If you have just installed the latest VMware vSphere 6 for example and want to patch, but you don't know how? This guide is especially useful if your ESXi host is not connected to the internet. Many folks are waiting for VMware to “polish” the 6.0 release the latest patches which don't break things, but that's not always the case.
The latest patch is cumulative. Those of you who stepped in and runs vSphere 6.7, you might want to install the latest ESXi VMware patch. By having the latest patch, you're not only safe, but you might also be safe from bugs, which appears after major releases.
So in today's post, we look at the patching process. Where to download the latest patches and how to apply them to the host. We will focus on simple CLI method today for environments with single ESXi host. This can be the case for branch office or a test environment or simply a site without the resources to purchase a license package that includes vCenter.
Step 1: The patch download portal first (you need VMware login – create a free account if you haven't done yet).
Select the product you want to download patches (in our case ESXi 6.7)
Select the patch you want to download. (they are cumulative, download only the latest one).
Step 2: Download the ZIP file and upload it to a datastore (via VMware vSphere client or via WinSCP for example) that is reachable for the host you want to patch (it can be local or shared datastore) > Bring the host into the maintenance mode > Connect with SSH (via Putty for example or through Firefox and FireSSH) to your ESXi host.
To enable SSH go and select your host > configuration > security profile > services > properties > SSH.
Then connect via SSH and run this command:
esxcli software vib install -d /vmfs/volumes/datastore1/patch-directory/ESXi670-201901001.zip
So in my case, it was:
esxcli software vib install -d/vmfs/volumes/465/ESXi670-201901001.zip
Reboot the host and leave the maintenance mode.
You're done. In case you have a vSphere cluster in place you can leverage VMware Update Manager (VUM) which can orchestrate the patching across your cluster where it goes and puts the host in maintenance mode and evacuates VMs via vMotion automatically each time a host within cluster needs to be patched. So you just attach a baseline which includes the latest patches > scans the cluster > remediate….
You will certainly not patch as I showed in this guide today. But today's post is certainly useful for isolated, lab environments, or environments where VUM isn't installed.
If you want to check on how to install VUM you can check my post on it. VUM still needs Windows VM (or physical box) to get installed… But can be installed with an included SQL express DB (in case you don't have a license of Full SQL server). It's quite fun. For other guides, how-to, videos, and news on vSphere 6 check my vSphere 6.7 page!
More from ESX Virtualization:
- How To Create VMware ESXi ISO With Latest Patches
- VMware vSphere Standard vs Enterprise Plus
- Install and Configure VMware vCSA 6.7
- VMware vSphere 6.7 U1 Download Now
- Upgrade ESXi 6.x to 6.7 via CLI – Two methods
- How to create a custom ESXi 6.5 ISO with VMware Image Builder GUI
Stay tuned through RSS, and social media channels (Twitter, FB, YouTube). Liked this post? Don't hesitate to share, like -:) Twitter and Facebook
Sebastian H. says
Didn’t you last time correct it to:
esxcli software vib update -d /vmfs/vol…?
With “update” you might keep personalised drivers etc.
Vladan SEGET says
Wasn’t it in case of Upgrade? As for patch install we use the “install”…
I’m using Dell Customized Image of VMware ESXi 6.0 – Dell-ESXi-6.0.0-2494585-A00
should i use esxcli software vib update or esxcli software vib install cli command for official update-from-esxi6.0-6.0_update01.zip
Vladan SEGET says
“update” keeps custom drivers. “install” does NOT.
Have you succeeded in upgrading your Dell ESXI 6.0 to 6.0 update01?
I’m interested in proceed, but would like to hear your experience!
download the update ISO from DELL is your best bet. DELL will have ISO usually 2 months after VMware official release.
Same Jerry again as avove 🙂
I used “Install”, it works fine. It shows VIBs installed, VIBs Removed, and VIBs Skipped. feels like an update.
thanks vladan !
I used your description to apply the patch for fixing the snapshot-bug of ESXi 5.5 update3 on a hp proliant DL380 Gen8, worked like a charm !
the call was like:
esxcli software vib install -d /vmfs/volumes/whatever/ESXi550-201510001patch3a.zip
Vladan SEGET says
Thanks for your comment Adrian. Glad it worked for you…
Your guide was thorough, insightful and extremely helpful. Thank-you for putting together a well laid out document with detailed instructions and explanations, it was greatly appreciated! Bookmarked!
Mr Wong says
Found the boot USB stick not accessible to the computer, and caused this issue. Move the USB stick to another USB port make this book and able to patch. Hope it helps for someone looking for a solution.
Vladan SEGET says
Thanks for sharing this back with us.
Update worked as below. Install did not work
esxcli software vib update -d /vmfs/volumes/DATASTORE2/ESXi600-201510001.zip
Thanks, this worked like a charm. Much easier than I thought.
I’m running Esxi 5.5.0 with a Realtek 8168 nic (installed using a vib).
Now I was wondering do I need to reinstall this vib again after update to 6.0 using this update method ? This nic is being used as management interface so won’t I loose the SSH connectivity after updating to 6.0 ?
Also how about the license ? Do I need a new license for 6.0 ?
What is the best way to incorporate the patch into the image. I know I can use PoerCLI which is what I use to add drivers, powerpath, etc, but installing a patch sometimes has up to 70 VIBs and I was hoping you could tell me if there is any software out there that does this.
Hi, any advice how to install the latest esxi 6 patch to HP ProLiant Gen9 servers? There is an issue which causes the system to lose the disks after applying the patch. See https://kb.vmware.com/selfservice/microsites/search.do?language=en_US&cmd=displayKC&externalId=2120539
Have you updated? I saw that now the latest patch for HP Proliant Gen9 is u2.
Have you already tryied to update?
With the update switch or install?
You can update the HP ProLiant G9 to 6.0u2, but first you need to update the Smart Array Controller to the latest version, then update ESXi by using the HPE ESXi 6.0 custom image form the VMware site and last but not least, update the Smart Array Controller driver to v188.8.131.52-1.
For more information about the right firmwares en drivers: http://vibsdepot.hpe.com/hpq/recipes/HPE-VMware-Recipe.pdf
Wayne Boshier says
Is there any risk doing such an update? Aside from backing up the VM’s, I see the advice to migrate VM’s to a different host before doing this, on the vmware official KB?
Thank you so much for sharing this, I updated my first stand alone server following your guide.
Merci, merci bien!!!!
Sorry to bother..
What happened to this?
esxcli software sources profile list -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
Thanks for the article. I have a question, does the latest patch include previous patches or shall I patch the server incrementally?
VM ware Certified Professional
sorry pretty new on this, I’ve a lab envi at home…follow the guide and got this: any ideas? thanks
[[email protected]:~] esxcli software vib install -d /vmfs/volumes/datastore2/patch-
Could not download from depot at zip:/vmfs/volumes/datastore2/patch-directory/ESXi600-201611001.zip?index.xml, skipping ((‘zip:/vmfs/volumes/datastore2/patch-directory/ESXi600-201611001.zip?index.xml’, ”, “Error extracting index.xml from /vmfs/volumes/datastore2/patch-directory/ESXi600-201611001.zip: [Errno 2] No such file or directory: ‘/vmfs/volumes/datastore2/patch-directory/ESXi600-201611001.zip'”))
url = zip:/vmfs/volumes/datastore2/patch-directory/ESXi600-201611001.zip?index.xml
Please refer to the log file for more details.
Pretty sure you used the wrong Datastore name. Type ‘ls -lrt /vmfs/volumes’ to see the name of the link to your volume e.g.
