This blog has been updated to reflect new information as it was provided. Changes are marked with an *.
VMware NSX for vSphere 6.2.3 Update
- NSX for vSphere 6.2.3 has an issue that can affect both new NSX customers as well as customers upgrading from previous versions of NSX. The NSX for vSphere 6.2.3 release has been pulled from distribution. The current version available is NSX for vSphere 6.2.2, which is the VMware minimum recommended release. Refer to KB 2144295. VMware is actively working towards releasing the next version to replace NSX for vSphere 6.2.3 *
- VMware NSX for vSphere version 6.2.3 delivered a security patch to address a known SSL VPN security vulnerability (CVE-2016-2079) . This issue may allow a remote attacker to gain access to sensitive information. Customers who use SSL VPN are strongly advised to review CVE-2016-2079 and contact VMware support to request immediate assistance. For questions or concerns, contact VMware Support. *
- The next version of NSX for vSphere contains fixes for bugs that have been found in NSX 6.2.3.
- Customers who have already upgraded to 6.2.3 are advised to review the following KB articles:
- VMware knowledge base article 2146227, VMs using Distributed Firewall (DFW) and Security Groups (SG) may experience connectivity issues. A workaround is available. *
- VMware knowledgebase article 2146293, Virtual machines lose network connectivity in NSX 6.2.x. *
- VMware Knowledgebase article 2146413, VMs lose network connectivity in NSX with DLR HA. *
Critical Alert for Edge DLR users on NSX 6.2.3 and 6.2.3a *
- NSX 6.2.3 DLR HA nodes remain in a split brain state (2146506) *
- A new issue has been identified that can cause both primary and secondary HA nodes into an Active State, causing network disruption.
- This issue will occur after approximately 24 days of BFD uptime and will continue to reoccur every 24 days.
- Customers who are using NSX-V 6.2.3 or 6.2.3a are strongly advised to review KB 2146506, review how to prevent or remediate the issue and plan to upgrade to the next version of NSX.
For questions or concerns, contact VMware Support. To contact VMware support, see Filing a Support Request in My VMware (2006985) or How to Submit a Support Request.
Top NSX for vSphere issues for July 2016
- DFW rules using SG not correctly being applied to VMs after NSX 6.2.3 install or upgrade (2146227)
- VMs learning the DLR pMac as the VM default gateway (2146293)
- VMs lose network connectivity in NSX with DLR HA (2146413)
NSX for vSphere 6.2.3 other new and changed issues
- NTP sync issues with NSX (2146338)
- BGP neighbors display as duplicates in User Interface (UI) in NSX (2146363)
Notes:
- vCloud Director 8.0.1 is now interop-tested and supported with NSX 6.2.3. For more information, see the VMware Interoperability Matrix
- VMware is working actively with anti-virus solution partners to influence completion of their certification testing efforts with both NSX 6.2.2 and 6.2.3. For more information, see the VMware Compatibility Guide (VCG)
- Updated release notes with known issues on 6.2.3 were published on June 30th. For more information, see the NSX for vSphere 6.2.3 Release Notes
Other trending issues
- NSX Manager consistently at 100% CPU utilization (2145934)
- NSX Service Deployment fails with the error: Error while doing IP configuration (2145376)
Known interoperability issues during upgrade to NSX for vSphere 6.2.3
- Installing VXLAN Agent fails with ESX Agent Manager displaying the error: Agent VIB module not installed (2053782)
- After replacing the vCenter Server certificates in VMware vSphere 6.0, the ESX Agent Manager solution user fails to log in (2112577)
- VMware vSphere Web Client displays the error: Failed to verify the SSL certificate for one or more vCenter Server Systems (2050273)
- Configuring the NSX SSO Lookup Service fails (2102041)
- Network Port Requirements for VMware NSX for vSphere 6.x (2079386)
Note: VMware vSphere 6.0 supports VIB downloads over port 443 (instead of port 80). This port is opened and closed dynamically. The intermediate devices between the ESXi hosts and vCenter Server must allow traffic using this port.
How to track Top Field Issues
