How to easily update your VMware vCenter Server Appliance to VCSA 6.0 Update 2

Posted by Paul Braren on Mar 16 2016 (updated on Mar 31 2018) in
  • ESXi
  • Virtualization
  • HowTo
  • HomeLab
  • Important Update - On Mar 20 2018, VMware VMSA-2018-0004.3 announced that CVE-2017-5715 (Spectre-2) mitigation is now included in the latest patch that you should be using instead of the older patch featured in the original article below. You'll find the newer article here:

    Article below as it originally appeared.

    VMware vCenter Server 6.0 Update 2 Release Notes 15 MARCH 2016 | ISO Build 3634788,
    if you just want to see the super easy update via CLI steps or VAMI web UI, jump below.


    If you're using VCSA 6.0, Update 1 introduced the new Appliance Management Interface. Think re-incarnated Virtual Appliance Management Interface (VAMI), from those 5.5 days of yore, that Web UI you get when you access your VCSA via port 5480. Yep, it has an Update button. That upgrade method didn't work for me though, when I tried it last time around, trying to get to 6.0U1b. It says it downloaded the code, but didn't actually apply it. I didn't dwell on it though. I just nuked VCSA and redeployed it.

    In VAMI on the last VCSA release, I was getting the "Packages Already Staged" message, but it never actually applied them.

    Why did I give up on VAMI so easily? Back in January, I was really just wanting to find and test a repeatable procedure that'd work for everybody, whether upgrading from VCSA 6.0 or VCSA 6.0U1. A simple method was found, published by David Stamen:

    [Mar 17 2016 Update - Upgrade via VAMI issue has been resolved in this 6.0 U2 release, detailed below, so feel free to use whichever upgrade method you prefer. VAMI still seems to be a longer process to follow.]

    Important Note - update your VCSA before your ESXi!

    You are supposed to update your vCenter Server Appliance (VCSA) before you update your ESXi hosts, as VMware explains here, and William Lam here. By the way, I type it as VCSA instead of VCSA, just because that's how it's capitalized in the VMware vCenter Server 6.0 Update 2 Release Notes.

    David's steps have been tested, and work great in my home lab. I've added some important details, as also seen in the video below. These instructions are geared toward home lab (non-production) environments. Perform these steps at your own risk, and backup first.

    Download and apply the VCSA 6.0 Update 2 patch directly from the VMware Online Depot, all in one simple command!

    1. Create a snapshot of your current VCSA VM, just in case the upgrade doesn't work out. This may allow you quick and easy rollback. Even better, a full backup.
    2. Open an SSH session (PuTTY) to your VCSA 6.0 (or VCSA 6.0 Update 1) server, but don't type the usual shell.set command.
    3. Paste the following command in the ssh session, at the Command > line seen right after you login (see also screenshot below):
      software-packages install --url --acceptEulas

      Now you just wait for the download and the patching, to happen automatically. No need to watch, takes longer that way.

    4. After at least 6 minutes (depends partly on download and hard drive speeds), you should see success reported on the last line:
      login as: root
      VMware vCenter Server Appliance
      Type: vCenter Server with an embedded Platform Services Controller
      root@'s password:
      Last failed login: Wed Mar 16 07:30:20 UTC 2016 from on ssh:notty
      There was 1 failed login attempt since the last successful login.
      Last login: Wed Mar 16 07:30:50 2016 from
      Connected to service
      * List APIs: "help api list"
      * List Plugins: "help pi list"
      * Enable BASH access: "shell.set --enabled True"
      * Launch BASH: "shell"
      Command> software-packages install --url --acceptEulas
      [2016-03-16T07:31:02.076] : Validating software update payload
      [2016-03-16T07:31:02.076] : Validation successful
      [2016-03-16T07:31:02.076] : Running
      [2016-03-16T07:31:02.076] : Verifying staging area
      [2016-03-16T07:31:02.076] : Third party packages found.
      [2016-03-16T07:31:02.076] : Staged 167 packages.
      [2016-03-16 07:31:02,877] : Copying software packages 167/167
      [2016-03-16 07:34:53,887] : Running test transaction ....
      [2016-03-16 07:34:57,109] : Running pre-install script.....
      [2016-03-16T07:36:21.076] : Services stopped.
      [2016-03-16 07:36:21,820] : Upgrading software packages ....
      [2016-03-16 07:40:04,007] : Running post-install script.....
      [2016-03-16T07:40:05.076] : **Packages upgraded successfully**, Reboot is required e the installation.
      Broadcast message from root (Wed Mar 16 07:49:56 2016):
      The system is going down for reboot NOW!
      One Command - Packages upgraded successfully, Reboot is required to complete the installation
      Here's how my upgrade from [Build 3018523] to [Build 3634788] looked after the successful 6 minute download/patch, when I requested the host reboot through the vSphere Web Client.
    5. You need to restart VCSA by right-clicking in vSphere Client and selecting Power, Restart Guest. OR, optionially, restart your ESXi server using vSphere Web Client or vSphere Client, by right-clicking on the host and selecting restart, this will restart VCSA as well, if you have your shutdown/startup settings configured correctly. I prefer to know they'll be no surprises after a complete system reboot. This reboot takes quite a while, usually over 10 minutes before you can log back in, so a good time to...
    6. Download and install VMware vSphere Client 6.0 Update 2. You'll want to grab the client code and install it now, while waiting for that long reboot. If you have a prior 6.x version on your Windows system that's doing administration, this will automatically upgrade it. Download client build 3562874:
    7. Once everything is booted back up and VCSA has had a good long while to start all its services (even with an SSD, that can be 10 minutes), it's a good idea to also test login using the vSphere Client and the vSphere Web Client, and be sure everything seems to be working right in that shiny new VCSA.
    8. If you created a snapshot back in step one, if you're comfortable that everything is working in (which is seen as Build 3634788 in the vSphere Client and vSphere Web Client), you may want to go ahead and delete snapshot(s).
    vCSA appliance patch successful
    Yep, it worked! You've effectively avoided downloading much of that 2.8GB VMware-VCSA-all-6.0.0-3634788.iso

    That's it! You'll see for yourself that you now have the latest VCSA, as pictured above. Now you have more spare time to read more TinkerTry articles, such as the one you'll really want to read next:


    How to update your VMware vCenter server to VCSA 6.0 Update 1b the easy way, same exact technique is used for Update 2, it's even the same command!

    Mar 16 2016 Update

    Clarification. About VAMI upgrades of VCSA sometimes getting stuck at 70%, the issue has been resolved (once you get to U2), according to VMware's William Lam:

    so I would expect future articles about upgrading VCSA to put more emphasis on the friendly VAMI method than the CLI method.

    Mar 17 2016

    My article was published just a few hours after VCSA was released. I've now received further clarification that stuck VAMI issues have been fixed for everybody, regardless of what VCSA version you're on. So as William said yesterday, folks really do have a choice between VAMI and CLI, and both methods are now quite easy.

    With VAMI, you basically visit this URL and login, substituting your actual VCSA appliance name or IP address for yourvcsanameorip:
    and you get nice status updates along the way.

    Digging into the Release Notes, it's all right there:

    In the vCenter Server Appliance Management Interface, the vCenter Server Appliance update status might be stuck at 70 percent
    In the vCenter Server Appliance Management Interface, the vCenter Server Appliance update status might be stuck at 70 percent, although the update is successful in the back end. You can check the update status in the /var/log/vmware/applmgmt/software-packages.log file. After a successful update, a message similar to the following is seen in the log file:
    Packages upgraded successfully, Reboot is required to complete the installation
    This issue is resolved in this release.

    So lesson learned, I've downed the humble pie, and updated the article above, notating the VAMI fix.

    Note that it's expected that KB 2144485 will be updated soon as well:

    • Upgrade the vCenter Server or Platform Services Controller Appliance 6.0 via the VAMI hangs at 70% (2144485)

    See also this great new post by Andreas Peetz:

    • An important heads-up for users of the Embedded Host Client!

      With the release of ESXi 6.0 Update 2 it is now an officially supported package that is included in ESXi out-of-the-box. In its Release Notes it is stated though that the EHC package will be further developed independently from ESXi releases, so we will see out-of-band updates to it in the future - just like with VMware Tools.

      Second great news is that the EHC now fully supports ESXi when using the free Hypervisor license.

    Andreas goes on to explain that you may have issues if you already had the EHC (Embedded Host Client) installed prior to upgrading, I encourage you to read his entire article for details.

    See also at TinkerTry

    See also