Update the vCenter Server Appliance (VCSA) without internet

In this blog post I highlight how to patch or update a single vCenter Server Appliance (VCSA) without having an internet connection. The patch will be stored on a temporarily web server that is installed on a Windows machine. In this example we update the vCenter Server Appliance version from 6.0 Update 2 to 6.0 Update 3 build 5050593.

Here are the main steps:

1. On a Windows machine install a temporarily web server to host the VCSA patch.  As web server “Posh Server” (link) will be used. This is a small PowerShell web server. Download the Posh Server and install it on a Windows box. After the installation (use the default settings) open PowerShell (As Administrator) and execute the following commands:

Set-Executionpolicy unrestricted

Type “y” to confirm. Go to the “C:\Program Files\PoSHServer” folder.

Import-Module PoSHServer
Start-PoshServer -Port 9000

The Posh web server is started and listens on port 9000

2. Download the patch (zip file)  from the VMware website.

Extract the patch on the Windows machine in the web server folder under “C:\Program Files\PoSHServer\webroot\http\update“. Besides the patch file(ZIP), two folders are extracted (manifest and package-pool).

2. Before upgrading make sure you have a backup copy of the VCSA!

3. Open the vCenter Server Appliance web interface (https://VSCA-IP:5480). Go to the update tab and click settings, select use “Specified Repository”. Enter as location of the web server and update folder. In this example we use:

http://IP-web-server:9000/update

Click OK, check updates and use the “Check Repository” option. (tip: make sure to disable the proxy configuration in the VCSA)

The update displayed in available updates. Install the update.

When the update is finished, click OK and reboot the appliance.

5. After the reboot check the version and build version of the new patch.

Patch VMware ESXi hosts by command line

There a several ways to patch a VMware ESXi server. vSphere Update Manager (VUM) can update for example a complete ESXi host cluster fully automatic. vSphere Update Manager requires a vCenter Server. When you don’t have a vCenter Server patching can be done from the command line.

Here is a quick overview how to patch an ESXi 6.x host to the latest patch.

Step 1. Download the latest patch bundle from the VMware Web site, link. VMware ESXi patches are cumulative!  Each patch bundle (.zip archive) includes all the updates from prior patches.

Step 2. Upload the patch bundle (zip) to a (central) datastore with the vSphere Client (prior vSphere 6.5), vSphere Web Client, ESXi host client.

Step 3. Enable SSH

In the vSphere Web client start the SSH service and make a SSH session to the ESXi host

Step 4. Put the host in maintenance mode

vim-cmd hostsvc/maintenance_mode_enter

Step 5. Install the patch bundle

Using esxcli with the install method has the possibility of overwriting existing drivers. If you are using third-party ESXi images, VMware recommends using the update method to prevent an unbootable state. The following command will install the patch bunde:

esxcli software vib update -d /vmfs/volumes/datastore/patchbundle.zip

For example install HPE ESXi 6 Update 3:

esxcli software vib update -d /vmfs/volumes/VMFS01/VMware-ESXi-6.0.0-Update3-5050593-HPE-600.9.7.0.17-Feb2017-depot.zip

After the patch bundle is installed check the message. It must say “The update completed successfully, but the system needs to be rebooted for changes to be effective.”

Step 6. Reboot the host  by entering the following command:

reboot

Step 7. Make a SSH session to the ESXi host and exit maintenance mode

vim-cmd hostsvc/maintenance_mode_exit

Drive mapping not working with User Environment Manager (UEM)

During a Horizon View implementation with User Environment Manager (UEM) 9.1 the drive mappings don’t show up for some with a Windows 10 VDI. The flexEngine log shows the drive mapping was successfully.

2016-12-16 15:18:45.084 [INFO ] Successfully mapped drive ‘G:’ to ‘\\filesrv-01\apps$’ (‘Applicaties.xml’)

When opening an elevated command prompt and type the command “net use“, the drive mappings where displayed and accessible. The users that didn’t get the drive mappings where local administrator in the Windows 10 VDI desktop.

There is a  known limitation with drive mappings if the user is:

  • Local Admin
    • and
  • User Account Control (UAC) is enabled

Changing one of them results in displaying the drive mapping in the Windows 10 VDI desktop. More information about this issue can be found here, link.

Update: December 22, 2016: Pim van de Vis (@pimvandevis) pointed me to the following setting to solve this issue. The VMware UEM FlexEngine Advanced ADMX template has an advanced setting that is called ‘Special Drive Mapping Logic’. Enabling the ‘Special Drive Mapping Logic’ setting solves this issues. More information can be found here, link.