Upgrading VCSA 6.5 to 6.7u2

Introduction

There are always several reasons to move on from your existing infrastructure. Some admins are pursuing recent versions of familiar products. Some, on the other hand, just want to get rid of the bugs they already learned to live with but would rather not. Others are attracted by promises to increase the performance of their environment. Finally, everybody wishes to go with the times and use the latest software. Whatever the reason, we all eventually come in terms with the necessity to upgrade the infrastructure to the most recent version.

Starting on this high note, let’s talk about upgrading VCSA 6.5 to 6.7. While applying official recommendations from VMware in practice, this material will not only cover preliminary stages of preparing the infrastructure for an upgrade in my testing environment but gradually describe the upgrading process per se. Although you’ll never know for sure what problem may occur during upgrading, we’ll discuss the most common ones and ways to deal with them.
The news about vSphere 6.7u2 release were around for a while now, but I haven’t moved to VCSA 6.7u2 until I was entirely sure in its stability and performative potential. Of course, the object of discussion itself begets a question of whether it is necessary at all. Why would anyone need working hard on upgrading infrastructure to VCSA 6.7u2 if there is already VCSA 6.7u3 out there? Well, the simplest answer would be security reasons and compatibility. Every time you are working with a new product that has not been but little in use, there is always a risk at hand. Even the most insignificant incompatibility of your software or your OS with vSphere 6.7u2 can result in problems, the kind of problems that’ll cost you either money or valuable data. Therefore, there’s no need to at all to rush into this. Preparation never hurt anyone.

What’s the upgrade for?

Overall, the vSphere 6.7u2 release brings to the table a lot of brand-new improvements and useful functions. While the new vSphere Web Client provides you with HTML 5 support, vCenter Server Appliance promises to double the performance and to reduce memory consumption to third. Also, VMware has guaranteed DRS-related operations, such as starting a VM, to run three times faster.

Additionally, the vSphere 6.7u2 enables you to boot the vSphere nodes quickly with ESXi 6.7u2 and higher. This way, it provides users with new benefits being:

reducing maintenance time by decreasing the number of necessary reboots;
restarting VMware ESXi without rebooting the physical host (basically, skipping the whole part with the hardware initialization).

New features

Basically, here’s what’s changed in vSphere 6.7:

System requirements

Before starting the vCenter Server 6.7u2 upgrade, what should you keep in mind?

Set time synchronization on every machine with an active vCenter Server. In case it’s working on a single host, make sure you have checked the timing. Unsynchronized time causes more problems than you may have thought. For example, SSL Certificates are very sensitive to this aspect, so the slightest inconsistency in timing could be problematic.
Make sure that your vCenter Server’s FQDN is valid and available to other machines
If your vCenter Server user account is not your Local System account, make sure that vCenter Server user account is
A member of the Administrators group
Log on as a service
OS administrator (if the user is a domain user)

There is useful material on VMware blog that contains all valuable tips on upgrading vSphere 6.7u2.

1. General vSphere recommendations.

vSphere 6.0 – minimal version required for the vSphere 6.7u2 upgrade.
vSphere 6.7u2 – the latest release that requires manually listing all the sites accessed with SSO.
In vSphere 6.7u2, the only protocol enabled by default is TLS 1.2. TLS 1.0 and TLS 1.1 are disabled by default.
Since the VMFS6 metadata structure has changed, you won’t be able to migrate existing VMFS5 datastore to VMFS6 datastore. This came from vSphere 6.5.

2. The vCenter upgrade recommendations.

The host must be ESXi 5.5 and higher.
The minimum hosts that you can connect as a part of the datacenter managed by VCSA 6.7 must be ESXi 6.0 and higher.
The vCenter Server Appliance 6.7u2 (vCSA) upgrade is a recommended configuration,
vCenter Server 6.7u2 for Windows is announced to be the last release for Windows, further it will only be modules for Windows.
The vCenter Server 6.7 only supports Host Profiles version 6.0. and higher.
Enhanced Linked Mode support is only enabled for vCenter Server 6.7u2 deployment with an Embedded PSC (Platform Services Controller). However, it’s not relevant for upgrades! So be careful.
If you are protecting your vCenter Server in vSphere 6.5 with vCenter High Availability (VCHA), then remember that when upgrading from vSphere 6.5 to 6.7, VCHA must be deleted.

3. Hardware Recommendations.

The vSphere 6.7u2 doesn’t support some AMD and Intel models. You can see the compatibility list here. Also, you can check current compatibility in the VMware Compatibility Guide.
These CPUs are still supported in this release, but they may not be in the future:
Intel Xeon E3-1200 (SNB-DT)
Intel Xeon E7-2800/4800/8800 (WSM-EX)
Virtual machines compatible with ESX 3.x and higher (starting with the hardware version 4) are supported with ESXi 6.7.
Hardware version 3 is not supported.
VM hardware version is now called VM Compatibility. Remember, you must first thing upgrade it to the latest version before using it with vSphere 6.7u2.
Your hardware and software must meet certain requirements before you move on with the upgrade.

Minimum Hardware and Software Requirements:
	Platform Services Controller	vCenter Server with an Embedded or External Platform Services Controller for a Tiny Environment (up to 10 Hosts, 100 Virtual Machines)	vCenter Server with an Embedded or External Platform Services Controller for a Small Environment (up to 100 Hosts, 1000 Virtual Machines)	vCenter Server with an Embedded or External Platform Services Controller for a Medium Environment (up to 400 Hosts, 4,000 Virtual Machines)	vCenter Server with an Embedded or External Platform Services Controller for a Large Environment (up to 1,000 Hosts, 10,000 Virtual Machines)	vCenter Server with an Embedded or External Platform Services Controller for X-Large Environment (up to 2,000 Hosts, 35, 000 Virtual Machines)
Number of CPUs	2	2	4	8	16	24
Memory	4 GB RAM	10 GB RAM	16 GB RAM	24 GB RA	32 GB RAM	48 GB RAM

The vSphere 6.7u2 upgrade contains:

ESXi installer
ESXi CLI
The vSphere Update Manager (VUM) solution
Auto Deploy

I will use the vSphere Update Manager (VUM) for the upgrade

The upgrade itself consists of two simple stages that mirror the migration process of vCenter Server for Windows to vCenter Server Appliance.

Stage 1 will deploy an entirely new appliance, thereby protecting your VCSA from any potential upgrading problems, wrong configuration, or other errors.
Stage 2 will export all data and configuration to a new VM. If anything goes wrong, you’ll be alright because all you have to do is delete this new VM and start your other VM with enabled VCSA.

5 Steps to Complete your Upgrade Successfully.

Read this release.
Read about the upgrade considerations.
Back up all your data before the upgrade.
Install the upgrade.
Problem solving.

Stage 1 – Upgrade

Download the necessary version from here.

I am starting my upgrade from the VM with OS Windows Server 2019, so I need to connect the downloaded ISO, and move to

<CD\DVD-room>:\vcsa-ui-installer\win32\<CD\DVD-room>

Now, let’s start the Installer. (installer.exe)

After starting vCenter Server Appliance Installer, click on Upgrade.

Move to Introduction and click on Next.

Accept the terms of the license agreement and click on Next.

Upgrading VMware vCenter Server to 6.7u2

Connect to the VCSA via FQDN or IP address.

Enter SSO credentials and the credentials of vCenter Server that manages the source vCenter Server.

Click on Next.

Accept the certificate and continue. Click on Yes.

Enter IP address of ESXi host and the user credentials. Click on Next.

Accept the certificate and continue. Click on Yes.

In Set up target appliance VM, enter the VM name and user password «root», then click on Next.

Warning, new vCenter Server will keep the same host name and IP address as the original one. To keep the original VM name, you’ll need to change both the current VM name and VM storage datastore. If I were you, I would do it after the upgrade, but it must be done nevertheless:

1) rename the old VM and storage datastore, then

2) rename the new VM and its storage datastore, move it to another cluster node.

In Select deployment size, select the size that fits your needs and resources best.

In Select datastore, select the necessary datastore to store the VM. Click on Next.

In Configure network settings, enter the necessary information. Click on Next.

Warning

It’s not that important since while moving the vCenter settings in the next stage, all data will be overwritten anyway.

In Ready to complete stage 1, check the deployment, datastore, and network details. Click on Finish.

Now, well, relax, and watch your new VM getting made.

Stage 1 is finished. When everything is ready, click on Continue to start migrating the configuration right away. I hope you have noticed how you won’t lose any setting because you chose to create a new VM for the future VSCA 6.7u2.

Stage 2 – Data Migration and Network Configuration

Let’s start the second stage. Click on Next.

vCenter Server Installer will now connect to source vCenter Server and do some checking before the upgrade.

In Select upgrade data, select the data that you want to save.

Make sure that the new disk has enough space.

In Configure CEIP, select “Join…”. Click on Next.

In Ready to complete, review the settings, make sure you have a backup copy of the source vCenter Server and click on Finish. Please, be very attentive with Ready to complete!

The source vCSA 6.5 will be shut down once you click OK.

Copied data and network configuration will be imported from to the VM vCSA 6.7u2.

When the process is finished, you’ll receive a notification that you need to update the DHCP settings, and that vSphere 6.7u2 disables TLS 1.0 and TLS 1.1. Click on Close.

Write down the IP address and vSCA location. Click on Close.

Click on (https://<vCenter-Server-Appliance-FQDN>:5480<vCenter-Server-Appliance-FQDN>). Log in to the new VCSA

In Summary, check that VCSA version is now 6.7.0.13007421.

Problem solving.

While upgrading vCenter Server Appliance 6.5 to 6.7u2, you may receive a notification about a problem occurring while getting data from the source vCenter Server to the target vCenter Server even after you entered all information about the source appliance:

You may check all the information again only to find out everything is correct as it should be. Of course, you are probably wondering how that happened and why!

Let’s check the log:

Log 

2018-09-24T06:51:36.940Z – info: Stream :: close

 2018-09-24T06:51:36.940Z – info: Password not expired

 2018-09-24T06:51:36.943Z – error: sourcePrecheck: error in getting source Info: ServerFaultCode: Failed to authenticate with the guest operating system using the supplied credentials.

 2018-09-24T06:51:36.944Z – info: VCHA is not enabled on the source host

 2018-09-24T06:51:47.920Z – info: Log file was saved at: E:\installer-20180924-084442575.log

Log

2018-09-24T06:51:36.940Z – info: Stream :: close

2018-09-24T06:51:36.940Z – info: Password not expired

2018-09-24T06:51:36.943Z – error: sourcePrecheck: error in getting source Info: ServerFaultCode: Failed to authenticate with the guest operating system using the supplied credentials.

2018-09-24T06:51:36.944Z – info: VCHA is not enabled on the source host

2018-09-24T06:51:47.920Z – info: Log file was saved at: E:\installer-20180924-084442575.log

Everything seems to be alright. The password is not expired yet.

Let’s check the VCSA Administration.

https://vcenter.domain.local:5480 –> Administration

There, you’ll see that the password has expired, even though the log doesn’t represent this information correctly.

You can change the password. Just connect vCenter via SSH session.

Now, let’s try again:

This time it will work.

Upgrade commentaries:

As a result of upgrading vCenter Server, data from the source vCenter Server will be imported to the newly created VM. At the stage of upgrading you will need the information of the source vCenter Server (Name, IP address, guest host address, account credentials), and target vCenter Server (Name, temporary IP address, guest host address, account credentials). You’d probably want to write it all down so that you won’t lose time later. Old VM will remain as it was, only turned off, you can still use it if you need it, before you upgrade ESXi hosts. Don’t turn in both source and target with the same IP address. Also, clear up space for the datastores where new data will be stored.
While upgrading ESXi hosts, to avoid losing both data and host settings, you must backup and select an option that allows upgrading with saving data in datastores.
After you are finished, it would be better in install the latest version of VMvare Tools for all VMs. It’ll help you managing them, the details are here.

Conclusion

It is safe to say that preparation is half of success, in the case with upgrades. VMware has tons of necessary information freely available. It’ll help you to understand the process without compromising the safety of your infrastructure. Just remember that being in a hurry never results in anything good. Take your time and get more details. As I have finished this material, I can say that I managed to upgrade my infrastructure without any surprises, and I wish you the same!