How to Patch a Standalone ESXi Host
In the video below, we show you how to patch a standalone ESXi host
Unless you are managing a VMware ESXi server through vCenter then the hypervisor will be a standalone server
And to update and patch a standalone server we need to run a command from the CLI to apply a patch we download from VMware
Useful links:
https://customerconnect.vmware.com/patch
https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-vcenter-server-70-release-notes.html
https://esxi-patches.v-front.de/
Steps taken
-
Download patch
Point your web browser to the following URL and login to your VMware account
https://customerconnect.vmware.com/patch
Now, from the “Select a Product” drop down menu select ESXi (Embedded and installable)
By default this will be set for the latest major version, which at the time of recording is 7.0, but you can change this in the drop down menu
Click the Search button and it will return all patches that are available for that version
If it’s too recent, then it’s usually not a good idea to install it because when developers fix code, there is always the risk they’ll create a new bug
Choose the patch you’ll use, then click on the Download Now button to download the zip file
NOTE: Web browsers like Brave will result in an error message. You have to disable the Shield to allow cookies, trackers, etc.
Basically, VMware will restrict download access if you disable analytics -
Upload patch to ESXi
The next thing to do is to upload the patch to a datastore the hypervisor has access to
In this example, we’ll use the local storage
Login to your ESXi server, click on Storage and then select the Datastore
Copy and paste the location details for this datastore as we’ll need this later
Click Datastore browser, then click Upload
Select the depot file you downloaded and click Open
Once the upload is complete you can click the Close button -
Shutdown VMs
Because we are carrying out maintenance, gracefully shutdown any VMs that are running on this server -
Connect using SSH
To apply the patch we need to open a remote console to the server using SSH
Click on Host then from the Actions menu select Services | Enable Secure Shell (SSH)
Now connect to the server using SSH and login as root -
Pre-stage patch
Next we’ll run a command to pre-stage the patch, but we need to know the image profile name
In my case we’re installing 7.0U3c and you can find this on the website but it also tells us this in the filename, VMware-ESXi-7.0U3c-19193900-depot.zip
As this is a standard edition of VMware we’re running, we’ll use ESXi-7.0U3c-19193900-standard for this patch release
Now, if we’d opted for 7.0U2d instead it would be ESXi-7.0U2d-18538813-standard
We also need the location of the patch, which hopefully you copied in a previous step
The command for me to then run is as follows
The last parameter is optional and is to disable the hardware warning as I already know about a CPU support riskesxcli software profile update -p ESXi-7.0U3c-19193900-standard -d /vmfs/volumes/60081218-95c16d94-3698-1418774a8f18/VMware-ESXi-7.0U3c-19193900-depot.zip \--no-hardware-warning -
Reboot and update server
At this stage the patch isn’t applied and it requires a reboot
As a best practice you should now put the server into Maintenance mode first
Back in the ESXi GUI, click Host then click Actions and select Enter maintenance mode
This is to make sure the server comes up in a stable state and VMs aren’t started as soon as it’s ready
As long as no VMs are running, reboot the server by clicking the Reboot option
Once the server is back up, login into the GUI and click Host
You should now see the version has changed, due to the upgrade
You can now disable maintenance mode by clicking Actions and selecting Exit maintenance mode
The server is now updated and ready to use
Sharing is caring!