Steps to patch VMware vCenter 6.7 appliance
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Below is an example on patching vCenter Appliance vCenter Appliance 6.7 to vCenter Appliance 6.7 Update 3o.
This version, 6.7 U3o, includes the fix for VMSA-2021-0020
The build number of the patched vCenter will be 18485166
You can download the latest patches from the download portal, and attach the iso to the CDROM of the vCenter server VM
VMware recommend that the vCenter is always updated to the latest available patch
The patch that includes the fix for VMSA-2021-0020 will be listed as 6.7.0 50000 with a release date of Sep 16, 2021
Improvement Program (CEIP), select check/uncheck and click Next
Note: If there is external PSC we need to update PSC node first following same procedure.
Congratulations on the article.
Have a question, on average how long it took to perform the installation, whether to contact or counting on the restart?
..
Thanks, @Arthur_Oliveir1
Based on testing in the lab, the upgrade from 6.7 U3a (6.7.0.41000) to 6.7 U3n (6.7.0.48000) took around 40 Minutes overall.
Staging the Patches - 13 Minutes
Installing the Patch, including reboot and service startup - 27 Minutes
Please note, many factors could influence the time taken for upgrade (patch download speed, ESXi performance, etc..)
I hope this helps to address your query.
Please clarify if we have Vcenter appliance 6.7u3l with external PSC, do we need to apply the same patch VMSA-2021-0010 to PSC first and than to Vcenter?
Also what is the sequence if we have 2 Vcenter appliances and 2 external PSC's in linked mode. Thank you
@Ela_ivari we have to apply same patch on PSC as well. First apply patch on PSC and then VC.
If there are 2 vCenters with external PSC in linked then update sequence will be to update both PSC first and then VC:
- Update PSC1
- Update PSC2
- Update VC1
- Update VC2
The release date of my available update says "Sep 15, 2021" instead of the 16th per the instructions above, but the version number is right - 6.7.0.50000.
Is this correct?
@BB9193 Yes, it is the correct patch. Looks like the change in date is due to timezone of the client machine from where VAMI page is opened.
Attaching a screenshot from my lab which is in Pacific Time.
Interesting i have just applied this in my lab environment and the build version is different to that advertised above, albeit a bigger number.
Version6.7.0 Build 18485185
I assume this covers the current vulnerability, i can't find any reference to this build number on the site.
You’re not the only one seeing this:
@mrgadget @BB9193 Thanks for posting the question. I confirm that, version 6.7.0 Build 18485185 covers the current vulnerability. Looks like in VAMI Page (https://<VCIP>:5480), its showing the build number as 18485166, however in UI Client its showing build number 18485185. Sample screenshot pasted below, we will update the same in the step-by-step guide.
Hello, does patching the vCenter Server appliance automatically upgrade the ESXi hosts that are being used in vCenter?
Hello @JDans18 , patching vCenter server won't update/upgrade ESXi hosts.
If you want to update ESXi hosts as well you need to do that separately.
Thank you @Ferozrah. I currently have ESXi 6.7 Update 3 build number 16075168. What is the ESXi version that goes the best with this vCenter 6.7u3o? Or it doesn't matter?
@JDans18 since the hosts are running at ESXi 6.7 P02, I would suggest to have them updated to ESXi 6.7 P05 (build 17700523) as it is recommended to keep hosts and VC updated to latest. However if you are not planning to update hosts for now you can keep them at 6.7 P02
Thank you again @Ferozrah. Your responses are very appreciated. Last question, should I update ESXi before vCenter if I decide to update the hosts? Or am I okay to update vCenter and then ESXi afterwards. Does the order matter?
@JDans18 you are welcome.
We need to keep hosts and vCenter either at same level or hosts below vCenter so we need to update vCenter first and then hosts.
I have a question regarding this point: In case there are multiple vCenter servers linked, do take powered down snapshots of all nodes before proceeding with vCenter update.
Q: I have two vCenter (embedded PSC) in linked mode. Any special steps need to be taken care. I have plan to do both in two different maintenance window with snapshot individually at that time. Also I have NSX-V 6.4.6 in this vCenter and no plan for NSX upgrade.
Please advise.
take a look to https://interopmatrix.vmware.com/#/Interoperability?isHideGenSupported=true&isHideTechSupported=true...
Shutdown both vCenter, create a snapshot of both, power on both again and perform the upgrade one after another.
Regards,
Joerg