Patch ESXi to a Specific Version with the Command-line

This post describes how to patch an ESXi host to a specific version with the command-line. It is highly recommended to use the vSphere Update Manager (VUM) for patch management, but there are some cases where you need an alternative. It's probably noting you would do in production, but you might need a specific version to reproduce problems or to comply with policies.

In this example, I am going to patch a standalone ESXi 5.5 host with internet access to build number 2068190. The host is currently running ESXi 5.5.0 Build 2302651. (It's a downgrade)

  1. Determine the Image Profile for build 2068190. You can identify the Image Profile for all Versions at my ESXi Image Profiles Page. I use the standard profile (with VMware Tools) so the name of the required Image Profile is ESXi-5.5.0-20140902001-standard
  2. If your Host is part of a Cluster place it in maintenance mode
  3. Connect to the ESXi host with SSH
  4. Allow outgoing http connections
    # esxcli network firewall ruleset set -e true -r httpClient
  5. Update ESXi to the selected Image Profile. The default behavior is to install packages with newer versions only. If you want to downgrade to an older version to set the allow-downgrades option.
    esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-5.5.0-20140902001-standard --allow-downgrades
  6. Reboot the System
  7. Block outgoing http connections
    # esxcli network firewall ruleset set -e false -r httpClient

If your policy requires to run all ESXi hosts at the same version (VUM with fixed baselines is best practice here), this is how you figure out which version of ESXi you are running:

Determining ESXi Version with the vSphere Client
The build number is displayed above the tabs
esxi-version-vsphere-client

Determining ESXi Version with the vSphere Web-Client
The build number is displayed in the Summary tab
esxi-version-vsphere-web-client

Determining ESXi Version from the command line
The vmware -v command displays the ESXi build number
esxi-version-command-line

  1. esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-5.5.0-20140902001-standard

    hello,

    to confirm the command above will update a host, mine is at esxi 5.5.0 2068190 to the latest package on the patch site, which is esxi550-201609001?

    thanks and regards,
    peter

  2. hi,

    one of my hosts is at esxi 5.5.0 2068190, i tried it and got a no match error. i tried to look in the
    website path to match up the file and it doesn't display- how can i find the 2016 release or the 2015 5.5.0 update 3? thanks for the site! will share

    esxcli software profile update -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml -p ESXi-5.5.0-201609001-standard

    i tried it and cli returned with a no match error:

    ~ # esxcli network firewall ruleset set -e true -r httpClient
    ~ # esxcli software profile update -d https://hostupdate.vmware.com/software/VUM
    /PRODUCTION/main/vmw-depot-index.xml -p ESXi-5.5.0-201609001-standard
    [NoMatchError]
    No image profile found with name 'ESXi-5.5.0-201609001-standard'
    id = ESXi-5.5.0-201609001-standard

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>