What's New

• Content Hub - Enhanced Catalog and Content Management

  This release introduces a completely new user experience to providers and tenants for accessing application images, such as vApp Templates, ISO files, and container application images in the form of Helm charts. Providers can create and share to tenants catalogs that are backed by the local VMware Cloud Director storage, or populated with application images that are imported from VMware Marketplace and third-party Helm chart repositories. Content Hub merges the existing VMware Cloud Director Catalog and App Launchpad into a unified experience for tenants and providers. Content Hub does not require installing any additional components. See Working with External Sources for Application Images in the VMware Cloud Director Service Provider Admin Guide and Working with External Resources for Application Images in the VMware Cloud Director Tenant Guide.

• NSX Federation with VDC Groups

  VMware Cloud Director now supports NSX Federation. You can register an NSX Global Manager instance that coordinates security policies across regional local NSX Manager instances in your VMware Cloud Director environment. You can include up to 4 NSX Manager instances in a single VDC Group. Using NSX Federation with VMware Cloud Director is limited to Stretched Tier 0 and Tier 1 Gateways. This means that the provider gateway that is associated with your global NSX Manager instance and with a data center group defines the boundaries of the data center group. By leveraging NSX Federation, you have more choices in establishing networking availability zones by disaggregating NSX Manager instances across regional data centers. See Managing NSX Federation in the VMware Cloud Director Service Provider Admin Guide and Using NSX Federation in the VMware Cloud Director Tenant Guide.

• NSX Advanced Load Balancer HTTP Policies

  VMware Cloud Director 10.5 provides a tenant self-service UI for NSX Advanced Load Balancer HTTP policies configuration for virtual services. The functionality includes HTTP request, HTTP response, and HTTP security policies. You can use HTTP request policies to modify requests before they are either forwarded to the application, used as a basis for content switching, or discarded. You can use HTTP response policies to evaluate and modify responses and response attributes that a virtual application returns. Finally, you can also use HTTP security policies to configure allowing or denying certain requests, to close a TCP connection, to redirect a request to HTTPS, to apply a rate limit, or to provide a static page response in case of an outage. See Configuring HTTP Policies for a Virtual Service.

• IP Spaces Migration UI Wizard

  You can use the IP Spaces Migration UI wizard to migrate any provider gateway in your environment to IP spaces from the legacy IP blocks. See Migrate a VMware Cloud Director Provider Gateway to Using IP Spaces.

• BGP Enhancements

  The new BGP route maps tab allows customers to specify additional configurations for route redistribution. The route maps are only available to provider gateways that use IP spaces. You can configure route maps with IP prefixes and community lists that are defined on the provider gateway in the other BGP tabs.

• Improved Firewall Rules UI

  VMware Cloud Director 10.5 provides enhanced user experience for firewall rule expressions. You can now create a single firewall rule and, optionally, position it at a specific position in the rules list, and reorder a single firewall rule without editing the entire list of existing firewall rules. You can also add ranges and individual IP addresses directly into the firewall rule Source and Destination text boxes. Firewall rules now have a loggingId element that corresponds to the NSX rule_id.

• Generation of Autoconfigured Default NAT and Firewall Rules for Edge Gateways and Provider Gateways

  If you are using IP spaces, you can generate and apply autoconfigured default SNAT, NO SNAT, and firewall rules on edge gateways and provider gateways in your environment. VMware Cloud Director autoconfigures the SNAT, DNAT, and firewall rules depending on the topology of the relevant IP spaces and their external and internal scopes. See Autoconfigure Default NAT and Firewall Rules on a Provider Gateway and Autoconfigure NAT and Firewall Rules on an NSX Edge Gateway in VMware Cloud Director.

• Catalog Publish – Subscribe Performance Improvements

  We have significantly reduced the time it takes to sync content during in catalog publish-subscribe across Cloud Director instances. The publish – subscribe sync is also more resilient with respect to data transfer disruptions. In our testing catalog sync of a vApp template of size 10 GB that would take over 1 hour to sync in previous releases would now complete in under 15 minutes. This was achieved by breaking up data into chunks and introducing concurrency in data transfer.

• Ability to Upgrade Solution Add-Ons and to Publish Solution Add-Ons to Tenants

  VMware Cloud Director 10.5 introduces the ability to upgrade your solution add-on instances when a new version becomes available. You can also publish solution add-ons to some or to all of your tenants. See Using Solution Add-Ons with VMware Cloud Director.

• Leverage Shared Datastores Across Multiple vCenter Servers

  In earlier releases, when moving VMs across different vCenter Servers, the placement engine did not consider the shared datastores between the vCenter Servers. This resulted in a copy operation involving export and import of the OVF. Starting with VMware Cloud Director 10.5, the placement engine provides shared datastore recommendations to prevent the OVF export and import workflow, and optimizes the move operation by making it faster.

• Tenant Migration enhancements

  In earlier VMware Cloud Director releases, Migrate Tenant Storage would select all the VMs which have at least one disk on the selected source datastores and move the entire VMs and its disks regardless of whether the disks were on the selected source datastores. Starting with VMware Cloud Director 10.5, this behavior is controlled by the Migrate Entire Virtual Machine property. Setting this property to false results in only moving the disks that are on the source datastores.

• VM discovery enablement at the organization and organization VDC levels

  In previous releases, you can configure VM discovery in VMware Cloud Director at the global level, organization level, and organization VDC level but the global level had precedence over the organization level and the organization level had precedence over the organization VDC level. In versions 10.4.x and earlier, if VM discovery is deactivated at the global level, you cannot activate it at the organization or organization VDC level. Starting with VMware Cloud Director 10.5, you can override the global level VM discovery setting at the organization and organization VDC levels. If you use the /api/admin/extension/settings/general API to set the AllowOverrideOfVmDiscoveryByOrgAndOVDC parameter to true, the organization and organization VDC VM discovery behavior can override the setting at the global level. See Discovering and Adopting vApps.

• vCenter Server can back both a provider VDC and a dedicated vCenter Server instance

  Starting with VMware Cloud Director 10.5, a provider administrator can activate two advanced settings so that a vCenter Server instance can back both a provider VDC and a dedicated vCenter Server instance. This is an advanced configuration that exposes risks and must only be activated by experienced VMware Cloud Director administrators. For information, see Managing Dedicated vCenter Server Instances in VMware Cloud Director.

