How to patch the vCenter Server Appliance via CLI

There are several ways for patching your VMware vCenter Server Appliance. In this article i’d like to show how i do it with the CLI.


First of all log in to the vCenter Server Appliance Management Interface to check which updates are available for your VCSA (vCenter Server Appliance). The URL is https://your_appliance_ip_or_dns:5480


If you go and check for updates online, you can see which version exists. In my example i marked the existing build number in a red box and the available patch with build number in a green box. The patch level in the green box is the way to go for me.

Now you can download the patch .iso file from your VMware portal. Therefore go to the following URL and download the aimed patch .iso file.

In my case i’m looking for VCSA Build Number 5178943


After you have found your aimed patch, download it. Make sure you have selected the correct .iso file.

The next step is to upload the patch .iso file to an existing datastore and attach the iso to your vCenter Server Appliance VM.


After you have attached the patch .iso to your VCSA, you have to enable the SSH service and the Bash Shell. Have a look here on how to activate it:

Patching the appliance

When activated SSH and the Bash Shell you can easily connect to your VCSA with putty or another preferred tool for SSH sessions. You should see the following screen.


After successfully logging in to the VCSA CLI you can stage the packages located in the patch .iso file with the following command.

software-packages stage --iso

You can see, that the .iso file has been mounted successfully. The next step is to accept the terms and conditions to further move on.


If you accepted the terms and conditions the needed packages will be staged. If everything goes fine you will see the output “Staging process completed successfully”.

After the packages have been staged, you can one again verify which packages will be installed with the following command.

software-packages list --staged

This will list out which packages, respective which version and build number has been staged to install it.


Once you double-checked it, you can move on to install the staged packages with the following command.

software-packages install --staged

This will install the staged packages to the VCSA.


If everything went fine you will see an output stating “Packages upgraded successfully, Reboot is required to complete the installation”.

This means you have successfully installed the packages and therefore patched the vCenter Server Appliance.

The next time you are logging in to your Appliance Management a message will appear stating that you need to reboot the appliance. Once you did it, you can verify if the Appliance is running the desired patch level with the desired build number.


So, this is my approach on patching a vCenter Server Appliance. I like the CLI method rather than clicking inside the Appliance Management because iam able to see what is really happening during patching.

Thanks for reading and have a nice day !

About Falko Banaszak

Falko is a consultant based in Germany working for SVA GmbH. He has a strong focus on virtualization, data backup, disaster recovery infrastructures and a passion for Microsoft 365 & storage systems. He´s a VMware vExpert & Veeam user group leader in Germany. VCP-DCV, VMCE, VMCA.

Check Also

VMware PowerCLI logo

Get vSphere Tags out of a category with PowerCLI

Introduction to vSphere Tags Using vSphere tags in your VMware environment is no longer a …

One comment

  1. Thank you.

Leave a Reply

Your email address will not be published. Required fields are marked *