We’ve recently noticed a number of cases where vSphere administrators become locked out of their accounts or receive reports of incorrect passwords in the vCenter Server Appliance. If you find yourself in this position, here are two articles that address these issues:
When attempting to log into the VMware vSphere 5.1, 5.5, or 6.0 Web Client you observe the following symptom: “User account is locked. Please contact your administrator.” This often occurs if the wrong password was entered multiple times. Waiting the default 15 minutes lockout period will allow to attempt the login again. If after multiple attempts, you are still not successful, you may need to reset the password.
When attempting to log into the vCenter Server 5.5 and 6.0 Appliance, you experience symptoms where the root account is locked out. This often occurs because the vCenter Server appliance has a default 90 password expiration policy. Steps on how to modify the password expiration policies and to unlock the password.
vCloud Networking and Security will reach end of availability and end of support on September 19, 2016.
- KB 2144733 – End of Availability and End of Support Life for VMware vCloud Networking and Security 5.5.x
- See the fully updated vCNS to NSX Upgrade Guide
- See also KB 2144620 – VMware vCloud Networking and Security 5.5.x upgrade to NSX for vSphere 6.2.x Best Practices
- Upgrade path from vCNS 5.x: Using the NSX upgrade bundle posted on or after 31 March, 2016, you may upgrade directly from vCNS 5.1.x or vCNS 5.5.x to NSX 6.2.2 Please see the NSX 6.2.2 release notes
- Upgrades from NSX 6.1.5 to NSX 6.2.0 are not supported. Instead, you must upgrade from NSX 6.1.5 to NSX 6.2.1 or later to avoid a regression in functionality. Refer to KB 2129200
NSX for vSphere 6.1.x will reach end of availability and end of support on October 15, 2016
- KB 2144769 – End of Availability and End of Support Life for VMware NSX for vSphere 6.1.x
- The recommended release for NSX-V is 6.2.2. Refer to KB 2144295 – Recommended minimum version for VMware NSX for vSphere with Guest Introspection Driver, ESXi and vCenter server.
- KB 2144726 – Service Composer fails to translate virtual machines into security-groups in VMware NSX for vSphere 6.x
- KB 2140891 – Storage vMotion of Edge appliance disrupts VIX communication in VMware vCloud Networking and Security 5.5.x and NSX for vSphere 6.x
- KB 2144476 – After reinstalling vCenter Server 6.0 EAM fails to push VIB’s to ESXi host with the error: Host not covered by scope anymore
- KB 2144456 – Importing draft firewall rules fails after existing firewall configuration is removed by a REST API request
- KB 2144387 – After upgrading to VMware NSX for vSphere 6.2.2 there is no upgrade option available for NSX Guest Introspection and NSX Data Security and the services remain at version 6.2.1
- KB 2144420 – Any changes to the Primary UDLR result in the vNic_0 being shutdown on the Seconday UDLR in VMware Cross-vCenter NSX for vSphere 6.2.x
- KB 2144236 – VMtools issue – Virtual machine performance issues after upgrading VMware tools version to 10.0.x in NSX/ VMware vCloud Networking and Security 5.5.x
- KB 2144649 – IPv4 IP address do not get auto approved when SpoofGuard policy is set to Trust On First Use (TOFU) in VMware NSX for vSphere 6.2.x
- KB 2144732 – In VMware NSX for vSphere 6.x, unpreparing Stateless ESXi host fails with the error: Agent VIB module is not installed. Cause : 15 The installation transaction failed. The transaction is not supported
- KB 2135956 – VMware ESXi 6.0 Update 1 host fails with a purple diagnostic screen and reports the error: PANIC bora/vmkernel/main/dlmalloc.c:4923 – Usage error in dlmalloc – now resolved in vSphere 6.0U2. See also the vSphere 6.0U2 Release Notes
- KB 2126275 – Publishing Distributed Firewall (DFW) rules fails after referenced object is deleted in VMware NSX for vSphere 6.1.x and 6.2.x
Tracking the top issues:
There are many, many, blogs, forums, videos channels out there that cover various VMware topics, and we commonly see our KB articles being linked from those sites.
We wanted to help those doing this with a couple of quick tips that will make your links easier to read and more resilient to potential changes in our CMS in the future.
When you open one of our KB articles and look at your URL bar, you’ll see a long, and parameterized URL. For example:
As you can see, this URL includes unnecessary parameters for sharing and just looks long and ugly. Here’s a much cleaner format to use:
The beginning part is always the same, just substitute the actual KB number you wish to reference at the end. Also note that we are now using https rather than the older and less secure http protocol.
Hope this helps those of you sharing our content; you have our thanks!
Our NSX team would like all of our customers to know about important KB updates for current NSX for vSphere issues. Here’s what’s new and trending-
Recommended minimum version for VMware NSX for vSphere with Guest Introspection Driver, ESXi and vCenter server (KB 2144295)
- NSX for vSphere 6.2.2
- NEW! See also the minimum recommended version table in the Systems Requirements section of the NSX for vSphere 6.2.2 Release Notes.
Key issues resolved in NSX for vSphere in release 6.2.2:
- KB 2144097 – After deploying a VMware NSX for vSphere 6.2.x Edge, adding a dhcp pool fails with the error: Invalid host name <name.local>
- KB 2144457 – Shutting down the VMware NSX for vSphere 6.x controllers while using replication type Hybrid mode flushes out the VTEP tables on the ESXi host
- KB 2144096 – VMware vCloud Networking and Security and NSX for vSphere workaround for CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow
- KB 2144018 / – In VMware NSX for vSphere 6.2.1, ESXi 5.5.x/6.0.x host experiences a purple diagnostic screen mentioning PFFilterPacket and VSIPDVFProcessSlowPathPackets
- KB 2143397 / – In VMware NSX for vSphere 6.2.1, adding an ESXi host to the vSphere Distributed Switch fails with the error: Host <IP address> is not licensed for the VDS feature. Cannot add this host to dvSwitch
- KB 2144314 – In VMware NSX for vSphere 6.x, ESXi 5.5.x host experiences a purple diagnostic screen mentioning VdrProcessDhcpClientReq and VdrConsumeDhcp
Top troubleshooting issues:
- KB 2144605 – Troubleshooting duplicate VXLAN VTEP vmk interfaces or IP addresses in VMware NSX for vSphere 6.x
- KB 2137025 – IP address assignments to VXLAN Tunnel End Point (VTEP) and NSX host preparation fails with the error: Insufficient IP addresses in IP pool
- KB 2144016 – In VMware NSX for vSphere 6.x, the NSX agencies on an ESXi host are uninstalled after unregistering the NSX Solution Plug-in
- KB 2144200 – In VMware NSX for vSphere 6.x, installing or upgrading NSX VIBs fails with the error: ERROR: The pending transaction requires xxx MB free space, however the maximum supported size is xxx MB
- KB 2126560 – Understanding and troubleshooting High Availability (HA) on the VMware NSX for vSphere 6.x Edge
- Inline with other HA features, such as vSphere HA or MSCS, Edge HA is not designed to deliver zero downtime as the failover between appliances may require some services to be restarted.
- NSX Edge HA is designed to minimize failover downtime. For example, it synchronizes the connection tracker of the statefull firewall, or the statefull information held by the load balancer. However, the time required to bring all services back up is not null. Examples of known service restart impacts include a non-zero downtime with dynamic routing when an Edge is operating as a router.
- See also the 6.2.2 and 6.1.6 release notes – Fixed Issue : [Traffic interrupted for 50 seconds after HA failover on ESG]
How to track the top field issues: