Home > Blogs > Support Insider > Author Archives: Rick Blythe

VMware NSX for vSphere 6.2.4 now available

VMware has made NSX for vSphere 6.2.4 available for download. NSX 6.2.4 provides critical bug fixes identified in previous releases, and 6.2.4 delivers a security patch for CVE-2016-2079 which is a critical input validation vulnerability for sites that uses NSX SSL VPN.

  • For customers who use SSL VPN, VMware strongly recommends a review of CVE-2016-2079 and an upgrade to NSX 6.2.4.
  • For customers who have installed NSX 6.2.3 or 6.2.3a, VMware recommends installing NSX 6.2.4 to address critical bug fixes.

Caution: Before upgrading, consult the NSX 6.2.4 Release Notes available from the NSX Documentation Center and Recommended minimum version for NSX for vSphere with GID, ESXi, and vCenter Server (2144295).

Critical Alert on 6.2.3 and 6.2.3a for DLR users: For more information, see “Fixed issue 1703913: NSX DLR HA nodes remain in a split-brain state” in the NSX for vSphere 6.2.4 Release Notes and VMware Knowledge Base article NSX 6.2.3 DLR HA nodes remain in a split brain state (2146506). This issue will occur after approximately 24 days of BFD uptime and will continue to reoccur every 24 days.

Customers who are using 6.2.3 or 6.2.3a are strongly advised to review KB 2146506, review how to prevent or remediate the issue, and plan to upgrade to NSX 6.2.4.

vShield Endpoint Update

VMware has announced the End of Availability (EOA) and End of General Support (EOGS) of VMware vCloud Networking and Security 5.5.x. The EOGS date for VMware vCloud Networking and Security 5.5.x is September 19, 2016.  For customers using vCNS Manager specifically to manage vShield Endpoint for agentless anti-virus, Technical Guidance is available until March 31, 2017. For more information, see End of Availability and End of General Support for VMware vCloud Networking and Security 5.5.x (2144733).

For more information on additional partner solution availability, see Implementation of VMware vShield Endpoint beyond vCloud Networking and Security End of Availability (EOA) (2110078).

Note: Consult the VMware Compatibility Guide for Endpoint partner solution certification status before upgrading.  If your preferred solution is not yet certified, contact that vendor.

How to track the top field issues

NSX for vSphere Field Advisory – July 2016 Edition

This blog has been updated to reflect new information as it was provided. Changes are marked with an *.

VMware NSX for vSphere 6.2.3 Update

  • NSX for vSphere 6.2.3 has an issue that can affect both new NSX customers as well as customers upgrading from previous versions of NSX. The NSX for vSphere 6.2.3 release has been pulled from distribution. The current version available is NSX for vSphere 6.2.2, which is the VMware minimum recommended release.  Refer to KB 2144295. VMware is actively working towards releasing the next version to replace NSX for vSphere 6.2.3 *
  • VMware NSX for vSphere version 6.2.3 delivered a security patch to address a known SSL VPN security vulnerability (CVE-2016-2079) . This issue may allow a remote attacker to gain access to sensitive information. Customers who use SSL VPN are strongly advised to review CVE-2016-2079 and contact VMware support to request immediate assistance. For questions or concerns, contact VMware Support. *
  • The next version of NSX for vSphere contains fixes for bugs that have been found in NSX 6.2.3.
  • Customers who have already upgraded to 6.2.3 are advised to review the following  KB articles:
    • VMware knowledge base article 2146227, VMs using Distributed Firewall (DFW) and Security Groups (SG) may experience connectivity issues. A workaround is available*
    • VMware knowledgebase article 2146293, Virtual machines lose network connectivity in NSX 6.2.x. *
    • VMware Knowledgebase article 2146413, VMs lose network connectivity in NSX with DLR HA. *

Critical Alert for Edge DLR users on NSX 6.2.3 and 6.2.3a *

  • NSX 6.2.3 DLR HA nodes remain in a split brain state (2146506) *
    • A new issue has been identified that can cause both primary and secondary HA nodes into an Active State, causing network disruption.
    • This issue will occur after approximately 24 days of BFD uptime and will continue to reoccur every 24 days.
    • Customers who are using NSX-V 6.2.3 or 6.2.3a are strongly advised to review KB 2146506, review how to prevent or remediate the issue and plan to upgrade to the next version of NSX.

For questions or concerns, contact VMware Support. To contact VMware support, see Filing a Support Request in My VMware (2006985) or How to Submit a Support Request.

Top NSX for vSphere issues for July 2016

NSX for vSphere 6.2.3 other new and changed issues

Notes:

  • vCloud Director 8.0.1 is now interop-tested and supported with NSX 6.2.3.  For more information, see the VMware Interoperability Matrix
  • VMware is working actively with anti-virus solution partners to influence completion of their certification testing efforts with both NSX 6.2.2 and 6.2.3.  For more information, see the VMware Compatibility Guide (VCG)

Other trending issues

Known interoperability issues during upgrade to NSX for vSphere 6.2.3

Note: VMware vSphere 6.0 supports VIB downloads over port 443 (instead of port 80). This port is opened and closed dynamically. The intermediate devices between the ESXi hosts and vCenter Server must allow traffic using this port.

How to track Top Field Issues

Top 20 Horizon View articles for June 2016

Top 20Here is our Top 20 Horizon View articles list for June 2016. This list is ranked by the number of times a VMware Support Request was resolved by following the steps in a published Knowledge Base article.

 

  1. Manually deleting linked clones or stale virtual desktop entries from the View Composer database in VMware View Manager and VMware Horizon View
  2. Removing invalid linked clone entries automatically using the ViewDBChk tool in VMware Horizon View 5.3 and later versions
  3. Poor virtual machine application performance may be caused by processor power management settings
  4. Linked Clone pool creation and recomposition fails with VMware Horizon View 6.1.x and older releases
  5. VMware View ports and network connectivity requirements
  6. Using Microsoft Certreq to generate signed SSL certificates in VMware Horizon View
  7. Forcing replication between ADAM databases
  8. Generating a Horizon View SSL certificate request using the Microsoft Management Console (MMC) Certificates snap-in
  9. Provisioning View desktops fails due to customization timeout errors
  10. Restart order of the View environment to clear ADLDS (ADAM) synchronization in View 4.5, 4.6, 5.0, 5.1, 5.2, 5.3, 6.0, and 6.1
  11. Manually deleting replica virtual machines in VMware Horizon View 5.x
  12. Removing a standard (replica) connection server or a security server from a cluster of connection/security servers
  13. Disabling the HotAdd/HotPlug capability in ESXi 5.x and ESXi/ESX 4.x virtual machines
  14. Dual monitors configured using PCoIP does not span both the monitors for VMware View
  15. Finding and removing unused replica virtual machines in the VMware Horizon View
  16. Connecting to the View ADAM Database
  17. Configuring security protocols on components to connect the View Client with desktops
  18. Troubleshooting USB redirection problems in VMware View Manager
  19. Administration dashboard in VMware Horizon View reports the error: Server’s certificate cannot be checked
  20. Recommended restart cycle of the VMware Horizon View environment

Top 20 NSX articles for June 2016

Top 20Here is our Top 20 NSX articles list for June 2016. This list is ranked by the number of times a VMware Support Request was resolved by following the steps in a published Knowledge Base article.

  1. NSX is unavailable from the vSphere Web Client Plug-in after taking a backup of NSX Manager with quiesced snapshot
  2. vCenter Server 6.0 restart/reboot results in duplicate VTEPs on VXLAN prepared ESXi hosts
  3. NSX Edge is unmanageable after upgrading to NSX 6.2.3
  4. vCenter Server or Platform Services Controller certificate validation error for external VMware Solutions in vSphere 6.0
  5. vSphere Web Client performance is slow when using NSX Manager
  6. Installing VXLAN Agent fails with ESX Agent Manager displaying the error: Agent VIB module not installed
  7. Troubleshooting vSphere ESX Agent Manager (EAM) with NSX
  8. Oracle connections time out when forwarded through the VMware NSX for vSphere 6.1.x Edge
  9. NSX Controller becomes isolated or disconnects intermittently
  10. Licensing VMware vSphere 5.5.x/6.0.x and VMware NSX for vSphere 6.x
  11. vCenter Server access gets blocked after creating a Deny All rule in NSX Distributed Firewall (DFW)
  12. No Flow Records displayed in NSX Manager flow monitoring
  13. VMware NSX Manager virtual appliance installation fails with the error: Operation timed out
  14. Registering NSX Manager to Lookup Service with External Platform Service Controller (PSC) fails with the error: server certificate chain not verified
  15. In VMware NSX for vSphere 6.x, modifying an NSX Transport zone through the vSphere Web Client (add/edit/delete/connect/disconnect) fails with the error: Internal server error has occurred
  16. When adding a previously provisioned ESXi host to a cluster in VMware NSX for vSphere 6.1.x, the cluster status for VXLAN displays an error: Error Unconfigure
  17. Migration of Service VM (SVM) may cause ESXi host issues in VMware NSX for vSphere 6.x
  18. NSX User Interface (UI) is grayed out for several seconds and exhibits slow performance on NSX for vSphere 6.2.0
  19. Slow VMs after upgrading VMware tools in NSX / vCloud Networking and Security
  20. NSX Edge logs show Memory Overloaded warnings

Top 20 vCenter Server articles for June 2016

Top 20Here is our Top 20 vCenter articles list for June 2016. This list is ranked by the number of times a VMware Support Request was resolved by following the steps in a published Knowledge Base article.

  1. Purging old data from the database used by VMware vCenter Server
  2. ESXi 5.5 Update 3b and later hosts are no longer manageable after upgrade
  3. Resetting the VMware vCenter Server and vCenter Server Appliance 6.0 Inventory Service database
  4. Unlocking and resetting the VMware vCenter Single Sign-On administrator password
  5. Permanent Device Loss (PDL) and All-Paths-Down (APD) in vSphere 5.x and 6.x
  6. Upgrading to vCenter Server 6.0 best practices
  7. Correlating build numbers and versions of VMware products
  8. Update sequence for vSphere 6.0 and its compatible VMware products
  9. Stopping, starting, or restarting VMware vCenter Server services
  10. In vCenter Server 6.0, the vmware-dataservice-sca and vsphere-client status change from green to yellow continually
  11. Enabling EVC on a cluster when vCenter Server is running in a virtual machine
  12. The vpxd process becomes unresponsive after upgrading to VMware vCenter Server 5.5
  13. Migrating the vCenter Server database from SQL Express to full SQL Server
  14. Reducing the size of the vCenter Server database when the rollup scripts take a long time to run
  15. Consolidating snapshots in vSphere 5.x/6.0
  16. Back up and restore vCenter Server Appliance/vCenter Server 6.0 vPostgres database
  17. Diagnosing an ESXi/ESX host that is disconnected or not responding in VMware vCenter Server
  18. Build numbers and versions of VMware vCenter Server
  19. Increasing the size of a virtual disk
  20. Determining where growth is occurring in the VMware vCenter Server database

Top 20 ESXi articles for June 2016

Top 20Here is our Top 20 ESXi articles list for June 2016. This list is ranked by the number of times a VMware Support Request was resolved by following the steps in a published Knowledge Base article.

  1. VMware ESXi 5.x host experiences a purple diagnostic screen mentioning E1000PollRxRing and E1000DevRx
  2. Determining Network/Storage firmware and driver version in ESXi/ESX 4.x, ESXi 5.x, and ESXi 6.x
  3. Commands to monitor snapshot deletion in VMware ESXi/ESX
  4. ESXi 5.5 Update 3b and later hosts are no longer manageable after upgrade
  5. Restarting the Management agents on an ESXi or ESX host
  6. Recreating a missing virtual machine disk descriptor file
  7. Identifying and addressing Non-Maskable Interrupt events on an ESX/ESXi host
  8. Permanent Device Loss (PDL) and All-Paths-Down (APD) in vSphere 5.x and 6.x
  9. Snapshot consolidation in VMware ESXi 5.5.x and ESXi 6.0.x fails with the error: maximum consolidate retries was exceeded for scsix:x
  10. Powering off a virtual machine on an ESXi host
  11. Correlating build numbers and versions of VMware products
  12. Updating an ESXi/ESX host using VMware vCenter Update Manager 4.x and 5.x
  13. Update sequence for vSphere 6.0 and its compatible VMware products
  14. ESXi 5.5 or 6.0 host disconnects from vCenter Server with the syslog.log error: Unable to allocate memory
  15. Enabling or disabling VAAI ATS heartbeat
  16. ESXi 6.0 hosts become unresponsive when joined to an Active Directory domain
  17. Enabling EVC on a cluster when vCenter Server is running in a virtual machine
  18. Unable to delete the virtual machine snapshot due to locked files
  19. Using esxtop to identify storage performance issues for ESX / ESXi (multiple versions)
  20. Reverting to a previous version of ESXi

NSX for vSphere Field Advisory – June 2016 Edition

End of General Support for VMware NSX for vSphere 6.1.x has been extended by 3 months to January 15th, 2017. This is to allow customers to have time to upgrade from NSX for vSphere 6.1.7, which contains an important security patch improving input validation of the system, to the latest 6.2.x release. For recommended upgrade paths, refer to the latest NSX for vSphere 6.2 Release Notes and the VMware Interoperability Matrix.
Migration of Service VM (SVM) may cause ESXi host issues in VMware NSX for vSphere 6.x (2141410). See also the CAUTION statement in the 6.2.3 Administration Guide.

