VMware Lab 23: Using vSphere Update Manager
In this lab we will;
- Install vSphere Update Manager Server
- Install vSphere Update Manager Client
- Modify the Cluster Settings
- Configure vSphere Update Manager
- Create a Patch Baseline
- Attach a Baseline and Scan for Updates
- Stage the Patches onto the ESXi Hosts
- Remediate the ESXi Hosts
Task 1: Install the vSphere Update Manager Server
For this, I’m going to have to try to find and upload this onto my VCSA Server.
Turns out you can install it from the VCSA installer but first you need to have the .NET Framework 3.5 Now how do you install this offline?!
Well, I tried copying the installer over to my VM from my PC but it said I must install it via Roles and Features, but I don’t have the internet to do this…
I found out that you can install it from the Windows 2016 ISO, so away I went.
I specified a custom location to my ISO where the framework is located and hit install and crossed my fingers.
Now after walking praying to the IT gods, I was blessed with success.
Now that is installed let’s try to install the upgrade manager again aye?
First, let’s mount that sucker back in and launch the installer.
So now we need to proceed through the installer, I will only show the interesting parts.
Well, let’s back up a bit because now we are getting VCSA errors…
So it’s saying it can’t connect to the Vcenter so we will have to do some fault finding here.
Can we ping it? Yup
We do have a stopped VM service, let’s start that and see what happens. Well, it won’t let us start it.
Let’s restart the server :O and see if that helps, could be a framework install issue, and may need a reboot.
Now it’s rebooted I’ll wait 5 minutes and then try to connect again.
So after working until 1 am with no luck, I think I am going to reinstall vSphere, by the looks of the lab it only needs hosts which I still have and I think I will only lose my virtual adapters etc which is no big deal, and all my storage still exists so I should be okay and I have my blogs from all the other labs as evidence so we should be all good.
I just want to talk about my issue a bit more.
This is my issue that I am getting and there is very little help for the Windows version and it seems to be a rather common issue as well, and I am sure it has nothing to do with the .Net update etc etc… Agh one step forward 10 steps back.
Queue the sad music.
It’s installed, now I need to add my keys and there is no point blogging that since I have already.
So first the installer installs SQL server 2012.
Here is a slideshow of the install.
Task 2: Install vSphere Update Manager Client
Now before I move on I’m going to get my hosts sorted.
Now let’s install the Client Manager.
After like 48 hours of trying to get this crap installed and then for some reason it was not showing up!!! I had to redo my VM Update manager and restart the service.
So after this and praying to Talos I was graced with the Update Manager.
Task 3: Modify the Cluster Settings
Before I can do this I need to re-setup my DRS…
Actually, it turns out that’s all I needed to do, all my VMkernal adapters etc are all there and I pretty much lost nothing!
So here we are just confirming settings like HA is not defined for anything.
And confirming none of the VMs have reserved CPU resources.
As well as the Memory.
Task 4: Configure vSphere Update Manager
For this we need to import patches for the ESXi, so off I go to find them.
Mark uploaded the file and I was then able to upload it
Here it is located in my patch list.
Task 5: Create a Patch Baseline
For this I only need to do a few things.
- Go to Baselines and Groups and start the Baseline Wizard and enter a name and description
2. Click Fixed.
3. Then select the updates/patches.
Task 6: Attach a Baseline and Scan for Updates
First, we need to attach a Baseline and attach it.
The lab says it should show up as uncompliant but since this is a different update etc it does not, so I will assume i’m ok to proceed.
Task 7: Stage the Patches onto the ESXi Hosts.
I just made a slideshow to show this process.
This staged my updates.
Task 8: Remediate the ESXi Hosts
First, we need to click Remediate.
Then follow the wizard
So after waiting.
It errored out.
I then ran a pre-check and it gave me a few suggestions.
So I will so what it suggests and re-ran it.
So I changed the VMs I also shut down one on each for better vMotion performance., and it still failed.
This stumped me for a few days, so I stood back and tried to think of what it’s trying to do and why it hangs.
I thought, well what is the first step it would to go into… MAINTENANCE MODE!!! So I switched it to that and crossed my fingers.
Now, lets wait.
SOMETHING IS HAPPENING! I now see an install task.
Here we can see the task completed and the ESXi has connected to the VCSA again, let us check the version numbers, let’s check the un-updated ESXi to get the build number.
Here we can see its build is 5969303
Now to check the updated ESXi build number.
WOOOOO!!!! It worked, and all because it would not go into maintenance mode by its self…
Q1. Was the ESXI host placed into maintenance mode by the remediation process?
No it was not, and this is where I got stuck.
Q2. Were the VM’s migrated to the other node in the cluster?
Yes, when it switched to maintenance mode, the VMs moved.
Q3. Was the patch installed on the ESXi in maintenance mode?
Yes it was.
Q4. Was the patched ESXi host rebooted?
Yes it was, it also disconnected from VCSA during that time.
Q5. Did the patched ESXi host exit maintenance mode?
No, because I put it into that mode manually.
Q6. Were the VMs that migrated to the other ESXi host present in the cluster?
Q7. Were both ESXi hosts patched successfully?
Yes here is my second ESXI host
And now we are completely compliant.
This lab really taught me everything about updating your ESXi hosts, and it’s really neat, I got stumped because of the issue of maintenance mode not working automatically but it turns out I could just force it into the mode and walah, it was fixed.
There is not much to talk about in this lab, I did face a lot of issues with VCSA crashing and update manager not showing up, but after swearing and crying it ended up working.