VMWare – Install ESXi Patches via esxcli

This article explains how to install patches on ESXi hosts using esxcli, if Update Manager is not not available or not working.

Prerequisites

  1. Download the desired patch from my.vmware.com
  2. Upload the patch to a datastore that the ESXi host has access to

Installing the patch

Connect to your ESXi host over SSH. This may require you to enable the SSH service on the host within vSphere, depending on your organization’s Security posture.

First, pull the current ESXi build number and the list of installed VIBs so that you can compare before/after. For example:

#Pulling the build number
esxcli software vib list | grep esx-base

#Pulling the VIBs
esxcli software vib list

Place the host into Maintenance mode. NOTE: If you do not have DRS, or DRS is not configured as ‘Fully Automated’, you may need to manually vMotion VMs off of this host. In any case, I would strongly recommend you do not proceed with installing the patch until there are no VMs running on the host.

vim-cmd hostsvc/maintenance_mode_enter

cd into the datastore (and sub-directory, if applicable) where the uploaded patch resides. Or you will need to specify the full datastore path in the upgrade command below.

cd /vmfs/volumes/<datastore-name>/esxi-patches

You can either update or install the patch. More often than not, ‘update’ is probably the best choice, since it will not overwrite the patch if it is already installed.

Updating the ESXi host with the patch:

NOTE: To update with a .zip file, use the ‘-d’ option. To update with a .vib file, use the ‘-v’ option.

esxcli software vib update -d "ESXi550-201709001.zip"

The patch upgrade will generate a good amount of console output, but ultimately what you are looking for is:

Installation Result
Message: The update completed successfully, but the system needs to be rebooted for the changes to be effective.

The output will also include a list of all of the VIBs that were installed, removed or skipped during the upgrade.

You can re-run the query commands at the top of this article and compare the version numbers as an extra verification step to ensure the upgrade processed successfully.

Reboot the host to complete the patch upgrade:

esxcli system shutdown reboot -r "Upgraded to patch x"