How to patch Intel NUC 10 with latest ESXi 7.0 update?

vSphere 7.0b was just released last week and one of the important fixes was to resolve an issue where Nested ESXi VMs were crashing upon powering on an inner-guest VM. This looks to have also affect newer generations of CPUs including Intel's 10th Gen Comet Lake which is also found in the latest 10th Gen Intel NUCs (Frost Canyon).

A number of folks quickly found that if you simply applied the ESXi 7.0b patch, an unexpected behavior occurred on the 10th Gen Intel NUCs and the onboard networking was lost upon a reboot. This occurs as the original ne1000 driver which had been replaced with a newer version found within ESXi 7.0b no longer recognizes the onboard Intel NIC. The solution is quite simple, create a new Image Profile that contains the Intel NUC NIC Driver.

Several of you have asked for instructions and although this is a pretty common vSphere workflow, I have documented the two supported options using the vSphere Image Builder utility but there are definitely other methods which will have the same results. If you have access to a vCenter Server 6.7 or newer, I recommend using the Image Builder UI. If vCenter Server access is not available, then you can use Image Builder with PowerCLI, however you will need to have access to a Windows machine as the Image Builder cmdlet is not supported with PowerCLI Core.

Note: To prevent this from happening in the future, I am also working with Songtao, the developer of the Intel NUC driver to see if we can rename the VIB which should prevent this from happening with future updates. 

Option A: Image Builder using vSphere UI

Step 1 - Download both the ESXi 7.0 GA Offline Bundle (VMware-ESXi-7.0.0-15843807-depot.zip) and ESXi 7.0b patch Offline Bundle (VMware-ESXi-7.0b-16324942-depot.zip)

Step 2 - Download the Intel NUC 10 NIC Driver Offline Bundle (ESXi670-NE1000-32543355-offline_bundle-15486963.zip) if you have not already

Step 3 - Login to your vCenter Server and navigate to Menu->Auto Deploy->Image Builder (enable the service if is it not already enabled) and import all three offline bundles with the following names which will be referenced: ESXi 7.0 GA, ESXi 7.0b and Intel Driver

Step 4 - Select the ESXi 7.0b Software Depot and make a note of the build number for the specific Image Profile you wish to use. In this case, we will be using 16324942 which is the "full" image which includes both bug fix + security fix along with VMware Tools. If you only want the security fix, use 16321839.

Step 5 - In the right hand corner, click New to create a new Custom Depot called NUC10-ESXi-7.0b and provide a name, vendor and description of your choosing.

Step 6 - On the Depot column, filter by ESXi 7.0b initially and select the following 13 packages as shown in the screenshot below.

• cpu-microcode
• crx
• esx-base
• esx-dvfilter-generic
• esx-update
• esx-xserver
• loadesx
• native-misc-drvers
• nvme-pcie
• vdfs
• vmkusb
• vsan
• vsanhealth

Step 7 - On the Depot column, filter by Intel Driver and select the ne1000 package

Step 8 - On the Depot column, filter by ESXi 7.0 GA and select everything, EXCEPT for the 13 packages we had already selected from Step 6.

Step 9 - Complete the wizard and if all directions were followed, your new Image Profile should contain a total of 72 packages as shown in the summary view below. You can now export and either download the Image Profile either as a bootable ISO which can then be used for fresh installation and/or upgrade as well as using vSphere Update Manager. You can also download the Image Profile which can be used to update via ESXCLI on the ESXi Shell.

Option B: Image Builder using PowerCLI

Step 1 - Download the ESXi 7.0b patch Offline Bundle (VMware-ESXi-7.0b-16324942-depot.zip)

Step 2 - Download the Intel NUC 10 NIC Driver Offline Bundle (ESXi670-NE1000-32543355-offline_bundle-15486963.zip) if you have not already

Step 3 - Open up PowerCLI shell and connect to your vCenter Server using Connect-VIServer cmdlet.

Step 4 - Replace the full path to both ESXi 7.0b offline bundle and Intel NUC NIC Driver and run the following commands:

$esxiOfflineBundle = "C:\Users\jumphost\Desktop\VMware-ESXi-7.0b-16324942-depot.zip"
$intelNicOfflineBundle = "C:\Users\jumphost\Desktop\ESXi670-NE1000-32543355-offline_bundle-15486963.zip"
$esxiImageProfileName = "ESXi-7.0b-16324942-standard"
$newImageProfileName = "ESXi-7.0b-IntelNUC10"
Add-EsxSoftwareDepot $esxiOfflineBundle
Add-EsxSoftwareDepot $intelNicOfflineBundle

Step 5 - Run the following command which will identify the ne1000 version of the Intel NUC NIC Driver and then replace that the default ne1000 from the ESXi 7.0b image profile.

$IntelNUCVib = Get-EsxSoftwarePackage | where {$_.name -eq "ne1000" -and $_.version -eq "0.8.4-3vmw.670.3.99.32543355"}
New-EsxImageProfile -CloneProfile $esxiImageProfileName -Name $newImageProfileName -Vendor vGhetto
Remove-EsxSoftwarePackage -ImageProfile $newImageProfileName -SoftwarePackage ne1000
Add-EsxSoftwarePackage -ImageProfile $newImageProfileName -SoftwarePackage $IntelNUCVib

Step 6 - Export your new image profile to either an offline bundle or ISO using one of the following two commands:

# Offline Bundle
Export-EsxImageProfile -ImageProfile $newImageProfileName -ExportToBundle -FilePath "C:\Users\jumphost\Desktop\ESXi-7.0b-IntelNUC.zip"
# ISO
Export-EsxImageProfile -ImageProfile $newImageProfileName -ExportToIso -FilePath "C:\Users\jumphost\Desktop\ESXi-7.0b-IntelNUC.ISO"

Applying Patch

Patching using vSphere Lifecycle Manager

Step 1 - Navigate to Menu->Lifecycle Manager->Imported ISOs and upload the custom ISO you had download from Step 9.

Step 2 - Create a new upgrade baseline with your image and then attach and remediate

After successfully applying the upgrade baseline, your Intel NUC 10 should be upgraded without losing the on-board Intel NIC

Patching Using ESXCLI

esxcli software profile update -d /vmfs/volumes/vsanDatastore/ISO/ESXi-7.0b-IntelNUC.zip -p ESXi-7.0b-IntelNUC10