How to easily update your VMware vCenter Server Appliance to VCSA 6.0 Update 2

Posted by Paul Braren on Mar 16 2016 (updated on Mar 31 2018) in

Important Update - On Mar 20 2018, VMware VMSA-2018-0004.3 announced that CVE-2017-5715 (Spectre-2) mitigation is now included in the latest patch that you should be using instead of the older patch featured in the original article below. You'll find the newer article here:

How to easily update your VMware vCenter Server Appliance from 6.5.x to 6.5 Update 1g (VCSA 6.5 U1g) with Spectre mitigation

Article below as it originally appeared.

VMware vCenter Server 6.0 Update 2 Release Notes 15 MARCH 2016 | ISO Build 3634788,
if you just want to see the super easy update via CLI steps or VAMI web UI, jump below.

Backstory

If you're using VCSA 6.0, Update 1 introduced the new Appliance Management Interface. Think re-incarnated Virtual Appliance Management Interface (VAMI), from those 5.5 days of yore, that Web UI you get when you access your VCSA via port 5480. Yep, it has an Update button. That upgrade method didn't work for me though, when I tried it last time around, trying to get to 6.0U1b. It says it downloaded the code, but didn't actually apply it. I didn't dwell on it though. I just nuked VCSA and redeployed it.

Why did I give up on VAMI so easily? Back in January, I was really just wanting to find and test a repeatable procedure that'd work for everybody, whether upgrading from VCSA 6.0 or VCSA 6.0U1. A simple method was found, published by David Stamen:

Upgrading VCSA from 6.0 U1a to 6.0U1b using CLI
Jan 12 2016 at davidstamen.com

[Mar 17 2016 Update - Upgrade via VAMI issue has been resolved in this 6.0 U2 release, detailed below, so feel free to use whichever upgrade method you prefer. VAMI still seems to be a longer process to follow.]

Important Note - update your VCSA before your ESXi!

You are supposed to update your vCenter Server Appliance (VCSA) before you update your ESXi hosts, as VMware explains here, and William Lam here. By the way, I type it as VCSA instead of VCSA, just because that's how it's capitalized in the VMware vCenter Server 6.0 Update 2 Release Notes.

David's steps have been tested, and work great in my home lab. I've added some important details, as also seen in the video below. These instructions are geared toward home lab (non-production) environments. Perform these steps at your own risk, and backup first.

Download and apply the VCSA 6.0 Update 2 patch directly from the VMware Online Depot, all in one simple command!

Create a snapshot of your current VCSA VM, just in case the upgrade doesn't work out. This may allow you quick and easy rollback. Even better, a full backup.
Open an SSH session (PuTTY) to your VCSA 6.0 (or VCSA 6.0 Update 1) server, but don't type the usual shell.set command.
Paste the following command in the ssh session, at the Command > line seen right after you login (see also screenshot below):
```
software-packages install --url --acceptEulas
```
Now you just wait for the download and the patching, to happen automatically. No need to watch, takes longer that way.

After at least 6 minutes (depends partly on download and hard drive speeds), you should see success reported on the last line:

login as: root
VMware vCenter Server Appliance 6.0.0.10000
Type: vCenter Server with an embedded Platform Services Controller
root@10.10.1.251's password:
Last failed login: Wed Mar 16 07:30:20 UTC 2016 from 10.10.1.102 on ssh:notty
There was 1 failed login attempt since the last successful login.
Last login: Wed Mar 16 07:30:50 2016 from 10.10.1.102
Connected to service
* List APIs: "help api list"
* List Plugins: "help pi list"
* Enable BASH access: "shell.set --enabled True"
* Launch BASH: "shell"
Command> software-packages install --url --acceptEulas
[2016-03-16T07:31:02.076] : Validating software update payload
[2016-03-16T07:31:02.076] : Validation successful
[2016-03-16T07:31:02.076] : Running pre-stage.py
[2016-03-16T07:31:02.076] : Verifying staging area
[2016-03-16T07:31:02.076] : Third party packages found.
[2016-03-16T07:31:02.076] : Staged 167 packages.
[2016-03-16 07:31:02,877] : Copying software packages 167/167
[2016-03-16 07:34:53,887] : Running test transaction ....
[2016-03-16 07:34:57,109] : Running pre-install script.....
[2016-03-16T07:36:21.076] : Services stopped.
[2016-03-16 07:36:21,820] : Upgrading software packages ....
[2016-03-16 07:40:04,007] : Running post-install script.....
[2016-03-16T07:40:05.076] : **Packages upgraded successfully**, Reboot is required e the installation.
Command>
Broadcast message from root (Wed Mar 16 07:49:56 2016):
The system is going down for reboot NOW!

One Command - Packages upgraded successfully, Reboot is required to complete the installation — Here's how my upgrade from 6.0.0.10000 [Build 3018523] to 6.0.0.20000 [Build 3634788] looked after the successful 6 minute download/patch, when I requested the host reboot through the vSphere Web Client.

You need to restart VCSA by right-clicking in vSphere Client and selecting Power, Restart Guest. OR, optionially, restart your ESXi server using vSphere Web Client or vSphere Client, by right-clicking on the host and selecting restart, this will restart VCSA as well, if you have your shutdown/startup settings configured correctly. I prefer to know they'll be no surprises after a complete system reboot. This reboot takes quite a while, usually over 10 minutes before you can log back in, so a good time to...
Download and install VMware vSphere Client 6.0 Update 2. You'll want to grab the client code and install it now, while waiting for that long reboot. If you have a prior 6.x version on your Windows system that's doing administration, this will automatically upgrade it. Download client build 3562874:
VMware-viclient-all-6.0.0-3562874.exe
Once everything is booted back up and VCSA has had a good long while to start all its services (even with an SSD, that can be 10 minutes), it's a good idea to also test login using the vSphere Client and the vSphere Web Client, and be sure everything seems to be working right in that shiny new VCSA.
If you created a snapshot back in step one, if you're comfortable that everything is working in 6.0.0.20000 (which is seen as Build 3634788 in the vSphere Client and vSphere Web Client), you may want to go ahead and delete snapshot(s).

vCSA appliance patch successful — Yep, it worked! You've effectively avoided downloading much of that 2.8GB VMware-VCSA-all-6.0.0-3634788.iso

That's it! You'll see for yourself that you now have the latest VCSA 6.0.0.20000, as pictured above. Now you have more spare time to read more TinkerTry articles, such as the one you'll really want to read next:

How to easily update your VMware Hypervisor to ESXi 6.0 Update 2
Mar 16 2016

Video

How to update your VMware vCenter server to VCSA 6.0 Update 1b the easy way, same exact technique is used for Update 2, it's even the same command!

Mar 16 2016 Update

Clarification. About VAMI upgrades of VCSA sometimes getting stuck at 70%, the issue has been resolved ~~(once you get to U2)~~, according to VMware's William Lam:

@paulbraren @Emad_Younis well, its fixed in U2 :) So there’s no need to. You can use either interface, choice is up to customer
— William Lam (@lamw) March 16, 2016

so I would expect future articles about upgrading VCSA to put more emphasis on the friendly VAMI method than the CLI method.

Mar 17 2016

My article was published just a few hours after VCSA was released. I've now received further clarification that stuck VAMI issues have been fixed for everybody, regardless of what VCSA version you're on. So as William said yesterday, folks really do have a choice between VAMI and CLI, and both methods are now quite easy.

With VAMI, you basically visit this URL and login, substituting your actual VCSA appliance name or IP address for yourvcsanameorip:
https://yourvcsanameorip:5480/index.html#/update
and you get nice status updates along the way.

Love how easy it is to update the VCSA. Point, click, reboot. pic.twitter.com/O1HE3BFZW1
— g_mulholland (@g_mulholland) March 16, 2016

Digging into the Release Notes, it's all right there:

In the vCenter Server Appliance Management Interface, the vCenter Server Appliance update status might be stuck at 70 percent
In the vCenter Server Appliance Management Interface, the vCenter Server Appliance update status might be stuck at 70 percent, although the update is successful in the back end. You can check the update status in the /var/log/vmware/applmgmt/software-packages.log file. After a successful update, a message similar to the following is seen in the log file:
Packages upgraded successfully, Reboot is required to complete the installation
This issue is resolved in this release.

So lesson learned, I've downed the humble pie, and updated the article above, notating the VAMI fix.

Note that it's expected that KB 2144485 will be updated soon as well:

Upgrade the vCenter Server or Platform Services Controller Appliance 6.0 via the VAMI hangs at 70% (2144485)
kb.vmware.com/kb/2144485

@paulbraren @lamw @Emad_Younis Just to clarify, Paul, you don’t need to be on U2 for the fix. The U2 installer has the fix.
— Adam Eckerle (@eck79) March 17, 2016

See also this great new post by Andreas Peetz:

An important heads-up for users of the Embedded Host Client!

With the release of ESXi 6.0 Update 2 it is now an officially supported package that is included in ESXi out-of-the-box. In its Release Notes it is stated though that the EHC package will be further developed independently from ESXi releases, so we will see out-of-band updates to it in the future - just like with VMware Tools.

Second great news is that the EHC now fully supports ESXi when using the free Hypervisor license.

Andreas goes on to explain that you may have issues if you already had the EHC (Embedded Host Client) installed prior to upgrading, I encourage you to read his entire article for details.