESXi-7.0U3f-20036589-standard, wouldn't there be a possible issue with drivers that Dell has not verified against the u3f?
Anything is possible, that's why we have a rollback option.
Based on a conversations with a Dell rep, they only provide VMware updated ISO on major releases...so there would be a Dell ESXi 7.0u4 ISO (if that is what is next)
That's correct. But VMware probably way off with u4.
Options.
1. Rollback to 7.0.3c.
2. Rollback to 7.0.3c and retry FULL upgrade (not s ).
3. Rollback to 7.0.3c - upgrade via ISO.
4. Rollback to 7.0.3c - upgrade via vLCM
5.. Stick on 7.0.3c and wait unless you need security fixes or bugfixes which affect your organization.
have you got
set TPM2 Algorithm Selection to SHA256 in the BIOS.
turn on Intel TXT, and then enable Secure Boot.
it may not be a driver removed, but TPM has been changed, and you need to ensure it's correctly enabled for it.
ASKER
I don't have 3c installed. I started with 3f on a clean server.
I will check settings the other settings for TPM 2.0 in the BIOS.
I thought this was an update from 7.x ?
ASKER
Updated with
esxcli software profile update -p ESXi-7.0U3sf-20036586-standard (sec only)
When the ESXi loads on the first screen while booting, there are two messages that flash at the end on the console - one is red and one looks to be orange, i can't tell what they are about. Then, the next screen ESXi loads and i don't see the TPM driver error
I login to the Web interface and see build 20036586 and no longer see -- TPM 2.0 device detected but a connection cannot be established. --
However, not sure on the errors that flash by
Good fixed. Mismatched BIOS settings.
Those red errors probably always been there ?
ASKER
Only after changing the BIOS TPM settings
This was an update to 3f ? so what version did you have before ?
There were too many bugs which prompted a full update!
ASKER
After turning TPM off, I installed the new Dell Version and see no errors..
We will need to decide on using TPM or not.
If so, i will enable it and see if the issues resurfaces
if you looked at the VIBs added, installed and removed, it's possible a TPM vib driver was removed which was originally present.
You may want to consult whether to update using the security and bugfix, e.g. no s profile, or consult Vendor!
see here
https://kb.vmware.com/s/article/81838
You could rollback, and try again, or rollback and apply security and bugfix, or just apply bugfix again, and then consult Vendor.