I recently had the pleasue to
time-warp a dinosaur upgrade an old ESXi 6.0 host to ESXi 6.7. Right after I triggered remediation with a current ESXi 6.7 iso image, I got an error message:
Cannot execute upgrade script on host
That message isn’t really specific. If you google it you’ll probably find a dozen possible reasons tor the failure. That can be:
- incompatible driver packages
- filled up vfat partitions
- /bootbank/state.XXXXXXXX directory is not being empty
- Custom ISOs with wrong signature for intel i40en driver package
- Trouble with FDM agent (HA)
None of the issues above did fit my observed problem. A good startpoint should be a look into vua.log on the affected host.
Unfortunately that didn’t help either. So we had (again) a closer look at the VMware upgrade path matrix. A direct host upgrade from ESXi 6.0 to ESXi 6.7U3 is supported but while we re-checked the matrix our attention was drawn to a little footnote.
KB 76555 says there’s an issue with expired VIB certificates on hosts below a specific build numer.
- ESXi 6.0 GA before build 9239799
- ESXi 6.5 GA before build 8294253
In fact our ESXi host 6.0 had a build level of 7967664 (U3e) which is in the critical range. So we had to install some patches up to July 2018 (ESXi600-201807001). After that the upgrade to ESXI 6.7U3 went flawlessly.
What went wrong?
Of course we did check the matrix during the planning phase in early March 2020. That’s a standard operating procedure. Unfortunately something has changed in the meantime (the footnote was added). KB 76555 was updated in May 2020 and the issue affects upgrades to versions of ESXi 6.7 beyond April 28th 2020.
Take home message: Check your design and matrices again right before the projects starts.