This topic contains release notes for VMware Tanzu Application Service for VMs [Windows] v2.12.
Because VMware uses the Percona Distribution for MySQL, expect a time lag between Oracle releasing a MySQL patch and VMware releasing TAS for VMs [Windows] containing that patch.
Warning: Windows stemcells v2019.44 and later include a version of tar
that is incompatible with winfs2019-release v2.33.1 and earlier. For more information, see Windows Stemcell v2019.44 is Incompatible with winfs2019-release v2.33.1 and Earlier below.
Before you install the tile, review the Windows Stemcell Compatibility Matrix.
Release Date: 03/21/2023
2.72.0
0.15.0
1.25.0
3.1.28
2.46.0
Component | Version | Release Notes |
---|---|---|
windows2019 stemcell | 2019.44 | |
diego | 2.72.0 | |
envoy-nginx | 0.15.0 | |
event-log | 0.9.0 | |
garden-runc | 1.25.0 | |
windows-syslog | 1.1.13 | |
hwc-offline-buildpack | 3.1.28 |
3.1.28* Updates github-config (#104) * Bump github.com/onsi/gomega from 1.24.2 to 1.26.0 Packaged binaries: | name | version | cf_stacks | |-|-|-| | hwc | 21.0.0 | windows, windows2016 | Default binary versions: | name | version | |-|-| | hwc | 21.0.0 | * Uncached buildpack SHA256: 92a52f3346131abbe2472b1f12a2ff4e304aeb6c497b7e3f10a3537be8c1e721 * Uncached buildpack SHA256: 37813ac6ded74a0e87924a3a9cec19afb6d4e6dfc6a8ef8da83f7d02fecfdc82 |
metrics-discovery | 3.2.7 | |
smoke-tests | 4.8.2 | |
loggregator-agent | 6.5.8 | |
winc | 2.10.0 | |
windows-utilities | 0.14.0 | |
windowsfs-release | 2.46.0 |
Release Date: 02/28/2023
1.23.0
1.1.13
3.2.7
6.5.8
2.10.0
2.44.0
Component | Version | Release Notes |
---|---|---|
windows2019 stemcell | 2019.44 | |
diego | 2.71.0 | |
envoy-nginx | 0.14.0 | |
event-log | 0.9.0 | |
garden-runc | 1.23.0 | |
windows-syslog | 1.1.13 | |
windowsfs-release | 2.44.0 | |
v1.1.13* update golang to 1.20.1 **Full Changelog**: https://github.com/cloudfoundry/windows-syslog-release/compare/v1.1.12...v1.1.13 v1.1.12## What's Changed * use go 1.20 by @rroberts2222 in https://github.com/cloudfoundry/windows-syslog-release/pull/18 **Full Changelog**: https://github.com/cloudfoundry/windows-syslog-release/compare/v1.1.11...v1.1.12 |
||
hwc-offline-buildpack | 3.1.27 | |
metrics-discovery | 3.2.7 |
v3.2.7* update golang to 1.20.1 **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.6...v3.2.7### v3.2.6## What's Changed * Upgrade to go 1.20 by @rroberts2222 in https://github.com/cloudfoundry/metrics-discovery-release/pull/104 **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.5...v3.2.6 v3.2.5## What's Changed * Update dependencies * Expire individual metrics by @rroberts2222 in https://github.com/cloudfoundry/metrics-discovery-release/pull/103 **Full Changelog**: https://github.com/cloudfoundry/metrics-discovery-release/compare/v3.2.4...v3.2.5 |
smoke-tests | 4.8.2 | |
loggregator-agent | 6.5.8 |
v6.5.8## What's Changed * update dependencies * Upgrade to go 1.20.1 by @rroberts2222 in https://github.com/cloudfoundry/loggregator-agent-release/pull/224 **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.7...v6.5.8 |
winc | 2.10.0 | |
windows-utilities | 0.14.0 |
Release Date: 02/09/2023
sh
binary in the docker image to execute properly.6.5.7
Component | Version | Release Notes |
---|---|---|