VMware Cloud Provider Blog

Security

• Photon OS 3.0 Security Updates

  VMware Cloud Director appliance version 10.5 includes Photon OS 3.0 security updates for advisories up to and including PHSA-2023-3.0-0687. See the Photon OS 3.0 Security Advisories.

• VMware Cloud Director STIG Readiness Guide

  The VMware Cloud Director 10.4 STIG Readiness Guide is also applicable to VMware Cloud Director 10.5.

Product Support Notices

• New - PostgreSQL 11 End of Life Notice

  The final release of PostgreSQL 11 occurred on November 9, 2023. PostgreSQL version 11 is currently unsupported. If you are using an external PostgreSQL configuration, consider upgrading to a later major version.

• Optional email for users and SMTP server behavior is deprecated

  In VMware Cloud Director 10.5 and earlier versions, email is optional for all users, local or those imported from an external identity provider (IDP). However, starting with version 10.5, this behavior is deprecated and you must ensure that emails are present for all users. For local users, enter a valid email address. For users imported from an external IDPs integrated with VMware Cloud Director, verify that the integrations are properly configured to ensure that the emails are synchronized from the identity providers for of all users. In a future release, the user emails will need to be available to VMware Cloud Director for all users and certain functions will become unavailable for users without an email address.

  In VMware Cloud Director 10.5, configuring an outbound SMTP server is optional. In a future release, configuring an outbound SMTP server will be mandatory for service providers.

• VMware Cloud Director API versions 35.x and 36.x are deprecated and will be unsupported starting with the next major VMware Cloud Director release.

• VMware Cloud Director API versions 33.0 and 34.0 are not supported.

• Accelerated API Deprecation

  VMware Cloud Director API 38.0 (VMware Cloud Director 10.5) contains APIs that are under accelerated deprecation and will be removed in future releases. See the VMware Cloud Director API Programming Guide.

• VMware Cloud Director API version 38.0 and later do not support the /api/sessions API login endpoint

  The /api/sessions API login endpoint is deprecated since VMware Cloud Director API version 33.0. For version 38.0 and later, the /api/sessions API login endpoint is no longer supported. You can use the VMware Cloud Director OpenAPI login endpoints to access VMware Cloud Director.

  • Service provider access to the system organization- POST cloudapi/1.0.0/sessions/provider

  • Tenant access to all other organizations apart from the system organization- POST cloudapi/1.0.0/sessions

  As per the backward compatibility commitment of VMware Cloud Director, versions 37.2 and earlier continue to support the /api/sessions API login endpoint.

Upgrading from Previous Releases

System Requirements and Installation

• Ports and Protocols
• Compatibility Matrix
• Supported VMware Cloud Director Server Operating Systems
• Supported AMQP Servers
• Supported Databases for Storing Historic Metric Data
• Disk Space Requirements
• Memory Requirements
• CPU Requirements
• Required Linux Software Packages
• Identity Provider Support
• Supported Security Protocols and Cipher Suites
• Supported Browsers
• Supported Guest Operating Systems and Virtual Hardware Versions

Resolved Issues

• VMware Cloud Director does not publish to RabbitMQ an event for creation of an IP set on an NSX edge gateway

  When you add an IP set to an NSX edge gateway, VMware Cloud Director does not publish this event to RabbitMQ and you cannot see the event in the RabbitMQ client.

• The Event Details dialog displays incorrect values for a VM hard disk

  After updating the hard disk size of a VM, instead of displaying the updated size value, the Event Details dialog continues to display the old size value.

  This happens because the event details are pulled from the VMware Cloud Director database before the completion of the update operation.

• An attempt to update the limit on IOPS per disk fails with a Cannot read properties of null error for a user without View Disk IOPS rights

  If you log in as a user without View Disk IOPS rights, an attempt to update the limit on IOPS per disk fails with a Cannot read properties of null error message.

• VMware Cloud Director fails to assisgns the default organization VDC storage policy when creating a new VM from a template

  When creating a new VM from a template, instead of assigning the default organization VDC storage policy, VMware Cloud Director assigns the first storage policy from an alphabetized storage policy list available to the organization.

• When you upload an OVA file to create a vApp or a vApp template, the operation fails with a Duplicate element 'AddressOnParent' error message.

  If you upload an OVF file with a hard disk attached to IDE Controller 0 and a CDROM attached to IDE Controller 1 to create a vApp template, downloading this vApp template as a single OVA file results in a corrupted OVA file. If you then upload the OVA file to create a vApp or a vApp template, the operations fails with an error message.

  The following error was encountered while processing the OVF file you provided: Line 81: Duplicate element 'AddressOnParent'.

• Configuring and updating the IPsec VPN and L2 VPN tunnels fail with a Cannot create or update VPN Tunnel error message

  When you attempt to configure a new or update an existing IPsec VPN or L2 VPN tunnel, the operation fails with an error message.

  Cannot create or update IPSec VPN Tunnel

  Cannot create or update L2 VPN Tunnel

• When you move a vApp to another organization VDC, the vApp description is lost

  When you move a vApp from one organization VDC to another, the description for the vApp is not preserved.

• Adding the DNS IP address to an IPv4 DHCP binding in an isolated network fails with an Internal Server error message

  In an isolated network, when you remove and add again the DNS IP address to an existing IPv4 DHCP binding, the operation fails with an Internal Server error message.

• Creating vApp from an OVF package fails with an Invalid value '9' for attribute 'instanceId' on element 'BootOrderSection' error message

  When you attempt to create a vApp from an OVF, the operation fails with an error message.

  Invalid value 'ovf:/disk/vmdisk' for element 'HostResource'.Line 484: Invalid value '9' for attribute 'instanceId' on element 'BootOrderSection'..

  This happens because when generating the OVF, VMware Cloud Director tends to overwrite the source input data and use its own instance IDs for the disk and CD ROM.

• Importing a VM from vCenter Server fails with a NO_FEASIBLE_PLACEMENT_SOLUTION error message

  When importing a VM from vCenter Server, if the VM resides in a VDC resource pool that is managed by VMWare Cloud Director, but the default placement policy dictates that this VM must be placed in a different cluster than the one it currently resides in, the operation fails with an error message.

  NO_FEASIBLE_PLACEMENT_SOLUTION

• Adding a new VM to a vApp fails with a Requested disk size for virtual machine exceeds maximum allowed capacity error message

  If a system administrator adds a VM to a vApp and the hard disk of this VM disk exceeds the configured maximum hard disk size, when an organization administrator attempts to add new VM to the same vApp, the operation fails with an error message.

  Requested disk size for virtual machine exceeds maximum allowed capacity

• VMware Cloud Director does not apply the constraint for maximum length when editing the guest properties of a vApp

  If you configure a constraint for the maximum length of a vApp guest property string, when editing this vApp, VMware Cloud Director does not apply the constraint and you can enter longer string values.

• Changing the default sizing and storage policy on a VM fails with an error message

  If the default VM sizing policy has 100% memory reservation and a VM is assigned with this default policy, changing the sizing or storage policy of this VM fails with an error message.

  After policy was applied to VM, memory or cpu limits were below their reservations. Memory Limit: 1,024, Memory Reservation: <value>, Cpu Limit: <value>, Cpu Reservation: <value>

Known Issues

• New - When using the CloudAPI to create or update an organization, you cannot set to true the canPublish flag

  When using the CloudAPI to create an organization or update an organization enabling it to publish catalogs, the canPublish field remains false, despite you setting the value to true. The legacy API is not affected.

  Workaround: Use the VMware Cloud Director UI to activate or deactivate the option to Publish catalog externally for an organization.

• New - In the Kubernetes Container Clusters UI plugin, the Kubernetes Version dropdown menu in the cluster creation wizard for a TKGs cluster displays a spinner indefinitely.

  On the Kubernetes Policy page in the cluster creation wizard, the Kubernetes Version dropdown selection displays a spinner indefinitely. This occurs due to the supported Kubernetes version API sending an invalid response to the Kubernetes Container Clusters UI plugin, so the UI plugin fails to parse it.

  Workaround: None.

• New - After reverting a virtual machine to a snapshot, the guest operating system does not automatically roll back to a previous version

  If you upgrade the guest operation system of a virtual machine after taking a snapshot, after reverting to the snapshot, the guest operation system does not automatically roll back to a previous version.

  Workaround: None.

• New - Any update to a VM triggers a relocation even when the current location can still accommodate the VM

  The issue occurs because of missing per-disk datastore requirements that also pin the disks.

  Workaround: Deactivate Storage DRS.

• New - After upgrading a VMware Cloud Director appliance, the management API and the management UI report an incorrect older version of the appliance

  The problem occurs because the VMware Cloud Director appliance management API uses a different source of truth for obtaining the current version of the VMware Cloud Director appliance than the vamicli version --appliance command. This alternate source of truth is not always being updated during the appliance upgrade causing incorrect information to appear.

  Workaround: Use the vamicli version --appliance command to verify the VMware Cloud Director appliance version.

• New - While adding an NSX edge gateway firewall rule, you cannot select the applications for which the rule applies

  While adding an NSX edge gateway firewall rule, if you try clicking the pencil icon next to Applications , the list of applications you can select to apply to the rule does not appear.

  Workaround: Move the mouse pointer away from the pencil icon. As a result, the list of the applications appears.

• New - VMware Cloud Director assigns the vGPU policy to a newly deployed virtual machine tagged with the general purpose policy

  If you add a newly deployed virtual machine to a vApp and you tag the virtual machine with the general purpose policy, VMware Cloud Director assigns the vGPU policy instead.

  Workaround: None.

• New - When you deploy a VM from a template with a storage policy that includes a configured IOPS limit, after deployment, the VM disks do not have an IOPS limit configured or have a different IOPS limit

  The problem occurs because the the I/O Operations Per Second (IOPS) limit set in the VM template overrides the storage policy's IOPS limit. For example, if the VM template does not have a configured IOPS value, after deployment, the VM disks do not have a configured IOPS limit.

  Workaround: You can use vApp templates, or edit the VM after deployment.

• New - When sharing vApps with users, you can navigate to nonexistent pages

  When sharing vApps with users, the buttons to go to the previous or next page are available even though you are already on the respective first or last page. As a result, you can navigate to pages that do not exist and do not have content.

  Workaround: None.

• New - VMware Cloud Director backup fails

  If you use Ubuntu or Linux distributions that are based on Debian as NFS for the VMware Cloud Director appliance, the NFS server cannot be configured appropriately to support the creation of backups through the PostgreSQL user.

  Workaround: Depending on the file that the appliance has, run the following commands from appliance's secure shell as the root user.

  • If the appliance has the /opt/vmware/appliance/bin/create-db-backup file, run the following command.

  sed -i '/PG_BACK_UP() {/,/}/ { /PG_BACK_UP() {/!{ /}/!d }}; /PG_BACK_UP() {/ a\su - postgres -c "$VMWARE_POSTGRES_BIN\/pg_dump -v -Fc \$DBNAME" > \$DB_DUMP_PATH 2>> \$LOG_FILE' /opt/vmware/appliance/bin/create-db-backup

  • If the appliance has the /opt/vmware/appliance/bin/create-backup.sh file, run the following commands.

  sed -i '/DB_BACKUP() {/,/}/ { /DB_BACKUP() {/!{ /}/!d }}; /DB_BACKUP() {/ a\su - postgres -c "$VMWARE_POSTGRES_BIN\/pg_dump -v -Fc \$DBNAME" > \$DB_DUMP_PATH 2>> \$LOG_FILE' /opt/vmware/appliance/bin/create-backup.sh

  sed -i '/DB_USER_BACKUP() {/,/}/ { /DB_USER_BACKUP() {/!{ /}/!d }}; /DB_USER_BACKUP() {/ a\su - postgres -c "$VMWARE_POSTGRES_BIN\/pg_dumpall --roles-only | grep -e '\''CREATE ROLE vcloud;\\|ALTER ROLE vcloud WITH'\''" > \$BACKUP_DIR\/vcloud-user.sql' /opt/vmware/appliance/bin/create-backup.sh

• New - Editing the general settings of an edge gateway removes any connected external network

  If an edge gateway has a connected external network, when you use the VMware Cloud Director Tenant Portal to change any of the edge gateway settings under the General tab, saving the settings removes the connected external network.

