check-circle-line exclamation-circle-line close-line

VMware vCenter Server 6.5 Update 1 Release Notes

vCenter Server 6.5 Update 1 | 27 JULY 2017 | ISO Build 5973321
vCenter Server Appliance 6.5 Update 1 | 27 JULY 2017 | Build 5973321

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New

IMPORTANT: vCenter Server Appliance 6.5 builds have been removed as of November 14, 2017 due to a deployment-impacting issue. This issue does not impact Windows installed vCenter Servers. To resolve this issue, you must upgrade to vCenter Server Appliance 6.5 Update 1c or later. For more information, see KB 51124.

  • You can run the vCenter Server Appliance GUI and CLI installers on Microsoft Windows 2012 x64 bit, Microsoft Windows 2012 R2 x64 bit, Microsoft Windows 2016 x64 bit, and macOS Sierra.
  • TcServer is now replaced with Tomcat 8.5.8.
  • vCenter Server 6.5 Update 1 supports Guest OS customization for Ubuntu 17.04 OS.
  • VMware vSphere Storage APIs - Data Protection (VADP) now also support Windows Server 2016 and Red Hat Enterprise Linux RHEL 7.3 as operating systems to perform proxy backup. This is in addition to the backup proxy operating systems already supported with VADP and VDDK 6.5.
  • If you prefer to use Update Manager for the upgrade of ESXi and vSAN stack, you can now enable vSAN software upgrades through integration with vSphere Update Manager. This provides a unified and common workflow. For more information see the vSphere Update Manager Installation and Administration Guide
  • External database support: vCenter Server now supports Microsoft SQL Server 2016, Microsoft SQL Server 2016 SP1, and Microsoft SQL Server 2014 SP2.
  • The HTML5-based vSphere Client now supports most content library and OVF deployment operations, as well as operations on roles and permissions, basic customization of the Guest OS, and additions to virtual machine, host, datastore, and network management.
  • The HTML5-based vSphere Client now supports French, Swiss-French, and Swiss-German keyboards. For known issues related to the keyboard mapping, see https://kb.vmware.com/kb/2149039.
  • Linked vCenter Server instances now support up to 15 vCenter Server instances, 5,000 ESXi hosts, 50,000 powered on virtual machines, and 70,000 registered virtual machines. For more information, see the vSphere Configuration Maximums.
  • During the command-line installation, upgrade and migration processes of vCenter Server Appliance, a structured status file is provided along with installer logs.
  • Updates to JRE package. The Oracle (Sun) JRE package is updated to version 1.8.0_131.

Earlier Releases of vCenter Server 6.5

Features and known issues of vCenter Server are described in the release notes for each release. Release notes for earlier releases of vCenter Server 6.5 are:

For compatibility, installation and upgrades, product support notices, and features see the VMware vSphere 6.5 Release Notes.

Patches Contained in This Release

This release of vCenter Server 6.5 Update 1 delivers the following patches. See the VMware Patch Download Center for more information on downloading patches.

Internationalization

VMware vSphere 6.5 is available in the following languages:

  • English
  • French
  • German
  • Spanish
  • Japanese
  • Korean
  • Simplified Chinese
  • Traditional Chinese

Components of VMware vSphere 6.5 Update 1, including vCenter Server, ESXi, the vSphere Web Client, the vSphere Client, and the vSphere Host Client do not accept non-ASCII input.

Compatibility

ESXi and vCenter Server Version Compatibility

The VMware Product Interoperability Matrix provides details about the compatibility of current and earlier versions of VMware vSphere components, including ESXi, VMware vCenter Server and optional VMware products. Check the VMware Product Interoperability Matrix also for information about supported management and backup agents before you install ESXi or vCenter Server.

The vSphere Update Manager, vSphere Web Client and vSphere Client are packaged with vCenter Server.

Hardware Compatibility for ESXi

To view a list of processors, storage devices, SAN arrays, and I/O devices that are compatible with vSphere 6.5 Update 1, use the ESXi 6.5 information in the VMware Compatibility Guide.

Device Compatibility for ESXi

To determine which devices are compatible with ESXi 6.5, use the ESXi 6.5 information in the VMware Compatibility Guide.

Guest Operating System Compatibility for ESXi

To determine which guest operating systems are compatible with vSphere 6.5, use the ESXi 6.5 information in the VMware Compatibility Guide.

Virtual Machine Compatibility for ESXi

Virtual machines that are compatible with ESX 3.x and later (hardware version 4) are supported with ESXi 6.5. Virtual machines that are compatible with ESX 2.x and later (hardware version 3) are not supported. To use such virtual machines on ESXi 6.5, upgrade the virtual machine compatibility. See the vSphere Upgrade documentation.

Installation and Upgrade Notes for This Release

Installation Notes for This Release

Read the vSphere Installation and Setup documentation for guidance about installing and configuring ESXi and vCenter Server.

Although the installations are straightforward, several subsequent configuration steps are essential. Read the following documentation:

VMware Tools Bundling Changes in ESXi 6.5

In ESXi 6.5, only a subset of VMware Tools ISO images are bundled with the ESXi 6.5 host.

The following VMware Tools ISO images are bundled with ESXi:

  • windows.iso: VMware Tools image for Windows Vista or higher

  • linux.iso: VMware Tools image for Linux OS with glibc 2.5 or higher (for example, RHEL 5 or later, SLES 11 or later, Ubuntu 10.04 or later)

  • winPreVista.iso: VMware Tools image for Windows 2000, Windows XP, and Windows 2003

The following VMware Tools ISO images are available for download from My VMware:

  • solaris.iso: VMware Tools image for Solaris

  • freebsd.iso: VMware Tools image for FreeBSD

  • winPre2k.iso: VMware Tools image for pre Windows 2000

  • linuxPreGlibc25.iso: VMware Tools image for Linux OS with glibc less than 2.5

  • darwin.iso: VMware Tools image for OS X 10.11 or later

  • darwinPre15.iso: VMware Tools image for Pre-OS X 10.11

  • netware.iso: VMware Tools image for Netware

Follow the procedures listed in the following documents to download VMware Tools for operating systems not bundled with ESXi:

Migrating Third-Party Solutions

For information about upgrading with third-party customizations, see the vSphere Upgrade documentation. For information about using Image Builder to make a custom ISO, see the vSphere Installation and Setup documentation.

Upgrades and Installations Disallowed for Unsupported CPUs

Comparing the processors supported by vSphere 6.0, vSphere 6.5 no longer supports the following processors:

  • Intel Xeon 51xx series
  • Intel Xeon 30xx series
  • Intel core 2 duo 6xxx series
  • Intel Xeon 32xx series
  • Intel core 2 quad 6xxx series
  • Intel Xeon 53xx series
  • Intel Xeon 72xx/73xx series

During an installation or upgrade, the installer checks the compatibility of the host CPU with vSphere 6.5. If your host hardware is not compatible, a purple screen appears with an incompatibility information message, and the vSphere 6.5 installation process stops.

Upgrade Notes for This Release

Important: vCenter Server 6.5 Update 1 supports upgrades and migrations from vCenter Server 6.0 Update 3 and above to vCenter Server 6.5 Update 1.

Important: Upgrades or migration of vCenter Server earlier than 5.5 Update 3b when the environment is with an external vCenter Single Sign-On to vCenter Server 6.5 Update 1 with an external Platform Services Controller are unsupported. For example, to upgrade or migrate vCenter Server 5.5 with an external vCenter Single Sign-On to vCenter Server 6.5 Update 1 with an external Platform Services Controller, you must first update to vCenter Server 5.5 Update 3b and then perform the upgrade or migration to vCenter Server 6.5 Update 1.

vCenter Server 5.5 Update 3b build numbers are:

  • vCenter Server 5.5 Update 3b, build 3252642
  • vCenter Server Appliance 5.5 Update 3b, build 3255668

Upgrades or migration of vCenter Server 5.5 and later with an embedded vCenter Single Sign-On to vCenter Server 6.5 Update 1 with an embedded Platform Services Controller are supported scenarios.

There is a change in the upgrade process when you upgrade to vCenter Server 6.5 Update 1. For instructions about upgrading vCenter Server and ESX/ESXi hosts, see the vSphere Upgrade documentation. 

Open Source Components for VMware vSphere 6.5

The copyright statements and licenses applicable to the open source software components distributed in vSphere 6.5 are available at http://www.vmware.com. You need to log in to your My VMware account. Then, from the Downloads menu, select vSphere. On the Open Source tab, you can also download the source files for any GPL, LGPL, or other similar licenses that require the source code or modifications to source code to be made available for the most recent available release of vSphere.

Functionality Caveats

The vSphere Client is written in an HTML5-based language and frameworks supported by all browsers. However, different browsers have different performance characteristics regarding the HTML5 standard. In particular, performance with Internet Explorer 11 can be slower than with other browsers, because of the rendering engine that Internet Explorer 11 uses. If you experience such issues, try using another supported browser.

Product Support Notices

  • The VMware Lifecycle Product Matrix provides detailed information about all supported and unsupported products. Check the VMware Lifecycle Product Matrix also for further information about the End of General Support, End of Technical Guidance, and End Of Availability.

  • VMware is announcing discontinuation of its third party virtual switch (vSwitch) program, and plans to deprecate the VMware vSphere APIs used by third party switches in the release following vSphere 6.5 Update 1. Subsequent vSphere versions will have the third party vSwitch APIs completely removed and third party vSwitches will no longer work. For more information, see FAQ: Discontinuation of third party vSwitch program (2149722).

  • As of vSphere 6.5, VMware is discontinuing the installable desktop vSphere Client, one of the clients provided in vSphere 6.0 and earlier. vSphere 6.5 does not support this client and it is not included in the product download. vSphere 6.5 introduces the new HTML5-based vSphere Client, which ships with vCenter Server alongside the vSphere Web Client. Not all functionality in the vSphere Web Client has been implemented for the vSphere Client in the vSphere 6.5 release. For an up-to-date list of unsupported functionality, see Functionality Updates for the vSphere Client Guide.

  • Cross vCenter Server provisioning, which was introduced in vSphere 6.0, is not supported across all vCenter Server versions. The cross-vCenter provisioning operations not supported across different versions of vCenter Server include vMotion, cold migration, and cloning. For more information on the supported matrix for cross-vCenter operations with different update versions, see https://kb.vmware.com/kb/2106952.

  • VMware vCenter Operations Foundation 5.8.x is no longer offered, interoperable or supported with the release of vSphere 6.5. If you want to continue using vCenter Operations Foundation 5.8.x products, you can do so only with vSphere 5.5 and vSphere 6.0.

  • vSphere 6.5 is the final release that supports binary translation mode virtualization of operating systems. Future vSphere releases will not include binary translation mode. For more information, see https://kb.vmware.com/kb/2147608.

  • vSphere 6.5 is the final release that supports Software-Based Memory Virtualization. Future vSphere releases will not include Software-Based Memory Virtualization.

  • You cannot create new legacy (Record & Replay / uni-processor) Fault Tolerance virtual machines on vCenter Server 6.5 and ESXi 6.5 hosts. If you want to continue running legacy Fault Tolerance virtual machines, remain with ESXi 6.0 or earlier. Existing legacy Fault Tolerance virtual machines continue to be supported on ESXi hosts earlier than 6.5 and managed by vCenter Server 6.5.

