Cloud Skyline Support Experience

Skyline Advisor Proactive Findings – October Edition

VMware Skyline Advisor releases new Proactive Findings every month. Findings are prioritized by trending issues in VMware Support, issues raised through Post Escalation review, Security vulnerabilities, and issues raised from VMware engineering, and customers.

For the month of October, we released 14 new findings. Of these, there are 7 findings based on trending issues, 5 based on post escalation reviews, and 2 based on VMware Security Advisories. We picked a few findings from each of these categories which stand out in this release.

VMware Support Trending Issues

VMware Support trending issue are KBs that have solved a large number of SRs and/or viewed a large number of times.

In KB 86100, ESXi hosts are PSODing after customers are upgrade to 7.0U3. Customer impacted environments are HA enabled clustered with Thin provided VMs on VMFS6, so there is a high risk of customers hitting this issue after upgrade. KB 86100 is considered trending by Global Services because even though the KB has been public for only a week, it has been viewed over 13,000 times.

  • Finding ID: vSphere-PSODNMIPIPCPU-KB#86100
    • Description: ESXi host fails with a backtrace NMI IPI: Panic requested by another PCPU.
    • Resolution: This issue is resolved in VMware vSphere ESXi 7.0 U3a and later
    • Helpful Link: https://kb.vmware.com/s/article/86100
    • Severity: Critical

Security Vulnerabilities

We have released two additional rules on VMSA-2021-0020. These rules cover the MODERATE level CVEs for vCenter 6.5 and vCenter 7.0. Below are the 3 rules for VMSA-2021-0020.

  • Finding ID: vSphere-MultipleVCVulnerabilites-VMSA#202120
    • Description: VMware vCenter Server 7.0 and 6.7 updates addressing multiple security vulnerabilities. (CVE-2021-22005, CVE-2021-21991, CVE-2021-21992, CVE-2021-21993, CVE-2021-22006, CVE-2021-22007, CVE-2021-22008, CVE-2021-22009, CVE-2021-22010, CVE-2021-22014, CVE-2021-22015, CVE-2021-22019, CVE-2021-22020, CVE-2021-22011, CVE-2021-22016, CVE-2021-22017).
    • Resolution: This issue is resolved in VMware vCenter 7.0 Update 2c (18356314) / This issue is resolved in VMware vCenter 6.7 Update 3o (18485166)
    • Helpful Link: https://www.vmware.com/security/advisories/VMSA-2021-0020.html
    • Severity: Critical
  • Finding ID: vSphere-MultiVCVulnerabilites-VMSA#202120
    • Description: VMware vCenter Server 6.5 update addressing multiple security vulnerabilities. (CVE-2021-21991, CVE-2021-21992, CVE-2021-21993, CVE-2021-22008, CVE-2021-22009, CVE-2021-22011, CVE-2021-22017, CVE-2021-22012, CVE-2021-22013, CVE-2021-22014, CVE-2021-22015, CVE-2021-22019).
    • Resolution: This issue is resolved in VMware vCenter 6.5 Update 3q (18499837).
    • Helpful Link: https://www.vmware.com/security/advisories/VMSA-2021-0020.html
    • Severity: Moderate
  • Finding ID: vSphere-CVE-2021-22011-22018-VMSA#202120

Post Escalation Review

VMware Support has developed a Post Escalation Review process. We review critical escalations which come into our Escalation management team and determine steps to prevent these escalations in the future with other customers. One of the outcomes of this process is the creation of Skyline Findings.

One of VMware largest customers hit multiple issues in their environment causing a very critical escalation. Unfortunately for this customer they were not using Skyline Advisor and could have prevented the outage and escalation. If the customer was using Skyline Advisor, they would have received the finding for KB 83243 and we added a finding for KB 76656 after the escalation review.

In KB 76656, ESXi hosts could potentially have NICs go offline due to a Rx queue overflow issue. This happens when customers use Jumbo Frames on partial ESXi versions. KB 83243 which was released back in May is a similar Rx queue overflow issue but is more critical packet loss issue with Network adapters over 25gb.

  • Finding ID: vSphere-9000MTUNicDown-KB#76656
    • Description: Few NICs are down with error,[vmnicX : 0x45021b04c000] Failed to bring up link.’.
    • Resolution: This issue is resolved in VMware ESXi 7.0 Update 1 (build number 16850804).
      • Please reference the KB link for steps to increase the RX queues to workaround this issue. Skyline Advisor is checking for this valid workaround.
    • Helpful Link: https://kb.vmware.com/s/article/83629
    • Severity: Moderate
  • Finding ID: vSphere-25GB9000MTUPacketLoss-KB#83243
    • Description: RX packet drops seen on 25Gb network adapters due to page allocation failure ‘Failed to allocate all, init’ed rx ring’.
    • Resolution: This issue is resolved in VMware ESXi 7.0 Update 1 (build number 16850804).
      • Please reference the KB link for steps to increase the RX queues to workaround this issue. Skyline Advisor is checking for this valid workaround.
    • Helpful Link: https://kb.vmware.com/s/article/83243
    • Severity: Critical

To review all released Findings for the month of October and all current active VMware Skyline findings please go to the VMware Skyline Findings Catalog.

Most Viewed Findings in Last 30 Days

Below are the most viewed Findings by users in Skyline Advisor.

  1. vSphere-VMFS-L-SDCards-KB#83376
  2. vSphere-CustomizeWindowsGuests-KB#1020716
  3. vSphere-VCFEsxNTPRule-KB#81647
  4. vSphere-MultipleVCVulnerabilites-VMSA#202120
  5. vSphere-CVE-2020-3992-VMSA#202023
  6. vSphere-VMmorethan3snapshots-KB#1025279
  7. vSphere-VCFEsxRemoteSysLogRule-KB#81648
  8. vSphere-SpectreMeltdown-VMSA#201804-2
  9. vSphere-DisablePowerManagement-KB#1018206
  10. vSphere-VmUnresponsivememoryleak-KB#2077302
  11. vSphere-PSODQLFE3-KB#82237
  12. vSphere-Vmtoolsmemoryleak-KB#76163
  13. vSphere-PSODQLogicFCHBA-KB#83790
  14. vSphere-CVE-2021-21997-VMSA#202111
  15. vSphere-L1TerminalFault-VMSA#201820-3
  16. vSphere-PSODigbnPFException14-KB#67686
  17. vSphere-iscsiesxibooting-KB#79694
  18. vSphere-CVE-2021-21999-VMSA#202113
  19. vSphere-PSODQFLE3-KB#79058
  20. vSphere-MissingBootbank-KB#83963

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *