Patch VMware ESXi hosts by command line

There a several ways to patch a VMware ESXi server. vSphere Update Manager (VUM) can update for example a complete ESXi host cluster fully automatic. vSphere Update Manager requires a vCenter Server. When you don’t have a vCenter Server patching can be done from the command line.

Here is a quick overview how to patch an ESXi 6.x host to the latest patch.

Step 1. Download the latest patch bundle from the VMware Web site, link. VMware ESXi patches are cumulative!  Each patch bundle (.zip archive) includes all the updates from prior patches.

Step 2. Upload the patch bundle (zip) to a (central) datastore with the vSphere Client (prior vSphere 6.5), vSphere Web Client, ESXi host client.

Step 3. Enable SSH

In the vSphere Web client start the SSH service and make a SSH session to the ESXi host

Step 4. Put the host in maintenance mode

vim-cmd hostsvc/maintenance_mode_enter

Step 5. Install the patch bundle

Using esxcli with the install method has the possibility of overwriting existing drivers. If you are using third-party ESXi images, VMware recommends using the update method to prevent an unbootable state. The following command will install the patch bunde:

esxcli software vib update -d /vmfs/volumes/datastore/

For example install HPE ESXi 6 Update 3:

esxcli software vib update -d /vmfs/volumes/VMFS01/

After the patch bundle is installed check the message. It must say “The update completed successfully, but the system needs to be rebooted for changes to be effective.”

Step 6. Reboot the host  by entering the following command:


Step 7. Make a SSH session to the ESXi host and exit maintenance mode

vim-cmd hostsvc/maintenance_mode_exit

Drive mapping not working with User Environment Manager (UEM)

During a Horizon View implementation with User Environment Manager (UEM) 9.1 the drive mappings don’t show up for some with a Windows 10 VDI. The flexEngine log shows the drive mapping was successfully.

2016-12-16 15:18:45.084 [INFO ] Successfully mapped drive ‘G:’ to ‘\\filesrv-01\apps$’ (‘Applicaties.xml’)

When opening an elevated command prompt and type the command “net use“, the drive mappings where displayed and accessible. The users that didn’t get the drive mappings where local administrator in the Windows 10 VDI desktop.

There is a  known limitation with drive mappings if the user is:

  • Local Admin
    • and
  • User Account Control (UAC) is enabled

Changing one of them results in displaying the drive mapping in the Windows 10 VDI desktop. More information about this issue can be found here, link.

Update: December 22, 2016: Pim van de Vis (@pimvandevis) pointed me to the following setting to solve this issue. The VMware UEM FlexEngine Advanced ADMX template has an advanced setting that is called ‘Special Drive Mapping Logic’. Enabling the ‘Special Drive Mapping Logic’ setting solves this issues. More information can be found here, link.

What to check before upgrading to vSphere 6.5

Last week vSphere 6.5 was released (GA). This release has a lot of new cool features (see this link for more information). In the past I saw vSphere environments that are upgraded without proper preparation resulting in a rollback because compatibility issues with hard-or software. So I created a simple list with steps to check before upgrading to vSphere 6.5:

  • Check the hardware against the VMware Compatibility Guide, link
    • There is a PowerCLI script to check the hardware against the VMware Compatibility Guide, link
    • Devices deprecated and unsupported in ESXi 6.5, link
  • Check if all vSphere products are supported by vSphere 6.5. The following product are not supported yet (when writing this blog):
    • VMware NSX
    • VMware Integrated OpenStack
    • vCloud Director for Service Providers
    • vRealize Infrastructure Navigator
    • App Volumes
    • Horizon Air Hybrid-Mode
    • Integrated OpenStack
    • vCloud Networking and Security
    • vRealize Business for Cloud
    • vRealize Configuration Manager
    • vRealize Hyperic
    • vRealize Networking Insight
  • Check the “Important information before upgrading to vSphere 6.5 article, link
  • Check the update sequence for vSphere 6.5 and its compatible VMware products, link
  • Check if all the third-party products are supported by vSphere 6.5. For example last week Veeam Backup & Replication 9.5 is released. This release has no support yet for vSphere 6.5. Veeam Availability Suite 9.5 Update 1 will add support for vSphere 6.5.
  • The existing vSphere 6.0 license keys are supported for vSphere 6.5. No new license key are needed. More info: link
  • Check the vSphere 6.5 upgrade documentation, link
  • Always install vSphere 6.5 first in non-production environments and test all the critical stuff for some time. vSphere 6.0 had some nasty Change Block Tracking (CBT) bugs that you don’t want in your production environment.
  • Check the supported and deprecated topologies for VMware vSphere 6.5 article, more info: link
  • The vSphere Windows (C#) Client is  deprecated. Use the vSphere Web client of the new HTML5 based Client.
  • VMFS6 is the new filesystem of vSphere 6.5. VMFS6 cannot be inline or offline upgraded from VMFS5 to VMFS6. More info: link
  • TLS protocol versions 1.0, 1.1, and 1.2 are enabled by default in vSphere 6.5. More information about disabling TLS 1.0 can be found here: link.