This article provides instructions for upgrading VMware Identity Manager 3.3.7 to the CSP-102547 patch. It also covers the subsequent installation of VMware Aria Suite Lifecycle 8.18 Patch 6, which is a required step after patching Identity Manager.

Applying these patches addresses known issues, improves security, and enhances system stability.

Important Pre-Patch Instructions

Before proceeding, you must complete the following prerequisites to ensure a successful patch process and prevent service interruptions.

1. Take Snapshots & Retain Snapshots
   Create non-memory snapshots of the VMware Identity Manager and VMware Aria Suite Lifecycle appliances in vCenter. Ensure the environments are in a healthy, stable state before taking the snapshots. (Retain Snapshots, Do not delete the snapshots until environment is fully functional.)
   
   
2. Follow the Correct Patching Sequence
   The order of operations is critical. You must patch the products in the following sequence within the same maintenance window from Step 1 to Step 4
   
   
   
3. If vIDM is configured using NSX Load Balancer, follow the steps on KB to Update the NSX Load Balancer (NSX-LB) configuration.

Avoid any manual actions not mentioned in the article. Do not perform operations in vIDM or LCM until the KB steps are fully completed.

If the patch installation fails, collect log bundles from vIDM and Aria Suite Lifecycle Manager before reverting to snapshots, as reverting removes failure details to analyze the issue. 

• VMware Identity Manager 3.3.7
• VMware Aria Suite Lifecycle 8.18.0

Step 1: VMware Identity Manager CSP-102547 Patch Deployment

Prerequisites

• Ensure your VMware Identity Manager is at version 3.3.7 GA or has a previously applied patch. Upgrade any unsupported versions before proceeding.
• Refer to the VMware Product Lifecycle Matrix for a list of supported versions.
• Estimated Downtime: Approximately 1 hour for each product patch (vIDM and Aria Suite Lifecycle).
• Ensure there is sufficient disk space of 4 GB in Patch  Installation Location.  
• If there is not sufficient disk space, increase it using How to increase vIDM appliance disk space
• Grub has been upgraded to version 2: please review installation guide for grub2 here.

Note: This is a cumulative patch and will apply all previous fixes if they are not already installed.

Deployment Type Instructions

• For Cluster Deployments: Patch nodes sequentially in the order of Primary → Secondary 1 → Secondary 2. Do not patch nodes in parallel.
• For Single-Node Deployments: Apply the patch directly to the node.

Patching Steps (perform on each node)

1. SSH into the VMware Identity Manager appliance as sshuser.
2. Elevate to the root user:

    sudo su -

     3. Download the CSP-102547-Appliance-3.3.7-Patch.zip file and transfer it to the appliance (e.g., into a /db/vidm-upgrade folder) using SCP or WinSCP.

     4.  Unzip the patch file:

    unzip CSP-102547-Appliance-3.3.7-Patch.zip

     5.  (Optional) Clean up the zip file to reclaim space:

   rm -f CSP-102547-Appliance-3.3.7-Patch.zip

     6.  Change to the patch directory:

   cd CSP-102547-Appliance-3.3.7-Patch

     7.  Run the patch automation script:

   ./CSP-102547-patch-automation.sh -f CSP-102547-Appliance-3.3.7.zip -r

     8.  The system will reboot automatically after the patch installation is complete.

• Example of Successful Console Output

• root@vidm-machine [ /db/CSP-102547-Appliance-3.3.7-Patch ]# 2026-01-20 05:16:57 - Checking Patch ZIP location, should not be at /db/data...
• 2026-01-20 05:16:57 - Patch ZIP location check passed: /db/CSP-102547-Appliance-3.3.7-Patch/CSP-102547-Appliance-3.3.7.zip
• 2026-01-20 05:16:57 - Disk space at /db/CSP-102547-Appliance-3.3.7-Patch: 14.38GB free
• 2026-01-20 05:16:57 - Disk space at /boot: 78MB free
• 2026-01-20 05:16:57 - All checks passed for ZIP '/db/CSP-102547-Appliance-3.3.7-Patch/CSP-102547-Appliance-3.3.7.zip'.
• 2026-01-20 05:16:57 - Running on node: vidm-machine
• 2026-01-20 05:16:57 - Checking grub2 presence
• 2026-01-20 05:16:57 - grub2 detected: /boot/grub2/grub.cfg exists
• 2026-01-20 05:16:57 - NOTE : Cluster size is displayed 0 , if prepare-vidm-patch.sh is run in a cluster
• 2026-01-20 05:16:57 - Cluster size detected: 1
• 2026-01-20 05:16:57 - Extracting patch bundle
• Archive: CSP-102547-Appliance-3.3.7.zip
• creating: CSP-102547-Appliance-3.3.7/
• inflating: CSP-102547-Appliance-3.3.7/cleanup-rpms.sh
• inflating: CSP-102547-Appliance-3.3.7/rabbitmq-server-3.12.4-2.ph3.noarch.rpm
• inflating: CSP-102547-Appliance-3.3.7/CSP-102547-applyPatch.sh
• inflating: CSP-102547-Appliance-3.3.7/prepare-vidm-patch.sh
• inflating: CSP-102547-Appliance-3.3.7/rabbitmq-server-3.11.18-1.ph3.noarch.rpm
• extracting: CSP-102547-Appliance-3.3.7/identity-manager-3.3.7.0-25163938-updaterepo.zip
• 2026-01-20 05:17:20 - Patch directory ready: CSP-102547-Appliance-3.3.7
• 2026-01-20 05:17:20 - Running patch script: CSP-102547-applyPatch.sh
• 2026-01-20 05:17:20 - Tail the log file /opt/vmware/var/log/update/vidm-CSP-102547-update.log for live logs..
• 2026-01-20 05:21:34 - Validating CSP-102547 patch status...
• 2026-01-20 05:21:34 - CSP-102547 Patch applied successfully and flag file /usr/local/horizon/conf/flags/CSP-102547-3.3.7.0-hotfix.applied is present.
• 2026-01-20 05:21:34 - CSP-102547-Appliance-3.3.7 directory cleanup complete
• 2026-01-20 05:21:34 - Rebooting system...

9. Once the vIDM patch is successfully applied and the system reaches the "[ OK ] Reached target Cloud-init target"after a successful boot, run the following commands to display the blue screen on the console and then continue on with the step 2 of the upgrade process. 

• Start Services in VMware Identity Manager
• SSH into the vIDM node(s) and run the below commands to ensure the Getty services are running.    

• systemctl enable [email protected]
• systemctl start [email protected]

IMPORTANT: VMware Identity Manager services will not be operational until VMware Aria Suite Lifecycle 8.18 Patch 6 is also applied.

Step 2: VMware Aria Suite Lifecycle Patch 6 Installation: Patch 6 Release Notes

1. Copy the prep-for-upgrade-lcm.sh script (attached to the KB article) to the /data directory on the appliance and execute it:

  cd /data
  chmod +x prep-for-upgrade-lcm.sh
  ./prep-for-upgrade-lcm.sh

     2. (If upgrading from Patch 3 to Patch 6) Delete temporary folders from previous patch attempts by running the following commands:   

  rm -r /data/tmp-patch-8180
  rm -r /data/tmp-patch-10318114
  rm -r /data/tmp_patch_storage 

     3. Download the vrslcm-8.18.0-Patch6.patch patch from the Broadcom Support Portal:

     4. Copy the downloaded patch file to the /data directory on the Aria Suite Lifecycle appliance.

     5. Map the patch binary in the UI. Navigate to Lifecycle Operations > Settings > Binary Mapping and click Patch Binaries.

• • Delete any old patch binaries that may be listed.
  • Enter the local path (e.g., /data) in the Source Location field and click Discover.
  • Select the discovered Patch 6 file and click Add.

     6.  Install the patch. Navigate to Lifecycle Operations > Settings > System Patches and click Install Patch.

     7.  Wait for the installation to complete. The process takes approximately 20 minutes and will conclude with the appliance rebooting.

     8.   After the appliance reboots, log in to the VMware Aria Suite Lifecycle UI, navigate to the About page, and verify that the version is listed as 8.18.0 Patch 6.

     9.  SSH to the appliance and check the Photon OS version. Note that the build number will not change if you are patching from Patch 3 to Patch 6.

•  # cat /etc/photon-release
•  VMware Photon OS 5.0
•  PHOTON_BUILD_NUMBER=b9d98344d

  10. (VIDM Cluster Only) Patch Postgres Cluster in Aria Suite Lifecycle.

• In the Aria Suite Lifecycle UI, navigate to:
  Life Cycle Operations > Environments > Global Environment > View Details > Patch Postgres Cluster
  
  (Note: If this option is not visible, try accessing the UI from a private/incognito browser window.)

11.   11. Map Updated vIDM OVA in Aria Suite Lifecycle

• Download the new vIDM OVA (identity-manager-3.3.7.0-25163938_OVF10.ova) and map the binary in Aria Suite Lifecycle to ensure future lifecycle operations function correctly.

12. Start Services in VMware Identity Manager

• SSH into the vIDM node(s) and ensure the OpenSearch and Getty services are running:

• /etc/init.d/opensearch status
• /etc/init.d/opensearch start

Logs to Monitor

You can monitor the progress of the patch installation by tailing the following log files on the Aria Suite Lifecycle appliance:

    /var/log/vrlcm/os-package-update.log

    /var/log/vrlcm/patchcli.log

Known Issue: /tmp Directory Space

Potential Issue

During the installation, you may encounter an error with code LCMPATCHUPDATE16002. This error indicates that there is not enough free space in the /tmp directory for the patch to be extracted.

If this occurs, please refer to KB 345990 for instructions on how to temporarily increase the space in the /tmp directory.

Step 3: Post Patch Validation

1. Log in to the VMware Identity Manager Console and confirm the System Diagnostics page shows a green status.
2. Verify Legacy Connector functionality by ensuring the Auth Adapters load and open without errors.
3. Perform a Directory Sync and confirm that users and groups are synchronized correctly.
4. Check the UI portal (including the config page at https://<vidm-hostname>:8443) for full functionality.
5. Confirm the new version on the Admin Portal and Connectors page is 3.3.7.0 Build 25163938.

Step 4: Rollback Procedure

To revert this patch, restore the VMware Identity Manager appliance(s) and the Aria Suite Lifecycle appliance from the snapshots taken during the prerequisite phase.

Note:

Please review the attached file “CVEs_FIXED_CSP_102547.xlsx” for details of the CVEs that have been resolved in the current patch CSP-102547.

Included Fixes from Previous Patches

This cumulative update includes all fixes from the following previously released patches. For a detailed list of CVEs or components addressed by a specific patch, refer to its original knowledge base article.