windows2019 stemcell | 2019.44 | |
diego | 2.71.0 | |
envoy-nginx | 0.14.0 | |
event-log | 0.9.0 | |
garden-runc | 1.22.9 | |
windows-syslog | 1.1.11 | |
hwc-offline-buildpack | 3.1.27 | |
metrics-discovery | 3.2.4 | |
smoke-tests | 4.8.2 | |
loggregator-agent | 6.5.7 |
v6.5.7## What's Changed * Sanitize ProcID in syslog messages so messages with utf-8 in the source_type are not dropped by @Benjamintf1 in https://github.com/cloudfoundry/loggregator-agent-release/pull/202 * Update dependencies **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.6...v6.5.7 |
winc | 2.9.0 | |
windows-utilities | 0.14.0 | |
windowsfs-release | 2.42.0 |
Release Date: 01/30/2023
1.22.9
2.42.0
Component | Version |
---|---|
windows2019 stemcell | 2019.44 |
diego | 2.71.0 |
envoy-nginx | 0.14.0 |
event-log | 0.9.0 |
garden-runc | 1.22.9 |
windows-syslog | 1.1.11 |
hwc-offline-buildpack | 3.1.27 |
metrics-discovery | 3.2.4 |
smoke-tests | 4.8.2 |
loggregator-agent | 6.5.6 |
winc | 2.9.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.42.0 |
Release Date: 01/17/2023
2.71.0
1.22.7
4.8.2
6.5.6
Component | Version | Release Notes |
---|---|---|
windows2019 stemcell | 2019.44 | |
diego | 2.71.0 | |
envoy-nginx | 0.14.0 | |
event-log | 0.9.0 | |
garden-runc | 1.22.7 | |
windows-syslog | 1.1.11 | |
hwc-offline-buildpack | 3.1.27 | |
metrics-discovery | 3.2.4 | |
smoke-tests | 4.8.2 |
4.8.2Port assets/ruby_simple to Ruby 3 |
loggregator-agent | 6.5.6 |
v6.5.6## What's Changed * fix scraping with non-positive intervals to preserve non-scraping behavior by @Benjamintf1 in https://github.com/cloudfoundry/loggregator-agent-release/pull/174 * updated some dependencies. **Full Changelog**: https://github.com/cloudfoundry/loggregator-agent-release/compare/v6.5.5...v6.5.6 |
winc | 2.9.0 | |
windows-utilities | 0.14.0 | |
windowsfs-release | 2.41.0 |
Release Date: 12/15/2022
2.70.0
0.14.0
3.1.27
3.2.4
6.5.5
2.9.0
2.40.0
Component | Version | Release Notes |
---|---|---|
windows2019 stemcell | 2019.44 | |
diego | 2.70.0 | |
envoy-nginx | 0.14.0 | |
event-log | 0.9.0 | |
garden-runc | 1.22.5 | |
windows-syslog | 1.1.11 | |
hwc-offline-buildpack | 3.1.27 |
3.1.27* Add hwc 21.0.0, remove hwc 20.0.0 for stack(s) windows2016, windows (https://www.pivotaltracker.com/story/show/183726731) * Bumps default version to match new HWC version * Bumps go.mod go version to 1.19 Packaged binaries: | name | version | cf_stacks | |-|-|-| | hwc | 21.0.0 | windows, windows2016 | Default binary versions: | name | version | |-|-| | hwc | 21.0.0 | * Uncached buildpack SHA256: ae83488a72f50d1725fb37fc35e819133ed07af82d872b9fe7fb34e9de18b92e * Uncached buildpack SHA256: 2e2e474d7677112021cc892627eddef0768e28835b6ad98117a260ea022e4463 |
metrics-discovery | 3.2.4 |
v3.2.4- bump-golang to v0.114.0 for golang 1.19.4 - Bump github.com/nats-io/nats.go from 1.19.0 to 1.21.0 in /src - Bump google.golang.org/grpc from 1.50.1 to 1.51.0 in /src - Bump github.com/onsi/ginkgo/v2 from 2.5.0 to 2.5.1 in /src - Bump github.com/prometheus/client_golang from 1.13.1 to 1.14.0 in /src - Bump github.com/onsi/gomega from 1.24.0 to 1.24.1 in /src - Bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 |
smoke-tests | 4.8.1 | |
loggregator-agent | 6.5.5 |
v6.5.5- bump-golang to v0.114.0 for golang 1.19.4 - Bump google.golang.org/grpc from 1.50.1 to 1.51.0 in /src - Bump github.com/valyala/fasthttp from 1.41.0 to 1.43.0 in /src - Bump github.com/onsi/ginkgo/v2 from 2.5.0 to 2.5.1 in /src - Bump github.com/onsi/gomega from 1.24.0 to 1.24.1 in /src - Bump github.com/prometheus/client_model from 0.2.0 to 0.3.0 in /src - Bump golangci/golangci-lint-action from 3.3.0 to 3.3.1 |
winc | 2.9.0 | |
windows-utilities | 0.14.0 |
Release Date: 11/10/2022
1.22.5
1.1.11
3.1.26
3.2.3
4.8.1
6.5.4
Component | Version | Release Notes |
---|---|---|
windows2019 stemcell | 2019.44 | |
diego | 2.69.0 | |
envoy-nginx | 0.13.0 | |
event-log | 0.9.0 | |
garden-runc | 1.22.5 | |
windows-syslog | 1.1.11 | |
windowsfs-release | 2.39.0 | |
hwc-offline-buildpack | 3.1.26 |
3.1.26* Update libbuildpack Packaged binaries: | name | version | cf_stacks | |-|-|-| | hwc | 20.0.0 | windows, windows2016 | Default binary versions: | name | version | |-|-| | hwc | 20.0.0 | * Uncached buildpack SHA256: b9b2cec9ada73d9a2933a14e8e56f025c35b02d8bed7e74e20b093a23e13ec43 * Uncached buildpack SHA256: f633f0f686fc9539ec8f4ef205e778c820602e51434730fd69f7caad4cfb3d4f |
metrics-discovery | 3.2.3 | |
smoke-tests | 4.8.1 |
4.8.1Create bosh final release 4.8.1 4.8.0Create bosh final release 4.8.0 4.7.0Create bosh final release 4.7.0 |
loggregator-agent | 6.5.4 | |
winc | 2.8.0 | |
windows-utilities | 0.14.0 | |
windowsfs-release | 2.40.0 |
Release Date: 10/19/2022
2.69.0
0.13.0
1.22.4
1.1.7
3.2.1
6.5.1
2.8.0
2.37.0
Component | Version |
---|---|
windows2019 stemcell | 2019.44 |
diego | 2.69.0 |
envoy-nginx | 0.13.0 |
event-log | 0.9.0 |
garden-runc | 1.22.4 |
windows-syslog | 1.1.7 |
hwc-offline-buildpack | 3.1.25 |
metrics-discovery | 3.2.1 |
smoke-tests | 4.5.0 |
loggregator-agent | 6.5.1 |
winc | 2.8.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.37.0 |
Release Date: 09/21/2022
2.66.3
PATH
environment variable for your Windows stemcell when you deploy TAS for VMs [Windows], you may encounter a version control system (VCS) stamping failure. For more information, see Windows Stemcells Without Git Installed Cause VSC Stamping Failures below.0.11.0
1.22.2
3.1.25
3.2.0
6.5.0
2.7.0
2.35.0
Component | Version |
---|---|
windows2019 stemcell | 2019.44 |
diego | 2.66.3 |
envoy-nginx | 0.11.0 |
event-log | 0.9.0 |
garden-runc | 1.22.2 |
hwc-offline-buildpack | 3.1.25 |
metrics-discovery | 3.2.0 |
smoke-tests | 4.5.0 |
loggregator-agent | 6.5.0 |
winc | 2.7.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.36.0 |
Release Date: 08/10/2022
3.1.1
6.4.3
Component | Version |
---|---|
windows2019 stemcell | 2019.44 |
diego | 2.62.0 |
envoy-nginx | 0.9.0 |
event-log | 0.9.0 |
garden-runc | 1.20.8 |
hwc-offline-buildpack | 3.1.24 |
metrics-discovery | 3.1.1 |
smoke-tests | 4.5.0 |
loggregator-agent | 6.4.3 |
winc | 2.5.0 |
windows-utilities | 0.14.0 |
Release Date: 07/19/2022
2.62.0
1.20.8
3.1.0
6.4.2
Component | Version |
---|---|
windows2019 stemcell | 2019.44 |
diego | 2.62.0 |
envoy-nginx | 0.9.0 |
event-log | 0.9.0 |
garden-runc | 1.20.8 |
hwc-offline-buildpack | 3.1.24 |
metrics-discovery | 3.1.0 |
smoke-tests | 4.5.0 |
loggregator-agent | 6.4.2 |
winc | 2.5.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.35.0 |
Release Date: 06/23/2022
