VMware vSphere 7 Update 3d (VCSA 7.0U3d & ESXi 7.0U3d) includes critical bugfixes
Refer to this VMware KB for all release and patch dates.
- VMware KB 2143832
Build numbers and versions of VMware ESXi/ESX (2143832)
For detailed information on this release, please visit:
-
VMware ESXi 7.0 Update 3d Release Notes
I encourage you to carefully review all instances of the words Critical and Purple, here's some excerpts:
Component | Bulletin | Category | Severity ESXi Component - core ESXi VIBs | ESXi_7.0.3-0.35.19482537 | Bugfix Critical ESXi Install/Upgrade Component | esx-update_7.0.3-0.35.19482537 | Bugfix Critical Broadcom Emulex Connectivity Division FC and FCoE Driver | Broadcom-ELX-lpfc_14.0.169.25-5vmw.> 703.0.35.19482537 Bugfix Critical LSI NATIVE DRIVERS LSU Management Plugin | Broadcom-lsiv2-drivers-plugin_1.0.0-10vmw.703.0.35.19482537 | Bugfix Critical VMware NVMe over TCP Driver | VMware-NVMeoF-TCP_1.0.0.1-1vmw.703.0.35.19482537 | Bugfix Critical ESXi Component - core ESXi VIBs | ESXi_7.0.3-0.30.19482531 | Security Critical ESXi Install/Upgrade Component | esx-update_7.0.3-0.30.19482531 | Security Critical VMware-VM-Tools | VMware-VM-Tools_11.3.5.18557794-19482531 | Security Critical
- VMware vCenter Server 7.0 Update 3d Release Notes
Miscellaneous Issues
-
SSH access fails after you upgrade to ESXi 7.0 Update 3d
After you upgrade to ESXi 7.0 Update 3d, SSH access might fail in certain conditions due to an update of OpenSSH to version 8.8.
Workaround: For more information, see VMware knowledge base article 88055.
-
When you're done, you'll be on:
- VCSA 7.0.3 7.0U3d (7 Update 3d) Build 19480866 (VAMI calls it 7.0.3.00500)
- ESXi 7.0.3 7.0U3d (7 Update 3d) Build 19482537
Observations
While I successfully upgraded both my VCSA and my ESXi host in my home lab, I still encountered difficulties getting daily automated backups of VCSA working again, backing up to an SMB target, referenced in KB 86069 "VAMI Backup with SMB reports error: "Path not exported by the remote filesystem" (86069)". You can follow my struggles and eventual success here:
Certainly wouldn't encourage investing more time in it unless you feel like it. FYI, somehow, merely changing the time of day for scheduled VCSA backups somehow got them working again, at least for me. Only takes seconds to give it a try, but yeah, I know, it's a longshot...
You can follow me on Twitter, subscribe to my RSS feed for TinkerTry Articles about Virtualization, subscribe to my TinkerTry YouTube Channel then peruse the Virtualization Video library, and/or subscribe to my TinkerTry Weekly newsletter to be notified of updates automatically.
See also at TinkerTry
- All vSphere 7 articles
- All vSphere 7 videos
- VMware vSphere 7 Update 3 is now GA, here's how to download it any which way! (updated Jan 28 2022 for 7U3c)
Oct 06 2021 updated Jan 28 2022
- How to update any VMware ESXi Hypervisor to the latest using ESXCLI for easy download and install
Aug 14 2018 updated Mar 31 2022
How's your update to VCSA & ESXi 7.0U3d going?
— Paul Braren | TinkerTry.com š„ļøšāļøšš (@paulbraren) April 1, 2022
vCenter 7 Update 3d RNhttps://t.co/2NZnhfUkNr
ESXihttps://t.co/wQHl0QNA5A
ESXi patching via ESXCLI article now updated:https://t.co/1zrzqFNAGZ#homelab testing going well, except:https://t.co/c0m9zOsXLA & VCSA memory warning pic.twitter.com/97Yp4sUo8G
All Comments on This Article (9)
Enabling NTLMv1 is required for Synology NAS to mount ISO on SuperMicro KVM using Redfish firmware as well.
RE: **WARNING!! "RESOLUTION" AT END OF ARTICLE DESTROYS 7.0.3 HOST**
I retract this as being overly harsh, because it does not "destroy" the host entirely.
If ntp.conf is corrupted, you can reset all NTP settings to default, with this command as shown above:
esxcli system ntp set -r
Anyway, over at the offical VMware forums it was confirmed this series of commands fixed the NTP issue for others in 7.0.3.
As for the SMB issue, you'll need to enable SMB v1 and enable NTLMv1,
because VMware has not updated to support encrypted SMB v3 or NTLMv2
yet....
@paulbraran VMware fixed the NTP issue (but requires the commands I listed if not doing a clean-install).
As for the SMB issue, you'll need to enable SMB v1 and enable NTLMv1, because VMware has not updated to support encrypted SMB v3 or NTLMv2 yet....
NTP is finally working again (broken for about a year in Update3), in ESXi 7.0 U3g and vCenter 7.0 U3g. Supposedly NTP is also fixed in U3f, but if you read its release notes you will run immediately to patching to U3g....
If you upgraded from prior builds you'll need the commands I listed in my VMware forum posting on page-6:
https://communities.vmware.com/t5/ESXi-Discussions/NTP-broken-after-ESXi-7u3-upgrade/td-p/2874086/page/6
**NTP KB ARTICLE; NOTE! ONLY FOR 7.0-U3+**
https://kb.vmware.com/s/article/87488
https://kb.vmware.com/s/article/87176
**HELPFUL OLD NTP KB ARTICLE, FOR SYNTAX COMMANDS ONLY**
((This KB specifically states issues after u3 upgrade))
https://kb.vmware.com/s/article/86255
**WARNING!! "RESOLUTION" AT END OF ARTICLE DESTROYS 7.0.3 HOST**
**ONLY USE THE NEW KB ARTICLES ABOVE FOR U3 NTP TEXT FILE METHOD**
((VMware should insert a warning about this for Update-3!!))
===============
After KP Articles, vCenter was showing as broken (red alerts).
To get vCenter to re-sync NTP based on Host, this worked for me:
**Reset NTP settings on ESXi host, back to defaults:**
[root@localhost:~] esxcli system ntp set -r
**Reload NTP service on ESXi host:**
[root@localhost:~] /etc/init.d/ntpd restart
**Use vCenter GUI to input NTP addresses into ESXi host again**
((I'm using GUI because I want to see it work as designed...)
**Reset NTP on ESXi host again**
[root@localhost:~] /etc/init.d/ntpd restart
**Poll the NTP server on ESXi host a few times, give it a minute:**
[root@localhost:~] ntpq -p
**Wait until NTP server on ESXi host shows Time Sync = True:**
[root@localhost:~] esxcli system ntp test
((Diags output omitted..)
Service analysis completed.
Timeinsync: true
[root@localhost:~] esxcli system ntp get
Enabled: true
Loglevel: warning
PID: 2126728
Runtime Seconds: 260
Servers: time.nist.gov, pool.ntp.org
Service Providing Kernel Time: Network Time Protocol
Time Service Enabled: true
Time Synchronized: true
**Check ESXi host and vCenter GUI's**
((In vCenter > Host > Configure > Time Config > Test Service))
**Finally, for 1st time since 7.0u2, this test passed for me!**
Update:
ESXi is at 7.0 Update3f, but VCSA is now up to 7.0 Update 3g.
VCSA Update3f seems to be "poison" many folks having bad issues with it.
NTP is still not fixed in u3g.
Here is the buggy ESXi 7.0 NTP bug drama dragging out in official VMware forums for may months now:
https://communities.vmware.com/t5/ESXi-Discussions/NTP-broken-after-ESXi-7u3-upgrade/td-p/2874086
In record-time, vSphere 7.0 (both ESXi and vCenter), are already patched at Update 3(f).
Unfortunately, NTP is still considered by many to be buggy/unreliable in 70u3f - which is a big problem introduced in 7.0 Update3 and still unfixed, a fairly stunning length of time for such a critical clustering data center service - along with other bugs also still persisting.
Note:
You definitely don't want to run any build of 7.0 Update 3, 3a, or 3b, they were all pulled from the internet by VMware due to critical flaws.
Paul Braren | TinkerTry.com
Thank you, your comments are consistently helpful and awesome!