Do not migrate the Service VM (SVM) manually (vMotion/SvMotion) to another ESXi host in the cluster.
The latest versions of vSphere 5.5 and 6.0 inhibit vMotion migration. However, storage vMotion is not blocked, and such movement may lead to unpredictable results on the destination host.

vCenter Server 6.0 restart/reboot results in duplicate VTEPs on VXLAN prepared ESXi hosts (2144605). The NSX-side update to protect against this issue is available in 6.2.3. This issue will be resolved fully in a future version of vCenter.

Top Issues:

Important new and changed KBs with NSX for vSphere 6.2.3. For more information, see Troubleshooting VMware NSX for vSphere 6.x (2122691).

Important new and changed documentation with NSX for vSphere 6.2.3 – see the NSX Documentation Center

How to track the top field issues

Windows 2008+ incremental backups become full backups in ESXi 6.0 b3825889

vmware_tools_iconVMware is actively working to address a recently discovered issue wherein an incremental backup becomes a full backup when backing up Windows 2008 (or higher) virtual machines with VSS-based application quiesced snapshot.

This recent CBT (Changed Block Tracking) issue does not cause any data loss or data corruption.

This issue is well understood and VMware engineering is actively working on a fix.

For more details on this issue and latest status on resolution, please refer to KB article: After upgrading to ESXi 6.0 Build 3825889, incremental virtual machine backups effectively run as full backups when application consistent quiescing is enabled (2145895)

Subscribe to the rss feed for the KB article to ensure you do not miss any update by using this link.

New and updated KB articles for NSX for vSphere 6.2.3

NSXWe’ve just released the bits for NSX for vSphere 6.2.3 and thought all of your making the upgrade would want to be on top of all the ins and outs of this release.

Here is a list of new and/or updated articles in our Knowledgebase:
NSX for vSphere 6.2.3   |   Released 09 June 2016   |   Build 3979471

Of course, do not miss the release notes, which can be found here: NSX for vSphere 6.2.3 Release Notes

NSX for vSphere Field Advisory – May 2016 Edition

NSXOur NSX support team would like all of our customers to know about important KB updates for NSX for vSphere issues.

Here’s what’s new and trending-

Important: Upgrades from NSX for vSphere 6.1.6 to 6.2.2 are not supported.
See KB 2145543 NSX Controller upgrade fails with the error: 409 (Conflict); invoking error handler.

vCloud Networking and Security will reach End of Availability and End of General Support on September 19, 2016.

NEW! See our first NSX KBTV YouTube video: https://youtu.be/5pSNfnk1_MA

vShield Endpoint and vCNS End Of Availability (EOA) – See:
KB 2105558 Support for partner integrations with VMware vShield Endpoint and VMware vCloud Networking and Security.
KB 2110078 Implementation of VMware vShield Endpoint beyond vCloud Networking and Security End of Availability (EOA).
Future releases of NSX for vSphere 6.2.x will enable customers to manage vShield Endpoint from NSX Manager. Customers who purchased vSphere with vShield Endpoint will be able to download NSX.

NSX for vSphere 6.1.x will reach End of General Support on October 15, 2016.

​NEW! VMware has extended the End of General Support date to three years after GA for NSX for vSphere 6.2.x only.  The VMware Lifecycle Product Matrix now reflects this change.

New and Important issues:

KB 2144551 Configuring a default gateway on the DLR in NSX fails
KB 2144605 vCenter 6.0 restart/reboot may result in duplicate VTEPs on VXLAN prepared ESX hosts.
KB 2143998 NSX Edge virtual machines do not failover during a vSphere HA event
KB 2145571 NSX Edge fails to power on when logging all ACCEPT firewall rules
KB 2145468 NSX Edge uplink interface does not process any traffic after it is disabled and re-enabled in ECMP environment
KB 2139067 Shutdown/Startup order of the NSX for vSphere 6.x environment after a maintenance window or a power outage.  Please refer to the updated sequence for a cross VC environment.
KB 2145447 NetX/Service Instance filter created in vCNS disappears after upgrading to NSX
KB 2145322 NSX Edge logs show Memory Overloaded warnings
KB 2144901 Unexpected TCP interruption on TCP sessions during Edge High Availability (HA) failover in VMware NSX for vSphere 6.2.x
KB 2145273 Troubleshooting DLR using NSX Central CLI
KB 2145359 Pings fail between two VMs on different hosts across a logical switch

How to track the top field issues: