This article describes how to apply a patch to a VMware vSphere environment. This patch is applied to the VSphere Appliance and an ESXi host.

Patching VMware

On the second of February VMware released a patch for their hypervisor and vSphere server appliance. It resolves a critical bug with vMotion between ESXi6.5 and older versions (6 and 5.5).

For more information, here are the release notes.

Not really big change or something we see quite often. But let take this opportunity to see the patching process.

This patch is applied to the vCenter Server Appliance (VCSA) 6.5 and the hypervisor(s). And in that order. So first lets create a restore point for the VCSA.

Backup current VCSA

We can use this article to create a backup:

  1. Log in to the vCenter Server Appliance Linux console as root.
  2. Download the Linux backup and restore package attached to this Knowledge Base article and extract it on the Linux machine.
  3. Make a executable.
    For example to save the file as /tmp/ , run this command:
    chmod 700 /tmp/
  4. Run the file and provide the location for the backup file.
    For example, if you want to save the file as /tmp/backup_VCDB.bak, run this command:
    python /tmp/ -f /tmp/backup_VCDB.bak

Or you could fire-up Veeam and create a backup (always a good idea).

Update VCSA

  1. Download the patch from VMware.
  2. Attach the ISO you just downloaded to your VCSA 6.5
    Via the VMware Webclient (upload the ISO to a datastore first):

    Via VMware workstation (local):
  3. Open SSH connection to VCSA
  4. Use the command:
    software-packages stage –iso

    Hit enter until you see the question about the terms and conditions. Enter [yes].
  5. To install the patch (RPMS) use the command:
    software-packages install –stage

  6. Reboot the VCSA and you’re done!

Alternative update VCSA

But wait a minute, shouldn’t life be easier with 6.5? Let’s take look at the new VMware Appliance Management console.

You can find it here:  https://<fqdn>:5480 or https://<ip-address-vcsa>:5480

Log in with the credentials you used when you installed the server.

There are some new options! We can make a backup from the console. The only thing you need is a webdav or (s)ftp server to back up to. We already made a backup so we skip this part.

Let’s take a look at the update function.

Select: check (online) repository

We now can see the a new patch VC-6.5.0a available. All we need now is to install this patch (take a snapshot first).

Select: Install all updates

Accept the terms of the license agreement and select install. The staging and installing of the patch begins. All automatically! Reboot the VCSA and you’re done!

Update ESXi hypervisor

  1. Turn on maintenance mode and/or shut-down all VMs (including VCSA) on that server.
  2. Connect with SSH to the ESXI host
  3. To obtain the patch directly to the host we must enable HTTP request on the host:
    esxcli network firewall ruleset set -e true -r httpClient
  4. Download and install the patch directly on the host (this can take a while):
    esxcli software profile update -p ESXi-6.5.0-20170104001-standard -d

  5. Disable the HTTP request on the host:
    esxcli network firewall ruleset set -e false -r httpClient
  6. Reboot the ESXi host by typing:

After reboot you’re all patched up!