    If you wish to upgrade ESXi hosts to 6.5, turn off legacy Fault Tolerance (do not only disable Fault Tolerance) on the protected VMs prior to upgrading. SMP-FT (multiprocessor Fault Tolerance) is not automatically enabled on the VM. You must manually turn on Fault Tolerance (which becomes SMP-FT) for VMs on the newly upgraded 6.5 ESXi host.

Resolved Issues

The resolved issues are grouped as follows.

Backup and Restore Issues
  • You cannot take a file-based backup on proxy enabled mode, even though the backup server is listed on a NO_PROXY list

    While you take a file-based backup, and don't want to send or receive data over the default system proxy of the vCenter Server Appliance, you can list the backup servers on NO_PROXY list so that you can directly upload the backup data to those servers. When you try to perform the file-based backup, the operation fails, because NO_PROXY setup at /etc/sysconfig/proxy is ignored.

    This issue is resolved in this release.

  • vSphere Data Protection appliance (VDP) 6.1.4 does not support Transport Layer Security (TLS) with version 1.2

    The VDP appliance supports all 3 protocols - TLS 1.0, 1.1 and 1.2, but it cannot be configured with vCenter Server 6.5 when only TLS 1.2 is enabled in the vCenter Server.

    This issue is resolved in this release.

  • vCenter Server stops responding and vpxd continuously crashes with multiple QueryHostReplicationCapabilities errors  

    This problem might occur when a VM is configured for replication, and vCenter Server experiences connection issues with the ESXi host, where this VM resides.

    This issue is resolved in this release.

CLI Issues
  • Custom schema mapping for LDAP identity source does not work after running ldapSchemaTool

    The ldapSchemaTool does not work to configure custom schema mapping for LDAP identity source.

    This issue is resolved in this release.

Guest OS Issues
  • Guest customization fails on Linux operating systems

    During guest customization, vCenter Server uses the vmtoolsd command to send the customization status to the host. However, when you attempt to apply guest customization to a Linux OS, the customization code cannot locate the vmtoolsd location. As a result, the customization process fails and the requested changes are not applied to the guest.

    This issue is resolved in this release.

  • Guest Customization fails with error: GUESTCUST_EVENT_NETWORK_SETUP_FAILED

    Starting with Windows Vista and Windows Server 2008, Microsoft deprecated SHFileOperation. As a result, guest customization for different Windows operating systems fails intermittently. The log file gives the following information:
    error number 80010106, No error message found for error code -2147417850 (0x80010106).

    This issue is resolved in this release.

  • Guest Customization Failure: GUESTCUST_EVENT_CUSTOMIZE_FAILED

    Starting with Windows Vista and Windows Server 2008, Microsoft deprecated SHFileOperation. As a result, guest customization for different Windows operating systems fails intermittently. The log file gives the following information:
    Moving SysprepDir from sysprep to C: failed.Err:2.

    This issue is resolved in this release. 

Installation, Upgrade, and Migration Issues
  • Failure when writing diagnostic logs to the /var/log/vmware/cm/cm.log file

    In VMware vCenter Server 6.5, the VMware Component Manager has a different logger configuration than before. When you perform an in-place upgrade from vCenter Server 6.0 to vCenter Server 6.5, the new logger configuration does not overwrite the old one.

    This issue is resolved in this release.

  • During the migration or upgrade to vCenter Server Appliance 6.5, some deployment sizes are not available for selection

    Deployment sizes during migration or upgrade to vCenter Server Appliance 6.5 are not available in the information table and for selection if the disk size of any vCenter Server Appliance partition is greater than the threshold for that deployment size.

    This issue is resolved in this release by providing information why the sizes are not available and what you need to change to use the unavailable sizes.

  • A structured status file is not provided during the command-line installation, upgrade, and migration to vCenter Server Appliance 6.5

    During the command-line installation, upgrade, and migration processes to vCenter Server Appliance 6.5, no structured status file is provided.

    This issue is resolved in this release. The file vcsa-cli-installer-metadata.json provides metadata information about the process, and the file vcsa-cli-installer-status.json provides detailed information about the process.

  • During a vCenter Server Appliance upgrade, the upgrade requirement error message does not indicate that the root password has expired

    When you use the CLI installer to upgrade vCenter Server Appliance, you might encounter the following error message:

    Cannot gather requirements from source appliance

    This error message might indicate that the root password of vCenter Server Appliance has expired even though the message does not explicitly say so.

    This issue is resolved in this release. If the root password of the vCenter Server Appliance is expired, you see the following message:

    Appliance (OS) root password expired.

    The message does not appear if SSH is disabled on a source vCenter Server Appliance.

  • vCenter Server Appliance upgrade fails with an internal error

    When you upgrade vCenter Server Appliance that resides on an ESXi host with the free Hypervisor license, the upgrade fails with an internal error. This issue occurs because the ESXi host needs a different license. However, the error message does not specify what causes the problem and what is the resolution of the issue.

    This issue is resolved in this release.

  • Upgrade to vCenter Server Appliance 6.5 might fail because of a vpxd-firstboot failure

    vCenter Server Appliance upgrade from version 5.5 to version 6.5 might fail while running the update-boot scripts of vpxd. This happens when vCenter Server Appliance 5.5 has a DPM-enabled cluster where vpxd tries to re-encrypt the DPM related VCDB content with a new SSL key.

    This issue is resolved in this release.

  • First-boot failure occurs when upgrading from vSphere 5.5 or 6.0 to vSphere 6.5 on Windows

    If an older version of the OpеnSSL DLLs are installed, upgrading to vSphere 6.5 fails to run because the older DLL versions are loaded.

    This issue is resolved in this release.

  • vCenter Server pre-upgrade check fails with duplicate names in a network folder error

    vSphere 6.5 allows only unique names across all Distributed Virtual Switches and Distributed Virtual Portgroups in the same network folder. Earlier releases of vSphere allowed a Distributed Virtual Switch and a Distributed Virtual Portgroup to have the same name. When upgrading the vSphere environment from a version that allows duplicate names, the vCenter Server Appliance pre-upgrade check fails with the following error:

    Source vCenter Server has duplicate names in a network folder.

