Skyline Advisor Pro Proactive Findings – December Edition

VMware Skyline Advisor Pro releases new proactive Findings every month. Findings are prioritized by trending issues in VMware Technical Support, issues raised through post escalation review, security vulnerabilities, issues raised from VMware engineering, and nominated by customers.

For the month of December, we released 44 new Findings. Of these, there are 36 Findings based on trending issues, 5 based on VMSAs, and 3 based on post escalation reviews. We picked a few Findings from each of these categories which stand out in this release.

Post Escalation Review

VMware Technical Support has developed a Post Escalation Review process. We review critical escalations which come into our Escalation Management team and determine steps to prevent these escalations in the future with other customers. One of the outcomes of this process is the creation of Skyline Findings.

In KB#89391, After upgrading VC to 7.0 U3 or while running on 7.0 U3, all hosts in the environment enter a not responding state. The vCenter logs state that the host moved to this state due to missing heartbeats, even though heartbeats are showing as received on the network of the VCSA. Usually, this is caused by a lock which is blocking heartbeats. Some common causes of this issue can be the password of ESX user “vpxuser” is out of sync with the password maintained by vpxd or connection failure from vpxd to ESX host after ~120 seconds timeout. This issue is resolved in vSphere ESXi 7.0 U3i

Finding ID: vSphere-ESXiNotResponsive-KB#89391
- Description: ESXi hosts becomes not responding in the vCenter due to missing heartbeats.
- Helpful Link: https://kb.vmware.com/s/article/89391
- Severity: MODERATE

VMware Technical Support Trending Issues

VMware Technical Support trending issues are KBs that have solved many SRs and/or viewed many times.

In KB#87706, Cannot change vCenter service account or password in vRealize Automation,the configuration fails to load and the endpoint cannot be saved. Data collection and provisioning to this endpoint fails due to the invalid credentials. This issue occurs due to Provisioning Service passing the vSphere region enumeration adapter an authCredentialsLink, which points the adapter to the existing credentials in the inventory, rather than using the newly supplied username and password. Region enumeration fails and prevents the user from saving the endpoint. This issue is resolved in vRealize Automation 8.7.

Finding ID: VRA-vCenterPassword-KB#87706
- Description: Cannot change vCenter password in vRealize Automation
- Helpful Link: https://kb.vmware.com/s/article/87706
- Severity: MODERATE

Security Vulnerabilities

In VMSA-2022-0027, NSX for vSphere contains a remote code execution vulnerability via XStream open-source library. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.8. Due to an unauthenticated endpoint that leverages XStream for input serialization in NSX for vSphere, a malicious actor can get remote code execution in the context of ‘root’ on the appliance. This vulnerability is mitigated with NSX for vSphere 6.4.14.

Finding ID: NSXv-CVE-2021-39144-VMSA#202227
- Description: NSX for vSphere update addresses a remote code execution vulnerability via XStream (CVE-2021-39144)
- Helpful Link: https://www.vmware.com/security/advisories/VMSA-2022-0027.html
- Severity: CRITICAL

To review all released Findings for the month of December and all current active VMware Skyline Findings please go to the VMware Skyline Findings Catalog.

Most Viewed Findings in Last 30 Days

Below are the most viewed Findings by users in Skyline Advisor Pro: