Recommendation VMware

Change VMware Tools Repository | VMSA-2021-0010 & -0013

A few days ago a security advisory was published, which describes vulnerabilities in VMware Tools and provides information which versions of VMware Tools contain the necessary fix.

Only Windows based systems and their tools are affected.

Therefore, I would like to describe a way to make it easier to keep the VMware tools in the environment up to date.

A widely known possibility is to initiate an update via the vCenter. For this, a single VM can be selected and an update process can be started. In the meantime, there are also other possibilities to plan an update over a larger area and, for example, to perform it automatically when the virtual machines are rebooted.

If you choose this way, the version of the tools that comes with the ESXi will always be used for the update. An overview of the tools in the respective ESXi releases can be found here.
It has to be said that the release cycle of the tools has been detached from that of the ESXi hosts for some time now and therefore the latest versions are not always available in the ESXi, or more precisely the local VMware Tools locker.

To use the known functionality with the current tools there is the possibility to create a shared directory, which I will explain in this post.

First, you need to create a shared directory that must be accessible from the ESXi host in the environment/cluster. For this you can use e.g. the Datastore Browser in vCenter

Folder creation

Into this directory you copy the content of the current tools, or the target version for your environment. The necessary files can be found in the ZIP file of the VMware Tools in the Customer Connect Portal

Download, extract and upload so it…
..will look like this

Now that the directory is prepared, we need to change the setting on the ESXi host.
There is the possibility to do this manually via the MOB, which is described here.

My approach in this post is to do it via PowerCLI.

First we check the current setting with this command:

Get-VMHost | Get-AdvancedSetting -Name "UserVars.ProductLockerLocation" | Select-Object Entity,Value

The current configuration points to the local locker directroy

To quickly customize the directory, the following command is sufficient:

Get-VMhost -Name <target> | %{$_.ExtensionData.UpdateProductLockerLocation_Task("/vmfs/volumes/NFS-TrueNAS/current_VMwareTools/")}

as an example i ran the command against a single host, also visible is the outcome afterwards

After this, the tools for the VM(s) on the changed host were directly displayed as outdated.

Tools not matching to the one in the locker location

Next, you can directly schedule or perform the update for the single VM, or multiple VMs. To do this, use the Upgrade Scheduler of the vCenter.

VMware Tools upgrade scheduler
I recommend to use the snapshot option

After the update of the tools is executed, they are finally displayed as up-to-date:

Matching tools after the update

More Information:

https://www.vmware.com/support/packages.html

https://blogs.vmware.com/vsphere/2019/01/configure-a-vmware-tools-repo-in-vsphere-6-7u1.html

Author

I have more than 13 years experience in the Telco and IT business. Most of this time I spent with VMware environments in the SMB / Enterprise environment. At first I worked in the support department, then I changed to the consulting area and then to the operations and architecture team of a large provider of IT solutions for tax consultants. Currently I work as a Technical Account Manager at VMware. I have an affinity for VDI solutions with a strong technical background in the core product range of our company.

Leave a Reply

Your email address will not be published.