‘your_datastore_name -> 4398cd3a-aab43867c-a55a-0cc27b7c3ed6’
You have to use “your_datastore_name” instead of “datastore2”. I got the same error message once after I forgot that I have renamed the datastore.
Keith R says
Thank you, this was very helpful!
Thank you so much! I don’t even bother looking anything up on vmware’s schizophrenic website.
Jas M says
– I have a Shuttle, with only Realtek 8169 GigE, no other adapter
– Currently running 5.5.0 B1331820
– Went to install 5.5.0 update 3b B3248547 (via CD iso) and received the No Network Adapter installed message
– Canceled out of the install, back to running 5.5.0 B1331820
(searched the issue brought me here to your page)
– I downloaded the ESXi600-201608001.zip and placed on the datastore
– SSH and used the following command
esxcli software vib update -d /vmfs/volumes/5478498e-5eb0276c-49ce-80ee7338eb9/patch-directory/ESXi600-201608001.zip
Could not download from depot at zip:/vmfs/volumes/5478498e-5eb0276c-49ce-80ee7338eb9/patch-directory/ESXi600-201608001.zip?index.xml, skipping ((‘zip:/vmfs/volumes/5478498e-5eb0276c-49ce-80ee7338eb9/patch-directory/ESXi600-201608001.zip?index.xml’, ”, “Error extracting index.xml from /vmfs/volumes/5478498e-5eb0276c-49ce-80ee7338eb9/patch-directory/ESXi600-201608001.zip: [Errno 2] No such file or directory: ‘/vmfs/volumes/5478498e-5eb0276c-49ce-80ee7338eb9/patch-directory/ESXi600-201608001.zip'”))
url = zip:/vmfs/volumes/5478498e-5eb0276c-49ce-80ee7338eb9/patch-directory/ESXi600-201608001.zip?index.xml
Any ideas why I’m getting this error ?
do a cd back to the home directory first. I got your command to run but only from there.
Worked for me smoothly, considering that this is the first time I apply a patch to my brand new ESXi host and taking advantage of the new Intel CPU bugs. Specifically I apply the “ESXi650-201801001”.
My doubt is: must I apply the previously patch list to my host listed in the download site? Or this last will fix the previously bugs fixed?
Regards from Madrid.
Vladan SEGET says
The latest patches are cumulative. No need to apply the previous ones. Great Week from Reunion… -:)
I install esxi6.0 update2 last year and never patch anything. Can one just take the latest patch and install it skipping previous patch ?
Vladan SEGET says
The latest patch is Always cumulative. So no need to install the intermediate patches.
I know that Sebastian H. already asked this, but I’m still in doubt. I have a cluster with 3 Dell hosts, and the VMware was installed using de Dell personalized ISO.
Do I use “esxcli software vib update” or “esxcli software vib install”?
There’s a chance to lost some drivers?
Thanks for sharing!
Vladan SEGET says
do an “update” if you can, but over the time I have the impression that the “install” and the newer VMware ISOs do have less and less problems. It seems that they integrating the drivers directly from the manufacturer. However, the Dell iso might have some CIM providers for a deeper look at the hardware, storage etc…
Reynaldo Flores says
I recently downloaded a security update file for our 3 Esxi host 6.0. Our Esxi hosts do not have direct internet connection. I will be doing the update using Vcenter Server’s Update Manager. I have done this 3 months ago. I can’t remember how I did it. Do I uploaded the Update zipped file onto the datastore somewhere where the update manager will be able to see it?
I’m sitting at original 6.7.0 and I downloaded the zip for 6.7 -6.7_update02, but I just cannot find the syntax to install it. In maintenance mode, etc. Running this command from SSH Console
esxcli software vib install -d /vmfs/volumes/SlowerDatastore/patches/update-from-esxi6.7-6.7_update02.zip
I tried update vs. install, same thing:
Message: Host is not changed.
Reboot Required: false
VIBs Skipped: VMW_bootbank… (dozens of skipped things filled the screen)