VMware ESXi670 202004002: create custom baseline

Periodically VMware releases updates for their solutions. The most popular ones like VMware vSphere ESX(i), vCenter, VCSA and vRealize are update with a high frequency. The latest info and downloads are available from the main Product Patches page (requires free sign-in). At the time of writing the latest update, namely VMware ESXi670-202004002 released on the April the 28 2020, packs lots of fixes.

One of the interesting options when configuring updates with the VMware Update Manager (VUM) module built in the VCSA appliance is the ability create custom baselines. Such baselines can be customized to include specific patches and updates based on release date. This means it is possible to create a custom baseline (for example on a quarterly basis) and associate this one to all vSphere Hosts in the Data Center. Very quickly it allows to have all required Hosts running exactly on the same build, along with exactly the same patches. This is a life saver especially when running vMotion tasks. Even when everything is perfectly configured between several vSphere Hosts it is important to check the build number.

The purpose of this article is to show the steps to create a custom baseline and bring all the desired Hosts to the latest release VMware ESXi670-202004002 or ESXi 6.7.0 Build 16075168. As anticipated earlier on the latest patch update (at the time of writing) is shipping with a lot of fixes. Here a glance overview and more information are available on the official VMware Patch Release page:

• PR 2449111: Under rare conditions an ESXi host might fail with a purple diagnostic screen when collecting CPU performance counters for a virtual machine
• PR 2436641: Software iSCSI adapters might not appear in the vSphere Client or vSphere Web Client
• PR 2447585: An ESXi host with 3D virtual machines might fail with a blue screen error due to an xmap allocation failure
• PR 2486154: Smart card authentication on an ESXi host might stop working after the ESXi host reboots
• PR 2466300: Teaming failback policy with beacon detection does not take effect
• PR 2451413: Running the esxcfg-info command returns an output with errors hidden in it
• PR 2406230: When you configure HTTP and HTTPs proxy settings with a user name and password, adding an online software depot for vSphere Auto Deploy might fail
• PR 2443942: The SNMP service might fail if many IPv6 addresses are assigned by using SLAAC
• PR 2452877: Attempt to get the block map of an offline storage might fail the hostd service
• PR 2431310: If you migrate virtual machines with NVIDIA virtual GPU (vGPU) devices to an ESXi host that has an incompatible vGPU driver, the virtual machines might shut down unexpectedly
• PR 2407597: Direct I/O or passthrough operations by using an AMD FCH SATA controller might result in an ESXi host platform reboot
• PR 2481222: The hostd service might fail if many retrieveData calls in the virtual machine namespace run within a short period
• PR 2496838: Secondary virtual machines in vSphere Fault Tolerance might get stuck in VM_STATE_CREATE_SCREENSHOT state and consecutive operations fail
• PR 2320980: After changing an ESXi host GPU mode, virtual machines that require 3D graphics hardware might not power on
• PR 2458186: NFS 4.1 datastores might become inaccessible after failover or failback operations of storage arrays
• PR 2374140: A small race window during vSphere Distributed Switch (VDS) upgrades might cause ESXi hosts to fail with a purple diagnostic screen
• and a lot more..

VMware ESXi670-202004002 Baseline update

From the main VMware VCSA console > Updates > the interface to access the VMware Update Manager. This is the location where to create and manage different baselines for different purposes like upgrades, patches and even extensions. In this case, simply an “evolution” from the steps already covered in the overview dedicated to the VMware Update Manager (VUM), the steps to create a custom Baseline for VMware ESXi670-202004002.

At this point from the Update Manager Home it is matter of creating a new Baseline. Next step is to attach the previously created Baseline to the desired VMware Hosts.

A new wizard is starting and the Baseline requires a Name and the content type in this case set to “Patch”. For the name the suggestion is to choose a descriptive name helping when navigating through different Baselines.

In the patches selection the idea is to automatically update the baseline with patches that match specific criteria:

• Patch vendor
• Product
• Severity
• Category
• Release date

The last one is really important to limit the patches only to specific periods. For example 2020 Q2. This means it is possible not just to bring all VMware ESXi Host to the same level but also to specific older releases. For example for troubleshooting or compatibility purposes. In this case all the VMware patches between April 1st and June 30th.

In the next screen it also possible to add extra patches from the list provided. The reality is the majority of patches are cumulative so other than rare cases no additional patches are required at this point.

And finally a Summary screen to review and finalize changes to the Baseline configuration.

Final step is to associate the created Baseline to the required VMware Hosts and either choose Staging only or Remediate which will execute and reboot the Host. So it is a good idea to evacuate or shut down VMs before running the patch upgrade. Unless the VMware Hosts are part of a DRS cluster and such options are controlled automatically with the ability to intervene on default settings.