Important Notes:
- For up-to-date information on new products, patches, and fix announcements for VMware NSX for vSphere, subscribe to the following:
- RSS Feed https://feeds.feedburner.com/NSX
- My VMware Portal
- Log in to the My VMware Portal in the following URL: https://my.vmware.com/
- Click on Your Account > Profile.
- Under Profile, click on the Subscriptions Tab.
- Under Product Descriptions, click Edit.
- Expand Networking & Security.
- Select VMware NSX.
- Save the settings.
For an up-to-date Top Trending NSX issues, see KB Article Trending support issues in VMware NSX for vSphere 6.x (2131154).
Your support source for up-to-date news to ensure you’re getting the most out of your VMware NSX for vSphere products.
| Environment Affected | Issue Summary | Work-Around | |
| 1 | NSX for vSphere 6.3.0 | VMware vSphere 6.5 is currently unsupported with NSX for vSphere 6.3.0. | Use VMware vSphere 6.5a as this is the minimum supported version with NSX for vSphere 6.3.0. For more information, see KB 2148841. |
| 2 | NSX for vSphere 6.3.0 | Upgrading to NSX for vSphere 6.3.0 halts or stops when Hardware Gateway is used in the environment. | Contact VMware Support. VMware can assist on verifying your Hardware Gateway is TLS 1.2 compliant which allows the upgrade to move forward. For more information, see KB 2006985 or How to Submit a Support Request. |
| 3 | NSX for vSphere 6.1.x, 6.2.0, 6.2.1 | An upgrade from NSX for vSphere 6.1.x, 6.2.0, and 6.2.1 to NSX for vSphere 6.2.5 fails if the cipher chain list is comma (“,”) separated. | Starting with NSX for vSphere 6.2.6, the ciphers list must use a colon (“:”) instead of a comma (“,”) for separation. Ensure that this change has been made prior to upgrading to NSX for vSphere 6.2.6. |
| 4 | NSX for vSphere 6.2.4 | Relating to CVE-2016-2107, the NSX Edge OpenSSL package is not updated with 1.0.2j. | No workaround, must upgrade for fix. Starting with NSX for vSphere 6.2.6, NSX Edge OpenSSL package has been updated to 1.0.2j. |
| 5 | NSX for vSphere 6.2.4/6.2.5 | Upgrading NSX Edge fails after upgrading your environment to NSX for vSphere 6.2.5 with vSphere High Availability (HA) enabled on a cluster with insufficient resources. | Always ensure that your installation follows the best practices laid out for vSphere High Availability (HA). For more information, see KB 1002080. |
| 6 | NSX for vSphere 6.2.1 | Virtual machines configured on Logical Switches where a DHCP relay agent is configured do not obtain IP addresses. | Configure a DHCP server closer (fewer than 10 hops) to the virtual machines requesting addresses and point the DHCP relay to this server. For more information, see KB 2147322. |
GA ANNOUNCEMENT
VMware NSX for vSphere 6.2.6 and 6.3.0 has been released on Thursday, February 2nd and is now available for download.
For more information, see the NSX for vSphere 6.2.6 and NSX for vSphere 6.3.0 Release Notes.
Fixed issues in NSX for vSphere 6.3.0
- Windows VM with NSX Network Introspection driver lose TCP connectivity (2148218)
- NSX Edge uplink interface does not process any traffic after it is disabled and re-enabled (2145468)
- Creating or upgrading the NSX 6.x Edges fails after adding an IPv6 address under NSX Management interface (2127561)
- IPv4 IP address do not get auto approved when SpoofGuard policy is set to Trust On First Use (TOFU) (2144649)
- NSX Edge virtual machine does not failover during a vSphere HA event (2143998)
- NSX Plugin does not appear in Web Client when ESXTOP plug-in installed (2145808)
- Floating Static Routes are preferred to OSPF Dynamic Routes (2147998)
- VM fails to add in Dynamic Security Groups (2146757)
- Netcpa stops running on an ESXi host that runs a Bridging DLR VM (2147181)
- DFW rules change order unexpectedly when published (2146471)
Things to be aware of:
- NSX Data Security and Web Access Terminal has been removed.
- NSX Activity Monitoring has been deprecated and has been replaced by Endpoint Monitoring.
For more information, see the NSX for vSphere 6.3.0 Release Notes.
TOP TRENDING ISSUES
Issues Affecting VMware NSX for vSphere 6.3.0
| Issue #1
Symptom: What is the minimum supported version of vSphere 6.5 with NSX for vSphere 6.3.0? Resolution: The minimum supported version of vSphere 6.5 with NSX for vSphere 6.3.0 is vSphere 6.5a. For more information, see For sites running VMware vSphere 6.5, vSphere update 6.5a is the minimum supported version with NSX for vSphere 6.3.0 (2148841). |
| Issue #2
Symptom: During an upgrade to VMware NSX for vSphere 6.3.0 where an HW VTEP is used in the environment, you may experience these symptoms:
Workaround: Contact VMware Support. To contact VMware support, see Filing a Support Request in My VMware (2006985) or How to Submit a Support Request. VMware can assist in verifying your Hardware Gateway is TLS 1.2 compliant which allows the upgrade to move forward. For more information, see Upgrading to NSX for vSphere 6.3.0 fails when using Hardware Gateway (2148511). |
Issues Affecting VMware NSX for vSphere 6.1.x, 6.2.0, 6.2.1
| Issue #3
Symptom: If there is a cipher chain listed that is separated by commas (“,”), then upgrade from NSX for vSphere 6.1.x, 6.2.0, and 6.2.1 to NSX for vSphere 6.2.5 fails. Resolution: Starting with NSX for vSphere 6.2.6, you can separate the ciphers with colons (“:”) instead of commas (“,”) before the upgrade. |
Issues Affecting VMware NSX for vSphere 6.2.4
| Issue #4
Symptom: Relating to CVE-2016-2107, the NSX Edge OpenSSL package is not updated with 1.0.2j. Resolution: Starting with NSX for vSphere 6.2.6, NSX Edge OpenSSL package has been updated to 1.0.2j. |
Issues Affecting VMware NSX for vSphere 6.2.4/6.2.5
| Issue #5
Symptom: After upgrading your environment to NSX for vSphere 6.2.5 with vSphere High Availability (HA) enabled on a cluster having insufficient resources, you experience this symptom: Workaround: This is as per the design. Refer the table below for the resource reservations used by the NSX Manager if you have not explicitly set values at the time of install or upgrade. NSX Edge
Note: Always ensure that your installation follows the best practices laid out for vSphere High Availability (HA). For more information, see Best practices and advanced features for VMware High Availability (1002080). |
Issues Affecting VMware NSX for vSphere 6.2.1
| Issue #6
Symptom: When configuring DHCP relay agents on distributed logical router in NSX for vSphere, you experience these symptoms:
Resolution: This issue is resolved in NSX for vSphere 6.2.5. For more information, see DHCP relay agents do not function in NSX (2147322). |
VMware Recommended release
NSX for vSphere 6.2.2 is still the “bare minimum” recommended release. For more information, see Minimum recommended version for NSX for vSphere with GID, ESXi, and vCenter Server (2144295).
Note: The Guest Introspection section has been recently updated. The recommended VMware Tools version is 10.1.0 and later.
We would like to hear from you. Send us your feedback by providing comments on the Feedback Box of KB Article Trending support issues in VMware NSX for vSphere 6.x (2131154).
Thank you for helping us continually improve this communication.
