There are many different reasons you may want to patch your ESXi host. VMware regularly releases bug fixes and security patches, or perhaps you need a newer build for compatibility with another application or third-party tool. In my situation, the ESXi 6.7 U1 ESXi hosts (build 10302608) are not compatible with NSX-T 2.4.0, so I need to get them patched to at least 6.7 EP06 (build 11675023).
Before you get started, you’ll want to figure out which patch release you want to update to. There is quite often some confusion surrounding the naming of VMware patch releases. In some cases, a build number is referenced, for example, 10302608. In other cases, a friendly name is referenced – something like 6.7 EP06 or 6.5 P03. The EP in the name denotes an ‘Express Patch’ with a limited number of fixes released outside of the regular patch cadence, where as a ‘P’ release is a standard patch. In addition to this, major update releases are referred to as ‘U’, for example, 6.7 U1. And to make things more confusing, a special ‘Release Name’ is quite often referenced in security bulletins and other documents. Release names generally contain the release date in them. For example, ESXi670-201903001 for ESXi 6.7 EP07.
We have setup ESXi 6.0 host ( build 2494585). Installed VUM ( update manager) as well. There is a new build 2715440 for ESXi 6.0 in their website. When we click 'Download patches and upgrades', it completes a task and when we go to compliance view, both 'Stage' and 'Remediate' options are greyed out. What might be the reason? This process required only four steps Download Patches, Mount the Patches (ISO), Check for Patches and Initiate Stage & Install. Download vCenter Server Patch. You can Download the Patched from VMware product patches page – Open a Web browser and browse the web page mentioned above; Select the drop-down menu with VC Select 6.7 Click the checkbox and download the latest file. Attach Update / Patch ISO to vCenter Server VM.
The best place to start is VMware KB 1014508, which provides links to numerous KB articles that can be used for cross referencing build numbers with friendly versions names. The KB we’re interested in for ESXi is KB 2143832.
Once you’ve been able to get the build number for your desired patch, you can visit the VMware Patch Tool site. In my case, I went ahead and downloaded ESXi670-201901001.zip. This ZIP file – and all ESXi patches – are what is referred to as an “offline bundle”. Offline bundles are collections of VIBs bundled with metadata describing their contents. You don’t need to extract the ZIP file as part of the upgrade process. The ESXi host will process the ZIP file automatically to pull out the modules and metadata.
Vmware Patches Esxi
In the ZIP file, the VIBs are contained in the vib20 directory. The other files contain metadata, including vendor related information.
The first thing we’ll need to do is upload the file over to a location that can be accessed by the ESXi hosts. Quite often, WinSCP is used for this process, but you can also use the datastore browser to put it in a shared datastore that can be accessed by all your hosts.
I uploaded it to the root of the datastore called shared-hdd0. Before you begin, it would be a good idea to put the host into Maintenance Mode.
I then opened an SSH session and logged into esx-e1 as root:
Make a note of the full path. Notice that the datastore name is used after /vmfs/volumes.
The command to initiate the update is esxcli software vib update, specifying an offline depot using the -d or –depot flags. The syntax I used is listed below:
My first attempt actually failed with the following error:
This is a common issue where certain kernel modules fail to unload. If you run into this, the workaround is quite simple. Make sure the host is in maintenance mode, reboot it and then run the command again. In my case it was successful after doing this:
Once the update is finished, it’ll be necessary to reboot the host.
That’s it! Not difficult at all, and can be useful for standalone ESXi hosts that don’t have access to vCenter and Update Manager.
VMware is releasing patches for their products regular basis to keep the product more stable and secure, some. vSphere 6.7 has released few months back and VMware released 3 patches for this version, also they have released vSphere 6.7 Update 1 . As we know, Update or patching is easy if you have internet connectivity to your vCenter and if you don’t have Internet Connection VMware is given another option offline method. In this post, I will be sharing how you can perform Update or patching of vCenter Server Offline , here we performing updating VCSA 6.7 to 6.7 Update 1 .
This process required only four steps Download Patches , Mount the Patches (ISO) , Check for Patches and Initiate Stage & Install
Download vCenter Server Patch
You can Download the Patched from VMware product patches page – https://my.vmware.com/group/vmware/patch#search
- Open a Web browser and browse the web page mentioned above
- Select the drop-down menu with VC > Select 6.7 > Click the checkbox and download the latest file.
Attach Update / Patch ISO to vCenter Server VM
Login to vCenter Server > Select VCSA VM > Attach the ISO and Connect
Note :- ISO can be uploaded the datastore visible by ESXi host or to vSphere content library for this Procedure
How to Check for Updates
- Login to vCenter VAMI UI
You can Login to VAMI UI by https://IP_or_FQDN:5480
- Navigate to Update > Check Updates > Check CD-ROM + URL
Note:- This option will allow you to check update from internet and local ISO mounted to vCenter .If you don’t have access to internet, mount the ISO to vCenter from Webclient, Check CD-ROM option will check the update only from mounted ISO .
Patch VMware vCSA 6.7
Click the Pre-upgrade checks option highlighted within the darker blue area and in a while you can see the pre-upgrade check as Passed .
Esxi Patch Stage Location Map
Click the Stage and Install link (button) to initiate the update process.
Accept the EULA and Click Next
Next screen is Join CEIP and default it will be checked , leave as default and click Next
Next Screen to confirm that you have the Backup of vCenter Server , if you have not backed up then there is option “go to backups”
to take a backup of vCenter
Click on Finish to start the update process
Next screen is the staging process during which all the patches are copied inside of the appliance
After some time the screen changes and the installation starts.
This installation is a long process and it will take more time , as you can see one of above screen shot shows estimates downtime 141 Minutes . After all update you can login to vCenter and verify the status and Build number .
vCenter Patch / Update from CLI – Offline Method
This is alternate method we can use to perform offline update using same ISO file we downloaded .
Mount the Downloaded ISO to VCSA VM
Log in to the VCSA appliance shell as root and run below commands
Esxi Patch Stage Locations
Offline patching is the feasible option for environments doesn’t have internet access . You can download the .zip file of the patch / update and perform update that also an offline method but this is the easy one compare to that .