VMware Cloud Community
pasalott
Enthusiast
Enthusiast

I just wanted to verify that patching is no longer an option with ESXi 7.0 U3...

After upgrading to ESXi 7 U3c, there is a warning message under the Updates tab for ESXi hosts

"Do not use the non-critical baseline to update ESXi 7.0GA - 7.0U3b hosts. Use a baseline created with an ESXi 7.0 U3c or higher ISO image or Critical Host Patches baseline before applying any other patches to these hosts."

I had questions and I didn't find much about it online, so I opened a support request with VMware and I was told that we should not use any pre-defined baselines to remediate ESXi 7.0 U3 hosts.  We should actually upgrade using the latest ESXi iso (i.e. ESXi 7.0 U3f) to upgrade and not the Critical Host Patches, Non-Critical Host Patches and Host Security Patches pre-defined baselines.  

So this would mean that patching is no longer an option for ESXi 7.0 U3 hosts.  I just wanted to verify that this is the case.

Thanks

Reply
0 Kudos
9 Replies
pasalott
Enthusiast
Enthusiast

I just wanted to follow up to see if anyone had any further insight into this.  I am unable to find any official documentation from VMware that the pre-defined patch baselines can no longer be used for ESXi 7 U3.  

Reply
0 Kudos
pasalott
Enthusiast
Enthusiast

What doesn't make sense to me is that the warning specifies "Do not use the non-critical baseline to update ESXi 7.0GA - 7.0U3b hosts...".  We are running ESXi 7.0 U3c, which based on the warning message, seems it would not apply to us.

This seems like a major issue that patching via Life Cycle Manager is no longer supported and you can only patch ESXi 7.0 hosts by upgrading using the latest ESXi 7 U3 iso.  Has nobody here on this forum attempted to patch their ESXi 7 hosts?  I would have expected a quick answer to this question since it seems like a major issue everyone here would be dealing with, but I'm not finding any documentation supporting what the VMWare support technician told me.  I had planned to patch sometime in the next two weeks and want to make certain that the information I was given is correct.

 

Reply
0 Kudos
a_p_
Leadership
Leadership

From what I understand, applying non-critical patches to versions earlier than 7.0 U3c may/will cause issues by installing unwanted stuff (likely due to incorrect metadata). Once the hosts have been patched to U3c or later, you can proceed witch applying patches as before.

André

Reply
0 Kudos
bryanvaneeden
Hot Shot
Hot Shot

I've patched my entire environment the other day to 7.0 u3d with VUM baselines without any issues whatsoever. So you should be able to continue after 7.0 u3c.

Visit my blog at https://vcloudvision.com!
Reply
0 Kudos
pasalott
Enthusiast
Enthusiast

Bryan..

Did your patching include the non-critical patch baseline as well?  Also, do you show the same warning message under the host Updates tab in vCenter as in the attached screenshot?

Reply
0 Kudos
CLINZ
Enthusiast
Enthusiast

Hi, I'm not sure if this helps but i am on the latest release of ESXi and vCenter and i still receive the same message.

 

We we're on ESXI 7.0 U3 and when the issues arose and guidance to move away from U3 we're announced we used the latest iso from VMWare to perform the upgrade. I believe we went to 3d with no issues.

 

Since then we see the message below which is the same message you see. Since 3d we have reverted back to Baselines as we did previously.

 

CLINZ_0-1658991629457.png

Hope this helps.

Reply
0 Kudos
timberwolf2
Contributor
Contributor

This was an answer directly from VMware Tech Support.

"The best way to go forward with the updates is to use the pre-defined baselines (critical, non-critical, host security). We had a few issues with using the pre-defined baselines only for versions up to 7.0u3b. For all further version, you can use the baselines to update your hosts."

-K

Reply
0 Kudos
naveenbaldwa1
Enthusiast
Enthusiast

Just patch your cluster hosts with the latest release update. No need to install any other patches.

First of all, setup cluster image with latest bulid and select your hardware latest release drives as well.

Let me know if you have any questions or concern.

I'll be happy to help!

adgayakwad
Contributor
Contributor

I used to do the same. I patch only the latest roll up update and the nic drivers , nothing more than that

Tags (1)
Reply
0 Kudos