• With VCF 9.0, lifecycle of vSAN witness nodes is managed along with vSAN Cluster data nodes.
• This means that for any VCF managed vSAN stretched cluster upgrades, the vSAN witness node is upgraded automatically along with vSAN data nodes.
• Note that automatic upgrade of the witness is only applicable for dedicated virtual witness node.
• With 8.0 U3 we have support for live patching ESX nodes.
• Live Patch allows vSphere clusters to be patched without migrating workloads off the target hosts and without the hosts needing to enter full maintenance mode.
• The patch is applied live while workloads continue to run

• VMware Cloud Foundation 9.x
• VMware vSAN

• Live patching of vSAN witness nodes isn’t currently supported.
• This means that any attempts to remediate vSAN stretched clusters on VCF environments having a virtual dedicated witness with ‘Enforce Live Patch’ remediation settings enabled will result in remediation failure for the vSAN witness node and cluster overall.

Workaround

Run through the following steps if data nodes for stretched clusters need to be live-patched

1. Login to vCenter UI
2. Cluster -> Updates Tab -> Edit Remediation Settings -> Unselect checkbox for  ‘Enable Live patch’. This will disable live patch remediation for the cluster.
3. Cluster -> Updates Tab ->  Image Compliance Section ->  Select Witness Host using checkbox -> Remediate .  This will perform selective remediation of only the witness host and skip the data node during cluster upgrade
4. Once witness is remediated, Undo changes from Step 2 by selecting checkbox for ‘Enable Live Patch’. This will enable live patch remediation for the cluster.
5. Remediate Cluster using SDDC Manager. During remediation, the witness node will now automatically be skipped and live patch only data nodes.