As we have setup a new cluster of four ESXi 6.5 hosts, we have extracted a host profile from one of the hosts that we have setup to my customer corporate standards. After applying that host profiles to the other three hosts, we were able to quickly resolove all non-compliant issues except one where it keep complaining: “Number of ipv4 routes did not match”.
There is a good KB article on this which can be found at: https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2106112
We had two challenges with KB2106112 though, which I wanted to document to help others stumbling with the same issue as follow:
1- The KB state it is only covering up to vSphere 6.0, where our environment was vSphere 6.5 and the fix still apply
2- The KB only stated to look at the “defaultTcpipStack” Netstack Instance, where in our case it was more to do with the “VMotion” Netstack Instance. Exactly same resolution, but you need to apply it to the “VMotion” Netstack Instance.
As I have mentioned above, this can affect any of your Netstack Instances, so while I am demonstrating how to fix it for the “VMotion” Netstack Instance, you can follow exactly the same steps to fix it for other Netstack Instances include the “defaultcpipStack”.
1- Open your host profile for editing
2- Browse to Networking configuration ==> NetStack Instance ==> vmotion ==> IP route configuration => IP route config
3- Notice as in the below screenshot there is no Sub-profile in there as in the below screenshot
4- Hit the Green Plus Sign to add a sub-profile.
5- Configure your sub-profile with the proper information, below is an example of my VMotion Sub-profile.
6- Save your Host Profile.
7- Notice in the above image how the new Sub-profile called GenericStaticRouteProfile was created. If a subprofile already existed before you follow this post, then look at the other NetStack Instances to make sure all of them have a subprofile. If all of them have it then this article will not fix your issue, but if one of them is missing and you added it as in the above instructions then it should work for you.
7- Apply and recheck your host for compliance.
The above procedure should fix that issue you for you. Hope this help!