The cause of the warning is often an extra configuration file created automatically by Vmware-tools application.
In case "Quiesced" option is enabled in the VM configuration then the onbox vmware-tools creates an extra configuration file on the boot firmware at /etc/vmware-tools/quiesce_manifest.xml which is not expected and taints the boot firmware.
To ensure this is indeed the cause of the warning please log in to the boot shell of the appliance and run the following:
xcbclient self xcb_check_boot_files
Expected output:
/initrd/mnt/private/etc/vmware-tools/quiesce_manifest.xml
If you got this then please go ahead and apply one of the workarounds described below; if your output differs from the above then this guide is not for you; please file a support ticket and upload a debug bundle for us to analyze your situation.
The obvious workaround for this is disabling the "Quiesced" option from the VM's settings.
Since the appliance does not use the "Quiesced" option this file has no use and can be deleted safely. However it will be recreated on every reboot by vmware-tools so deleting it every time the machine boots can be problematic.
Instead of deletion it is possible to add this file to the whitelist of the taintedness check mechanism and leave it be.
To do so please download the attached script and upload it via SCP to the appliance into /root/ directory.
To apply the workaround after upload is complete please log in to boot shell and execute the following:
/bin/bash /root/whitelist_quiesce.sh
After the script is run the warning about tainted boot firmware should not appear.
Please note an upgrade procedure will overwrite the whitelist file so the modification will be reverted; in case you have to upgrade to a version which the bug was not fixed on ( > 5.0.10 on LTS product line and > 5.10.0 on the Feature branch) then it is possible you have to run the command again after the upgrade is done.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy