Home > Blogs > Support Insider

NSX Field Advisory – February 2017 Edition

NSX

Important Notes:

  • For up-to-date information on new products, patches, and fix announcements for VMware NSX for vSphere, subscribe to the following:

For an up-to-date Top Trending NSX issues, see KB Article Trending support issues in VMware NSX for vSphere 6.x (2131154).

Your support source for up-to-date news to ensure you’re getting the most out of your VMware NSX for vSphere products.

Environment Affected Issue Summary Work-Around
1 NSX for vSphere 6.3.0 VMware vSphere 6.5 is currently unsupported with NSX for vSphere 6.3.0. Use VMware vSphere 6.5a as this is the minimum supported version with NSX for vSphere 6.3.0. For more information, see KB 2148841.
2 NSX for vSphere 6.3.0 Upgrading to NSX for vSphere 6.3.0 halts or stops when Hardware Gateway is used in the environment. Contact VMware Support. VMware can assist on verifying your Hardware Gateway is TLS 1.2 compliant which allows the upgrade to move forward. For more information, see KB 2006985 or How to Submit a Support Request.
3 NSX for vSphere 6.1.x, 6.2.0, 6.2.1 An upgrade from NSX for vSphere 6.1.x, 6.2.0, and 6.2.1 to NSX for vSphere 6.2.5 fails if the cipher chain list is comma (“,”) separated. Starting with NSX for vSphere 6.2.6, the ciphers list must use a colon (“:”) instead of a comma (“,”) for separation. Ensure that this change has been made prior to upgrading to NSX for vSphere 6.2.6.
4 NSX for vSphere 6.2.4 Relating to CVE-2016-2107, the NSX Edge OpenSSL package is not updated with 1.0.2j. No workaround, must upgrade for fix. Starting with NSX for vSphere 6.2.6, NSX Edge OpenSSL package has been updated to 1.0.2j.
5 NSX for vSphere 6.2.4/6.2.5 Upgrading NSX Edge fails after upgrading your environment to NSX for vSphere 6.2.5 with vSphere High Availability (HA) enabled on a cluster with insufficient resources. Always ensure that your installation follows the best practices laid out for vSphere High Availability (HA). For more information, see KB 1002080.
6 NSX for vSphere 6.2.1 Virtual machines configured on Logical Switches where a DHCP relay agent is configured do not obtain IP addresses. Configure a DHCP server closer (fewer than 10 hops) to the virtual machines requesting addresses and point the DHCP relay to this server. For more information, see KB 2147322.

GA ANNOUNCEMENT

VMware NSX for vSphere 6.2.6 and 6.3.0 has been released on Thursday, February 2nd and is now available for download.

For more information, see the NSX for vSphere 6.2.6 and NSX for vSphere 6.3.0 Release Notes.

Fixed issues in NSX for vSphere 6.3.0

Things to be aware of:

  • NSX Data Security and Web Access Terminal has been removed.
  • NSX Activity Monitoring has been deprecated and has been replaced by Endpoint Monitoring.

For more information, see the NSX for vSphere 6.3.0 Release Notes.


TOP TRENDING ISSUES

Issues Affecting VMware NSX for vSphere 6.3.0

Issue #1

Symptom: What is the minimum supported version of vSphere 6.5 with NSX for vSphere 6.3.0?

Resolution: The minimum supported version of vSphere 6.5 with NSX for vSphere 6.3.0 is vSphere 6.5a. For more information, see For sites running VMware vSphere 6.5, vSphere update 6.5a is the minimum supported version with NSX for vSphere 6.3.0 (2148841).

Issue #2

Symptom: During an upgrade to VMware NSX for vSphere 6.3.0 where an HW VTEP is used in the environment, you may experience these symptoms:

  • Upgrade is halted.
  • You see the error similar to:Cannot continue upgrade due to errors: “(1)” Hardware Gateway(s) found in the system. Unable to proceed with the upgrade. Please contact VMWare Support to continue. Please correct before proceeding.

Workaround: Contact VMware Support. To contact VMware support, see Filing a Support Request in My VMware (2006985) or How to Submit a Support Request. VMware can assist in verifying your Hardware Gateway is TLS 1.2 compliant which allows the upgrade to move forward. For more information, see Upgrading to NSX for vSphere 6.3.0 fails when using Hardware Gateway (2148511).

Issues Affecting VMware NSX for vSphere 6.1.x, 6.2.0, 6.2.1

Issue #3

Symptom: If there is a cipher chain listed that is separated by commas (“,”), then upgrade from NSX for vSphere 6.1.x, 6.2.0, and 6.2.1 to NSX for vSphere 6.2.5 fails.

Resolution: Starting with NSX for vSphere 6.2.6, you can separate the ciphers with colons (“:”) instead of commas (“,”) before the upgrade.

Issues Affecting VMware NSX for vSphere 6.2.4

Issue #4

Symptom: Relating to CVE-2016-2107, the NSX Edge OpenSSL package is not updated with 1.0.2j.

Resolution: Starting with NSX for vSphere 6.2.6, NSX Edge OpenSSL package has been updated to 1.0.2j.

Issues Affecting VMware NSX for vSphere 6.2.4/6.2.5

Issue #5

Symptom: After upgrading your environment to NSX for vSphere 6.2.5 with vSphere High Availability (HA) enabled on a cluster having insufficient resources, you experience this symptom:
Upgrading the NSX Edge fails.

Workaround: This is as per the design. Refer the table below for the resource reservations used by the NSX Manager if you have not explicitly set values at the time of install or upgrade.

NSX Edge

FORM FACTOR CPU RESERVATION MEMORY RESERVATION
COMPACT 1000 MHz 512 MB
LARGE 2000 MHz 1024 MB
QUAD-LARGE 4000 MHz 2048 MB
X-LARGE 6000 MHz 8192 MB

Note: Always ensure that your installation follows the best practices laid out for vSphere High Availability (HA). For more information, see Best practices and advanced features for VMware High Availability (1002080).

Issues Affecting VMware NSX for vSphere 6.2.1

Issue #6

Symptom: When configuring DHCP relay agents on distributed logical router in NSX for vSphere, you experience these symptoms:

  • Virtual machines configured on Logical Switches where a DHCP relay agent is configured do not obtain IP addresses.
  • The DHCP server does not receive any initial DHCP discovery packets from the relay agent.
  • DHCP discovery packets are dropped in transit due to TTL expiry.

Resolution: This issue is resolved in NSX for vSphere 6.2.5. For more information, see DHCP relay agents do not function in NSX (2147322).


VMware Recommended release

NSX for vSphere 6.2.2 is still the “bare minimum” recommended release. For more information, see Minimum recommended version for NSX for vSphere with GID, ESXi, and vCenter Server (2144295).

Note: The Guest Introspection section has been recently updated. The recommended VMware Tools version is 10.1.0 and later.


We would like to hear from you. Send us your feedback by providing comments on the Feedback Box of KB Article Trending support issues in VMware NSX for vSphere 6.x (2131154).

Thank you for helping us continually improve this communication.


This entry was posted in NSX on by .
Rahul Verma

About Rahul Verma

Rahul Verma is a Operations Readiness Specialist within the Global Support Services - Knowledge Experience group at VMware. He likes movies and books that can be seen and read more than once. And he loves crossing over to the Dark Side of the Force, preferably in a room with a comfortable bed and dark curtains.



NSX Field Advisory – February 2017 Edition

NSX

Important Notes:

  • For up-to-date information on new products, patches, and fix announcements for VMware NSX for vSphere, subscribe to the following:

For an up-to-date Top Trending NSX issues, see KB Article Trending support issues in VMware NSX for vSphere 6.x (2131154).

Your support source for up-to-date news to ensure you’re getting the most out of your VMware NSX for vSphere products.

Environment Affected Issue Summary Work-Around
1 NSX for vSphere 6.3.0 VMware vSphere 6.5 is currently unsupported with NSX for vSphere 6.3.0. Use VMware vSphere 6.5a as this is the minimum supported version with NSX for vSphere 6.3.0. For more information, see KB 2148841.
2 NSX for vSphere 6.3.0 Upgrading to NSX for vSphere 6.3.0 halts or stops when Hardware Gateway is used in the environment. Contact VMware Support. VMware can assist on verifying your Hardware Gateway is TLS 1.2 compliant which allows the upgrade to move forward. For more information, see KB 2006985 or How to Submit a Support Request.
3 NSX for vSphere 6.1.x, 6.2.0, 6.2.1 An upgrade from NSX for vSphere 6.1.x, 6.2.0, and 6.2.1 to NSX for vSphere 6.2.5 fails if the cipher chain list is comma (“,”) separated. Starting with NSX for vSphere 6.2.6, the ciphers list must use a colon (“:”) instead of a comma (“,”) for separation. Ensure that this change has been made prior to upgrading to NSX for vSphere 6.2.6.
4 NSX for vSphere 6.2.4 Relating to CVE-2016-2107, the NSX Edge OpenSSL package is not updated with 1.0.2j. No workaround, must upgrade for fix. Starting with NSX for vSphere 6.2.6, NSX Edge OpenSSL package has been updated to 1.0.2j.
5 NSX for vSphere 6.2.4/6.2.5 Upgrading NSX Edge fails after upgrading your environment to NSX for vSphere 6.2.5 with vSphere High Availability (HA) enabled on a cluster with insufficient resources. Always ensure that your installation follows the best practices laid out for vSphere High Availability (HA). For more information, see KB 1002080.
6 NSX for vSphere 6.2.1 Virtual machines configured on Logical Switches where a DHCP relay agent is configured do not obtain IP addresses. Configure a DHCP server closer (fewer than 10 hops) to the virtual machines requesting addresses and point the DHCP relay to this server. For more information, see KB 2147322.

GA ANNOUNCEMENT

VMware NSX for vSphere 6.2.6 and 6.3.0 has been released on Thursday, February 2nd and is now available for download.

For more information, see the NSX for vSphere 6.2.6 and NSX for vSphere 6.3.0 Release Notes.

Fixed issues in NSX for vSphere 6.3.0

Things to be aware of:

  • NSX Data Security and Web Access Terminal has been removed.
  • NSX Activity Monitoring has been deprecated and has been replaced by Endpoint Monitoring.

For more information, see the NSX for vSphere 6.3.0 Release Notes.


TOP TRENDING ISSUES

Issues Affecting VMware NSX for vSphere 6.3.0

Issue #1

Symptom: What is the minimum supported version of vSphere 6.5 with NSX for vSphere 6.3.0?

Resolution: The minimum supported version of vSphere 6.5 with NSX for vSphere 6.3.0 is vSphere 6.5a. For more information, see For sites running VMware vSphere 6.5, vSphere update 6.5a is the minimum supported version with NSX for vSphere 6.3.0 (2148841).

Issue #2

Symptom: During an upgrade to VMware NSX for vSphere 6.3.0 where an HW VTEP is used in the environment, you may experience these symptoms:

  • Upgrade is halted.
  • You see the error similar to:Cannot continue upgrade due to errors: “(1)” Hardware Gateway(s) found in the system. Unable to proceed with the upgrade. Please contact VMWare Support to continue. Please correct before proceeding.

Workaround: Contact VMware Support. To contact VMware support, see Filing a Support Request in My VMware (2006985) or How to Submit a Support Request. VMware can assist in verifying your Hardware Gateway is TLS 1.2 compliant which allows the upgrade to move forward. For more information, see Upgrading to NSX for vSphere 6.3.0 fails when using Hardware Gateway (2148511).

Issues Affecting VMware NSX for vSphere 6.1.x, 6.2.0, 6.2.1

Issue #3

Symptom: If there is a cipher chain listed that is separated by commas (“,”), then upgrade from NSX for vSphere 6.1.x, 6.2.0, and 6.2.1 to NSX for vSphere 6.2.5 fails.

Resolution: Starting with NSX for vSphere 6.2.6, you can separate the ciphers with colons (“:”) instead of commas (“,”) before the upgrade.

Issues Affecting VMware NSX for vSphere 6.2.4

Issue #4

Symptom: Relating to CVE-2016-2107, the NSX Edge OpenSSL package is not updated with 1.0.2j.

Resolution: Starting with NSX for vSphere 6.2.6, NSX Edge OpenSSL package has been updated to 1.0.2j.

Issues Affecting VMware NSX for vSphere 6.2.4/6.2.5

Issue #5

Symptom: After upgrading your environment to NSX for vSphere 6.2.5 with vSphere High Availability (HA) enabled on a cluster having insufficient resources, you experience this symptom:
Upgrading the NSX Edge fails.

Workaround: This is as per the design. Refer the table below for the resource reservations used by the NSX Manager if you have not explicitly set values at the time of install or upgrade.

NSX Edge

FORM FACTOR CPU RESERVATION MEMORY RESERVATION
COMPACT 1000 MHz 512 MB
LARGE 2000 MHz 1024 MB
QUAD-LARGE 4000 MHz 2048 MB
X-LARGE 6000 MHz 8192 MB

Note: Always ensure that your installation follows the best practices laid out for vSphere High Availability (HA). For more information, see Best practices and advanced features for VMware High Availability (1002080).

Issues Affecting VMware NSX for vSphere 6.2.1

Issue #6

Symptom: When configuring DHCP relay agents on distributed logical router in NSX for vSphere, you experience these symptoms:

  • Virtual machines configured on Logical Switches where a DHCP relay agent is configured do not obtain IP addresses.
  • The DHCP server does not receive any initial DHCP discovery packets from the relay agent.
  • DHCP discovery packets are dropped in transit due to TTL expiry.

Resolution: This issue is resolved in NSX for vSphere 6.2.5. For more information, see DHCP relay agents do not function in NSX (2147322).


VMware Recommended release

NSX for vSphere 6.2.2 is still the “bare minimum” recommended release. For more information, see Minimum recommended version for NSX for vSphere with GID, ESXi, and vCenter Server (2144295).

Note: The Guest Introspection section has been recently updated. The recommended VMware Tools version is 10.1.0 and later.


We would like to hear from you. Send us your feedback by providing comments on the Feedback Box of KB Article Trending support issues in VMware NSX for vSphere 6.x (2131154).

Thank you for helping us continually improve this communication.


This entry was posted in NSX on by .
Rahul Verma

About Rahul Verma

Rahul Verma is a Operations Readiness Specialist within the Global Support Services - Knowledge Experience group at VMware. He likes movies and books that can be seen and read more than once. And he loves crossing over to the Dark Side of the Force, preferably in a room with a comfortable bed and dark curtains.