PBSDVMuser
Contributor
Contributor

How to verify or confirm installation of a VMware patch

Hi,

We built the VM (ESXi 6.5) server and installed 'ESXi650-201912002.zip' patch by executing "esxcli software vib install -d /path/to/ESXi650-201912002.zip" during installation.

Now the how can I verify that the patch has been installed from the console of the built ESXi server? I ran 'esxcli software vib list' and didn't see the name 'ESXi650-201912002' from output, there are several entries with version containing '6.5.0...', but how can I know if one of them is the patch, or even if the patch has (or not) been installed during the installation?

TIA

0 Kudos
16 Replies
nachogonzalez
Expert
Expert

Hey, hope you are doing fine

Let's do this: open a new ssh session to the host and run

esxcli software vib list

then you should see this vibs


  • VMware_bootbank_vsanhealth_6.5.0-3.120.15081994
  • VMware_bootbank_vsan_6.5.0-3.120.15087173
  • VMware_bootbank_esx-tboot_6.5.0-3.120.15256549
  • VMware_bootbank_esx-base_6.5.0-3.120.15256549

soruce: VMware ESXi 6.5, Patch Release ESXi650-201912002

0 Kudos
PBSDVMuser
Contributor
Contributor

Thanks for your reply!

I ran the command and the attached screenshots are outputs of the command.

Please let me know if any of the item(s) is from the patch.

I did expect the listed patch name as described in VM sites. At least there should be things like package name, ID, or other unique number/strings.

0 Kudos
nachogonzalez
Expert
Expert

It seems like all patches were installed on 08/20/2020
pastedImage_0.png

I would say upgrade was succesful.

0 Kudos
PBSDVMuser
Contributor
Contributor

Thanks again!

They all have the same installation date because that's when we deployed the VM with our image.

What I exactly wanted is the (or one) item unique to the patch so that I can ensure that THE patch has been successfully applied to the system.

I would think unbelievable if there is no way to do that from VM point of view.

TIA

0 Kudos
nachogonzalez
Expert
Expert

Yes, actually there is.
Do you have VUM deployed?

0 Kudos
a_p_
Leadership
Leadership

There's indeed nothing like an update history that I'm aware of.

In case you want to verify whether a specific item has already been installed, it may be an option to compare its build number with https://esxi-patches.v-front.de/vm-6.5.0.html

André

0 Kudos
PBSDVMuser
Contributor
Contributor

Good question, how can I check? Any command I can run in the console?

Another question: is VMW patch accumulative? For example, I see the download of previous patches like 'ESXi650-201901001.zip', 'ESXi650-201910001.zip', now we have 'ESXi650-201912002.zip', do I need to install all of them, or the last one will cover all the previous patches?

0 Kudos
nachogonzalez
Expert
Expert

If you go to your vcenter you should see a vsphere update manager tab under home
there you can see which patches are already installed


Regarding the patches being cumulative:
yes, they are

Are ESXi Patches Cumulative - VMware vSphere Blog

Another option to check if the patch has been updated is to check the build version on the esxi host

it should be 15177306

ESXi 6.5 EP 18ESXi650-20191200112/05/201915177306

source: VMware Knowledge Base
Please make sure you have reboote your host after the vib is installed. since the patch definition states it requires a rebootVMware ESXi 6.5, Patch Release ESXi650-201912002

0 Kudos
PBSDVMuser
Contributor
Contributor

Thank you!

But sorry I'm not VM expert, how can I find out the build number of VM server FROM the console? We don't have GUI part up and configured, so the only source for me to use now is the console command.

Also, how can I find the  build number for the patch "ESXi650-201912002"?

0 Kudos
PBSDVMuser
Contributor
Contributor

Also, it's weird that the command (esxcli software vib list) didn't print any '..bootbank...' items (see the attached screentshots in my previous post) as others posted, do you know why?

0 Kudos
TheBobkin
VMware Employee
VMware Employee

Hello PBSDVMuser​,

Welcome to Communities.

"Also, how can I find the  build number for the patch "ESXi650-201912002"?"

ESXi 6.5 P04

ESXi650-201912002

Release Date: 12/19/2019

Build: 15256549

Current build info retrievable via:

via the vSphere Client summary tab in the vSphere UI for the host under 'Version Information'

or via CLI

# esxcli system version get

or

# vmware -vl

Reference of ESXi builds, dates etc. can be found here:

VMware Knowledge Base

As a.p. , mentioned, check  https://esxi-patches.v-front.de/  for versions of drivers that you know should have been updated in the differential build - this is a well-maintained and updated resource (thank you peetz - I had never actually put together that this was yours until now, seriously thanks for creating and maintaining this, I point people this way frequently, I owe you a pint of Guinness or 3 if you are ever happen to be in Cork, Ireland).

Bob

0 Kudos
PBSDVMuser
Contributor
Contributor

Here is what I got with the commands.

patch.PNG

The build number is not matching.

What is patch 105  then? What is patch number for ESXi650-201912002? If that number is fixed and unique, I can use that to verify.

0 Kudos
nachogonzalez
Expert
Expert

have you rebooted the ESXi host after intsalling the patch?

0 Kudos
PBSDVMuser
Contributor
Contributor

Yes, I did.

I think the patch installation didn't work.

From here (https://blogs.vmware.com/vsphere/2013/10/are-esxi-patches-cumulative.html#:~:text=In%20short%2C%20th...), it mentioned to use 'esxcli software profile update -d /patch/file.zip -p xxxx' to apply a patch completely.

I don't know which base ESXi650 image is being used (we took over from others' code), can I omit '-p xxxx' part or to make to default/existing image (and how)?

0 Kudos
nachogonzalez
Expert
Expert

it seems like it didn't work

Can ypu tray running the patch again and pay special attention to /var/log/vmware/esxupdate.log.

0 Kudos
TheBobkin
VMware Employee
VMware Employee

No, you can not omit it as then it doesn't know what profile you are trying to update.

You can get the current profile name to fill the 'xxxx' from:

Example:

[root@esx1:~] esxcli software profile get

HPE-ESXi-6.7.0-Update3-iso-Gen9plus-670.U3.10.4.5.19

   Name: HPE-ESXi-6.7.0-Update3-iso-Gen9plus-670.U3.10.4.5.19

   Vendor: Hewlett Packard Enterprise

   Creation Time: 2020-02-22T06:07:54

   Modification Time: 2020-02-22T06:08:10

   Stateless Ready: True

Another common issue is not using double-quotes around the path as these can sometimes have special characters in them or the file name.

Bob

0 Kudos