Step by step procedure to update vCenter sever 6.7 appliance

Step by step procedure to update vCenter sever 6.7 appliance

Steps to patch VMware vCenter 6.7 appliance

 

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

  • Please take a non-memory, non-quiesced snapshot of the vCenter VM (if standalone), before implementing any change.
  • In case there are multiple vCenter servers linked, do take powered down snapshots of all nodes before proceeding with vCenter update.
  • If PSC is external do take powered down snapshot/s of all PSC's as well.
  • If there are multiple vCenter's linked with external PSC we need to update all PSC nodes first and then proceed with vCenter nodes.
  • If DRS is set to Fully Automated, please change it to Manual while updating.
  • Make note of the host IP/FQDN where vCenter/PSC VM is deployed.
  • Ensure that you have the login credential for the ESXi host which has the vCenter VM.

-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

 

Below is an example on patching vCenter Appliance vCenter Appliance 6.7 to vCenter Appliance 6.7 Update 3o.

This version, 6.7 U3o, includes the fix for VMSA-2021-0020

 

The build number of the patched vCenter will be 18485166

 

  • In a browser open VAMI (VMware Appliance Management Interface): https://<vCenterFQDN>:5480

 

  • Login as root      
Ferozrah_0-1621963304193.png

 

  • In the Navigator tab (on the left), click Update

 

Ferozrah_1-1621963304195.png

 

  • In CHECK UPDATES drop down change the option to check CD ROM + URL (make sure there is internet connectivity to vCenter server)       

 

Ferozrah_2-1621963304201.png

 

 

You can download the latest patches from the download portal, and attach the iso to the CDROM of the vCenter server VM

 

  • Select a patch to download.

VMware recommend that the vCenter is always updated to the latest available patch

The patch that includes the fix for VMSA-2021-0020 will be listed as 6.7.0 50000 with a release date of Sep 16, 2021

 

osheehy_0-1632243908142.png

 

 

  •  Select STAGE AND INSTALL

 

Ferozrah_4-1621963304205.png

 

 

  • Accept the End user license agreement and click on NEXT

 

Ferozrah_5-1621963304209.png

 

 

  • It will start Running pre-update checks   

 

Ferozrah_6-1621963304211.png

 

  • You may be asked if you wish to Join the VMware's Customer Experience.   

           Improvement Program (CEIP), select check/uncheck and click Next

 

Ferozrah_7-1621963304215.png

 

 

  • Ensure that you have taken a recent backup and proceed to check the box  I have backed up vCenter Server and its associated databases, and click FINISH

 

Ferozrah_8-1621963304217.png

 

  •  You will see Installation in progress as follows                

 

Ferozrah_9-1621963304219.png

 

Ferozrah_10-1621963304220.png

Ferozrah_11-1621963304221.png

 

 

  •     Click on CLOSE

 

  •     The vCenter is patched with the build 18485166
osheehy_1-1632244200199.png

 


 


 

Note: If there is external PSC we need to update PSC node first following same procedure.

Comments

Congratulations on the article.

Have a question, on average how long it took to perform the installation, whether to contact or counting on the restart?

..

Thanks, @Arthur_Oliveir1 

Based on testing in the lab, the upgrade from 6.7 U3a (6.7.0.41000) to 6.7 U3n (6.7.0.48000) took around 40 Minutes overall.

Staging the Patches - 13 Minutes
Installing the Patch, including reboot and service startup - 27 Minutes

Please note, many factors could influence the time taken for upgrade (patch download speed, ESXi performance, etc..)

I hope this helps to address your query.

Hello @baijupthank you for your return.

The doubt was clarified.

Best Regards.

Please clarify if we have Vcenter appliance 6.7u3l with external PSC, do we need to apply the same patch VMSA-2021-0010 to PSC first and than to Vcenter?

Also what is the sequence if we have 2 Vcenter appliances and 2 external PSC's in linked mode. Thank you

@Ela_ivari we have to apply same patch on PSC as well. First apply patch on PSC and then VC.

 

If there are 2 vCenters with external PSC in linked then update sequence will be to update both PSC first and then VC:

- Update PSC1
- Update PSC2
- Update VC1
- Update VC2

The release date of my available update says "Sep 15, 2021" instead of the 16th per the instructions above, but the version number is right - 6.7.0.50000.

Is this correct?

@BB9193 Yes, it is the correct patch. Looks like the change in date is due to timezone of the client machine from where VAMI page is opened.

Attaching a screenshot from my lab which is in Pacific Time.

6_7_0_50000_Pacific_Time.jpg

Interesting i have just applied this in my lab environment and the build version is different to that advertised above, albeit a bigger number.

 

Version6.7.0 Build 18485185

 

I assume this covers the current vulnerability, i can't find any reference to this build number on the site.

@mrgadget @BB9193 Thanks for posting the question. I confirm that, version 6.7.0 Build 18485185 covers the current vulnerability. Looks like in VAMI Page (https://<VCIP>:5480), its showing the build number as 18485166, however in UI Client its showing build number 18485185. Sample screenshot pasted below, we will update the same in the step-by-step guide.

 

6_7_0_50000_Build_Number.jpg

Hello, does patching the vCenter Server appliance automatically upgrade the ESXi hosts that are being used in vCenter?

Hello @JDans18 , patching vCenter server won't update/upgrade ESXi hosts.

If you want to update ESXi hosts as well you need to do that separately.

Thank you @Ferozrah. I currently have ESXi 6.7 Update 3 build number 16075168. What is the ESXi version that goes the best with this vCenter 6.7u3o? Or it doesn't matter?

@JDans18 since the hosts are running at ESXi 6.7 P02, I would suggest to have them updated to ESXi 6.7 P05 (build 17700523) as it is recommended to keep hosts and VC updated to latest. However if you are not planning to update hosts for now you can keep them at 6.7 P02 

Thank you again @Ferozrah. Your responses are very appreciated. Last question, should I update ESXi before vCenter if I decide to update the hosts? Or am I okay to update vCenter and then ESXi afterwards. Does the order matter?

@JDans18 you are welcome.

We need to keep hosts and vCenter either at same level or hosts below vCenter so we need to update vCenter first and then hosts.

I have a question regarding this point: In case there are multiple vCenter servers linked, do take powered down snapshots of all nodes before proceeding with vCenter update.

Q: I have two vCenter (embedded PSC) in linked mode. Any special steps need to be taken care. I have plan to do both in two different maintenance window with snapshot individually at that time. Also I have NSX-V 6.4.6 in this vCenter and no plan for NSX upgrade.

Please advise. 

@jahalam414 

take a look to https://interopmatrix.vmware.com/#/Interoperability?isHideGenSupported=true&isHideTechSupported=true...

Shutdown both vCenter, create a snapshot of both, power on both again and perform the upgrade one after another.

Regards,
Joerg

Version history
Revision #:
5 of 5
Last update:
‎09-21-2021 10:11 AM
Updated by:
 
Contributors