VMware Cloud Community
LeeSony
Contributor
Contributor

ESXi Critical Update Patching

I have ESXi 6.7 update 2 installed and want to apply all the latest security patches to this. In vcenter I am only seeing patches from August 2019. Is this because August 2019 is when Update 3 came out so to apply the latest security patches to my hosts I need to upgrade to Update 3 first?

Reply
0 Kudos
5 Replies
msripada
Virtuoso
Virtuoso

Latest update is 6.7 update 3a released in november but I believe for that you vcenter should be updated first to the latest.. Always update VCSA which has vum

VMware ESXi 6.7, Patch Release ESXi670-201911001

Thanks,

MS

Reply
0 Kudos
larstr
Champion
Champion

vCenter with 6.7 Update2 and Update Manager will actually upgrade your hosts to ESXi 6.7 Update 3 by default. It is a best practice to do vCenter first, but it's not required. It can also give dangerous looking error messages if you're using vSAN and end up on a higher update level on your hosts than your vCenter.

If you're using vSAN you can also use the html5 client to configure update manager to only install security patches for the same update level as vCenter.

Lars

Reply
0 Kudos
scott28tt
VMware Employee
VMware Employee

Moderator: Moved to Update Manager


-------------------------------------------------------------------------------------------------------------------------------------------------------------

Although I am a VMware employee I contribute to VMware Communities voluntarily (ie. not in any official capacity)
VMware Training & Certification blog
Reply
0 Kudos
LeeSony
Contributor
Contributor

sorry, maybe my post doesn't make sense. I'm not looking to upgrade to U3 - I just want to apply the latest security patches to my U2 hosts and from what I can see from update manager these stopped appearing around August 2019 when U3 was released. Does that mean I can not apply the latest security patches to my U2 servers?

Reply
0 Kudos
larstr
Champion
Champion

If you're using vSAN you can use Update Manager to update your servers to configure what type of patching it should do. Without vSAN this setting is not available.

pastedImage_0.png

It's kind of strange that this option isn't available without vSAN.

Lars

Reply
0 Kudos