Our NSX support team would like all of our customers to know about important KB updates for current NSX for vSphere issues. Here’s what’s new and trending-
Please take note of key updates to the following important End of General Support and End of Availability events:
New and important issues:
NSX for Multi-Hypervisor:
New master playbook KBs:
How to track the top field issues:
We’ve recently noticed a number of cases where vSphere administrators become locked out of their accounts or receive reports of incorrect passwords in the vCenter Server Appliance. If you find yourself in this position, here are two articles that address these issues:
When attempting to log into the VMware vSphere 5.1, 5.5, or 6.0 Web Client you observe the following symptom: “User account is locked. Please contact your administrator.” This often occurs if the wrong password was entered multiple times. Waiting the default 15 minutes lockout period will allow to attempt the login again. If after multiple attempts, you are still not successful, you may need to reset the password.
When attempting to log into the vCenter Server 5.5 and 6.0 Appliance, you experience symptoms where the root account is locked out. This often occurs because the vCenter Server appliance has a default 90 password expiration policy. Steps on how to modify the password expiration policies and to unlock the password.
vCloud Networking and Security will reach end of availability and end of support on September 19, 2016.
- KB 2144733 – End of Availability and End of Support Life for VMware vCloud Networking and Security 5.5.x
- See the fully updated vCNS to NSX Upgrade Guide
- See also KB 2144620 – VMware vCloud Networking and Security 5.5.x upgrade to NSX for vSphere 6.2.x Best Practices
- Upgrade path from vCNS 5.x: Using the NSX upgrade bundle posted on or after 31 March, 2016, you may upgrade directly from vCNS 5.1.x or vCNS 5.5.x to NSX 6.2.2 Please see the NSX 6.2.2 release notes
- Upgrades from NSX 6.1.5 to NSX 6.2.0 are not supported. Instead, you must upgrade from NSX 6.1.5 to NSX 6.2.1 or later to avoid a regression in functionality. Refer to KB 2129200
NSX for vSphere 6.1.x will reach end of availability and end of support on October 15, 2016
- KB 2144769 – End of Availability and End of Support Life for VMware NSX for vSphere 6.1.x
- The recommended release for NSX-V is 6.2.2. Refer to KB 2144295 – Recommended minimum version for VMware NSX for vSphere with Guest Introspection Driver, ESXi and vCenter server.
- KB 2144726 – Service Composer fails to translate virtual machines into security-groups in VMware NSX for vSphere 6.x
- KB 2140891 – Storage vMotion of Edge appliance disrupts VIX communication in VMware vCloud Networking and Security 5.5.x and NSX for vSphere 6.x
- KB 2144476 – After reinstalling vCenter Server 6.0 EAM fails to push VIB’s to ESXi host with the error: Host not covered by scope anymore
- KB 2144456 – Importing draft firewall rules fails after existing firewall configuration is removed by a REST API request
- KB 2144387 – After upgrading to VMware NSX for vSphere 6.2.2 there is no upgrade option available for NSX Guest Introspection and NSX Data Security and the services remain at version 6.2.1
- KB 2144420 – Any changes to the Primary UDLR result in the vNic_0 being shutdown on the Seconday UDLR in VMware Cross-vCenter NSX for vSphere 6.2.x
- KB 2144236 – VMtools issue – Virtual machine performance issues after upgrading VMware tools version to 10.0.x in NSX/ VMware vCloud Networking and Security 5.5.x
- KB 2144649 – IPv4 IP address do not get auto approved when SpoofGuard policy is set to Trust On First Use (TOFU) in VMware NSX for vSphere 6.2.x
- KB 2144732 – In VMware NSX for vSphere 6.x, unpreparing Stateless ESXi host fails with the error: Agent VIB module is not installed. Cause : 15 The installation transaction failed. The transaction is not supported
- KB 2135956 – VMware ESXi 6.0 Update 1 host fails with a purple diagnostic screen and reports the error: PANIC bora/vmkernel/main/dlmalloc.c:4923 – Usage error in dlmalloc – now resolved in vSphere 6.0U2. See also the vSphere 6.0U2 Release Notes
- KB 2126275 – Publishing Distributed Firewall (DFW) rules fails after referenced object is deleted in VMware NSX for vSphere 6.1.x and 6.2.x
Tracking the top issues:
In versions 4.6 through 5.0.x View desktops can also go into the Already Used state if a virtual machine is powered on in another ESXi host in the cluster in response to an HA event, or if it was shut down without reporting to the broker that the user had logged out.
This is due to a security feature which prevents any previous session data from being available during the next log in. If a desktop that is set to refresh or delete after log off is reset, the desktop goes into the Already Used state, or possibly the Agent Disabled state.
If you run into this situation we have a KB article that covers this scenario: The View virtual machine is not accessible and the View Administration console shows the virtual machine status as “Already Used” (1000590)
There is an issue which may occur when you install or upgrade your VMware Tools after having installed your View Agent. The set of VGA drivers shipped with VMware Tools might sometimes be incompatible with VMware View and PCoIP, whereas the VMware View Agent software contains a supported VGA driver.
For this reason, today we’re highlighting the KB article we have written up for this issue: Error attaching to SVGADevTap, error 4000: EscapeFailed reported by PCoIP server (1029706)
To resolve this issue, you must update the drivers to the version supplied with VMware View Agent. The KB also includes a nice table of video drivers supplied with different VMware View Agent versions and operating systems.
We’d like to focus today on a KB article which tries to address all the issues encountered by the users with regard to View Event Database deployment. The article includes a list of basic steps that will help you address all the issues that might be encountered during or after your deployment.
Users actions are recorded about View Manager events. If this database is not configured you would need to look in the log files to gather information about events, and the logs contain very limited information.
Configuration of the event database will fail if the user has not met the prerequisites required. Our KB article helps users meet all the required prerequisites needed, from network connectivity, to SQL server, to correct credentials for database accounts, ports and firewall status.
If you find your issue persists after validating all the 12 steps mentioned in the article, then the potential cause for the issue might be an older version of the JDBC driver. Newer versions have a number of bug fixes for SSL certificate issues. Following the steps to install new version of JDBC driver should address all the issue and completes the configuration of VMware View event database successfully. Of course, if you’re unsure or still struggling, by all means contact our support team.
Today we will highlight one of our KB articles that is getting some traction with our Horizon View customers. The issue can occur if the ADAM database contains an invalid entry for a persistent disk.
- Attempting to import the disk from vCenter Server fails with the error:
This disk is already managed by View
- Cannot detach a Persistent User Data Disk in View Manager.
- Cannot import a Persistent Disk from vCenter Server for a virtual machine that was deleted in View Administrator.
- The Persistent disk is visible when the option to show incompatible files is selected.
If you are encountering any of these symptoms in your environment, please refer to KB article: Cannot detach a Persistent Disk in View Manager 4.5 and later (2007076). This article has a 5 star customer rating.
Note: This KB contains two Warnings. Be sure you completely understand the article, and as always check that your backups are working and are valid.
Normally, View Administrators can recover from errors that occur during provisioning or other operations by removing or resetting a desktop virtual machine using View Administrator. On rare occasions, the information in the different databases about a machine that is in an error state might become inconsistent and it is not possible to recover from the error using View Administrator. In situations where database inconsistencies cause a desktop machine to be in an unrecoverable error state or prevent a View Administrator task from completing successfully, you can use the ViewDbChk command to resolve the inconsistencies.
In a View environment, information about desktop virtual machines is stored in three places:
- The LDAP database
- The View Composer database
- The vCenter Server database
We’ve created a new Knowledgebase article specifically for this tool: Removing invalid linked clone entries automatically using the ViewDBChk tool in VMware Horizon View 5.3 and later versions (2118050).
Note: For Horizon View 6.1 and later, the ViewDbChk tool is included with your View Connection Server installation. For Horizon View 5.3 and 6.0, you must download the tool from the VMware Labs ViewDbChk fling page.
In case you missed it, on January 27th, 2015 a buffer overflow vulnerability in the glibc gethostbyname() function was disclosed. The issue is identified by CVE-2015-0235 and was given the name “Ghost.”
The VMware Security Engineering, Communications, and Response group (vSECR) began investigating this issue immediately.
The security blog at VMware released a blog post concerning this vulnerability, and a KB article was published:
VMware Response to CVE-2015-0235 – glibc gethostbyname buffer overflow, aka “Ghost” (2105862).
VMware has an established software security engineering group that integrates these techniques into the software development cycle, provides security expertise, guidance on the latest security threats and defensive techniques, and training within the development organization. This group is also responsible for driving VMware products through external security accreditations and certifications.
Many VMware products, including vSphere™, VMware vCenter™ Server, and vCloud Networking and Security (vCNS) have achieved Common Criteria certification under the Common Criteria Evaluation and Certification Scheme (CCS).Common Criteria is an international set of guidelines (ISO 15408) that provides a common framework for evaluating security features and capabilities of Information Technology (IT) security products.
For more information, visit VMware’s Common Criteria and FIPS-140 Certifications.