Professional Documents
Culture Documents
This document has been created using vCenter 6.7 and hosts being upgraded from ESXi 6.0 to ESXi 6.7. The specific
versions, file name, patch numbers, etc. can and will change at any time. The overall process will remain mostly the
same. A minimum number of screenshots will be used as well to reduce file size and possible paper when printed.
Contents
Pre-requisite............................................................................................................................................................................ 1
Upgrade vCenter ..................................................................................................................................................................... 2
Move VMs from host being upgraded .................................................................................................................................... 4
Methods of upgrading the ESXi version - use iDRAC interactively or use VMware Update Manager ................................... 4
Upgrade ESXi using iDRAC interactively .................................................................................................................................. 5
Upgrade ESXi using VMware Update Manager ...................................................................................................................... 8
Remediate each host ........................................................................................................................................................ 11
Patching ESXi host to current build using VMware Update Manager .................................................................................. 13
Remediate CVE-2018-3646 ................................................................................................................................................... 17
Appendix A - Missing VIBS .................................................................................................................................................... 19
Pre-requisite
Download the ISO file for your ESXi host upgrade from BOX. These are vendor specific and the files for Dell servers are
in: /Americas IT - TaPS/VMware/Dell ESXi Images. The file names will include the major version, update level and patch
number. The TaPS team will update these monthly as new versions are posted by the vendor.
Note: ESXi 6.7 is not on the VMware Compatibility Guide for the oldest VRTX with M620 hosts. Any hosts with M620
servers should use the 6.5 update.
1
VMware ESXi Host upgrades and patching on VRTX infrastructure
Upgrade vCenter
Before upgrading the hosts, it is highly recommended (not required) to upgrade vCenter to the latest version. This is
currently VMware-VIM-all-6.7.0-15132721.iso as of January 2020. The file is on BOX under: All Files > Americas IT - TaPS
> VMware > vCenter.
2
VMware ESXi Host upgrades and patching on VRTX infrastructure
o IF PROMPTED for Database Information, you will need to use your ADM account and password from
ADSP. Click Next.
o Click Install.
o Click OK to Automatically close and attempt to restart applications.
o Click Finish when complete
Close the Installer screen and Eject the ISO.
Open https://marshavcenter.domain.marrcorp.marriott.com
3
VMware ESXi Host upgrades and patching on VRTX infrastructure
o Confirm network
o Schedule vMotion with high priority
o Finish
o Monitor Recent Tasks until the VM(s) have completed migrating to the other host
Methods of upgrading the ESXi version - use iDRAC interactively or use VMware
Update Manager
There are two different methods that can be used to upgrade ESXi hosts.
Use iDRAC to view the console, mount the ISO, reboot and run the upgrade interactively.
Use VMware Update Manager to import the ISO, set a Baseline and Remediate to the Baseline.
Both methods are detailed below. There isn't a recommended method and both have pros and cons.
4
VMware ESXi Host upgrades and patching on VRTX infrastructure
In vCenter, right click the host > Maintenance Mode > Enter Maintenance Mode
o You should have already moved the VMs so the question if you want to relocate VMs is not relevant.
Access the iDRAC IP address using IE or another web browser.
o Login with your adm-eid@marrcorp.marriott.com.
o On the left, open the Server section and click on Virtual Console.
o It is recommended to use Plug-in Type: Native. This will install/launch and ActiveX control. The
alternate is to set this to HTML5 which will make the install slower. Screenshots shown here are using
the Native client.
5
VMware ESXi Host upgrades and patching on VRTX infrastructure
At the "Select a disk to Install or Upgrade" screen, ensure the boot disk is selected. This should be the only
"Local:" disk listed. On most VRTX purchased prior to mid-2019, this will be the Internal Dual SD. DO NOT select
any of the "Remote:" disks since you could overwrite your Datastores.
The installation will scan the disk and see the previous installation. When the ESXi Found screen appears,
ensure (X) Upgrade is selected and press Enter to continue.
6
VMware ESXi Host upgrades and patching on VRTX infrastructure
Once the host reboots, it will take some time for the host to re-appear in vCenter. Once the host no longer says
"not responding" you can right click > Maintenance Mode > Exit Maintenance Mode.
o If the host does not reconnect, you may need to right click and Connect. This may involve entering the
root login/password and accepting the new fingerprint.
Repeat on remaining hosts. Refer to the section " Move VMs from host being upgraded" above to move VMs
before remediating each host.
7
VMware ESXi Host upgrades and patching on VRTX infrastructure
Open https://marshavcenter.domain.marrcorp.marriott.com
There will be two options - LAUNCH VSPHERE CLIENT (HTML5) and LAUNCH VSPHERE WEB CLIENT (FLEX). Select
LAUNCH VSPHERE WEB CLIENT (FLEX).
o The FLEX option uses Adobe Flash. If Flash is not enabled, run PowerShell as Administrator and run the
following command:
dism /online /add-package /packagepath:”C:\Windows\servicing\Packages\Adobe-Flash-For-Windows-
Package~31bf3856ad364e35~amd64~~10.0.14393.0.mum”
o Note: VMware Update Manager is not present in the HTML5 interface when vCenter is installed on a
Windows OS.
o Note: If the interface does not load in IE, use Chrome. You will need to allow the plug-in to run.
Click on the Home button and select Update Manager
Click on the server > click the Manage tab > click ESXi Images > click Import ESXi Image.
8
VMware ESXi Host upgrades and patching on VRTX infrastructure
the ESXi ISO. Using an older version of ESXi will be OK since it will be patched in following steps.
9
VMware ESXi Host upgrades and patching on VRTX infrastructure
Use a unique name that will indicate specifically what the baseline is for.
Under Baseline type, select Host Upgrade
10
VMware ESXi Host upgrades and patching on VRTX infrastructure
Click the Remediate button, select Upgrade Baselines, select the Baseline Name you created, click Next
Select your target (the host), accept the EULA, skip the Advanced options and leave Host remediation options at
the defaults.
11
VMware ESXi Host upgrades and patching on VRTX infrastructure
Under Cluster remediation options, add a check to "Disable High Availability admission control if it is enabled for
any of the selected clusters. Click Next, then click Finish.
The host will be automatically put into Maintenance Mode while it is upgraded and rebooted.
o The process should take 20-30 minutes
Repeat on remaining hosts. Refer to the section " Move VMs from host being upgraded" above to move VMs
before remediating each host.
12
VMware ESXi Host upgrades and patching on VRTX infrastructure
Note: After upgrading the ESXi version, it may be necessary to go into VMware Update Manager and select
Download patches and upgrades. VUM only downloads patches for the software it knows is in its inventory.
Until now, it did not have the new ESXi version so it must download new patches associated with it. This
happens automatically on a regular basis but can also be forced.
13
VMware ESXi Host upgrades and patching on VRTX infrastructure
Click on the host to be patched > Update Manager tab > Attach Baseline > select both Critical Host Patches
(Predefined) and Non-Critical Host Patches (Predefined) > click OK.
Click Scan for Updates > ensure both Patches and Extensions and Upgrades are checked > click OK. Monitor
progress under Recent Tasks.
Click Stage Patches > ensure both Critical Host Patches are selected and click Next.
14
VMware ESXi Host upgrades and patching on VRTX infrastructure
Ensure all available patches and updates are selected and click Next.
15
VMware ESXi Host upgrades and patching on VRTX infrastructure
Click Finish.
The host will have all selected patches applied and reboot. During this time, it will automatically be placed into
and removed from Maintenance Mode.
16
VMware ESXi Host upgrades and patching on VRTX infrastructure
Remediate CVE-2018-3646
These steps will properly mitigate the VMware vulnerability for ‘L1 Terminal Fault - VMM’ (L1TF - VMM) Speculative-
Execution vulnerability in Intel processors for vSphere: CVE-2018-3646
17
VMware ESXi Host upgrades and patching on VRTX infrastructure
Note, if the warning that the host is potentially vulnerable appears after an upgrade, but the
SuppressHyperthreadWarning is set to 0 (or true), reboot the host and it should resolve the warning.
18
VMware ESXi Host upgrades and patching on VRTX infrastructure
The ‘mpt3sas’ driver enables support for AVAGO MPT Fusion based SAS3 Controllers. Dell doesn’t support this device
and so this driver can be safely removed. You’ll need to enable command line access
Open the iDRAC Virtual Console to access the host desktop.
Log in to the desktop console using F2, then go into Troubleshooting > Enable Console access.
Press Alt+F1 to get to the command line interface, login and run the command below.
esxcli software vib remove --vibname scsi-mpt3sas
When it is done, press Alt+F2 to get back to the console GUI and disable the Console access.
Then you can upgrade without running into that error.
19