Warning: Upcoming breaking changes! In future patches, no sooner than July 1st 2022, some components will become more strict about the protocols used in TLS communications, causing integrations with systems using older, insecure protocols to fail. Specifically, components using the Go programming language will be updated to Go 1.18, and will no longer support TLS 1.0 and 1.1 connections or certificates with a SHA-1 checksum. This is most likely to affect connections with external databases. However, the pre-existing configuration for "TLS versions supported by the Gorouter" will still work. This change may not arrive all at once, as Go is used in systems throughout TAS for VMs. There will be a VMware Knowledge Base article about this change published prior to the changes rolling out. These changes will be clearly designated in the release notes of the versions they ship in; a version of this warning will appear on all patch versions until we are confident no systems remain to be updated.
2.62.0
Component | Version |
---|---|
windows2019 stemcell | 2019.44 |
diego | 2.62.0 |
envoy-nginx | 0.9.0 |
event-log | 0.9.0 |
garden-runc | 1.20.6 |
hwc-offline-buildpack | 3.1.24 |
metrics-discovery | 3.0.13 |
smoke-tests | 4.5.0 |
loggregator-agent | 6.4.1 |
winc | 2.5.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.35.0 |
Release Date: 06/09/2022
Warning: Breaking change. This version contains Diego 2.64.0, which bumps to Go 1.18. Go 1.18 no longer supports TLS 1.0 and 1.1 connections or certificates with a SHA-1 checksum. This is most likely to affect connections with external databases. We stated earlier that we wouldn't bump to Go 1.18 until July 1, 2022. This TAS for VMs release with Diego 2.64.0 breaks that promise. We apologize. We are rolling back to Diego 2.62.0. If you already successfully deployed to this TAS for VMs release with Diego 2.64.0, then you are safe to continue using it.
2.64.0
1.20.6
3.0.13
6.4.1
Component | Version |
---|---|
windows2019 stemcell | 2019.44 |
diego | 2.64.0 |
envoy-nginx | 0.9.0 |
event-log | 0.9.0 |
garden-runc | 1.20.6 |
hwc-offline-buildpack | 3.1.24 |
metrics-discovery | 3.0.13 |
smoke-tests | 4.5.0 |
loggregator-agent | 6.4.1 |
winc | 2.5.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.35.0 |
Release Date: 04/20/2022
2.62.0
3.1.24
3.0.10
6.3.11
2.5.0
Component | Version | Release Notes |
---|---|---|
windows2019 stemcell | 2019.44 | |
diego | 2.62.0 | |
envoy-nginx | 0.9.0 | |
event-log | 0.9.0 | |
garden-runc | 1.20.3 | |
hwc-offline-buildpack | 3.1.24 | |
metrics-discovery | 3.0.10 |
v3.0.10- fix bug with large messages (#22) - bump-golang to v0.100.0(now 1.18) |
smoke-tests | 4.5.0 | |
loggregator-agent | 6.3.11 |
v6.3.11- fix bug with large messages (#89) - bump-golang to v0.100.0(now 1.18) |
winc | 2.5.0 | |
windows-utilities | 0.14.0 | |
windowsfs-release | 2.35.0 |
Release Date: 03/31/2022
2.61.0
1.20.3
3.1.23
3.0.9
6.3.10
2.35.0
Component | Version |
---|---|
windows2019 stemcell | 2019.44 |
diego | 2.61.0 |
envoy-nginx | 0.9.0 |
event-log | 0.9.0 |
garden-runc | 1.20.3 |
hwc-offline-buildpack | 3.1.23 |
metrics-discovery | 3.0.9 |
smoke-tests | 4.5.0 |
loggregator-agent | 6.3.10 |
winc | 2.3.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.35.0 |
Release Date: 02/28/2022
2.58.1
0.9.0
1.20.0
3.1.22
3.0.8
4.5.0
6.3.8
Component | Version |
---|---|
windows2019 stemcell | 2019.44 |
diego | 2.58.1 |
envoy-nginx | 0.9.0 |
event-log | 0.9.0 |
garden-runc | 1.20.0 |
hwc-offline-buildpack | 3.1.22 |
metrics-discovery | 3.0.8 |
smoke-tests | 4.5.0 |
loggregator-agent | 6.3.8 |
winc | 2.3.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.33.2 |
Release Date: 02/08/2022
2.57.0
3.1.21
4.4.0
6.3.7
2.33.2
Component | Version |
---|---|
windows2019 stemcell | 2019.44 |
diego | 2.57.0 |
envoy-nginx | 0.7.0 |
event-log | 0.9.0 |
garden-runc | 1.19.30 |
hwc-offline-buildpack | 3.1.21 |
metrics-discovery | 3.0.7 |
smoke-tests | 4.4.0 |
loggregator-agent | 6.3.7 |
winc | 2.3.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.33.2 |
Release Date: 12/15/2021
Note: Windows stemcells v2019.44 and later are not compatible with this version of TAS for VMs [Windows]. You must use a Windows stemcell version between v2019.0 and v2019.43 to install this release.
2.54.0
3.0.7
4.3.1
6.3.5
Component | Version |
---|---|
windows2019 stemcell | ~2019 |
diego | 2.54.0 |
envoy-nginx | 0.7.0 |
event-log | 0.9.0 |
garden-runc | 1.19.30 |
hwc-offline-buildpack | 3.1.20 |
metrics-discovery | 3.0.7 |
smoke-tests | 4.3.1 |
loggregator-agent | 6.3.5 |
winc | 2.3.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.31.0 |
Release Date: 11/23/2021
Note: Windows stemcells v2019.44 and later are not compatible with this version of TAS for VMs [Windows]. You must use a Windows stemcell version between v2019.0 and v2019.43 to install this release.
2.53.1
3.1.20
2.31.0
Component | Version |
---|---|
windows2019 stemcell | 2019.0 |
diego | 2.53.1 |
envoy-nginx | 0.7.0 |
event-log | 0.9.0 |
garden-runc | 1.19.30 |
hwc-offline-buildpack | 3.1.20 |
loggregator-agent | 6.3.4 |
metrics-discovery | 3.0.6 |
smoke-tests | 4.3.0 |
winc | 2.3.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.31.0 |
Release Date: 10/20/2021
Note: Windows stemcells v2019.44 and later are not compatible with this version of TAS for VMs [Windows]. You must use a Windows stemcell version between v2019.0 and v2019.43 to install this release.
Component | Version |
---|---|
windows2019 stemcell | 2019.0 |
diego | 2.53.0 |
envoy-nginx | 0.7.0 |
event-log | 0.9.0 |
garden-runc | 1.19.30 |
hwc-offline-buildpack | 3.1.18 |
loggregator-agent | 6.3.4 |
metrics-discovery | 3.0.6 |
smoke-tests | 4.3.0 |
winc | 2.3.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.29.0 |
Release Date: October 4, 2021
Note: Windows stemcells v2019.44 and later are not compatible with this version of TAS for VMs [Windows]. You must use a Windows stemcell version between v2019.0 and v2019.43 to install this release.
Component | Version |
---|---|
windows2019 stemcell | 2019.0 |
diego | 2.53.0 |
envoy-nginx | 0.7.0 |
event-log | 0.9.0 |
garden-runc | 1.19.30 |
hwc-offline-buildpack | 3.1.18 |
loggregator-agent | 6.3.4 |
metrics-discovery | 3.0.6 |
smoke-tests | 4.3.0 |
winc | 2.3.0 |
windows-utilities | 0.14.0 |
windowsfs-release | 2.29.0 |
The TAS for VMs [Windows] v2.12 tile is available with the release of VMware Tanzu Application Service for VMs (TAS for VMs) v2.12. To use the TAS for VMs [Windows] v2.12 tile, you must install VMware Tanzu Operations Manager v2.10 or later and TAS for VMs v2.12 or later.
TAS for VMs [Windows] v2.12 includes the following major feature:
In TAS for VMs [Windows] v2.12, the Gorouter supports TLS v1.3. New installations of TAS for VMs use TLS v1.3 for the Gorouter by default. If you are upgrading to TAS for VMs v2.12, the Gorouter uses TLS v1.2 by default.
For more information, see Gorouter Supports TLS v1.3 in VMware Tanzu Application Service for VMs v2.12 Release Notes.
TAS for VMs [Windows] v2.12 includes the following breaking changes:
TLS v1.3 is not compatible with some versions of Java. If you configure TAS for VMs [Windows] to support TLS v1.3 only, you might encounter errors with Java apps. For more information, see JSSE Client does not accept status_request extension in CertificateRequest messages for TLS 1.3 in the JDK Bug System.
The tile property that controls the TLS version in TAS for VMs [Windows] changes in TAS for VMs v2.12. You must update any stored configuration files to reflect the change.
As of TAS for VMs [Windows] v2.12.12, if you have configured an app log rate limit that measures app log rates in lines per second, Diego immediately drops app logs that exceed the app log rate limit.
In TAS for VMs [Windows] v2.12.11 and earlier, Diego buffers and releases approximately 5 MB to 10 MB of app logs that exceed the app log rate limit. This behavior has changed in TAS for VMs [Windows] v2.12.12 because Diego has been upgraded to a newer version.
If this change in behavior causes parts of your deployment to fail, VMware recommends that you either modify any automated scripts that rely on app log output or increase the app log rate limit.
For more information about app log rate limits, see App Log Rate Limiting.
TAS for VMs [Windows] 3.0 includes changes to syslog forwarding. These changes include:
These changes will only be enabled if you turn off compatibility_mode
in the system logging window of the settings.
The formatting changes are detailed as follows:
kernel/debug(7)
to user/info(14)
.Microsoft-Windows-Security-Auditing
to event_logger
.rs2
.The following example shows the previous log format:
<7>1 2022-07-06T22:19:38.1413061Z 10.0.4.14 Microsoft-Windows-Security-Auditing 160 - - {"message":"A new process has been created.\r\n\r\nCreator Subject:\r\n\tSecurity ID:\t\tS-1-5-18\r\n\tAccount Name:\t\tVM-7F65ECCF-0D0$\r\n\tAccount Domain:\t\tWORKGROUP\r\n\tLogon ID:\t\t0x3e7\r\n\r\nTarget Subject:\r\n\tSecurity ID:\t\tS-1-0-0\r\n\tAccount Name:\t\t-\r\n\tAccount Domain:\t\t-\r\n\tLogon ID:\t\t0x0\r\n\r\nProcess Information:\r\n\tNew Process ID:\t\t0x1f7c\r\n\tNew Process Name:\tC\r\n\tToken Elevation Type:\t%%1936\r\n\tMandatory Label:\t\tS-1-16-16384\r\n\tCreator Process ID:\t0x248\r\n\tCreator Process Name:\tC\r\n\tProcess Command Line:\t\r\n\r\nToken Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.\r\n\r\nType 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.\r\n\r\nType 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.\r\n\r\nType 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.","source":"Microsoft-Windows-Security-Auditing"}
The following example shows the new log format:
<14>1 2022-07-11T22:27:08.279742Z 10.0.4.12 event_logger rs2 - [instance@47450 az="us-central1-b" deployment="pas-windows-dfc8956c7081f9369571" director="" group="windows_diego_cell" id="d0564a0e-684f-4b58-99ee-6a59d1e7caf8"] {"MachineName":"vm-c5547227-c4fa-44ae-79d0-ee56f96e82a4","Data":[],"Index":162257,"Category":"(13312)","CategoryNumber":13312,"EventID":4688,"EntryType":8,"Message":"A new process has been created.\r\n\r\nCreator Subject:\r\n\tSecurity ID:\t\tS-1-5-18\r\n\tAccount Name:\t\tVM-C5547227-C4F$\r\n\tAccount Domain:\t\tWORKGROUP\r\n\tLogon ID:\t\t0x3e7\r\n\r\nTarget Subject:\r\n\tSecurity ID:\t\tS-1-0-0\r\n\tAccount Name:\t\t-\r\n\tAccount Domain:\t\t-\r\n\tLogon ID:\t\t0x0\r\n\r\nProcess Information:\r\n\tNew Process ID:\t\t0x1590\r\n\tNew Process Name:\tC\r\n\tToken Elevation Type:\t%%1936\r\n\tMandatory Label:\t\tS-1-16-16384\r\n\tCreator Process ID:\t0x1120\r\n\tCreator Process Name:\tC\r\n\tProcess Command Line:\t\r\n\r\nToken Elevation Type indicates the type of token that was assigned to the new process in accordance with User Account Control policy.\r\n\r\nType 1 is a full token with no privileges removed or groups disabled. A full token is only used if User Account Control is disabled or if the user is the built-in Administrator account or a service account.\r\n\r\nType 2 is an elevated token with no privileges removed or groups disabled. An elevated token is used when User Account Control is enabled and the user chooses to start the program using Run as administrator. An elevated token is also used when an application is configured to always require administrative privilege or to always require maximum privilege, and the user is a member of the Administrators group.\r\n\r\nType 3 is a limited token with administrative privileges removed and administrative groups disabled. The limited token is used when User Account Control is enabled, the application does not require administrative privilege, and the user does not choose to start the program using Run as administrator.","Source":"Microsoft-Windows-Security-Auditing","ReplacementStrings":["S-1-5-18","VM-C5547227-C4F$","WORKGROUP","0x3e7","0x1590","C:\Windows\System32\wbem\WMIC.exe","%%1936","0x1120","","S-1-0-0","-","-","0x0","C:\bosh\bosh-agent.exe","S-1-16-16384"],"InstanceId":4688,"TimeGenerated":"\/Date(1657578421000)\/","TimeWritten":"\/Date(1657578421000)\/","UserName":null,"Site":null,"Container":null}
TAS for VMs [Windows] v2.12 includes the following known issues:
If you upgrade to a version of TAS for VMs [Windows] that uses the same stemcell, TAS for VMs [Windows] can fail to create containers, causing the deployment to fail. If there are stemcell changes or if the Microsoft base layer changes, this error is unlikely to occur.
For more information, see Failure to create containers when upgrading with shared Microsoft base image in the VMware Tanzu Knowledge Base.
The Smoke Test errand runs extra, failing tests when TAS for VMs [Windows] is deployed with Isolation Segment. They are “Compute isolation disabled” and “Application Workflow Linux Applications”.
To work around this issue, disable Smoke Tests. For more information, see Windows Tile smoke-tests fails for isolation segment segments in the VMware Tanzu Knowledge Base.
Windows stemcells v2019.44 and later include a newer version of tar
that is incompatible with winfs2019-release
v2.33.1 and earlier. TAS for VMs [Windows] deployments that use Windows stemcells v2019.44 and later cannot untar winfs2019-release
v2.33.1 and earlier. Compatible Windows stemcells for winfs2019-release
v2.33.1 and earlier include v2019.0 through v2019.43.
If Git is not installed either on your Windows stemcell or in the PATH
environment variable for your Windows stemcell when you deploy TAS for VMs [Windows] v2.12.12, you may see the following error:
Stderr: Use -buildvcs=false to disable VCS stamping.
This occurs because some TAS for VMs [Windows] v2.12.12 use Go v1.18, which embeds VSC information in binaries. As a result, releases that contain .git
files require that Git is installed either on your Windows stemcell or in the PATH
for your Windows stemcell. If you do not have Git installed in either location and have not set the buildvcs
property to false
, Go v1.18 fails to build the release.
TAS for VMs [Windows] v2.12.12 contains windows2019fs-release
. Because windows2019fs-release
contains .git
files, deployments of TAS for VMs [Windows] v2.12.12 using Windows stemcells that do not have Git installed on them or in their PATH
fail with the VSC stamping error above.