vCenter Server Appliance 6.7 Update function may not list available patches

As you probably are aware, Intel disclosed a CPU Speculative-Execution vulnerability (called L1 Terminal Fault) on August 14, 2018.  Like many others who work with VMware vSphere environments, I read up on the remediation steps (KB 55683) so I could patch my small lab environment.  For my vCenter, I was excited to use the VAMI Update functionality for the first time!

I logged into the Virtual Appliance Management Interface (or VAMI) by pointing my web browser at the IP of my vCenter Server Appliance using port 5480 (for example: https://myvcenter.lab.net:5480) and navigated to the Update tab.  I hit the Check Updates button with the option to check the CD ROM and URL; but to my confusion no updates appeared in the list.

I double-checked KB 2143838 which is the list of vCenter Server build numbers to ensure a new release was available.  Sure enough – vCenter Server 6.7.0d was released on 8-14-2018.

 

While I could have downloaded the update file from the VMware Portal, I spent a little time searching to see if I could find the problem.  Eventually, I stumbled across KB 55683.  This described a known issue where the VAMI in VCSA 6.7 may not display available patches.   It provided a custom URL you can configure in the VAMI as workaround.  As of the time this blog was written that URL is

https://vapp-updates.vmware.com/vai-catalog/valm/vmw/8d167796-34d5-4899-be0a-6daade4005a3/6.7.0.10000.latest/

To configure the VAMI with this custom URL, login to the VAMI for your VCSA, and navigate to Update, and click on Settings.

This will reveal the Update Settings dialog

Click on the Use Custom Repository option, where you can apply the URL from the VMware Knowledge Base article listed above.  If the User Name or Password fields have any information in them – blank that out.

Click Save.  The dialog will disappear.  In my lab, the new patch appeared automatically.  If you don’t see one, click Check Updates (CD ROM & URL).

You can see the patch details by clicking the > symbol to expand

If you click the RUN PRE-UPDATE CHECKS link, it will look for issues that may cause problems in the upgrade process.

Since my checks passed, I clicked the STAGE AND INSTALL option above the patch list and the upgrade finally began!

NOTE: I did take a snapshot of the VCSA VM before doing any of this work!

If you haven’t updated your VCSA before using the VAMI, you can see a walkthrough of the remaining screens below.   The process is very simple – a few checkboxes and Next/Finish clicks!

VCSA Update End User License Agreement

You are backing up your vCenter – right?!  With VCSA 6.7 it is very easy and can be scheduled.

Upgrade Process: Staging the Update

In my lab, the process only took around 30 minutes.  It was so easy – particularly in comparison of the days of updating a Windows-based vCenter Server.    Just another reason I love the vCenter Server Appliance!