Skyline Advisor Pro Proactive Findings – June Edition

VMware Skyline Advisor Pro releases new Proactive Findings every month. Findings are prioritized by trending issues in VMware Support, issues raised through post escalation review, security vulnerabilities, and issues raised from VMware engineering, and customers.

For the month of June, we released 41 new Findings. Of these, there are 37 Findings based on trending issues, 1 based on VMSAs, and 3 based on post escalation reviews. We picked a few Findings from each of these categories which stand out in this release.

Proactive Customer Advisory

VMware Technical Support developed a customer advisory system. This system is designed as a way for Global Support to communicate critical issues to customers. For information on subscribing to Proactive Customer Advisories, please refer to KB 86378 for details: https://kb.vmware.com/s/article/86378 .

In KB 88742, Under certain conditions a vSAN cluster may experience high guest latency or host disconnects when running vSphere 7.0 U1/U2. vSAN Objects (VM disks, snapshots) while vSAN witness is unavailable may span both sides of the stretch cluster instead of following the specified storage policy. VMware vSAN Objects may be reported as non-compliant with no rebuild. This issue is resolved with vSAN 7.0 U3c and above.

• vSAN-7U1U2unavailable-KB#88742
  • Description: In a VMware vSAN stretched cluster running vSphere 7.0 U1 or U2, high latency or Host disconnects are experienced when attempting to interact with virtual machines within the vSAN cluster.
  • Recommendations: This issue is resolved with vSAN 7.0 U3c and above.
  • Helpful Link: https://kb.vmware.com/s/article/88742
  • Severity: Critical

Note: Proactive Customer Advisory KB link for this issue is https://kb.vmware.com/s/article/88870. Skyline Advisor Pro Findings for https://kb.vmware.com/s/article/88832 and https://kb.vmware.com/s/article/88815 also noted in this PCA will be release in early July.

Post Escalation Review

VMware Technical Support has developed a Post Escalation Review process. We review critical escalations which come into our Escalation Management team and determine steps to prevent these escalations in the future with other customers. One of the outcomes of this process is the creation of Skyline Findings.

In KB 83882, A memory leak condition can occur on an Edge when invalid DHCP traffic targets an IP on the Edge but no DHCP services are configured on the Edge. A dataplane restart is observed which will result in failovers in A/S environments or disruption in A/A environments. Monitoring the available memory in mbuf_pool_socket_0 shows a continuous fall in available memory. This issue is resolved in NSX-T Data Center 3.1.2.

• Finding ID: NSXT-datapathdmemoryleak-KB#83882
  • Description: An NSX-T Edge may experience a datapathd memory leak if it receives invalid DHCP traffic.
  • Recommendations: This issue is resolved in NSX-T Data Center 3.1.2.
  • Helpful Link: https://kb.vmware.com/s/article/83882
  • Severity: Critical

VMware Support Trending Issues

VMware Support trending issues are KBs that have solved a large number of SRs and/or viewed a large number of times.

In KB 85249, ESX Agent Manager (EAM) service on vCenter server does not have a log file rotation parameter by default, and will leave older files present with no cleanup invoked. Due to the new functionality of vSphere Clustering Services in 7.0 Update 1, the amount of polling that occurs with EAM causing these log files to generate quickly and can produce a significant quantity of log files. The impact/risk may be that the /storage/log directory fills up, preventing one or more services from functioning. This can lead to instability of vCenter Server. This issue is resolved in VMware vCenter 7.0 Update 3 (build number 18700403).

• Finding ID: vSphere-localhost_access-KB#85249
  • Description: vCenter has a large number of localhost_access log files generated under /storage/log/vmware/eam/web/.
  • Recommendations: This issue is resolved in VMware vCenter 7.0 Update 3 (build number 18700403).
  • Helpful Link: https://kb.vmware.com/s/article/85249
  • Severity: Moderate

Security Vulnerabilities

In VMSA-2022-0015, VMware Tools for Windows update addresses an XML External Entity (XXE) vulnerability (CVE-2022-22977). A malicious actor with non-administrative local user privileges in the Windows guest OS, where VMware Tools is installed, may exploit this issue leading to a denial-of-service condition or unintended information disclosure. This vulnerability is mitigated in the VMware Tools for Windows version 12.0.5.

• Finding ID: vSphere-CVE-2022-22977-VMSA#202215
  • Description: VMware Tools for Windows update addresses an XML External Entity (XXE) vulnerability (CVE-2022-22977).
  • Recommendations: This vulnerability is mitigated in the VMware Tools for Windows version 12.0.5.
  • Helpful Link: https://www.vmware.com/security/advisories/VMSA-2022-0015.html
  • Severity: Moderate

To review all released Findings for the month of June and all current active VMware Skyline Findings please go to the VMware Skyline Findings Catalog.

Most Viewed Findings in Last 30 Days

Below are the most viewed Findings by users in Skyline Advisor Pro.

1. vSphere-XHCI-USB-controller-VMSA#202204
2. vSphere-VCFEsxRemoteSysLogRule-KB#81648
3. vSphere-CustomizeWindowsGuests-KB#1020716
4. vSphere-VCFEsxNTPRule-KB#81647
5. vSphere-VMmorethan3snapshots-KB#1025279
6. vSphere-VMsnapshotover7days-KB#1025279
7. vSphere-SpectreMeltdown-VMSA#201804-2
8. vSphere-Vmtoolsmemoryleak-KB#76163
9. vSphere-L1TerminalFault-VMSA#201820-3
10. vSphere-Log4jremotecodeexe-VMSA#202128
11. vSphere-CVE-2020-3992-VMSA#202023
12. vSphere-CVE-2022-22943-VMSA#202207
13. vSphere-PSODQLogicFCHBA-KB#83790
14. vSphere-VMToolsCVE20203941-VMSA#202002
15. vSphere-VmUnresponsivememoryleak-KB#2077302
16. vSphere-EsxiBuildInconsistent
17. vSphere-VCFNoDVS-KB#81639
18. vSphere-CVE-2021-21997-VMSA#202111
19. vSphere-VCFVMMonitoring-KB#81636
20. vSphere-PSODQLFE3-KB#82237