check-circle-line exclamation-circle-line close-line

VMware vCenter Server 6.5 Update 2 Release Notes

vCenter Server 6.5 Update 2 | 3 MAY 2018 | ISO Build 8307201
vCenter Server Appliance 6.5 Update 2 | 3 MAY 2018 | ISO Build 8307201

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New

The vCenter Server 6.5 Update 2 release includes the following list of new features.

  • With vCenter Server 6.5 Update 2, you can deploy by using the GUI or CLI installer up to 15 vCenter Server Appliance instances in Embedded Linked Mode, and manage these instances with the vSphere Web Client or vSphere Client from any of the instances.
  • vCenter Server 6.5 Update 2 provides backup restore support to Embedded Linked Mode with replication deployment topology and reconciliation API for both file-based and snapshot-based restore.
  • With vCenter Server 6.5 Update 2, vMotion and cold migration of virtual machines is supported between vCenter Server 6.0 Update 3 and later, vCenter Server 6.5, vCenter Server 6.5 Update 1 and VMware Cloud on AWS. Cloning of virtual machines between vCenter Server 6.0 and vCenter Server 6.5 is not supported. For more information, see KB 2106952.
  • With vCenter Server 6.5 Update 2, you can migrate vCenter Server installed on Windows with custom HTTP and HTTPS ports to vCenter Server Appliance.
  • With vCenter Server 6.5 Update 2, during the GUI or CLI deployment process of the vCenter Server Appliance, you can customize the default network ports for the HTTP Reverse Proxy service. The default ports are 80 for HTTP and 443 for HTTPS.
  • With vCenter Server 6.5 Update 2, you can use the TLS Configuration utility to configure SSL tunnels on port 8089. Upgrade to vCenter Server 6.5 Update 2 does not change previous configurations.
  • With vCenter Server 6.5 Update 2, you can use the TLS Configuration utility to configure TLS protocols on hosts of both ESXi 6.0 and ESXi 6.5 versions. Configuration of TLS protocols on clusters with mixed ESXi 6.0 and ESXi 6.5 hosts is not supported.
  • With vCenter Server 6.5 Update 2, you can configure SSL settings for the lightweight CIM daemon, SFCB, with the TLS Configuration utility.
  • Updates to time zones in the Linux guest operating system customization: vCenter Server Linux guest operating system customization supports latest time zones. For more information on time zone changes and daylight saving time (DST) changes in Linux guest operating systems, see the Time Zone Database by the Internet Assigned Numbers Authority (IANA).
  • Updates to time zones in the Windows guest operating system customization: vCenter Server Windows guest operating systems customization supports the latest time zones. For more information on time zone changes and daylight saving time (DST) changes in Windows guest operating systems, see the Microsoft Knowledge Base article 3182203, Microsoft Knowledge Base article 4015193 and Microsoft Knowledge Base article 4012864.
  • vCenter Server 6.5 Update 2 adds IPv6 support for the Key Management Server (KMS) of VMware vSphere Virtual Machine Encryption (VM Encryption) and alarms for expiration of KMS certificates, missing hosts and missing virtual machine keys.
  • For Photon OS updates, see VMware vCenter Server Appliance Photon OS Security Patches

Earlier Releases of vCenter Server 6.5

Features and known issues of vCenter Server are described in the release notes for each release. Release notes for earlier releases of vCenter Server 6.5 are:

For compatibility, installation and upgrades, product support notices, and features see the VMware vSphere 6.5 Release Notes.

Patches Contained in This Release

This release of vCenter Server 6.5 Update 2 delivers the following patches. See the VMware Patch Download Center for more information on downloading patches.

Security Patch for VMware vCenter Server 6.5 Update 2

Third Party Product fixes (for example: JRE, tcServer). This patch is applicable for vCenter Server for Windows, Platform Services Controller for Windows, and vSphere Update Manager.

NOTE: This patch updates only the JRE version 1.8.0_162.

For vCenter Server and Platform Services Controller for Windows

Download Filename VMware-VIMPatch-T-6.5.0-8307201.iso
Build 8307201
Download Size 40 MB
md5sum 4a44cea87f2ae0f1364d2183f426d6d9
sha1checksum a6b5ca033d37f84962ae5f8355ce67087eb3ddcf

These vCenter Server components depend on JRE and have to be patched:

  • Platform Services Controller
  • vSphere Update Manager
  • vCenter Server

Download and Installation

You can download this patch by going to the VMware Patch Download Center and choosing VC from the Search by Product drop-down menu. 

  1. Mount the VMware-VIMPatch-T-6.5.0-8307201.iso to the system where the vCenter Server component is installed.  
  2. Double-click ISO_mount_directory/autorun.exe.
  3. In the vCenter Server Java Components Update wizard, click Patch All.

Full Patch for VMware vCenter Server Appliance 6.5 Update 2

Product Patch for vCenter Server Appliance 6.5 containing VMware software fixes, security fixes, and Third Party Product fixes (for example: JRE and tcServer).

This patch is applicable to the vCenter Server Appliance and Platform Services Controller Appliance.

For vCenter Server and Platform Services Controller Appliances

Download Filename VMware-vCenter-Server-Appliance-6.5.0.20000-8307201-patch-FP.iso
Build 8307201
Download Size 1532 MB
md5sum 6236ab60c954cbe9793c7f94a53bf434
sha1checksum e2542db3070f22412ab8141b3b2ff1f0458dd951

 

Download and Installation

You can download this patch by going to the VMware Patch Download Center and choosing VC from the Search by Product drop-down menu.

  1. Attach the VMware-vCenter-Server-Appliance-6.5.0.20000-8307201-patch-FP.iso file to the vCenter Server Appliance CD or DVD drive.
  2. Log in to the appliance shell as root and run the commands given below:
    • To stage the ISO:

      software-packages stage --iso

    • To see the staged content:

      software-packages list --staged

    • To install the staged rpms:

      software-packages install --staged

For more information on patching the vCenter Server Appliance, see Patching the vCenter Server Appliance.

For more information on staging patches, see Stage Patches to vCenter Server Appliance.

For more information on installing patches, see Install vCenter Server Appliance Patches.

For issues resolved in this patch see Resolved Issues.

For Photon OS updates, see VMware vCenter Server Appliance Photon OS Security Patches

For more information on patching using the Appliance Management Interface, see Patching the vCenter Server Appliance by Using the Appliance Management Interface.

Internationalization

VMware vSphere 6.5 is available in the following languages:

  • English
  • French
  • German
  • Spanish
  • Japanese
  • Korean
  • Simplified Chinese
  • Traditional Chinese

Components of VMware vSphere 6.5 Update 2, including vCenter Server, ESXi, the vSphere Web Client, the vSphere Client, and the vSphere Host Client do not accept non-ASCII input.

Compatibility

ESXi, vCenter Server, and vSphere Web Client Version Compatibility

The VMware Product Interoperability Matrix provides details about the compatibility of current and earlier versions of VMware vSphere components, including ESXi, VMware vCenter Server, the vSphere Web Client, and optional VMware products. Check the VMware Product Interoperability Matrix also for information about supported management and backup agents before you install ESXi or vCenter Server.

The vSphere Web Client and vSphere Client are packaged with vCenter Server.

Hardware Compatibility for ESXi

To view a list of processors, storage devices, SAN arrays, and I/O devices that are compatible with vSphere 6.5 Update 2, use the ESXi 6.5 information in the VMware Compatibility Guide.

Device Compatibility for ESXi

To determine which devices are compatible with ESXi 6.5, use the ESXi 6.5 information in the VMware Compatibility Guide.

Guest Operating System Compatibility for ESXi

To determine which guest operating systems are compatible with vSphere 6.5, use the ESXi 6.5 information in the VMware Compatibility Guide.

Virtual Machine Compatibility for ESXi

Virtual machines that are compatible with ESX 3.x and later (hardware version 4) are supported with ESXi 6.5. Virtual machines that are compatible with ESX 2.x and later (hardware version 3) are not supported. To use such virtual machines on ESXi 6.5, upgrade the virtual machine compatibility. See the vSphere Upgrade documentation.

Installation and Upgrade Notes for This Release

Installation Notes for This Release

IMPORTANT: Site names in vCenter Server instances configured in Embedded Linked Mode must default to Default-First-Site and not be modified.

Read the vSphere Installation and Setup documentation for guidance about installing and configuring ESXi and vCenter Server.

Although the installations are straightforward, several subsequent configuration steps are essential. Read the following documentation:

VMware Tools Bundling Changes in ESXi 6.5

In ESXi 6.5, only a subset of VMware Tools ISO images are bundled with the ESXi 6.5 host.

The following VMware Tools ISO images are bundled with ESXi:

  • windows.iso: VMware Tools image for Windows Vista or higher

  • linux.iso: VMware Tools image for Linux OS with glibc 2.5 or higher (for example, RHEL 5 or later, SLES 11 or later, Ubuntu 10.04 or later)

  • winPreVista.iso: VMware Tools image for Windows 2000, Windows XP, and Windows 2003

The following VMware Tools ISO images are available for download from My VMware:

  • solaris.iso: VMware Tools image for Solaris

  • freebsd.iso: VMware Tools image for FreeBSD

  • winPre2k.iso: VMware Tools image for pre Windows 2000

  • linuxPreGlibc25.iso: VMware Tools image for Linux OS with glibc less than 2.5

  • darwin.iso: VMware Tools image for OS X 10.11 or later

  • darwinPre15.iso: VMware Tools image for Pre-OS X 10.11

  • netware.iso: VMware Tools image for Netware

Follow the procedures listed in the following documents to download VMware Tools for operating systems not bundled with ESXi:

Migrating Third-Party Solutions

For information about upgrading with third-party customizations, see the vSphere Upgrade documentation. For information about using Image Builder to make a custom ISO, see the vSphere Installation and Setup documentation.

Upgrades and Installations Disallowed for Unsupported CPUs

Comparing the processors supported by vSphere 6.0, vSphere 6.5 no longer supports the following processors:

  • Intel Xeon 51xx series
  • Intel Xeon 30xx series
  • Intel core 2 duo 6xxx series
  • Intel Xeon 32xx series
  • Intel core 2 quad 6xxx series
  • Intel Xeon 53xx series
  • Intel Xeon 72xx/73xx series

During an installation or upgrade, the installer checks the compatibility of the host CPU with vSphere 6.5. If your host hardware is not compatible, a purple screen appears with an incompatibility information message, and the vSphere 6.5 installation process stops.

