Upgrade VMWare vCenter 6.7 U1 U2 U3 to 6.7 U3f

Posted by

As many of you are aware VMware recently came out with a CVE: CVE-2020-3952 that requires taking your existing VMWare vCenter to 6.7 U3f or 7.0.  Since going from 6.7 to 7.0 requires a re-deploy of the vCenter I thought doing an in place upgrade would be the quickest way to fix this security vulnerability.  Below you will find my step by step I followed to upgrade my vCenters.

If you would like assistance in the below or have general questions about Cloud solutions, VMware, and more, feel free to visit the following URL and I will be able to work directly with you:
https://bit.ly/3qcNxsN

My article explaining CVE-2020-3952:

https://digitalthoughtdisruption.com/2020/04/10/advisory-severity-critical-vmware-vcenter-server-updates-address-sensitive-information-disclosure-vulnerability-in-the-vmware-directory-service-vmdir-cve-2020-3952/

Please Remember:
Go to the following URL to confirm version number you need for 6.7 U3f

https://docs.vmware.com/en/VMware-vSphere/6.7/rn/vsphere-vcenter-server-67u3f-release-notes.html

https://kb.vmware.com/s/article/2143838

Go to the following URL to confirm all other products are compatible with U3:

Once you confirm you won’t break anything with the above URLs I recommend any of the three ways below to backup your vCenter.  Personally, I know it is overkill but I perform all three because you can never be too cautious. 

  1. Backup
  2. Clone the vCenter VCSA
  3. Snapshot

Step by Step Process

Step 1. Log into the VAMI

Log into the browser of your choice and type: https://FQDNorIPofvCenter:5480

Log in as root

Step 2. Pre-checks

Machine generated alternative text:
Summary 
Monitor 
Access 
Networking 
Firewall 
Time 
Services 
Update 
Administration 
Syslog 
Backup 
Current version details 
Appliance 
Version 
Available updates (Last Checked Apr 11, 2020, 10:10:00 AM) 
vCenter Server with an embedded Platform Sewices Controller 
@ updates and patches are cumulative The most recent update or patch in the table below will contain all previous patches 
STAGE ONLY 
O 
O 
O 
O 
O 
O 
> 
> 
> 
STAGE AND INSTALL 
Version 
6.7_0.42100 
6.7_0.42200 
6.7_0.42300 
6.7_0.4300 
Summary 
Pre-update checks 
Estimated downtime 
Priority 
Services affected 
Download size 
6.7_0.42000 
6.7_0.41000 
Type 
Patch tor VMware vCenter Server Appliance 6.70 
RUN PRE-UPDATE CHECKS 
Run pre-update checks to determine estimated downtime. 
1.84 GB 
Release Date 
Jan 29, 2020 
Feb 26, 2020 
Mar 25. 2020 
Apr 8, 2020 
Dec 4, 2019 
Oct 23, 2019 
Rebcn)t Required 
Yes 
Yes 
Yes 
Yes 
Yes 
Yes 
SETTINGS 
Severity 
Critical 
Critical 
Critical 
Critical 
Critical 
Critical 
CHECK UPDATES v 
x 
6 Items

Go to Update > 6.7.0.43000 which was released on Apr 8, 2020 > click RUN PRE-UPDATE CHECKS

Machine generated alternative text:
Summary 
Pre-update checks 
Estimated downtime 
Priority 
Services affected 
Download size 
Patch tor VMware vCenter Server Appliance 6.70 
@ Passed C 
337 minutes 
1.84 GB

If passed move onto step 3.

Step 3. STAGE AND INSTALL

Machine generated alternative text:
STAGE ONLY 
O 
O 
O 
O 
> 
> 
v 
STAGE AND INSTALL 
Version 
6.7_0.42100 
6.7_0.42200 
6.7_0.42300 
6.7_0.43000 
Summary 
Type 
Patch tor VMware vCenter Server Appliance 6.70

You can stage only to stage the code and upgrade later or you can click stage and install and begin the upgrade.

At 70% the console will go blank and a refresh will bring you back to the screen and continue with it’s status update.

hit refresh and it should take you back to theupdate section

From the VAAMI you can see we are at the desired code level

You can verify real quick in the about section that you are at the right version level by going to the vCenter at the top of the screen and looking at version information.

Summary:
As you can see in-place upgrades are relatively easy to do.  I hope everyone has non-disruptive upgrades and everything goes smoothly.  As always, I hope this article was helpful.

2 comments

Leave a Reply