    This issue is resolved in this release.

  • The autodeploy-service.log file might grow to a sufficiently large size over time

    The temporary log file autodeploy-service.log might grow to a quite large size over time. Even if you delete the file, restarting the Auto Deploy service creates the temporary file and increases the size indefinitely without rotation.

    This issue is resolved in this release. 

  • Affinity rules configured on vCenter Server 5.5 can cause crashes after upgrading to vCenter Server 6.5

    Migrating a VM with affinity rules configured while on vCenter Server 5.5 to a cluster that has affinity rules configured on vCenter Server 6.0 or 6.5 can cause vCenter Server to crash.

    This issue is resolved in this release.

  • A multistep upgrade of vCenter Server on a Windows VM fails with error messages in Upgrade runner precheck

    When the failure occurs, you might see the error messages similar to the following:

    Error: Unsupported database driver: C:\Windows\system32\sqlncli.dll
    Resolution: Verify you're using vCenter Server with supported driver.

    This issue occurs if the ODBC connection is using an outdated SQL Native Client.

    This issue is resolved for upgrades of vCenter Server on a Windows VM when an embedded Microsoft SQL Express database is present. The outdated SQL Native Client does not trigger errors and is later replaced by the PostgreSQL ODBC driver.

Miscellaneous Issues
  • The file replication status is not updated in vCenter High Availability (HA) when no file replication is going on

    In vCenter HA, when no file replication is going on between the Active and Passive node, the health message is displayed as in sync or out of sync.

    This issue is resolved in this release and the health message status is displayed as not replicating.

  • Direct Console User Interface (DCUI) screen appears garbled

    Black patches appear on the DCUI screen. This is due to a broken redraw logic in the DCUI.

    This issue is resolved in this release.

  • Performance issues with queries related to tagging

    When a user performs a query for tags that are attached to several objects, performance issues can result in vSphere 6.5. The problems can get so bad that the vSphere Web Client freezes.

    This issue is resolved in this release.

  • User receives encoded alarm email alerts

    vCenter Server Appliance generates unreadable, encoded email alerts. This issue might occur due to non-compliance of vCenter Server with RFC 822.

    This issue is resolved in this release.

  • A vCenter High Availability (HA) cluster might enter a degraded state after 60 days of deployment  

    The internal vCenter HA user password in the vCenter Server Appliance expires automatically after 60 days of deployment, causing the vCenter HA cluster to enter a degraded state.  The vCenter HA user account is used for communication between the vCenter HA cluster nodes and because of the password expiration, the replication between the Active and Passive nodes cannot be performed. The vCenter HA cluster continues to heartbeat, but the actual replication is stopped.  

    This issue is resolved in this release.

  • VM Snapshot Size (GB) alarm is not triggered after the VM is powered on. 

    VM Snapshot Size (GB) alarm is reset if the virtual machine is shut down. Alarm fails to trigger after the VM is powered on. This issue occurs in alarms based on VM Snapshot (GB) and Vm Total Size on Disk because their status is altered when the power state of the VM is changed. This issue occurs because disk usage of a VM is the same regardless of the VM power state.

    This issue is resolved in this release.

  • New alarm configured with status unset fails to work in vCenter Server 6.5

    Alarm is not triggered when a new alarm is configured with status="Unset" for an action and a corresponding event. For example, a new alarm configured with status="Unset" might fail for "send email" action with a corresponding event "DRS VM powered on".

    This issue is resolved in this release.

  • The vAPI runtime logs for VMware Lifecycle Manager API (vmonapi) service are not rotated, causing the logs to be stored into а single large in size file

    The vmonapi uses a vAPI runtime library for authentication features as certificate validation. The vAPI library uses boost and expects the users of vAPI library to use a boost logger. If the vmonapi does not configure the boost logger, the vAPI runtime logs are sent to the standard output (stdout) file.  The VMware Service Lifecycle Manager (vMon) captures the logs and stores them into a file, but when the boost logger is not configured, the rotation of the logs is not performed. This might result into the creation of a single large log file for the vAPI runtime.

    This issue is resolved in this release and the file is rotated properly.

  • vCenter HA health monitoring shows that the appliance configuration is in sync, even when the Passive node is down

    In vCenter HA, when the passive node is down, a health message is displayed as in sync . This issue is resolved in this release and when the Passive node is down, the health message status is displayed as Appliance configuration is not replicating.

Networking Issues
  • Port mirroring sessions cannot be removed or modified

    vSphere Distributed Switch port mirroring sessions cannot be removed or modified because the associated destination distributed switch port no longer exists.

    This issue is resolved in this release.

  • When you add ports to a vSphere Distributed Switch you get an error

    Because of a race condition, when you add ports to a vSphere Distributed Switch you get the error message: Cannot create a new port because number of ports exceeds 2147483647, maximum number of ports allowed on vDS.

    This issue is resolved in this release.

  • The vpxd service crashes when you add ports to a newly imported vSphere Distributed Switch

    When you import a vSphere Distributed Switch and add ports to it, the  vpxd service crashes after the service restarts. 

    This issue is resolved in this release.

  • vCenter Server crashes due to ODBC error

    After a restart, vCenter Server fetches vSphere Distributed Switch Health Check data from the database. The Microsoft SQL Server database does not support multiple statements on the same connection which causes an exception to be thrown in vCenter Server.

    This issue is resolved in this release.

  • Virtual machines configured to use EFI firmware fail to PXE boot in some DHCP environments

    Virtual machine configured to use EFI firmware will fail to obtain an IP address when trying to PXE boot if the DHCP environment responds by IP unicast. The EFI firmware was not capable of receiving a DHCP reply sent by IP unicast. 

    This issue is resolved in this release. 

  • IP address or DNS servers configuration fails due to a crash in the network configuration manager code

    When certain types of network configurations are applied, such as static IPv4 and static IPv6 address, the resulting configuration file contains multiple Address keys (one for IPv4 and one for IPv6). The defect in the network manager parser code caused it to flag this as an error and exit.

    This issue is resolved in this release. To avoid this issue prior to the update, avoid using a configuration that requires multiple occurrences of configuration key names. For example, use one of the IPv4 or IPv6 as a static address.

  • A runtime exception "Unable to retrieve data about the distributed switch" might occur while upgrading vSphere Distributed Switch (vDS) from 5.0 to 6.5 version

    When you try to upgrade an existing distributed switch after the vCenter upgrade is completed, the runtime exception Unable to retrieve data about the distributed switch might occur in the wizard and the distributed switch cannot be upgraded. The exception is a result of unexpected value NULL for a LACP property of the distributed switch, instead of TRUE or FALSE, as LACP is not supported for the current version of vSphere Distributed Switch.

    This issue is resolved in this release.

Security Issues
  • Update to OpenSSL

    The OpenSSL package is updated to version openssl-1.0.2k to resolve CVE-2017-3731, CVE-2017-3730, CVE-2017-3732 and CVE-2016-7055.
     

  • Updates to VMware PostgreSQL database

    VMware PostgreSQL database is updated to version 9.4.12 to resolve CVE-2017-7484, CVE-2017-7485, and CVE-2017-7486.

  • Update to zlib Library

    The zlib library now uses version 1.2.8.

  • Update to Pivotal Spring Framework

    The Pivotal Spring Framework has been updated to address CVE-2016-9878.
    An issue was discovered in Pivotal Spring Framework before 3.2.18, 4.2.x before 4.2.9, and 4.3.x before 4.3.5. 

  • A user with privilege to manage a vCenter object cannot see the object's advanced performance charts.

    In vSphere 6.0, a user who has privileges to manage an object, such as a VM or an ESXi host,
    can view the advanced performance chart for that object. In vSphere 6.5, the user cannot see those charts.

    This issue is resolved in this release.

  • File-based backups for vCenter Server Appliance are failing over SCP

    vCenter Server Appliance 6.5 supports only hmac-sha1 ciphers for SSH connections. Attempts to
    establish an SSH connection with an OS distribution that supports newer and more secure ciphers fails. As a result,
    some customers are unable to use the backup and restore feature.

    This issue is resolved in this release. vCenter Server Appliance now supports hmac-sha2-256 ciphers.

  • Password masking on prompt and improved usage and error reporting, when updating the service account information on vCenter Server for Windows
    1. When you run the command %VMWARE_CIS_HOME\vmon\vmon.exe [-P | --update_vcuser] from the Windows command prompt, to update the service account used for vCenter Server, the password is displayed in the prompt. When the user account name is not in a User Principal Name (UPN) format, for example, user@mydomain.com, the usage information and error checking are missing from the command.

    This issue is resolved in this release.

  • You cannot use custom ESXi SSL certificates with keys that are longer than 2048 bits

    In vSphere 6.5 the secure heartbeat feature supported adding ESXi hosts with certificates with exactly 2048-bit keys. If you try to add or replace the ESXi host certificate with a custom certificate with a key longer than 2048 bits, the host gets disconnected from vCenter Server. The log messages in vpxd.log look similar to:

    error vpxd[7FB5BFF7E700] [Originator@6876 sub=vpxCrypt opID=HeartbeatModuleStart-4b63962d] [bool VpxPublicKey::Verify(const EVP_MD*, const unsigned char*, size_t, const unsigned char*, size_t)] ERR error:04091077:rsa routines:INT_RSA_VERIFY:wrong signature length

    warning vpxd[7FB5BFF7E700] [Originator@6876 sub=Heartbeat opID=HeartbeatModuleStart-4b63962d] Failed to verify signature; host: host-42, cert: (**THUMBPRINT_REMOVED**), signature : (**RSA_SIGNATURE_REMOVED**)

    warning vpxd[7FB5BFF7E700] [Originator@6876 sub=Heartbeat opID=HeartbeatModuleStart-4b63962d] Received incorrect size for heartbeat Expected size (334) Received size (590) Host host-87

    This issue is resolved in this release.

  • Update of multiple open source components

    Multiple open source components are updated to resolve CVE-2017-1000364, CVE-2017-1000365, and CVE-2017-1000367.

    This issue is resolved in this release. 

  • Updates to JRE package

    The Oracle (Sun) JRE package is updated to version 1.8.0_131.

Server Configuration Issues
  • Certificate regeneration fails with an error on vCenter Server 6.5

    Unable to regenerate SSL certificates for the Machine SSL or the Solution Users on the vCenter Server after migrating the vCenter Server 6.5 from an Embedded Platform Services Controller to External Platform Services Controller. It fails with an error similar to the following in the certificate-manager utility

    Error: 382312514, VMCAGetSignedCertificatePrivate() failedStatus : Failed Error Code : 382312514 Error Message : Failed to connect to the remote host, reason = rpc_s_connect_rejected (0x16c9a042). Status : 0% Completed [Operation failed, performing automatic rollback]

    This issue occurs due to the vCenter Server still containing the decommissioned VMCA Root certificate causing the certificate-managed utility to believe it is still an embedded node.

    This issue is resolved in this release.

  • Joining of а vCenter Server host to the Disjoint Active Directory domain in vSphere 6.5 can cause a service failure

    vSphere 6.5 does not support disjointed Active Directory domain. The disjoint namespace is a scenario in which a computer's primary domain name system (DNS) suffix doesn't match the DNS domain name where that computer resides.

    This issue is resolved in this release.

  • Host configuration might not be available after vCenter Server restarts

    After a vCenter Server restart, the host configuration might not be available if vCenter Server cannot communicate with the host. After connectivity is restored, the configuration becomes available.

    This issue is resolved in this release.

  • vSphere Syslog Collector fails to start when you configure the default data directory

    The defaultDataPath tag, that is in the config.xml file, is used as a real data directory when you perform server changes. When you customize the default data directory on Windows by modifying the config.xml file, the vSphere Syslog Collector fails to start.

    This issue is resolved in this release.

  • vSphere Machine SSL certificate replacement fails when the old and new entries in the SubjectAltName field do not match

    The vSphere Machine SSL certificate replacement fails when you try to replace the Machine SSL certificate through the vSphere Certificate Manager utility and the old and new entries in the SubjectAltName field do not match. 

  • In the process of applying a host profile, the pre-check remediation fails with a general system error

    Applying a host profile with the Remediate functionality fails with an error during the pre-check remediation:

    Error: module 'string' has no attribute 'atoi' while applying a vSphere6.5 host-profile.

    This issue is resolved in this release.

Storage Issues
  • When you enable the vSAN feature in the vSphere cluster, you might see a false event message  

    When you enable the vSAN feature in vSphere cluster, you might see a false event message in the vSphere web client such as Virtual SAN vendor provider ip-of-the-host registration has failed. Reason: Too many retries. This is a false event referring to the registration failure of the vSAN vendor provider.

    This issue is resolved in this release.

Tools Issues
  • OVF tool fails to upload OVF or OVA files larger than 10 GB 

    If you use OVF tool fails to upload OVF or OVA files larger than 10 GB, the upload might fail. 

    This issue is resolved in this release. 

  • The ovftool option --allowAllExtraConfig is no longer supported

    The ovftool command-line option --allowAllExtraConfig never worked as designed. In vSphere 6.5 Update 1, this
    option is no longer supported.

    Use --allowExtraConfig instead to import additional configuration.

vCenter Server, vSphere Web Client, and vSphere Client Issues
  • After you update vCenter Server to version 6.5.x, you might see the vSAN old name in the vSphere Web Client

    After you update vCenter Server 6.5 to version 6.5.x, and you have a vSAN standard license key in the vSphere Web Client license information, you see Virtual SAN Standard name. Virtual SAN Standard is the old product name for VMware vSAN Standard.

    This issue is resolved in this release.

  • OVF deployment does not properly import vApp OVF templates that contain macro property references

    The OVF deployment operation might not properly import vApp OVF templates that contain product properties as the following:

    1. Some product properties are defined under the VirtualSystemCollection section.
    2. Some product properties under a VirtualSystem section refer to the above defined properties, by using macros on the form ${name} as value for ovf:value attributes.

    After the deployment, the properties using macros under a Virtual Machine are imported as static properties. Instead, they should be imported as dynamic properties with property value referencing to the corresponding property name in the vApp.

    This issue is resolved in this release.

  • A slash symbol in the inventory object names is displayed as %2f in the vSphere Web Client and the vSphere Client 6.5

    A slash symbol (/) in the inventory object names are rendered as "%2f" in the vSphere Web Client and the vSphere Client 6.5. When you create an object in the vSphere inventory with a slash in the object name, both clients are not displaying the slash in the inventory tree,
    but instead replace it with %2f. 

    This issue is resolved in this release.

  • Upgrade from Adobe to Apache BlazeDS in the vSphere Web Client

    The vSphere Web Client migrates from Adobe BlazeDS to Apache BlazeDS. The Apache Blaze DS is of version 4.7.3 which is the latest Apache BalzeDS patch available.

  • OVF templates on a web server that is behind a proxy cannot be deployed or uploaded to a content library

    If an OVF template is located on an HTTP or HTTPs server that is only accessible through a respective HTTP or HTTPs proxy server, deploying the OVF template as a VM fails. Uploading the OVF to a content library also fails. Those failures occur, because the corresponding vCenter Server services do not have direct access to the HTTP or HTTPs server.

    This issue is resolved in this release.

  • Networking and storage settings are not visible for some ESXi hosts in the vSphere Web Client

    Properties of host storage and networking system are not available, if there is a delay in fetching the host configuration. This issue occurs if you install vCenter Server with less than 8 GB RAM and later upgrades the RAM to 25 GB, as the cache size is set during the initial installation.

    This issue is resolved in this release.

  • Related events panel in vSphere Web Client 6.5 displays an error

    When navigating to the vSphere Web Client 6.5 > Monitor > Tasks & Events and selecting either Tasks or Events, the Related events panel shows an error similar to the following instead of information about any task or event:

    java.lang.Double cannot be cast to java.lang.Integer

    This issue is resolved in this release.

  • You cannot edit DRS and HA settings in the vSphere Web Client

    The Edit button of DRS and HA settings in the vSphere Web Client does not open a new window and you cannot edit the DRS and HA settings in the vSphere Web Client.

    This issue is resolved in this release.

  • You might see an error message "Hardware status error: querySpec.metricId" on the Host Summary page of the vSphere Web Client

    When the vSphere Web Client connects to a vCenter Server which is in Enhanced Linked Mode, and you select an ESXi host, on the Host Summary page you might see an error message Hardware status error: querySpec.metricId.

    This issue is resolved in this release.

Virtual Machine Management Issues
  • When you clone a virtual machine to a vSAN datastore in a different vCenter Server Instance, the loading progress bar on the Select storage page of the Clone to Virtual Machine wizard doesn’t stop loading
    When you clone a virtual machine to a vSAN datastore, a provisioning costs check is triggered. If your environment is with an external Platform Services Controller and you try to clone the virtual machine to a VMware vSAN datastore in a different vCenter Server instance, the check results in an error and the progress bar of the Select storage page cannot stop loading.

    This issue is resolved in this release.
  • Selected datastore is ignored during VM deployment from a template or VM creation

    When you deploy an OVF template or create a new virtual machine from a content library, you are prompted to select storage for the new VM. If you specify both a storage policy and a datastore, the VM is stored in a datastore that is compatible with the selected storage policy, but this is not necessarily the datastore that you selected.

    This issue is resolved in this release.

  • vSphere Web Client crashes with Error #1009 during attempts to edit a scheduled clone task

    When you attempt to edit a scheduled clone task for a VM, the vSphere Web Client crashes with an internal error: Error #1009.

    This issue is resolved in this release.

  • When you try to retrieve VM details through API Explorer or the vSphere Automation SDK, an InternalServerError is reported

    When vCenter Server 6.5 manages ESXi 5.5 or earlier hosts, and if a VM has VMXNET3 network adapter, when you try to retrieve the VM details through API Explorer or vSphere Automation SDK, an InternalServerError is reported.

    This issue is resolved in this release.

  • vCenter Server fails to trigger alarms for new services 

    Alarms for certain newly introduced services have not been defined. As a result, vCenter Server might fail to trigger an alarm when a new service fails.

    This issue is resolved in this release.
    Alarms have been defined for the following services: vsphere-ui, rhttpproxy, statsmonitor, vcha, pschealth, imagebuilder, updatemgr, vmonapi, cm, vmcam, vsan-health

  • Alarm definitions for deprecated services are still visible in the user interface

    Alarm definitions for certain deprecated services have not been updated. As a result, you can still see alarm definitions for deprecated services in the vSphere user interface.

    This issue is resolved in this release.
    Alarms have been deprecated for the following services: ts, vws, vmware-syslog, invsvc
    Alarms have been updated for the following services: content-library, vpxd-svcs

  • Virtual machines with null source network name might cause vCenter Server services to fail

    Virtual machines with null source network name might fail vCenter Server services for virtual machine operations like migration, vMotion, HA and DRS, triggered either manually or automatically.

    This issue is resolved in this release.

vMotion and Storage vMotion Issues
  • vApp configuration properties are not preserved during cross vCenter Server deployment of a VM  or cross vCenter Server vMotion

    If you enable vApp options for a VM, create a template from that VM, and deploy a new VM from the template on a different vCenter Server, the vApp configuration properties of the template are not preserved for the new VM. The vApp configuration properties of a VM are also lost during cross vCenter Server vMotion.

    This issue is resolved in this release.

Known Issues

The known issues are grouped as follows.

Backup and Restore Issues
  • Restoring vCenter Server over SCP fails when backup is stored on machine with password authentication disabled for SSH

    When the backup is stored on a machine with disabled password authentication for SSH, restoring the backup via SCP fails.

    Workaround: Enable password authentication on the machine with the backup. To enable password authentication, edit the ssh configuration file (/etc/ssh/sshd_config) and make sure that PasswordAuthentication is set to yes.

  • FTP backup might fail over the HTTP Proxy server

    When you take a file-based backup to FTP server over the HTTP Proxy server, the operation might fail.

    Workaround: Use the NO_PROXY option if you take a file-based backup in proxy mode.

Installation, Upgrade, and Migration Issues
  • During upgrade you might see an error message A general system error occurred: Unknown error when you enter the source vCenter Server Appliance root credentials

    During an upgrade, when you enter the root credentials of the source vCenter Server Appliance, you might see an error message A general system error occurred: Unknown error.  This might occur because the source vCenter Server Appliance root password has expired or SSH is not enabled.

    Workaround: Verify that the root password of the source vCenter Server Appliance has not expired. 

    1. Enable SSH access to the source vCenter Server Appliance before the upgrade.
      If the root password has expired, you see a message that tells you that.
    2. Change the root password.
    3. Retry the upgrade.
  • Custom certificate replacement fails on upgraded vCenter Server Appliance 6.5 Update 1

    After you upgrade from vCenter Server Appliance 6.5 to 6.5 Update 1 and try to replace the Machine SSL certificate of vCenter Server Appliance, the operation fails because the vSphere Update Manager service cannot access the /etc/vmware/.buildinfo file as the file permission changed from 444 to 640.

    Workaround:

    1. Log in as root to the vCenter Server Appliance. 
    2. Change the file permission of /etc/vmware/.buildinfo from 640 back to 444 by running the following command
      chmod 444 /etc/vmware/.buildinfo 
    3. Replace the Machine SSL certificate. 
  • Time Zone in the vCenter Server Appliance Management Interface (VAMI) is empty after you upgrade vCenter Server 6.0.x to vCenter Server 6.5.x

    Time Zone in the VAMI is empty when you perform a minor upgrade in vCenter Server 6.0.x and major upgrade to vCenter Server 6.5.x.

    Workaround: 

    1. Log in to the appliance Bash shell of the vCenter Server Appliance.
    2. Run the following commands:

       cd /etc/
        rm -rf localtime
        ln -s /usr/share/zoneinfo/Etc/UTC /etc/localtime

    After that check, the soft link should display the following information:

    # ls -l /etc/localtime
    lrwxrwxrwx 1 root root 23 Jun 21 17:12 /etc/localtime -> /usr/share/zoneinfo/UTC

Internationalization Issues
  • Migration of vCenter Server 5.x to vCenter Server Appliance 6.5 Update 1 might fail, if you use an external SQL Server Database

    The migration of vCenter Server 5.x to vCenter Server Appliance fails if vCenter Server uses an external SQL database with Integrated Windows Authentication mode and your Operating System user password contains non-ASCII or high-ASCII characters.

    Workaround: Set up the passwords with ASCII characters only.

  • Upgrade of vCenter Server 6.x to 6.5 Update 1 in Korean locale might fail if you use an external Oracle Database

    When you upgrade to vCenter Server 6.5 Update 1, the upgrade precheck fails if vCenter Server 6.x uses an external Oracle database in which the specified user service account name contains Korean characters.

    Workaround: Specify a user service account name with ASCII characters only.

  • You cannot run the camregister script if the vCenter Single Sign-On password contains non-ASCII or high-ASCII characters

    When you run the camregister script, for example to register vSphere Authentication Proxy, the process fails with an Access denied error when the vCenter Single Sign-On password contains non-ASCII or high-ASCII characters.

    Workaround: Set up the vCenter Single Sign-On password with ASCII characters.

  • The Connect to Source button in the localized vCenter Server Appliance installer is displayed as "undefined"

    The Connect to Source button is displayed as "undefined" on the Connect to source appliance page in the localized vCenter Server Appliance installer.

    Workaround: None.

  • Migration of vCenter Server 6.0 Update 3 to vCenter Server Appliance 6.5 Update 1 might fail

    The migration of vCenter Server 6.0 Update 3 to vCenter Server Appliance might fail with an internal error if vCenter Server uses PostgreSQL database and operating System user name contains non-ASCII or high-ASCII characters.

    Workaround: Make sure username contain ASCII characters only.

  • The upgrade of the Platform Services Controller Appliance 6.x to 6.5 Update 1 might fail

    When the Operation System language is set to French or Spanish and an upgrade on the Platform Services Controller Appliance 6.x is preformed, this might result in the Connect to source appliance failure.

    Workaround: Use English Operation System to do the upgrade.

  • Platform Services Controller Web interface shows non-localized elements in localized UI

    The Platform Services Controller Web interface shows elements in English instead of the respective language in localized UI.

    Workaround: None

  • You see no events in the vSphere Client in German locale

    In German locale the vSphere Client event pages do not display any of the events. For example, after you have completed an operation in the vSphere Client such as to add a host, create a new datacenter or a cluster, you cannot see the events.

    Workaround: To see the events in the vSphere Client, you must use an English browser, switch the browser locale to English (United States), or use the vSphere Web Client.

Security Issues
  • Cannot change TLS protocols for rhttpproxy port (443) after upgrade if only TLS 1.2 was enabled in legacy vCenter Server (6.0 Update 3)

    vSphere 6.5 includes a TLS Reconfigurator tool for managing TLS configuration. Users install the tool explicitly. The tool is documented in VMware KB article 2147469 and the vSphere Security document.
    If specific TLS protocols are set for rhttproxy port (or all ports) in vCenter Server 6.0 Update 3, the protocol settings remain unchanged after a vCenter Server upgrade. However, if you want to change the TLS configuration after the upgrade using the TLS Reconfigurator tool, the tool changes the TLS version on all ports except the rhttpproxy port.

    Workaround:

    1. Open the config.xml file for edit.
      Windows C:\ProgramData\VMware\vCenterServer\cfg\vmware-rhttpproxy
      Linux /etc/vmware-rhttpproxy/
    2. Search for the line <sslOptions>xxxxxxxx</sslOptions> and delete this line.
    3. Save and restart the vmware-rhttpproxy service.
  • After you upgrade to vCenter Server 6.5 Update 1, a TLS reconfigurator installed earlier might not work properly

    After you upgrade to vCenter Server 6.5 Update 1, a TLS reconfigurator installed earlier might not work properly.

    Workaround: From the vCenter Server 6.5 Update 1 product download page, download the vSphere TLS Configurator script for reconfiguration of the TLS compliance level.

Storage Issues
  • Few or none compatible datastores are available when you provision a virtual machine from content library with storage policy that includes I/O filter rules

    When you provision a virtual machine (VM) from content library, using a VM template with a storage policy that includes I/O filter rules, some of the datastores might not be available in the compatible datastores list. As a result, you might not be able to place the VM in those datastores.

    Workaround: 

    1. Provision the VM without a storage policy on the right host and data store.
    2. Reconfigure the VM with the storage policy, containing I/O filter rules.
  • Datastores might falsely appear as incompatible for a storage policy that includes I/O filter rules

    When you create or edit an existing storage policy, containing I/O filter common rules, and while checking for storage compatibility, you might observe Datastore does not Match current VM policy or Datastore does not satisfy compatibility since it does not support one or more required properties messages. Some of the datastores that you expect to be compatible might appear in the incompatible list when you are checking for storage compatibility. This might also happen when you provision a virtual machine with a storage policy, containing I/O filter rules.

    Workaround:

    1. Navigate to the incompatible list of datastores.
    2. Check for the storage compatibility of each datastore.

    If the Compatibility checks succeeded message appears, you can safely provision the virtual machine to the selected datastore.

vCenter Server, vSphere Web Client, and vSphere Client Issues
  • The HTML5-based vSphere Web Client user interface might not be available in Windows Server 2016

    The update of vCenter Server Java Components (JRE) might fail on vCenter Server 6.5.0 GA or vCenter Server 6.5.0a, which are installed on Windows Server 2016.

Server Configuration Issues
  • In disjoint domain namespace the domain users might fail to authenticate after you update to vSphere 6.5 Update 1

    After you update a Platform Services Controller Appliance to vSphere 6.5 Update 1, in the disjoint domain namespace the users might fail  to authenticate.

    1. Log in to the Platform Services Controller Appliance as root and activate the bash shell.
    2. Leave the domain by running the /opt/likewise/bin/domainjoin-cli leave command.
    3. Reboot the appliance.
    4. Delete the computer account on the Active Directory.
    5. Log in to the appliance again and enable the bash shell.
    6. Join to the domain by running the following command /opt/likewise/bin/domainjoin-cli join domain-name domain_admin_user
    for example: /opt/likewise/bin/domainjoin-cli join vmware.com administrator
    7. Reboot the appliance.

Known Issues from Prior Releases

To view a list of previous known issues, click here.