Home > Blogs > Support Insider > Category Archives: Highlights

Category Archives: Highlights

Important KB updates for current NSX for vSphere users -May 2016 Edition

NSXOur NSX support team would like all of our customers to know about important KB updates for current NSX for vSphere issues. Here’s what’s new and trending-

Please take note of key updates to the following important End of General Support and End of Availability events:

New and important issues:

NSX for Multi-Hypervisor:

New master playbook KBs:

How to track the top field issues:

 

User account locked in vCenter Server Appliance

vCSAWe’ve recently noticed a number of cases where vSphere administrators become locked out of their accounts or receive reports of incorrect passwords in the vCenter Server Appliance. If you find yourself in this position, here are two articles that address these issues:

KB 2034608
When attempting to log into the VMware vSphere 5.1, 5.5, or 6.0 Web Client you observe the following symptom: “User account is locked. Please contact your administrator.” This often occurs if the wrong password was entered multiple times. Waiting the default 15 minutes lockout period will allow to attempt the login again. If after multiple attempts, you are still not successful, you may need to reset the password.

KB 2069041
When attempting to log into the vCenter Server 5.5 and 6.0 Appliance, you experience symptoms where the root account is locked out. This often occurs because the vCenter Server appliance has a default 90 password expiration policy. Steps on how to modify the password expiration policies and to unlock the password.

Important NSX for vSphere KB Updates – March 2016

vCloud Networking and Security will reach end of availability and end of support on September 19, 2016.

  • KB 2144733 – End of Availability and End of Support Life for VMware vCloud Networking and Security 5.5.x
  • See the fully updated vCNS to NSX Upgrade Guide
  • See also KB 2144620 – VMware vCloud Networking and Security 5.5.x upgrade to NSX for vSphere 6.2.x Best Practices
  • ​Upgrade path from vCNS 5.x: Using the NSX upgrade bundle posted on or after 31 March, 2016, you may upgrade directly from vCNS 5.1.x or vCNS 5.5.x to NSX 6.2.2 Please see the NSX 6.2.2 release notes
  • Upgrades from NSX 6.1.5 to NSX 6.2.0 are not supported. Instead, you must upgrade from NSX 6.1.5 to NSX 6.2.1 or later to avoid a regression in functionality. Refer to KB 2129200

NSX for vSphere 6.1.x will reach end of availability and end of support on October 15, 2016

  • KB 2144769End of Availability and End of Support Life for VMware NSX for vSphere 6.1.x
  • The recommended release for NSX-V is 6.2.2. Refer to KB 2144295Recommended minimum version for VMware NSX for vSphere with Guest Introspection Driver, ESXi and vCenter server.

New issues:

  • KB 2144726Service Composer fails to translate virtual machines into security-groups in VMware NSX for vSphere 6.x
  • KB 2140891Storage vMotion of Edge appliance disrupts VIX communication in VMware vCloud Networking and Security 5.5.x and NSX for vSphere 6.x
  • KB 2144476After reinstalling vCenter Server 6.0 EAM fails to push VIB’s to ESXi host with the error: Host not covered by scope anymore
  • KB 2144456Importing draft firewall rules fails after existing firewall configuration is removed by a REST API request
  • KB 2144387After upgrading to VMware NSX for vSphere 6.2.2 there is no upgrade option available for NSX Guest Introspection and NSX Data Security and the services remain at version 6.2.1
  • KB 2144420Any changes to the Primary UDLR result in the vNic_0 being shutdown on the Seconday UDLR in VMware Cross-vCenter NSX for vSphere 6.2.x
  • KB 2144236VMtools issue – Virtual machine performance issues after upgrading VMware tools version to 10.0.x in NSX/ VMware vCloud Networking and Security 5.5.x
  • KB 2144649 – IPv4 IP address do not get auto approved when SpoofGuard policy is set to Trust On First Use (TOFU) in VMware NSX for vSphere 6.2.x
  • KB 2144732 – In VMware NSX for vSphere 6.x, unpreparing Stateless ESXi host fails with the error: Agent VIB module is not installed. Cause : 15 The installation transaction failed. The transaction is not supported
  • KB 2135956 – VMware ESXi 6.0 Update 1 host fails with a purple diagnostic screen and reports the error: PANIC bora/vmkernel/main/dlmalloc.c:4923 – Usage error in dlmallocnow resolved in vSphere 6.0U2. See also the vSphere 6.0U2 Release Notes
  • KB 2126275Publishing Distributed Firewall (DFW) rules fails after referenced object is deleted in VMware NSX for vSphere 6.1.x and 6.2.x

Tracking the top issues:

View desktop goes into Already Used state, or Agent Disabled state

In versions 4.6 through 5.0.x View desktops can also go into the Already Used state if a virtual machine is powered on in another ESXi host in the cluster in response to an HA event, or if it was shut down without reporting to the broker that the user had logged out.

This is due to a security feature which prevents any previous session data from being available during the next log in. If a desktop that is set to refresh or delete after log off is reset, the desktop goes into the Already Used state, or possibly the Agent Disabled state.

If you run into this situation we have a KB article that covers this scenario: The View virtual machine is not accessible and the View Administration console shows the virtual machine status as “Already Used” (1000590)

PCoIP connections suddenly failing?

There is an issue which may occur when you install or upgrade your VMware Tools after having installed your View Agent. The set of VGA drivers shipped with VMware Tools might sometimes be incompatible with VMware View and PCoIP, whereas the VMware View Agent software contains a supported VGA driver.

For this reason, today we’re highlighting the KB article we have written up for this issue: Error attaching to SVGADevTap, error 4000: EscapeFailed reported by PCoIP server (1029706)

To resolve this issue, you must update the drivers to the version supplied with VMware View Agent. The KB also includes a nice table of video drivers supplied with different VMware View Agent versions and operating systems.

Dealing with issues with View Event Database

We’d like to focus today on a KB article which tries to address all the issues encountered by the users with regard to View Event Database deployment. The article includes a list of basic steps that will help you address all the issues that might be encountered during or after your deployment.

Configuring VMware View Event database on an SQL server fails with the error: An error occurred while attempting to configure the database (1029537)

Users actions are recorded about View Manager events. If this database is not configured you would need to look in the log files to gather information about events, and the logs contain very limited information.

Configuration of the event database will fail if the user has not met the prerequisites required. Our KB article helps users meet all the required prerequisites needed, from network connectivity, to SQL server, to correct credentials for database accounts, ports and firewall status.

If you find your issue persists after validating all the 12 steps mentioned in the article, then the potential cause for the issue might be an older version of the JDBC driver. Newer versions have a number of bug fixes for SSL certificate issues. Following the steps to install new version of JDBC driver should address all the issue and completes the configuration of VMware View event database successfully. Of course, if you’re unsure or still struggling, by all means contact our support team.

Disk is already managed by View

Horizon ViewToday we will highlight one of our KB articles that is getting some traction with our Horizon View customers. The  issue can occur if the ADAM database contains an invalid entry for a persistent disk.

Symptoms:

  • Attempting to import the disk from vCenter Server fails with the error:
This disk is already managed by View
  • Cannot detach a Persistent User Data Disk in View Manager.
  • Cannot import a Persistent Disk from vCenter Server for a virtual machine that was deleted in View Administrator.
  • The Persistent disk is visible when the option to show incompatible files is selected.

If you are encountering any of these symptoms in your environment, please refer to KB article: Cannot detach a Persistent Disk in View Manager 4.5 and later (2007076). This article has a 5 star customer rating.

Note: This KB contains two Warnings. Be sure you completely understand the article, and as always check that your backups are working and are valid.

Scan and fix provisioning errors with ViewDbChk tool

Normally, View Administrators can recover from errors that occur during provisioning or other operations by removing or resetting a desktop virtual machine using View Administrator. On rare occasions, the information in the different databases about a machine that is in an error state might become inconsistent and it is not possible to recover from the error using View Administrator. In situations where database inconsistencies cause a desktop machine to be in an unrecoverable error state or prevent a View Administrator task from completing successfully, you can use the ViewDbChk command to resolve the inconsistencies.

In a View environment, information about desktop virtual machines is stored in three places:

  • The LDAP database
  • The View Composer database
  • The vCenter Server database

We’ve created a new Knowledgebase article specifically for this tool: Removing invalid linked clone entries automatically using the ViewDBChk tool in VMware Horizon View 5.3 and later versions (2118050).

Note: For Horizon View 6.1 and later, the ViewDbChk tool is included with your View Connection Server installation. For Horizon View 5.3 and 6.0, you must download the tool from the VMware Labs ViewDbChk fling page.

viewdbchk

Ghost – glibc gethostbyname* buffer overflow

In case you missed it, on January 27th, 2015 a buffer overflow vulnerability in the glibc gethostbyname() function was disclosed. The issue is identified by CVE-2015-0235 and was given the name “Ghost.”

The VMware Security Engineering, Communications, and Response group (vSECR) began investigating this issue immediately.

The security blog at VMware released a blog post concerning this vulnerability, and a KB article was published:
VMware Response to CVE-2015-0235 – glibc gethostbyname buffer overflow, aka “Ghost” (2105862).

VMware has an established software security engineering group that integrates these techniques into the software development cycle, provides security expertise, guidance on the latest security threats and defensive techniques, and training within the development organization. This group is also responsible for driving VMware products through external security accreditations and certifications.

Many VMware products, including vSphere™, VMware vCenter™ Server, and vCloud Networking and Security (vCNS) have achieved Common Criteria certification under the Common Criteria Evaluation and Certification Scheme (CCS).Common Criteria is an international set of guidelines (ISO 15408) that provides a common framework for evaluating security features and capabilities of Information Technology (IT) security products.

For more information, visit VMware’s Common Criteria and FIPS-140 Certifications.

Popular tweets

Here’s an interesting top 20 list. In the last 30 days, these were the tweets form our @vmwarekb account that got the most sharing from our customers. Perhaps you missed something on our list you’d be interested in.

Oh, and if you don’t follow us on Twitter, why not?

How to restart the Management agents on a VMware vSphere ESXi or ESX host
Poor network performance when using VMXNET3 adapter for routing in a Linux guest operating system (2077393)
Configuring the ESXi host with Active Directory authentication
Configuring the ESXi host with Active Directory authentication (2075361)
ESXi host initiates ARP Broadcast storm to NFS server (2080034)
Veeam virtual machine backups fail with the error: The host is not licensed for this feature (2080352)
Downgrading device drivers in VMware ESXi 5.x (2079279)
ESXi 5.5 … purple … screen error:#PF Exception 14 in world 33426: vmkeventd IP 0x418002c71507 addr 0x0 (2061842)
Storage Controllers previously supported for VSAN that are no longer supported (2081431)
VMware ESXi 5.1, Patch Release ESXi510-201406001 (2077640)
VM loses network connectivity during migration … in vCNS 5.1.4 and 5.5.2 and NSX for vSphere 6.0.4 (2080479)
Copying a file is slow on HTTP connections in vCenter Server (2081624)
VMware ESXi host in the vSphere Distributed Switch (vDS) are out of sync (2081052)
Preparing Windows 2008 R2 SP1 Server as a desktop to be deployed by Horizon DaaS (Desktone) (2080765)
Adding an Integrated Active Directory (IWA) Identity Source without the vSphere Web Client for vCenter SSO (2063424)
Upgrade paths and product compatibility for PowerCLI versions that feature OpenSSL security fixes (2082132)
Upgrading VMware vCenter Server 5.5 to a 5.5.x version using Simple Install fails (2074676)
VMware ESXi 5.1, Patch ESXi-5.1.0-20140604001-standard (2077642)
Dell EqualLogic Multipathing Extension Module (MEM) in View environments storage performance degradation (2078451)
Booting the ESXi host fails at Initializing scheduler (2077712)