Recently during upgrading the IOS-XE versions on a few 4500x VSS clusters, I also had to upgrade the ROMMON version
to make them ISSU compatible for later IOS-XE releases.
Below I described the steps:


First check the upgrade path here:

We follow the console upgrade path because the switch will shutdown, and you need to manually pull the power cords and put them back.
It is recommended to upgrade the ROMMON onsite in case of problems.

Step one

Copy the new ROMMON to the bootflash (primary) and slavebootflash (standby)
Also check the current ROMMON version and make sure that the files are available on the flash so we can always go back in case of problems.
Beware with downgrading the ROMMON because the ROMMON is hardware version specific and you can break the switch with it when going to low.

The specific upgrade path is described below:

Step Two
Attached your console cable to the standby node.

Step Three
SSH into the primary and execute the follow command:
redundacy reload peer

Step Four
press Ctrl-C to stop the boot process on the standby node, then re-enter ROMMON mode

Step Five

Boot from the new rommon upgrade file:

boot bootflash:cat4500-e-ios-promupgrade-150-1r-SG11

Step Six
The switch now starts the ROMMON upgrade process. It can take approx 20 minutes to finish.

Step Seven
The switch can shutdown if you upgrade from SG10 to SG11 or SG14, see cisco bug > CSCut66603
If this happens, take out the power cords (the power supply status led will be flashing) and re-seat them again.
The primary switch will now alert that there is an incompatibility detected in the log:

Aug 6 10:35:29: %INSTALLER-3-ISSU_OP_ERR: 1 installer: Not in ISSU, service incompatibility detected, reloading the standby
Aug 6 10:35:29: %RF-5-RF_TERMINAL_STATE: 1 ha_mgr: Terminal state reached for (SSO)

The secondary switch will try to connect to the VSS but since the ROMMON version is different from the primary node it will fail this process and reboot.

Step Eight

Repeat the above upgrade steps for the primary node. All network connections which were still available on the primary node will disconnect.
After the primary switch is rebooted, the secondary node will probably become primary VSS master and part of the connectivity will be restored.

Step nine

After the primary switch is upgraded and rebooted, it should reconnect itself as secondary node in the VSS cluster.
Verify on the primary node if the switch is back with redundancy
show issu state

You can also check the current ROMMON version when its loaded

SWITCH22#show version
Cisco IOS Software, IOS-XE Software, Catalyst 4500 L3 Switch Software (cat4500e-UNIVERSALK9-M), Version 03.06.07.E RELEASE SOFTWARE (fc3)
Technical Support:
Copyright (c) 1986-2017 by Cisco Systems, Inc.
Compiled Wed 12-Jul-17 13:41 by prod_rel_team

Cisco IOS-XE software, Copyright (c) 2005-2015 by cisco Systems, Inc.
All rights reserved. Certain components of Cisco IOS-XE software are
licensed under the GNU General Public License ("GPL") Version 2.0. The
software code licensed under GPL Version 2.0 is free software that comes
with ABSOLUTELY NO WARRANTY. You can redistribute and/or modify such
GPL code under the terms of GPL Version 2.0.
( For more details, see the
documentation or "License Notice" file accompanying the IOS-XE software,
or the applicable URL provided on the flyer accompanying the IOS-XE

ROM: 15.0(1r)SG11
SWITCH22 uptime is 23 hours, 57 minutes
Uptime for this control processor is 23 hours, 58 minutes
System returned to ROM by reload
System restarted at 11:20:07 CEST Mon Aug 6 2018
System image file is "bootflash:/cat4500e-universalk9.SPA.03.06.07.E.152-2.E7.bin"
Jawa Revision 2, Winter Revision 0x0.0x41