Lock-Blocked by vSphere Lockdown mode.

I was doing some routine upgrades this past night when I ran into a strange issue that I figured I would make a note of.  While using VMware’s Update Manager to upgrade an ESXi host from 5.1 to 5.5, I ended up getting a pretty cryptic error message from Update Manager letting me know I couldn’t proceed.

The details complained about not having enough memory to create a scratch space partition to store the upgrade image.  Weird.  My host had plenty of free space on the drive and tons of memory – All the VMs were evacuated and I had all the host memory to myself.

Fast forward after a bit of Googling and I ran across this blog post.  The alert message was exact but the resolution wasn’t correct for my situation.  Luckily someone had posted another resolution in the comments. (Side Note: Even if you don’t have the time or desire to run a blog, just adding comments to existing blog posts is a great way to contribute back to the virtualization community.)

The hosts I was working on were in a DMZ and had Lockdown Mode enabled.  The commenter had mentioned disabling Lockdown mode as the answer.  Worth trying!

I made the quick modification in vCenter to the DMZ host, reran the Update Scan and successfully upgraded the host to 5.5.  Just had to remember to re-enable lockdown mode after the reboot.  Lockdown mode only affected the actual upgrade and not the patches.  Patching a lockdown host presented no issues at all.