Upgrade Notes for This Release

Important: Upgrade and migration paths from vCenter Server 6.5 Update 2 to vCenter Server 6.7 are not supported.

Upgrades or migration of vCenter Server earlier than 5.5 Update 3b when the environment is with an external vCenter Single Sign-On to vCenter Server 6.5 Update 2 with an external Platform Services Controller are unsupported. For example, to upgrade or migrate vCenter Server 5.5 with an external vCenter Single Sign-On to vCenter Server 6.5 Update 2 with an external Platform Services Controller, you must first update to vCenter Server 5.5 Update 3b and then perform the upgrade or migration to vCenter Server 6.5 Update 2.

vCenter Server 5.5 Update 3b build numbers are:

  • vCenter Server 5.5 Update 3b, build 3252642
  • vCenter Server Appliance 5.5 Update 3b, build 3255668

Upgrades or migration of vCenter Server 5.5 and later with an embedded vCenter Single Sign-On to vCenter Server 6.5 Update 2 with an embedded Platform Services Controller are supported scenarios.

Open Source Components for VMware vSphere 6.5

The copyright statements and licenses applicable to the open source software components distributed in vSphere 6.5 are available at http://www.vmware.com. You need to log in to your My VMware account. Then, from the Downloads menu, select vSphere. On the Open Source tab, you can also download the source files for any GPL, LGPL, or other similar licenses that require the source code or modifications to source code to be made available for the most recent available release of vSphere.

Functionality Caveats

The vSphere Client is written in an HTML5-based language and frameworks supported by all browsers. However, different browsers have different performance characteristics regarding the HTML5 standard. In particular, performance with Internet Explorer 11 can be slower than with other browsers, because of the rendering engine that Internet Explorer 11 uses. If you experience such issues, try using another supported browser.

Product Support Notices

  • The VMware Lifecycle Product Matrix provides detailed information about all supported and unsupported products. Check the VMware Lifecycle Product Matrix also for further information about the End of General Support, End of Technical Guidance, and End Of Availability.

  • As of vSphere 6.5, VMware is discontinuing the installable desktop vSphere Client, one of the clients provided in vSphere 6.0 and earlier. vSphere 6.5 does not support this client and it is not included in the product download. vSphere 6.5 introduces the new HTML5-based vSphere Client, which ships with vCenter Server alongside the vSphere Web Client. Not all functionality in the vSphere Web Client has been implemented for the vSphere Client in the vSphere 6.5 release. For an up-to-date list of unsupported functionality, see Functionality Updates for the vSphere Client Guide.

  • VMware vCenter Operations Foundation 5.8.x is no longer offered, interoperable or supported with the release of vSphere 6.5. If you want to continue using vCenter Operations Foundation 5.8.x products, you can do so only with vSphere 5.5 and vSphere 6.0.

  • vSphere 6.5 is the final release that supports binary translation mode virtualization of operating systems. Future vSphere releases will not include binary translation mode. For more information, see https://kb.vmware.com/kb/2147608.

  • vSphere 6.5 is the final release that supports Software-Based Memory Virtualization. Future vSphere releases will not include Software-Based Memory Virtualization.

  • You cannot create new legacy (Record & Replay / uni-processor) Fault Tolerance virtual machines on vCenter Server 6.5 and ESXi 6.5 hosts. If you want to continue running legacy Fault Tolerance virtual machines, remain with ESXi 6.0 or earlier. Existing legacy Fault Tolerance virtual machines continue to be supported on ESXi hosts earlier than 6.5 and managed by vCenter Server 6.5.

    If you wish to upgrade ESXi hosts to 6.5, turn off legacy Fault Tolerance (do not only disable Fault Tolerance) on the protected VMs prior to upgrading. SMP-FT (multiprocessor Fault Tolerance) is not automatically enabled on the VM. You must manually turn on Fault Tolerance (which becomes SMP-FT) for VMs on the newly upgraded 6.5 ESXi host.

Resolved Issues

The resolved issues are grouped as follows.

Backup and Restore Issues
  • The embedded vCenter Server Appliance database might be corrupted during a full backup

    The VMware PostgreSQL database in the vCenter Server Appliance might be corrupted during a file-based full backup if the backup runs in parallel with a quiesced snapshot. The backup generates a backup_label file in /storage/db/vpostgres that corrupts the database if you revert to this specific snapshot. This fix prevents full backups to run during a quiesced snapshot.

    This issue is resolved in this release.

  • vCenter Server Appliance restore might fail if you modify DNS setting

    If you modify the DNS setting in the Configure network settings page of the vCenter Server Appliance 6.5 GUI installer, while attempting to restore a vCenter Server Appliance, you might see an error for the loopback addresses in the DNS Servers field.

    This issue is resolved in this release.

  • The backup progress bar might not display the real time progress of the backup operation

    When you run the vCenter Server Appliance Management Interface to back up a vCenter Server Appliance, the backup progress bar might not display the real time progress of the backup operation when you use an Internet Explorer browser.

    This issue is resolved in this release.

  • The embedded vCenter Server Appliance database might be corrupted due to inconsistent snapshots of virtual machines

    The PostgreSQL database in the vCenter Server Appliance might be corrupted due to inconsistent snapshots of virtual machines if the database runs on multiple partitions. This fix adds pre-freeze and post-thaw scripts to freeze filesystem partitions while taking a snapshot.

    This issue is resolved in this release.

CLI Issues
  • Attempting to retrieve tag assignments by using the Get-TagAssignment command might fail for large inventories

    Due to a limit of 4096 on query results in PowerCLI, attempting to retrieve tag assignments by using the Get-TagAssignment command for large inventories might fail with the following error message: Maximum number of result item exceeded: 4096.

    This issue is resolved in this release. 

Guest OS Issues
  • When you run a test recovery with IP customization on a RHEL 7.x virtual machine, the host name is empty on the recovered instance

    When you run a test recovery with IP customization on a RHEL 7.x virtual machine, the host name (/etc/hostname) is empty and the double quotes for the domain key / value in the network file under sysconfig/network-scripts/ are removed.

    This issue is resolved in this release.

Installation Issues
  • When you run the vCenter Server Appliance GUI installer, the validation of a fully qualified domain name fails if the top-level domain name contains a digit

    When you deploy a vCenter Server Appliance by using the vCenter Server Appliance GUI installer, the validation of a fully qualified domain name (FQDN) fails if the top-level domain name contains a digit.

    This issue is resolved in this release.

Upgrade Issues
  • The installer prevents the upgrade of multiple instances of vCenter Server for Windows with an embedded Platform Services Controller joined in an Enhanced Linked Mode group from version 6.0 to version 6.5 Update 2

    If you have multiple instances of vCenter Server for Windows 6.0 with an embedded Platform Services Controller joined in an Enhanced Linked Mode group, and try to upgrade them to version 6.5 Update 2, the installer prevents the upgrade.

    This issue is resolved in this release.

  • vCenter Server service fails to start after an upgrade of a vendor plug-in to the Proactive HA feature

    vCenter Server service might repeatedly fail to start after an upgrade of a vendor plug-in to the Proactive HA feature, due to an issue in the vCenter Server database.

    This issue is resolved in this release.

Image Builder Issues
  • Image Builder operations, such as adding or deleting a depot, might fail

    If you add more than 20 software depots and restart the Image Builder service, the operation might fail. You might be unable to perform any Image Builder operations or create a rule using an image profile that is contained in Image Builder.

    This issue is resolved in this release.

Miscellaneous Issues
  • You cannot delete a folder from the inventory even though you have the necessary privileges

    If you are logged in the vSphere Web Client as a user without administrative privileges, you cannot delete a folder from the inventory by right-clicking the folder and selecting Remove from Inventory. The Remove from Inventory option is dimmed even though you have the necessary privileges. To delete the folder, you must have permission to delete its parent object as well.

    This issue is resolved in this release.

  • You might fail to gather data to diagnose networking issues

    With vCenter Server 6.5 Update 2, you can use PacketCapture, a lightweight tcpdump utility implemented in the Reverse HTTP Proxy service, to capture and store only the minimum amount of data to diagnose a networking issue, saving CPU and storage. For more information, see KB 52843.

    This issue is resolved in this release.

  • Power on or vMotion operations on virtual machines might fail with InsufficientMemoryResourcesFault error

    Synchronization issues between an ESXi host and the vCenter Server system might cause power on or vMotion operations on virtual machines to fail with InsufficientMemoryResourcesFault error.

    This issue is resolved in this release.

  • Logs of the hostd service might not identify Active Directory users who perform operations on an ESXi host

    Logs of the hostd service might not identify Active Directory users who perform operations on an ESXi host and report users as vpxuser instead of domain accounts, which prevents tracing back individual user operations.

    This issue is resolved in this release. 

  • The Reverse HTTP Proxy service might fail and cause all the services using it at that time to fail too

    The Reverse HTTP Proxy service might fail when a request to the vSphere Web Client does not contain the host HTTP header. This might also fail all other services using the Reverse Proxy service at that time, for example, the Component Manager service.

    This issue is resolved in this release.

  • You cannot place an ESXi host into an empty Enhanced vMotion Compatibility (EVC) cluster even though the host meets the requirements

    Some EVC modes now contain additional CPU features that were previously not included in the EVC requirements for hosts. To support smooth upgrade, the EVC cluster would implement the new requirements only after all the hosts in it have been upgraded to meet them. However, attempting to add a non-upgraded ESXi host to the empty EVC cluster fails.

    This issue is resolved in this release.

  • VMware Directory Service might stay in read only mode even if replication partners are available

    If replication partner nodes of a VMware Directory Service (vmdir) are temporarily unavailable for some reason, vmdir enters a read-only mode that does not propagate updates and might stay in read-only mode even when nodes restore connectivity. With this fix, vmdir automatically exits read-only mode when partner nodes are available.

    This issue is resolved in this release. 

  • You cannot configure the remote log server domain name to start with a digit

    If you configure the domain name of a remote log server for vCenter Server Appliance to start with a digit, for example syslog.9dc.com, the server might fail with syslog.invalid.configuration error.

    This issue is resolved in this release.

  • If you enable vSAN on a cluster but do not claim any disks, or if you delete all disk groups, you might see a warning for lack of capacity

    If you enable vSAN on a cluster but do not claim any disks, or if you delete all disk groups, you might see a warning similar to VMware vSAN in cluster XXX in datacenter YYY does not have capacity. The warning message persists even after you disable vSAN on the cluster.

    This issue is resolved in this release.

Networking Issues
  • Link Aggregation Groups might be lost during import of a vSphere Distributed Switch configuration

    If you import a vSphere Distributed Switch configuration with many Link Aggregation Groups (LAG), the vCenter Server daemon vpxd might fail to insert the corresponding LAG information to the vCenter Server database, and some LAGs might be missing after a restart of the vpxd.

    This issue is resolved in this release. However, if you already face the issue, delete and re-import the vSphere Distributed Switch configuration, or create the missing LAG manually. 

  • When you try to retrieve network objects by using the API FindByInventoryPath operation, the query does not provide any subfolder results

    If you try to retrieve network objects by using the API FindByInventoryPath operation, the query fails to provide any subfolder results because it does not search through subfolder network objects.

    This issue is resolved in this release.

  • After you cancel the cloning of a virtual machine, the virtual machine directory continues to exist

    vCenter Server does not remove the port file directory (.dvsData) in the virtual machine directory after the process for cloning a virtual machine stops. As a result, the virtual machine directory is not deleted.

    This issue is resolved in this release.

Security Issues
  • Update to JRE package

    The Oracle (Sun) JRE package is updated to version 1.8.0_162.

  • Update to glibc package to address a security issue

    The glibc package in the vCenter Server Appliance is updated to version 2.22-18 to resolve a security issue with identifier CVE-2017-15804.

  • An administrator without Cryptographer permissions might be able to access an encrypted virtual machine

    An administrator without Cryptographer permissions could request connection to a virtual machine through the VIX API and access encrypted virtual machine contents. 

    This issue is resolved in this release. The permission to request a VIX API connection to an encrypted virtual machine is removed from all administrator roles without Cryptographer permissions.

  • Update to cURL

    cURL in the vCenter Server Appliance is updated to 7.58.

  • Update to Ruby

    The Ruby package is updated to version 2.4.3 to address issues with identifiers CVE-2017-17405 and CVE-2017-17790.

  • If your Active Directory account has membership in a large number of groups, you might be denied appliance shell or Bash shell access to the vCenter Server Appliance when you try to log in through SSH

    You might be denied appliance shell or Bash shell access to the vCenter Server Appliance when you try to log in with your Active Directory account through SSH. This happens when your account has membership in a large number of Active Directory groups, because the length of the group names affects the size of the SAML token that is provided to the server. If the size of the token exceeds 12,255 bytes, access is denied.

    This issue is resolved in this release.

  • Update to the Network Time Protocol package

    The Network Time Protocol (NTP) package is updated to version 4.2.8p10.

  • When you change a certificate, the VMware vSphere Update Manager Service might not start

    When you change a certificate, the vmware-updatemgr service does not start. For security and performance reasons, certificates are limited to 4KB and the current limit now is 16KB.

    This issue is resolved in this release.

  • Update of the Jackson JavaScript Object Notation (JSON) processor package

    The JSON processor package is updated to version 2.9.3.

  • The validity period of all certificates issued by the VMware Certificate Authority (VMCA) is reduced to 2 years

    The default validity period of the certificates issued by VMCA was 10 years. According to the CA/Browser Forum recommendations, certificates issued after March 1, 2018 must have a validity period no greater than 825 days or 2 years. 

    This issue is resolved in this release. The validity period of all certificates issued by VMCA is now set to 2 years.

  • Update to the Kerberos protocol

    The Kerberos protocol is updated to 1.16 to resolve issues with identifiers CVE-2017-11462 and CVE-2017-15088.

  • Update to Python

    The Python third party library is updated to version 2.7.14 to resolve issues with identifiers CVE-2017-9233, CVE-2016-9063, CVE-2016-5300, CVE-2016-0718 and CVE-2016-4472.

Server Configuration Issues
  • When you try to log in to vCenter Server with your Active Directory user name and password, login might fail with an error message saying that a duplicate Active Directory domain name was found

    When two Active Directory domains in a multi-forest Active Directory environment with trust relationships have the same NetBIOS name and you try to log in to vCenter Server using your user name and password for one of those Active Directory domains, authentication might fail with A duplicate Active Directory domain name was found error message.

    This issue is resolved in this release.

  • vCenter Server stops responding with the following error message: duplicate key value violates unique constraint "vpxi_psa_path"

    If a Pluggable Storage Architecture (PSA) path becomes unavailable to an ESXi host while vCenter Server is not running, it is re-added as a new path addition when vCenter Server is restarted. This causes vCenter Server to stop responding with the following error message: duplicate key value violates unique constraint "vpxi_psa_path”.

    This issue is resolved in this release.

  • VMware vSphere Distributed Resource Scheduler advanced parameter MaxVcpusPerCore might not work as expected

    The advanced vSphere DRS parameter MaxVcpusPerCore might not work as expected and the desired ratio of virtual CPUs per physical CPU or core will not take effect in configurations below 4:1. MaxVcpusPerCore supported ratios now start from 1:1.

    This issue is resolved in this release. 

Storage Issues
  • FileManager and DatastoreBrowser operations might fail with a HostConnect error

    FileManager and DatastoreBrowser operations might fail with a HostConnect fault when you copy a file between shared datastores. The file copy process might select a host with incorrect credentials and this causes a connection failure.

    This issue is resolved in this release.

Tools Issues
  • SNMP v3 agent allows users with priv security level to access data by providing only an authentication key phrase or no security key phrases at all

    SNMP v3 agent allows users with priv security level to access data by providing only an authentication key phrase or no security key phrases at all. Instead, the SNMP v3 agent must require users with priv security level to provide both an authentication key phrase and a privacy key phrase. If a user with priv security level does not provide both key phrases, an error message must appear.

    This issue is resolved in this release.

  • Replacing a machine SSL certificate with a custom certificate might fail

    Using the option Replace Machine SSL certificate in the vSphere Certificate Manager utility might fail with a message error 20 at 0 depth lookup:unable to get local issuer certificate due to incorrect validation of host entries.

    This issue is resolved in this release

vCenter Server, vSphere Web Client, and vSphere Client Issues
  • In vSphere 6.5, some host profile operations performed on 5.0 or 5.1 host profiles might cause vCenter Server to stop responding

    In vSphere 6.5, operations on ESXi 5.0 or 5.1 host profiles, such as viewing, editing, or attaching host profiles to ESXi hosts or clusters, might cause vCenter Server to stop responding.

    This issue is resolved in this release. It is recommended to upgrade the host profile to 5.5 or later version, or remove all ESXi 5.0 and 5.1 host profiles created before upgrading vCenter Server to 6.5.

  • Obsolete alarm definitions are visible in the vSphere Web Client

    In the vSphere Web Client, if you select a datacenter, click the Monitor tab, click Issues, and select Alarm Definitions, you might see obsolete alarm definitions such as Virtual Datacenter Service Health Alarm. Virtual Datacenter Service is a service that is no longer available. 

    This issue is resolved in this release.

  • In the vSphere Web Client, you might not be able to delete a virtual machine template although you have sufficient permissions

    Even though you have sufficient permissions, you might not be able to delete a virtual machine template from a virtual machine folder, because the Delete from Disk option is dimmed in the vSphere Web Client.

    This issue is resolved in this release.

  • vCenter Server might stop responding when you attempt to add а new disk to a virtual machine

    When you attempt to add a new virtual disk to a virtual machine, Storage DRS causes vCenter Server to stop responding while generating datastore recommendations.

    This issue is resolved in this release.

  • vSphere Client does not load if you have a version of vCenter Server for Windows lower than 6.5 Update 2 installed with a custom port

    If you have installed a version of vCenter Server for Windows lower than 6.5 Update 2 with a custom port, for example 8443, when you attempt to use the vSphere Client, you might see the following error: Empty SSO response string

    This issue is resolved in this release. If you already face the issue, you can either use the vSphere Web Client as an alternative to the vSphere Client, or follow these steps:

    1. Open the file C:\ProgramData\VMware\vCenterServer\runtime\vsphere-ui\server\configuration\tomcat-server.xml.
    2. Change port 443 to the custom port you are using, for example 8443.
    3. Restart the vsphere-ui service at C:\Program Files\VMware\vCenter Server\vmon\vmon-cli by using --restart vsphere-ui.
  • In the vSphere Web Client some hardware health status alarms might be missing and sensors might be displayed in wrong groups

    Issues from hardware sensors or problems with the hardware, such as unplugged power supply, might not trigger alarms in the Hardware Status tab of the vSphere Web Client. Hardware sensors might be displayed in wrong categories, for example sensors from storage to show under the voltage group.

    This issue is resolved in this release.

  • vCenter Server service might fail when you close the root folder from the Inventory View

    If you create a cluster, add an ESXi host to the cluster and create a vApp in the cluster, when you navigate to the vApp from the Inventory View in the vSphere Web Client, the vCenter Server daemon vpxd might fail with an error Panic: Assert Failed: "openedInfo._activations == 0" at the time you close the root folder.

    This issue resolved in this release. 

  • In the vSphere Web Client, the Hosts tab for clusters in the inventory might not show hosts even if hosts are present

    In the vSphere Web Client, the Hosts tab for clusters in the inventory might not show hosts even if hosts are present and you might see The list is empty message.

    This issue is resolved in this release.

Virtual Machine Management Issues
  • vCenter Server might stop responding during virtual machine creation due to a fault message generated by vSphere Storage DRS

    When you create a virtual machine, vSphere Storage DRS generates initial placement recommendations which might include prerequisite steps recommendation for Storage vMotion. If these actions cause vSphere Storage DRS to generate a fault message, vCenter Server might stop responding.

    This issue is resolved in this release.

  • You might not be able to view virtual machine scheduled tasks 

    If you are logged in to a vCenter Server system as a virtual machine user, you might not be able to view virtual machine scheduled tasks that you have created earlier. The tasks are visible if you log in as an administrator.

    This issue is resolved in this release.

  • vCenter Server might stop responding during initial placement of virtual disks with vSphere Storage DRS

    vCenter Server might stop responding if a datastore disconnects during the initial placement of virtual disks with vSphere Storage DRS.

    This issue is resolved in this release.

  • vCenter Server might fail during virtual machine placement

    If vSphere DRS does not receive status information form some hosts, and DRS ignores such hosts when it takes a snapshot, the vCenter Server might fail during virtual machine placement.

    This issue is resolved in this release.

  • Competing tasks in full vSphere Storage DRS datastores might stop responding, block other tasks and cause high CPU usage

    If a datastore in a vSphere Storage DRS is close to its storage limit, competing tasks to this datastore might stop responding, block other tasks, аnd cause high CPU usage.

    This issue is resolved in this release.

  • The vpxd service might fail if you enable vSphere Storage DRS Input/Output Load balancing without a specific configuration

    If you enable Input/Output Load Balancing without a load balancing configuration setting, the vpxd service might fail with an error message.

    This issue is resolved in this release.

  • Attempting to export an OVF template might fail

    You might not be able to export an OVF template if the process takes more than 30 minutes. The manifest file of the OVF package fails to download and the following message is displayed in the vSphere Web Client: An internal error has occurred – Error #1009.

    This issue is resolved in this release.

  • Provisioning of virtual machines might fail due to disabled IPv6 socket

    If you disable the IPv6 socket during virtual machine provisioning operations, cold migration, or cloning, the task might fail with host disconnect errors. 

    This issue is resolved in this release.

Auto Deploy Issues
  • Some vSphere ESXi Image Builder and vSphere Auto Deploy operations performed in the vSphere Web Client might fail

    When you make image customizations or vSphere Auto Deploy rule operations by using vSphere ESXi Image Builder in the vSphere Web Client, you might see errors in the vSphere Web Client, such as ServiceInstance not visible by classloader.

    This issue is resolved in this release.

  • Booting a stateless ESXi host by using vSphere Auto Deploy might fail

    When you use vSphere Auto Deploy to boot a stateless ESXi host, vSphere Auto Deploy requests certificate information from the VMware Certificate Authority. If the request results in an error, the host fails to boot. The following message is displayed in the vSphere Auto Deploy logs: ERROR:root:Unrecognized arguments: ['/usr/bin/python', '/usr/bin/rbd-vmca-certificate.py']​.

    This issue is resolved in this release.

  • Booting an ESXi host by using vSphere Auto Deploy might fail due to incorrect value of the Autodeploy.MachineIdentity parameter   

    When you try to boot an ESXi host by using vSphere Auto Deploy, an incorrect value of the Autodeploy.MachineIdentity parameter of the host might cause a boot failure. The following message is displayed: Could not fetch /vmw/rbd/host-register?bootmac = x.x.x.x: Input/output error.

    This issue is resolved in this release.

  • Booting ESXi hosts by using vSphere Auto Deploy might fail

    Booting ESXi hosts by using vSphere Auto Deploy might fail if there are too many host specification data objects being sent to vSphere Auto Deploy.

    This issue is resolved in this release.

Licensing Issues
  • Witness virtual machine consumes host license capacity from vCenter Server Essentials Plus

    A vSAN 2-host cluster (ROBO) requires two physical hosts and one witness. When the witness is an appliance that resides in a virtual machine, it incorrectly consumes a host licence. This problem occurs because the vCenter Server considers the witness appliance to be a host.

    This issue is resolved in this release.

Known Issues

The known issues are grouped as follows.

Server Configuration Issues
  • After a minor update of the vCenter Server system, the vmdir.ldu-guid parameter might not be set

    After a minor update of the vCenter Server system, the Logical Deployment Unit (LDU) GUID parameter of the VMware Directory Service might not be set and you might see Error 2: Object/Configuration not found when you run the command #/usr/lib/vmware-vmafd/bin/vmafd-cli get-ldu --server-name localhost.

    Workaround: None

Miscellaneous Issues
  • An EVC cluster might not display new CPU IDs such as IBPB if you add a host which is in maintenance mode

    If you create an empty EVC cluster and add a host in maintenance mode, you might not see the new CPU IDs of that host. The new CPU IDs are the Indirect Branch Restricted Speculation (IBRS), Single Thread Indirect Branch Predictors (STIBP) and Indirect Branch Predictor Barrier (IBPB).

    Workaround: Do not add hosts in maintenance mode to empty EVC clusters. If you had already added a host in maintenance mode to an empty EVC cluster and then added another host, which is not in maintenance mode, you must remove the latter. As result, the cluster will upgrade and resync with new CPU IDs.

  • An EVC cluster might show new CPU IDs such as IBPB even if you revert an ESXi host to an older version

    When you apply the current patch to an ESXi host and add that host to an EVC cluster, if you revert the host to an older version of ESXi, the EVC cluster might still expose the new CPU IDs, such as IBRS, STIBP and IBPB. However, the ESXi host does not have any of the new CPU ID features.

    Workaround: You must put the ESXi host in maintenance mode and move the host out of the EVC cluster. 

Networking Issues
  • The IPv4 gateway disappears and the management network is not accessible after adding an IPv6 network adapter to an IPv4 setup by using the Direct Console User Interface

    If you use the Direct Console User Interface of the vCenter Server Appliance to add an IPv6 network adapter to an IPv4 setup, after a restart of the management network system, the IPv4 gateway is removed and the network in not accessible.

    Workaround: Add an IPv4 gateway by using the Direct Console User Interface to regain access to the management network system. You can then use the vCenter Server Appliance Management Interface or the vSphere Web Client to add IPv6 addresses.

vCenter Server, vSphere Web Client, and vSphere Client Issues
  • vSphere Web Client might not display all vCenter Server systems in Embedded Linked Mode

    If you log in to the first vCenter Server instance you have deployed in Embedded Linked Mode by using the vSphere Web Client, you might not be able to see the other vCenter Server instances.

    Workaround: Restart the vSphere Web Client in all linked vCenter Server systems:

    1. Log in to the vCenter Server Appliance by using an SSH or console session as root.
    2. Enable the Bash shell: shell.set --enabled true.
    3. Start the shell.
    4. Change directories to /bin: cd /bin.
    5. Stop the vSphere Web Client service: service-control --stop vsphere-client.
    6. Start the vSphere Web Client service: service-control --start vsphere-client.
  • The vSphere Web Client does not display the correct ports configuration if the vCenter Server Appliance is deployed using custom ports

    If you deploy a vCenter Server Appliance with custom ports, for instance HTTP: 82 and HTTPS: 1443, when you log in to the appliance by using the vSphere Web Client and navigate to Configuration > General, you see the default ports, HTTP: 80 and HTTPS: 443.

    Workaround: None 

Installation, Upgrade and Migration Issues
  • An embedded Platform Services Controller might not accept new nodes in stage 2 of the installation, upgrade or migration of vCenter Server Appliance

    During the second stage of the deployment, upgrade or migration you might not be able to join new nodes to the embedded Platform Services Controller and see an error such as This topology is not allowed. The external node must be another vCenter Server with an Embedded Platform Services Controller. The server you are trying to connect to is a standalone Platform Services Controller. The issue might  occur when you deploy a new vCenter Server Appliance with an embedded Platform Services Controller or when you upgrade or migrate from vCenter Server 5.5.x or 6.0.x to vCenter Server Appliance 6.5 Update 2.

    Workaround: None

  • Migration from vCenter Server on Windows 5.5.x and 6.0.x to vCenter Server Appliance 6.5.x might fail during data export

    Migration from vCenter Server on Windows 5.5.x and 6.0.x to vCenter Server Appliance 6.5.x might fail during data export with an error such as The compressed zip folder is invalid or corrupted.

    Workaround: You must archive in zip format the data export folder manually:

    1. On the source Windows machine where your vCenter Server system runs, create an environment variable MA_INTERACTIVE_MODE.
      • Go to Computer > Properties Advanced system settingsEnvironment Variables > System Variables > New.
      • Enter MA_INTERACTIVE_MODE as variable name with value 0 or 1.
    2. Start the VMware Migration Assistant and provide your password.
    3. Deploy the OVF file with the standalone installer and complete Stage 1 of the migration.
    4. Start stage 2. In Stage 2, the migration pauses and the Migration Assistant console displays the message To continue the migration, create the export.zip file manually from the export data (include export folder).
      IMPORTANT: Do not press any keys or tabs on the Migration Assistant console.
    5. Go to path: %appdata%\vmware\migration-assistant folder.
    6. Delete the export.zip folder created by the Migration Assistant.
    7. To continue the migration, manually create the export.zip folder from the export folder.
    8. In the Migration Assistant console, type Y and press Enter.

    Migration starts as usual.

  • Second node in Embedded Linked Mode might be deployed in a new site with the default site name regardless of the first node configuration

    If you configure a vCenter Server instance in Embedded Linked Mode on a site with a name of your choice and then you add another node, the second node might be deployed in a new site and get the a  default name, regardless of the first node configuration. This issue is specific for the GUI installer of vCenter Server Appliance and not for the CLI installer.

    Workaround: None. Site names in vCenter Server Appliance configured in Embedded Linked Mode by using the GUI installer must default to Default-First-Site and not be modified. 

  • Deployment of vCenter Server Appliance using custom network ports might fail at first boot

    Deployment of vCenter Server Appliance with network ports other than the default 80 for HTTP and 443 for HTTPS, might fail at first boot due to issues such as port conflict, restricted ports or duplicate port configuration. You can trace deployment errors in the visl-support-firstboot.py_**_stderr.log.

    Workaround: None

Auto Deploy Issues
  • ESXi hosts provisioned with vSphere Auto Deploy might fail to boot after a major upgrade of vCenter Server for Windows systems

    In some cases, after a major upgrade of vCenter Server for Windows systems, ESXi hosts provisioned with vSphere Auto Deploy might fail to boot with an error similar to could not boot: input/output error (http://ipxe.org/xxxxx).

    Workaround: Remove the disconnected ESXi host from the vCenter Server Inventory and reboot the host. 

Virtual Machine Management Issues
  • When you deploy a virtual machine from a template in the vSphere Web Client and you choose VMXNET 3 as the default network adapter, DirectPath I/O is enabled automatically

    When you deploy a virtual machine from a template in the vSphere Web Client, and you choose VMXNET 3 as the default network adapter in the virtual machine hardware settings, you can select whether to enable DirectPath I/O. However, when you create the virtual machine, DirectPath I/O is enabled even if you decided to leave it disabled.

    Workaround: None.

Licensing Issues
  • Cannot add witness virtual machine to vCenter Server with Essentials license

    When the witness host for a stretched cluster is an appliance that resides in a virtual machine, it incorrectly consumes a host license. This problem occurs because the vCenter Server considers the witness appliance to be a physical host. If your license does not cover an additional host, you cannot add the witness appliance to vCenter Server.

    Workaround: Add the witness appliance VM to vCenter Server before you add the physical hosts.

Known Issues from Earlier Releases

To view a list of previous known issues, click here.