So you’re still using ESX 3.5 and need to patch it manually? Bummer, I know, I’m in that boat right now, or was. I ran “esxupdate -a query” to find out the latest patch and saw, “ESX Server 3.5.0 Update 4”. Then went to VMware’s downloads site to download Update 5a, and when it prompted me to download all dependencies, I did.
What did that give me? Nineteen (19) bundles/depots/zip files, one of which was ‘ESX350-Update05a.zip’
ESX350-200911201-UG.zip
ESX350-200911202-UG.zip
ESX350-200911203-UG.zip
ESX350-200911204-UG.zip
ESX350-200911205-UG.zip
ESX350-200911206-UG.zip
ESX350-200911207-UG.zip
ESX350-200911209-UG.zip
ESX350-200911210-UG.zip
ESX350-200911211-UG.zip
ESX350-200911212-UG.zip
ESX350-200911214-UG.zip
ESX350-200911215-UG.zip
ESX350-200911217-UG.zip
ESX350-200911219-UG.zip
ESX350-200911221-UG.zip
ESX350-200911222-UG.zip
ESX350-200911223-UG.zip
ESX350-Update05a.zip
I uploaded all 19 to a datastore, and unzipped them with this: for x in *.zip; do unzip $x; done then deleted all the .zip files. Next I ran “esxupdate -n -d” against the Update05a file, FAIL! INFO: No -b specified, selecting all bundles in depot.
INFO: Configuring...
ERROR: Integrity Error!
Signature 0BFA1C860F0B0A6CF5CD5D2AEE7835B14789B619: keyExpired: 4789B619
Okay fine, I’ll run it with –nosig, but get dependency failures. I was hoping it would be smart enough to know the others are right there. I figured they’re numbered in order, so let me start with 01-UG, but 01 depends on 02, srsly wtf?? After some playing around, I learned that 02 depends on 01, and then they’re in order, so I wrote a bash shell script to run the updates for me:
esxupdate -n -d /vmfs/volumes/datastore/patch-folder/ESX350-200911202-UG --nosig update
for x in /vmfs/volumes/datastore/patch-folder/*
do
esxupdate -n -d $x --nosig update
done
Pretty simple, apply 02-UG, then go back and run them in order. Of course, it tells you nothing to do when it hits 02, but it moves along nicely. When done, it says Update05a is almost done, just needs a reboot. I have seen some instances where 05a didn’t finish, so I have to reboot and rerun it.
At least now my out-of-support, really REALLY old 3.5 hosts are running U5a!