During a recent patching cycle VMtools across a set of VMs were updated to the latest version. This was to patch security vulnerabilities in the versions which were running to ensure the environment was as secure as possible for a PenTest which would go towards IL3 Accreditation.
Shavlik was good enough to oblige here and went out and patched lots of VMs with new VMtools automatically to the latest version.
Then an issue occurred with Trend Deep Security.
Normally when doing a VMtools install for a VM managed by trend the following should be considered as per the Trend Deep Security Best Practices PDF
VMware includes the VMware vShield Endpoint Driver in VMware Tools 5.x, but the installation program
does not install it on Guest VMs by default. To install it on guest VM, review the installation options in the
|table below: Available VMware Tools Installation Options|
|Installation Option||vShield Endpoint||Action|
|Typical||vShield Endpoint does NOT install||DO NOT select this option|
|Complete||vShield Endpoint installs||Select if you want all features|
|Custom||You must explicitly install vShield Endpoint||Expand VMware Device Drivers > VMCI Driver|
|Select vShield Drivers and choose This feature will be installed on local drive.|
Shavlik didn’t consider that I wanted a Custom/Complete install and so VMCI was missing.
Ok, that would be fine but now we have VMs with newer VMtools than the ISO which is stored on the ESXi Host. So we can’t just re-run the install/upgrade via vSphere
That’s where Andreas Peetz over at http://www.v-front.de comes in with his blog post about how to effectively do 2 things
1. Place the newer VMtools iso onto a shared datstore
2. Tell the ESXi host to look at the new location when it does VMtools installs/upgrades
Now you can do automated installs/upgrades via the gui (powercli cannot pass through the custom parameters)
Here is Andreas’ Blog Post http://www.v-front.de/2013/01/how-to-use-latest-vmware-tools-with.html