  Workaround: Use the API to edit the general settings of the edge gateway.

• New - You cannot select NIC IP mode when creating a new VM connection during vApp deployment from a template

  The problem occurs in the vApp creation wizard when you start creating a new VM. The VMware Cloud Director UI freezes in the wizard when you try to change the IP mode while adding a new NIC connection.

  Workaround: Create the VM connection after creating the vApp.

• New - If you create a vApp network while copying a VM, when you close the Copy VM modal, an infinity spinner appears

  When you copy VMs to a target vApp, if you create a new vApp network in the target vApp and connect the source VMs to the newly created target vApp's network, closing the modal causes the spinner to appear, but it does not disappear once the copy operation is completed. This problem occurs only when a new vApp network is created during the copy process and does not occur when you copy VMs without creating a vApp network.

  Workaround: Navigating to another page and returning to the VM list reloads the grid and the spinner disappears.

• New - The VMware Cloud Director API does not return some provider VDCs as merge candidates

  If you attempt to get merge candidates for a provider VDC and there are more provider VDCs in the system than the value specified in the page size query parameter, the merge candidate API only processes the first page size number of provider VDCs to check if they are merge candidates and ignores the other provider VDCs in the system.

  Workaround: To ensure the VMware Cloud Director API processes all the provider VDCs, specify a page size greater than or equal to the number of provider VDCs in the system.

• New - If a media file is backed by a specific VDC storage, recursive and force deleting of the VDC automatically deletes the media file instead of showing an error message

  If you upload a media file to a catalog with a storage policy associated with an organization VDC, when you delete the VDC, VMware Cloud Director deletes all media files that the VDC backs.

  Workaround: None.

• New - Some operations on replication tracking VMs might fail with a vim.fault.MethodDisabled exception from vCenter stating that VMware Cloud Director disabled the method

  To increase the stability of replication tracking VMs, VMware Cloud Director has a list of methods that are deactivated by default for every state of a replication tracking VM. However, in some use cases, the default list might be too restrictive.

  Workaround: Edit the list of methods by changing the configuration values using the VMware Cloud Director API or cell management tool (CMT).

  • For the configurations API, use urn:vcloud:configuration:TestFailoverModeRtVmDisabledMethods and urn:vcloud:configuration:ReplicationModeRtVmDisabledMethods to view and change the list of deactivated methods.

  • Alternatively, use the TestFailoverModeRtVmDisabledMethods and ReplicationModeRtVmDisabledMethods cell management tool commands to change the VMware Cloud Director configuration values.

• New - Uploading a vApp template from an OVF fails with A specified parameter was not correct: profileId error

  When attempting to upload a vApp template from an OVF which contains both a StorageGroupSection and a BootOrderSection to a VDC backed by vCenter 8.0U2, the upload fails with the A specified parameter was not correct: profileId error. This problem can also occur when performing catalog synchronization or importing applications from VMware Marketplace into VMware Cloud Director. The problem occurs only on version 8.0U2 of vCenter.

  Workaround: Remove the BootOrderSection or the StorageGroupSection from the OVF and attempt the upload again.

• New - If the default policy for your organization VDC is a vGPU policy, you might not be able to create a general purpose VM

  When trying to create a general purpose VM, if the organization VDC's default policy is a vGPU policy and the organization VDC has zero or one VM sizing policy, a You need to select either sizing or placement compute policy error appears.

  Workaround: Assign to the organization VDC at least 2 VM sizing policies or a single VM placement policy.

• New - When you open the Container Applications page, a NullPointerException is thrown

  In the VMware Cloud Director Tenant Portal, when you open the Container applications page, a NullPointerException is thrown. When you filter container applications by cluster, the NullPointerException does not appear.

  Workaround: To see the container applications, on the Container Applications page, use the Advanced Filtering option on the to filter by cluster.

• New - When you use the multiselect option for VM operations, the selection is not cleared and causes inconsistencies and duplicate actions

  Using the VMware Cloud Director Tenant Portal UI, if you use the multiselect option to perform an operation on multiple VMs, once you start the operation the selection appears to be cleared but the selection counter retains the selected VMs. Afterwards, if you try to perform another operation, VMware Cloud Director creates tasks for both selections. This problem creates duplications which can cause operations to fail.

  Workaround: Reload the page to reset the selection.

• New - When working with container applications, the installation values in Manifest Editor might appear empty

  The installation values might appear empty in the VMware Cloud Director Tenant Portal if you select an app from the marketplace. The VMware Cloud Director UI mishandles the chart file content, resulting in empty installation values.

  Workaround: There are two ways to work around this problem:

  • Download the chart file and paste its values.yaml content into the Manifests Editor.

    1. Click Show Advanced Settings and find the file transfer link from the browser console, for example, https://example.vmware.com/transfer/.../file.

    2. Copy the transfer link into the browser address bar to download the file.

    3. Extract values.yaml from the downloaded file binary, and paste its contents into the Manifests Editor.

  • Alternatively, add the public Bitnami helm chart repository as a catalog source, and import the charts.

• New - Attempting to modify the port for the NSX Edge load balancer pool fails with an INTERNAL_SERVER_ERROR

  After you delete a virtual service, trying to update the pool which was previously connected to the deleted virtual service fails with an INTERNAL_SERVER_ERROR. For example, changing the port for the pool fails.

  Workaround: None.

• New - Deleting an organization in VMware Cloud Director UI fails with a You must delete this Organization's Application Port Profiles before you can delete the organization error

  If application port profiles are created on an edge gateway associated with an organization, attempting to delete the organization fails. The issue occurs because VMware Cloud Director deletes the edge gateways before deleting the port profiles, which causes the following error.

  com.vmware.vcloud.api.presentation.service.InvalidStateException: You must delete this Organization's Application Port Profiles before you can delete the organization.

  Workaround: Use the VMware Cloud Director API to force delete an organization and to delete the stranded application port profiles associated with it. See Delete Stranded Application Port Profiles from VMware Cloud Director.

• New - You cannot access the Service Provider Admin Portal and the VMware Cloud Director Tenant Portal after rebooting the VMware Cloud Director VM

  If you reboot the VMware Cloud Director VM by using a method other than using the vSphere Client, for example, by using vSphere High Availability or VMware Host Client, you cannot access the Service Provider Admin Portal and the VMware Cloud Director Tenant Portal. The problem occurs because after the reboot, the deployment OVF parameters are deleted from the ovfEnv.xml file, and the cell cannot be accessed.

  Workaround: Power off and then power on the VMware Cloud Director VM by using the vSphere Client.

• New - You cannot edit the metadata of an organization

  If you use the VMware Cloud Director API to create two metadata entries for an organization using the same name for the entries, you cannot edit these metadata entries by using the UI because the Save button in the Edit Metadata wizard is not active.

  Workaround: Use the VMware Cloud Director API to edit the name of one of the metadata entries.

• New - VM does not receive the DNS Server IP addresses from the DHCP scope that is defined in the vApp network

  When you connect a VM to a routed vApp network in DHCP IP mode, the VM does not receive the DNS addresses defined in the DHCP scope.

  Workaround: Using NSX Manager, manually configure the DNS servers in the routed vApp network segment.

• New - API clients throw Invalid mime type errors for responses from multisite VMware Cloud Director APIs

  If the multisite field in the response header values specifies a list of organizations, the API client generates the following error.

  org.springframework.util.InvalidMimeTypeException: Invalid mime type 

  The issue occurs because the VMware Cloud Director API returns an illegal @ character in the MIME (Multipurpose Internet Mail Extensions) type headers of the response. You can ignore the error because VMware Cloud Director continues to function properly.

  Workaround: None.

• New - An attempt to delete an IP space uplink fails without an error message

  If you create an IP space uplink and the associated IP prefixes or the IP addresses are in use, an attempt to delete the IP space uplink fails without an error message.

  Workaround: None.

• New - All VM consoles disconnect after one minute

  When a system user opens the Web Console or the VMware Remote Console (VMRC), after one minute, the console automatically closes. Because the Web Console always retries to connect after a disconnect, this problem might stay unnoticed, but a console you open through VMRC remains disconnected. The problem occurs because the monitoring that ends VM console sessions for deactivated users incorrectly ends the VM console sessions of all service provider users after the default interval of one minute.  The problem does not affect tenant users of VMware Cloud Director.

  Workaround:

  • Log in to VMware Cloud Director with a tenant account.

  • Alternatively, you can deactivate the monitoring that ends VM console sessions for deactivated users. If you deactivate the monitoring, VMware Cloud Director will not end VM console sessions of deactivated users.

    1. Log in directly or by using an SSH client to the OS of a VMware Cloud Director cell as root.

    2. Change the default value of the configuration settings.

       cd /opt/vmware/vcloud-director/bin
       ./cell-management-tool manage-config -n console-proxy.monitor-interval-ms -v 9223372036854775807

    3. To verify the current value, run the following command.

       ./cell-management-tool manage-config -n console-proxy.monitor-interval-ms -l

  See KB article 95214.

• New - When using the VMware Cloud Director Customize Portal, trying to customize the platform links fails

  When using the Customize Portal feature in the VMware Cloud Director Service Provider Admin Portal, if you make changes to the platform links in a custom theme and save them, the changes do not persist.

  Workaround: See VMware knowledge base article 94970.

• New - The Container Applications page does not list any container applications and shows a NullPointerException warning

  After removing a VMware Cloud Director Container Service Extension cluster, the Container Applications page does not display any container applications and a NullPointerException warning appears.

  Workaround: Before removing a cluster, remove all container applications deployed into it. Alternatively, using the VMware Cloud Director Tenant Portal, open the advanced filtering dialog box to filter the container applications by cluster.

• New - When using the multisite feature, you cannot create and manage VMware Marketplace and Helm chart repository connections from the Service Provider Admin Portal

  If you are a service provider and you use the VMware Cloud Director multisite feature, you cannot create and manage VMware Marketplace resources and Helm chart repository resources using the Service Provider Admin Portal.

  This issue does not affect tenants.

  Workaround: You can use the VMware Cloud Director API to create and manage VMware Marketplace resources and Helm chart repository resources.

• New - Deploying a Helm chart application fails with a Cannot parse "Z" as "-0700" error message

  If VMware Cloud Director is running in UTC timezone, attempting to deploy a Helm chart application fail with a Cannot parse "Z" as "-0700" error message.

  Workaround:

  Option 1: Edit the Content Hub operator on the Kubernetes cluster to use a custom registry. Enter the projects.registry.vmware.com/content_hub/vcd-contenthub-package-repo location as a custom registry and version 1.0.1 as the version of the Content Hub Kubernetes operator package. For information about editing a Kubernetes operator, see Edit a Kubernetes Operator in VMware Cloud Director.

  Option 2:

  1. Change the server timezone, on which VMware Cloud Director resides, to non-UTC timezone.

  2. Restart the VMware Cloud Director server.

• New - Deploying container applications fails with an Unable to perform this action error message

  When deploying a container application, if the description of the application template contains more than 255 characters, the operation fails with an error message.

  Unable to perform this action. Contact your cloud administrator.

  Workaround: Update the description for the application template to consist of less than 255 characters.

• If there are no existing user-created firewall rules on an NSX edge gateway, you might not be able to create a single firewall rule

  If there are no existing user-defined firewall rules on an NSX edge gateway and you start the firewall rule creation wizard by clicking New, when you attempt to save the firewall rule that you defined, the wizard becomes suspended in a Please wait... state and the firewall rule is not created.

  Workaround: Refresh the page, or click away and back to the Firewall screen, and use the Edit Rules button instead of the New button to start the firewall rule creation wizard.

• If you use fast cross vCenter Server vApp instantiation and you upgrade the hardware version of the original vApp template in vSphere, the operation fails on all but the original vCenter Servers with a Cannot create shadow VM of primary VM error message

  When you fast provision a VM from a vApp template, VMware Cloud Director creates a shadow VM and a VM with prefix multi-vc-vm to support linked clone creation across vCenter Server data centers and datastores. To maintain synchronization with the original vApp template, certain operations, such as hardware version upgrade, on the VM with prefix multi-vc-vm are not permitted. In vSphere, if you upgrade the hardware version of the vApp template and the shadow VM, you cannot upgrade the VM with prefix multi-vc-vm. This results in fast provisioning failing on all vCenter Servers except for the original vCenter Server, where the associated vApp template resides.

  Workaround:

  1. Use the VMware Cloud Director API to delete the VM with prefix multi-vc-vm. See http://developers.eng.vmware.com/apis/vmware-cloud-director/latest/multi-vc-vms/.

  2. In vSphere, delete or upgrade the shadow VM.

     Both the shadow VM and the VM with prefix multi-vc-vm are recreated upon next fast provisioning from the vApp template.

• The VMware Cloud Director quick search does not display results when searching for users, service accounts, and VDC groups

  In the Quick Search, entering Users, users/bulk-update, service-accounts, and vdc-groups as a search criteria results in a No results found. message.

  Workaround: None.

• The VMware Cloud Director appliance database disk resize script might fail if the backing SCSI disk identifier changes

  The database disk resize script runs successfully only if the backing database SCSI disk ID remains the same. If the ID changes for any reason, the script might appear to run successfully but fails. The /opt/vmware/var/log/vcd/db_diskresize.log shows that the script fails with a No such file or directory error.

  Workaround:

  1. Log in directly or by using an SSH client to the primary cell as root.

  2. Run the lsblk --output NAME,FSTYPE,HCTL command.

  3. In the output, find the disk containing the database_vg-vpostgres partition and make note of its ID. The ID is under the HCTL column and has the following sample format 2:0:3:0.

  4. In the db_diskresize.sh script, modify the partition ID with the ID from Step 3. For example, if the ID is 2:0:3:0, in line

     echo 1 > /sys/class/scsi_device/2\:0\:2\:0/device/rescan

     you must change the ID to 2:0:3:0.

     echo 1 > /sys/class/scsi_device/2\:0\:3\:0/device/rescan

  5. Аfter saving the changes, manually re-invoke the resize script or reboot the appliance.

• Upgrading to VMware Cloud Director 10.4.1 or later fails with a Fix postgres user home directory error

  When you try to upgrade to VMware Cloud Director 10.4.1 or later, the upgrade fails. The update-postures-db.log contains the following error.

  2023-05-15 16:38:01 | update-postgres-db.sh | Fix postgres user home directory
  usermod: user postgres is currently used by process 17236

  Other processes that are logged in as the postgres user on the VMware Cloud Director appliance might block the script that upgrades the PostgreSQL major version from 10 through 14.

  Workaround:

  1. Before starting the VMware Cloud Director upgrade, find any processes that are logged in as the postgres user on the VMware Cloud Director appliance by running ps -u postgres on the appliance.

  2. Stop any process that the command returns by running kill -9 <PID>, where PID is the unique process identifier.

• Creating an organization VDC Kubernetes policy with provider gateways that uses IP spaces fails

  If you configure an IP space backed provider gateway and you create a VDC and an edge gateway based on the same IP space, an attempt to create a Kubernetes policy for this VDC fails with an error message.

  com.vmware.ssdc.util.LMException: Index 0 out of bounds for length 0

  This happens because the IP space backed edge gateways are not associated with a primary IP address, which is required for the creation of SNAT by the Kubernetes policy.

  Workaround: Create VDC and edge gateways with NSX network provider type and provider gateways that use legacy IP blocks.

• When starting the VMware Cloud Director appliance, the message [FAILED] Failed to start Wait for Network to be Configured. See 'systemctl status systemd-networkd-wait-online.service' for details appears

  The message appears incorrectly and does not indicate an actual problem with the network. You can disregard the message and continue to use the VMware Cloud Director appliance as usual.

  Workaround: None.

• Creating an organization VDC template with NSX network provider type and provider gateways that uses IP spaces fails

  When you attempt to create an organization VDC template with NSX network provider type and provider gateway that uses IP spaces, the operation fails with the following error. Error:Cannot support external Network that is utilizing IP Spaces. Only external networks with legacy IP blocks are supported.

  Workaround: Create organization VDC templates with NSX network provider type and provider gateways that use legacy IP blocks.

• Changing the storage policy on a virtual disk of a VM fails with a The operation failed because no suitable resource was found error message

  If the virtual disk of a VM resides on a remote vSAN datastore, changing the storage policy of the virtual disk results in an error message.

  The operation failed because no suitable resource was found

  Workaround: To move the VM to a different storage policy, change the virtual disk storage policy to VM default policy and then change the VM storage policy to the desired storage policy.

• VMware Cloud Director shows an empty value for the IOPS limit for a VM disk with VC-IOPS enabled storage policy

  If you apply a VC-IOPS enabled storage policy with custom reservation, limit, and shares, on a VM disk, VMware Cloud Director displays the values for IOPS reservations, but displays the IOPS limit as empty. This happens because vCenter Server 8U1 introduces a new mechanism for Storage I/O Control (SIOC) which no longer sets the IOPS limit as a VM disk property.

  Workaround: None.

• You cannot create a deactivated organization using the legacy VMware Cloud Director API

  Attempting to use the legacy VMware Cloud Director API organization creation endpoint POST [vcd_public_endpoint]/api/admin/orgs to create a deactivated organization results in a 400 BadRequestException containing the following snippet:

  <Error ... stackTrace="com.vmware.vcloud.api.presentation.service.BadRequestException: Unexpected error.&#10;unexpected end of subtree

  Workaround: Use the VMware Cloud Director OpenAPI endpoint to create a disabled organization. Alternatively, you can use the UI, OpenAPI, or legacy API to create an enabled organization and disable it after creation.

• You cannot select Tanzu Kubernetes version 2.0 or later when creating a TKGs cluster

   As a tenant, when attempting to create a TKGs cluster, you cannot select a Tanzu Kubernetes cluster version 2.0 and later. 

  Workaround: To offer and use Tanzu Kubernetes 2.0 and later, use VMware Cloud Director Container Service Extension 4.0.

• Migrating VMs between organization VDCs might fail with an insufficient resource error

  If VMware Cloud Director is running with vCenter Server 7.0 Update 3h or earlier, when relocating a VM to a different organization VDC, the VM migration might fail with an insufficient resource error even if the resources are available in the target organization VDC.

  Workaround: Upgrade vCenter Server to version 7.0 Update 3i or later.

• VMs become non-compliant after converting a reservation pool VDC into a flex organization VDC

  In an organization VDC with a reservation pool allocation model, if some of the VMs have nonzero reservation for CPU and Memory, non-unlimited configuration for CPU and Memory, or both, after converting into a flex organization VDC, these VMs become non-compliant. If you attempt to make the VMs compliant again, the system applies an incorrect policy for the reservation and limit and sets the CPU and Memory reservations to zero and the limits to Unlimited.

  Workaround:

  1. A system administrator must create a VM sizing policy with the correct configuration.

  2. A system administrator must publish the new VM sizing policy to the converted flex organization VDC.

  3. The tenants can use the VMware Cloud Director API or the VMware Cloud Director Tenant Portal to assign the VM sizing policy to the existing virtual machines in the flex organization VDC.

• The VMware Cloud Director Tenant Portal UI does not display the IOPS limits and reservations for a vSAN storage policy

  vSAN manages itself the IOPS limits on vSAN storage policies. As a result, the VMware Cloud Director Tenant Portal UI does not display the IOPS reservations and limits for a vSAN storage policy and you cannot modify their values.

  Workaround: None.

• VMware Cloud Director appliance upgrade fails with an invalid version error when FIPS mode is enabled

  For VMware Cloud Director versions 10.3.x and later, when FIPS mode is enabled, VMware Cloud Director appliance upgrade fails with the following error.

  Failure: Installation failed abnormally (program aborted), the current version may be invalid.

  Workaround:

  1. Before you upgrade the VMware Cloud Director appliance, deactivate FIPS Mode on the cells in the server group and the VMware Cloud Director appliance. See Activate or Deactivate FIPS Mode on the VMware Cloud Director Appliance.

  2. Verify that the /etc/vmware/system_fips file does not exist on any appliance.

  3. Upgrade the VMware Cloud Director appliance.

  4. Enable FIPS mode again.

• You can't view and edit the license type for your previously registered NSX Advanced Load Balancer Controller instances in the VMware Cloud Director API

  You can't view and edit the license for your previously registered NSX Advanced Load Balancer Controller instances in the VMware Cloud Director API. This happens because in VMware Cloud Director 10.4, the Controller license type was replaced by a selection between a Standard and a Premium feature set at the Service Engine Group level to provide more flexibility.

  Workaround: Use the supportedFeatureSet path for service engine groups and on edge gateways to activate and deactivate the available features.

• You cannot create and use VMware Cloud Director VDC templates in VMware Cloud Director service environments that use VMware Cloud on AWS network pools

  If you are using only a provider network pool that is backed by VMware Cloud on AWS for your provider VDC, you cannot create a VDC template and instantiate a VDC from a template. This happens because creating and instantiating VDC templates is supported only for provider VDCs backed by NSX-T Data Center and by NSX Data Center for vSphere. You can use VMware Cloud Director VDC templates with on-premises, Microsoft Azure VMware Solution, Oracle Cloud VMware Solution, or Google Cloud VMware Engine SDDCs.

  Workaround: None.

• Creating a new VM with encrypted vSAN storage policy fails with an Invalid storage policy for encryption operation error message

  When creating a new VM, if you specify the storage policy of the VM as vSAN encrypted and the storage policy for the VM hard disk as both non-encrypted and non-vSAN, the operation fails with an error message.

  Invalid storage policy for encryption operation

  Workaround:

  1. Specify the storage policies for the VM and the VM hard disk as vSAN encrypted.

  2. After the VM deploys successfully, update the hard disk storage policy for the VM to non-encrypted and non-vSAN. For information, see Edit Virtual Machine Properties.

• You cannot connect to VMware Cloud Director through VMware OVF Tool version 4.4.3 or earlier

  When you attempt to connect to VMware Cloud Director through OVF Tool version 4.4.3 or earlier, this results in the following error. Error: No supported vCloud version was found. This happens because of an API behavior change in VMware Cloud Director 10.4 where the API does not return links to all the VDCs in an organization.

  Workaround: Upgrade to OVF Tool 4.5.0. See VMware OVF Tool Release Notes.

• You are unable to log in to VMware Cloud Director by using VMware PowerCLI 12.7.0 or earlier

  When you attempt to log in to VMware Cloud Director by using VMware PowerCLI version 12.7.0 or earlier, this results in the following error. NOT_ACCEPTABLE: The request has invalid accept header: Invalid API version requested. This happens because VMware PowerCLI earlier than 13.0.0 do not support VMware Cloud Director API versions later than 33.0. See VMware Product Interoperability Matrix.

  Workaround: Upgrade VMware PowerCLI to version 13.0.0.

• VMware Cloud Director displays the old version for an upgraded vCenter Server instance

  After you upgrade a vCenter Server instance to a newer version, in the list of vCenter Server instances, VMware Cloud Director still displays the old version for the upgraded instance.

  Workaround: Reset the connection between the vCenter Server instance and VMware Cloud Director. See Reconnect a vCenter Server Instance in VMware Cloud Director Service Provider Admin Guide.

• Refreshing the LDAP page in your browser does not take you back to the same page

  In the Service Provider Admin Portal, refreshing the LDAP page in your browser takes you to the provider page instead of back to the LDAP page.

  Workaround: None.

• Mounting an NFS datastore from NetApp storage array fails with an error message during the initial VMware Cloud Director appliance configuration

  During the initial VMware Cloud Director appliance configuration, if you configure an NFS datastore from NetApp storage array, the operation fails with an error message.

  Backend validation of NFS failed with: is owned by an unknown user

  Workaround: See the https://kb.vmware.com/s/article/93252 KB.

• The synchronization of a subscribed catalog times out while synchronizing large vApp templates

  If an external catalog contains large vApp templates, synchronizing the subscribed catalog with the external catalog times out. The issue occurs when the timeout setting is set to its default value of five minutes.

  Workaround: Using the manage-config subcommand of the cell management tool, update the timeout configuration setting.

  ./cell-management-tool manage-config -n transfer.endpoint.socket.timeout -v [timeout-value]

• In an IP prefix list, configuring any as the Network value results in an error message

  When creating an IP prefix list, if you want to deny or accept any route and you configure the Network value as any, the dialog box displays an error message.

  "any" is not a valid CIDR notation. A valid CIDR is a valid IP address followed by a slash and a number between 0 and 32 or 64, depending on the IP version.

  Workaround: Leave the Network text box blank.

• The vpostgres process in a standby appliance fails to start

  The vpostgres process in a standby appliance fails to start and the PostgreSQL log shows an error similar to the following. FATAL: hot standby is not possible because max_worker_processes = 8 is a lower setting than on the master server (its value was 16). This happens because PostgreSQL requires standby nodes to have the same max_worker_processes setting as the primary node. VMware Cloud Director automatically configures the max_worker_processes setting based on the number of vCPUs assigned to each appliance VM. If the standby appliance has fewer vCPUs than the primary appliance, this results in an error.

  Workaround: Deploy the primary and standby appliances with the same number of vCPUs.

• Upgrading the VMware Cloud Director appliance might result in an Connection to sfcbd lost error message

  If you upgrade the VMware Cloud Director appliance, the upgrade operation might report an error message.

  Connection to sfcbd lost. Attempting to reconnect

  Workaround: You can ignore the error message and continue with the upgrade.

• When using FIPS mode, trying to upload OpenSSL-generated PKCS8 files fails with an error

  OpenSSL cannot generate FIPS-complaint private keys. When VMware Cloud Director is in FIPS mode and you try to upload PKCS8 files generated using OpenSSL, the upload fails with a Bad request: org.bouncycastle.pkcs.PKCSException: unable to read encrypted data: ... not available: No such algorithm: ...error or salt must be at least 128 bits error.

  Workaround: Deactivate the FIPS mode to upload the PKCS8 files.

• Creation of Tanzu Kubernetes cluster by using the Kubernetes Container Clusters plug-in fails

  When you create a Tanzu Kubernetes cluster by using the Kubernetes Container Clusters plug-in, you must select a Kubernetes version. Some of the versions in the drop-down menu are not compatible with the backing vSphere infrastructure. When you select an incompatible version, the cluster creation fails.

  Workaround: Delete the failed cluster record and retry with a compatible Tanzu Kubernetes version. For information on the incompatibilities between Tanzu Kubernetes and vSphere, see Updating the vSphere with Tanzu Environment.

• If you have any subscribed catalogs in your organization, when you upgrade VMware Cloud Director, the catalog synchronization fails

  After upgrade, if you have subscribed catalogs in your organization, VMware Cloud Director does not trust the published endpoint certificates automatically. Without trusting the certificates, the content library fails to synchronize.

  Workaround: Manually trust the certificates for each catalog subscription. When you edit the catalog subscription settings, a trust on first use (TOFU) dialog box prompts you to trust the remote catalog certificate.

  If you do not have the necessary rights to trust the certificate, contact your organization administrator.

• After upgrading VMware Cloud Director and enabling the Tanzu Kubernetes cluster creation, no automatically generated policy is available and you cannot create or publish a policy

  When you upgrade VMware Cloud Director to version 10.3.1 and vCenter Server to version 7.0.0d or later, and you create a provider VDC backed by a Supervisor Cluster, VMware Cloud Director displays a Kubernetes icon next to the VDC. However, there is no automatically generated Kubernetes policy in the new provider VDC. When you try to create or publish a Kubernetes policy to an organization VDC, no machine classes are available.

  Workaround: Manually trust the corresponding Kubernetes endpoint certificates. See VMware knowledge base article 83583.

• Entering a Kubernetes cluster name with non-Latin characters deactivates the Next button in the Create New Cluster wizard

  The Kubernetes Container Clusters plug-in supports only Latin characters. If you enter non-Latin characters, the following error appears.

  Name must start with a letter and only contain alphanumeric or hyphen (-) characters. (Max 128 characters).

  Workaround: None.

• NFS downtime can cause VMware Cloud Director appliance cluster functionalities to malfunction

  If the NFS is unavailable due to the NFS share being full, becoming read only, and so on, can cause appliance cluster functionalities to malfunction. HTML5 UI is unresponsive while the NFS is down or cannot be reached. Other functionalities that might be affected are the fencing out of a failed primary cell, switchover, promoting a standby cell, and so on. For more information about setting up correctly the NFS shared storage, see Preparing the Transfer Server Storage for the VMware Cloud Director Appliance.

  Workaround: 

  • Fix the NFS state so that it is not read-only.

  • Clean up the NFS share if it is full.

• Trying to encrypt named disks in vCenter Server version 6.5 or earlier fails with an error

  For vCenter Server instances version 6.5 or earlier, if you try to associate new or existing named disks with an encryption enabled policy, the operation fails with a Named disk encryption is not supported in this version of vCenter Server. error.

  Workaround: None.

• A fast-provisioned virtual machine created on a VMware vSphere Storage APIs Array Integration (VAAI) enabled NFS array, or vSphere Virtual Volumes cannot be consolidated

  In-place consolidation of a fast provisioned virtual machine is not supported when a native snapshot is used. Native snapshots are always used by VAAI-enabled datastores, as well as by vSphere Virtual Volumes. When a fast-provisioned virtual machine is deployed to one of these storage containers, that virtual machine cannot be consolidated.

  Workaround: Do not enable fast provisioning for an organization VDC that uses VAAI-enabled NFS or vSphere Virtual Volumes. To consolidate a virtual machine with a snapshot on a VAAI or a vSphere Virtual Volumes datastore, relocate the virtual machine to a different storage container.

• If you add an IPv6 NIC to a VM and then you add an IPv4 NIC to the same VM, the IPv4 north-south traffic breaks

  Using the HTML5 UI, if you add an IPv6 NIC first or configure an IPv6 NIC as the primary NIC in a VM, and then you add an IPv4 NIC to the same VM, the IPv4 north-south communication breaks.

  Workaround: First you must add the IPv4 NIC to the VM and then the IPv6 NIC.