Retrieving vCenter Server Patches using PowerShell

As a vSphere administrator, it’s essential to keep your vCenter Server up-to-date with the latest patches and updates. Manually checking for updates through the vSphere Web Client can be a time-consuming task, especially if you have multiple vCenter Servers to manage.

This PowerShell script connect vCenter Server using REST API, authenticates with the provided credentials, retrieves any pending updates, and prints detailed information such as version, description, priority, severity, and more.

<#
.SYNOPSIS
    A script to check for pending updates on a vCenter Server and display detailed information about each update.

.DESCRIPTION
    This PowerShell script connects to a specified vCenter Server using REST API, authenticates with the provided credentials,
    retrieves any pending updates, and prints detailed information such as version, description, priority, severity, and more.

.AUTHOR
    Yahia Hamza

.DATE
    2025-02-08

.NOTES
    - The script requires network access to the vCenter Server and the necessary API endpoints.

.PARAMETER vcServer
    The IP or FQDN of the vCenter Server.

.PARAMETER username
    Username for authenticating with the vCenter Server.

.PARAMETER password
    Password for authenticating with the vCenter Server.
#>

try {
    # Set the security protocol to TLS 1.2
    [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

    Add-Type @"
        using System.Net;
        using System.Security.Cryptography.X509Certificates;
        public class TrustAllCertsPolicy : ICertificatePolicy {
            public bool CheckValidationResult(ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) {
                return true;
            }
        }
"@
    [System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

    # Prompt for vCenter Server credentials
    $vcServer = Read-Host "Enter vCenter IP or FQDN"
    $username = Read-Host "Enter vCenter username"
    $password = Read-Host "Enter vCenter password" -AsSecureString

    # Convert the secure string password to a plain text password for API authentication, 
    # immediately converting to base64 to minimize exposure.
    $bstr = [Runtime.InteropServices.Marshal]::SecureStringToBSTR($password)
    $unsecurePassword = [Runtime.InteropServices.Marshal]::PtrToStringAuto($bstr)
    $basicAuth = [Convert]::ToBase64String(
        [Text.Encoding]::ASCII.GetBytes("${username}:${unsecurePassword}")
    )

    # Clear the unsecure password from memory
    [System.Runtime.InteropServices.Marshal]::ZeroFreeBSTR($bstr)

    # Set API endpoints and headers
    $sessionURL = "https://$vcServer/rest/com/vmware/cis/session"
    $updatePendingURL = "https://$vcServer/rest/appliance/update/pending?source_type=LAST_CHECK"
    $headers = @{
        Authorization = "Basic $basicAuth"
    }

    # Authenticate and obtain a session token
    $sessionTokenResponse = Invoke-RestMethod -Uri $sessionURL -Method Post -Headers $headers -ErrorAction Stop
    if (-not $sessionTokenResponse.value) {
        Write-Host "An error occurred: Failed to obtain session token." -ForegroundColor Red
        exit
    }
    $sessionToken = $sessionTokenResponse.value
    $headers = @{
        "vmware-api-session-id" = $sessionToken
    }

    # Retrieve pending updates
    $pendingUpdatesResponse = Invoke-RestMethod -Uri $updatePendingURL -Method Get -Headers $headers -ErrorAction Stop
    if (-not $pendingUpdatesResponse.value) {
        Write-Host "An error occurred: Failed to retrieve pending updates." -ForegroundColor Red
        exit
    }

    # Sort and display updates
    $sortedUpdates = $pendingUpdatesResponse.value | Sort-Object { [System.Version]$_."version" }
    $sortedUpdates | ForEach-Object {
        Write-Host "Update Version: " -NoNewline -ForegroundColor Cyan
        Write-Host "$($_.version)" -ForegroundColor Green

        Write-Host "Update Description: " -NoNewline -ForegroundColor Cyan
        Write-Host "$($_.description.default_message)" -ForegroundColor Green

        Write-Host "Priority: " -NoNewline -ForegroundColor Cyan
        Write-Host "$($_.priority)" -ForegroundColor Green

        Write-Host "Severity: " -NoNewline -ForegroundColor Cyan
        Write-Host "$($_.severity)" -ForegroundColor Green

        Write-Host "Update Type: " -NoNewline -ForegroundColor Cyan
        Write-Host "$($_.update_type)" -ForegroundColor Green

        Write-Host "Release Date: " -NoNewline -ForegroundColor Cyan
        Write-Host "$($_.release_date)" -ForegroundColor Green

        Write-Host "Reboot Required: " -NoNewline -ForegroundColor Cyan
        if ($_.reboot_required -eq $true) {
            Write-Host "$($_.reboot_required)" -ForegroundColor Red
        } else {
            Write-Host "$($_.reboot_required)" -ForegroundColor Green
        }

        Write-Host "Update Size (MB): " -NoNewline -ForegroundColor Cyan
        Write-Host "$($_.size)" -ForegroundColor Green

        Write-Host "------------------------------------------" -ForegroundColor DarkGray
    }
}
catch {
    # Display only the exception message
    Write-Host "An error occurred: $($_.Exception.Message)" -ForegroundColor Red
}
finally {
    # Prevent the script from closing immediately
    Read-Host -Prompt "Press Enter to exit"
}

You can also run this script directly from here:

iex (irm https://yh.do/vCenter_Updates_Checker.ps1)

What’s your Reaction?

Follow me on LinkedIn and never miss an update!

Exclusive insights, in-depth technical blogs, and the freshest updates directly from my keyboard to your feed.

Yahia Hamza

Leave a Comment