check-circle-line exclamation-circle-line close-line

VMware vCenter Server 6.7 Update 2 Release Notes

vCenter Server 6.7 Update 2 | APR 11 2019 | ISO Build 13010631

vCenter Server Appliance 6.7 Update 2 | APR 11 2019 | Build 13010631

What's in the Release Notes

The release notes cover the following topics:

What's New

  • With vCenter Server 6.7 Update 2, you can configure the property config.vpxd.macAllocScheme.method in the vCenter Server configuration file, vpxd.cfg, to allow sequential selection of MAC addresses from MAC address pools. The default option for random selection does not change. Modifying the MAC address allocation policy does not affect MAC addresses for existing virtual machines.
  • vCenter Server 6.7 Update 2 adds a REST API that you can run from the vSphere Client for converging instances of vCenter Server Appliance with an external Platform Services Controller instances into vCenter Server Appliance with an embedded Platform Services Controller connected in Embedded Linked Mode. For more information, see the vCenter Server Installation and Setup guide.
  • vCenter Server 6.7 Update 2 integrates the VMware Customer Experience Improvement Program (CEIP) into the converge utility.
  • vCenter Server 6.7 Update 2 adds a SOAP API to track the status of encryption keys. With the API, you can see if the Crypto Key is available in a vCenter Server system, or is used by virtual machines, as a host key or by third-party programs.
  • Precheck for upgrading vCenter Server systems: vCenter Server 6.7 Update 2 enables a precheck when upgrading a vCenter Server system to ensure upgrade compatibility of the VMware vCenter Single Sign-On service registrations endpoints. This check notifies for possible mismatch with present machine vCenter Single Sign-On certificates before the start of an upgrade and prevents upgrade interruptions that require manual workaround and cause downtime.
  • vSphere Auditing Improvements: vCenter Server 6.7 Update 2 improves VMware vCenter Single Sign-On auditing by adding events for the following operations: user management, login, group creation, identity source, and policy updates. The new feature is available only for vCenter Server Appliance with an embedded Platform Services Controller and not for vCenter Server for Windows or vCenter Server Appliance with an external Platform Services Controller. Supported identity sources are vsphere.local, Integrated Windows Authentication (IWA), and Active Directory over LDAP.
  • Virtual Hardware Version 15: vCenter Server 6.7 Update 2 introduces Virtual Hardware Version 15 which adds support for creating virtual machines with up to 256 virtual CPUs. For more information, see VMware knowledge base articles 1003746 and 2007240.
  • Simplified restore of backup files: If you cannot find the correct build to restore a backup file and enter incorrect backup details, the vCenter Server Appliance Management Interface in vCenter Server 6.7 Update 2 adds an error message in the Enter backup details page providing corresponding version details that help you to pick the correct build. You can also find version details in Backup > Activity.
  • With vCenter Server 6.7 Update 2, you can use the Network File System (NFS) and Server Message Block (SMB) protocols for file-based backup and restore operations on the vCenter Server Appliance. The use of NFS and SMB protocols for restore operations is supported only by using the vCenter Server Appliance CLI installer.
  • vCenter Server 6.7 Update 2 adds events for changes of permissions on tags and categories, vCenter Server objects and global permissions. The events specify the user who initiates the changes.
  • With vCenter Server 6.7 Update 2, you can create alarm definitions to monitor the backup status of your system. By setting a Backup Status alarm, you can receive email notifications, send SNMP traps, and run scripts triggered by events such as Backup job failed and Backup job finished successfully. A Backup job failed event sets the alarm status to RED and Backup job finished successfully resets the alarm to GREEN.
  • With vCenter Server 6.7 Update 2, in clusters with the Enterprise edition of VMware vSphere Remote Office Branch Office, configured to support vSphere Distributed Resource Scheduler in maintenance mode, when an ESXi host enters maintenance mode, all virtual machines running on the host are moved to other hosts in the cluster. Automatic VM-Host affinity rules ensure that the moved virtual machines return to the same ESXi hosts when it exits maintenance mode.
  • With vCenter Server 6.7 Update 2, events related to adding, removing, or modifying user roles display the user that initiates the changes.
  • With vCenter Server 6.7 Update 2, you can publish your .vmtx templates directly from a published library to multiple subscribers in a single action instead of performing a sync from each subscribed library individually. The published and subscribed libraries must be in the same linked vCenter Server system, regardless if on-prem, on cloud, or hybrid. Work with other templates in content libraries does not change.
  • vCenter Server 6.7 Update 2 adds an alert to specify the installer version in the Enter backup details step of a restore operation. If the installer and backup versions are not identical, you see a prompt which matching build to download, such as Launch the installer that corresponds with version 6.8.2 GA.
  • vCenter Server 6.7 Update 2 adds support for a Swedish keyboard in the vSphere Client and VMware Host Client. For known issues related to the keyboard mapping, see VMware knowledge base article 2149039.
  • With vCenter Server 6.7 Update 2, the vSphere Client provides a check box Check host health after installation that allows you to opt-out vSAN health checks during the upgrade of an ESXi host by using the vSphere Update Manager. Before introducing this option, if vSAN issues were detected during an upgrade, an entire cluster remediation failed and the ESXi host that was upgraded stayed in maintenance mode.
  • vSphere Health Аlarm and Categories: vCenter Server 6.7 Update 2 adds an alarm in the vSphere Client when vSphere Health detects a new issue in your environment and prompts you to resolve the issue. Health check results are now grouped in categories for better visibility.
  • With vCenter 6.7 Update 2, you can now publish your VM templates managed by Content Library from a published library to multiple subscribers. You can trigger this action from the published library, which gives you greater control over the distribution of VM templates. The published and subscribed libraries must be in the same linked vCenter Server system, regardless if on-prem, on cloud or hybrid. Work with other templates in content libraries does not change.

Earlier Releases of vCenter Server 6.7

Features and known issues of vCenter Server are described in the release notes for each release. Release notes for earlier releases of vCenter Server 6.7 are:

For internationalization, compatibility, installation and upgrade, open source components and product support notices see the VMware vCenter Sever 6.7 Update 1 Release Notes.

Product Support Notices

  • VMware vSphere Flash Read Cache is being deprecated. While this feature continues to be supported in the vSphere 6.7 generation, it will be discontinued in a future vSphere release. As an alternative, you can use the vSAN caching mechanism or any VMware certified third-party I/O acceleration software listed in the VMware Compatibility Guide.
  • vCenter Server 6.7 Update 2 does not support Digest Algorithm 5 (MD5) and you cannot set the MD5 authentication option by using the snmp.set command.

Upgrade Notes for This Release

IMPORTANT: If you use the Hybrid Linked Mode (HLM) capability, please contact VMware Support team (Cloud Service Engineering team) before upgrading to vCenter Server 6.7 Update 2.

For more information on vCenter Server versions that support upgrade to vCenter Server 6.7 Update 2, please see VMware knowledge base article 67077.

Patches Contained in This Release

This release of vCenter Server 6.7 Update 2 delivers the following patches. See the VMware Patch Download Center for more information on downloading patches.

Security Patch for VMware vCenter Server 6.7 Update 2

Third-party product fixes (for example: JRE, tcServer). This patch is applicable for vCenter Server for Windows, Platform Services Controller for Windows, and vSphere Update Manager.

NOTE: This patch updates only the JRE version 1.8.0_202.

For vCenter Server and Platform Services Controller for Windows

Download Filename VMware-VIMPatch-T-6.7.0-13010631.iso
Build 13010631
Download Size 40.7 MB
md5sum edcd2f2a9294fffcbec32150f10a0005
sha1checksum a66c23f958a83542e2bd33681d838b22630ed953

These vCenter Server components depend on JRE and have to be patched:

  • vCenter Server
  • Platform Services Controller
  • vSphere Update Manager

Download and Installation

You can download this patch by going to the VMware Patch Download Center and choosing VC from the Select a Product drop-down menu. 

  1. Mount the  VMware-VIMPatch-T-6.7.0-13010631.iso file to the system where the vCenter Server component is installed.  
  2. Double-click  ISO_mount_directory/autorun.exe.
  3. In the vCenter Server Java Components Update wizard, click Patch All.

Full Patch for VMware vCenter Server Appliance 6.7 Update 2

Product Patch for vCenter Server Appliance containing VMware software fixes, security fixes, and Third Party Product fixes (for example: JRE and tcServer).

This patch is applicable to the vCenter Server Appliance and Platform Services Controller Appliance.

For vCenter Server and Platform Services Controller Appliances

Download Filename VMware-vCenter-Server-Appliance-6.7.0.30000-13010631-patch-FP.iso
Build 13010631
Download Size 1996.6 MB
md5sum 2f09c95d416c7d2ba6d94b032b240ef9
sha1checksum dd8053b955093cd512408099d4d9ac618668e28c

Download and Installation

You can download this patch by going to the VMware Patch Download Center and choosing VC from the Select a Product drop-down menu.

  1. Attach the VMware-vCenter-Server-Appliance-6.7.0.30000-13010631-patch-FP.iso​ file to the vCenter Server Appliance CD or DVD drive.
  2. Log in to the appliance shell with your root credentials and run the commands given below:
    • To stage the ISO:
      software-packages stage --iso
    • To see the staged content:
      software-packages list --staged
    • To install the staged rpms:
      software-packages install --staged

For more information on using the vCenter Server Appliance shells, see VMware knowledge base article 2100508.

For more information on patching the vCenter Server Appliance, see Patching the vCenter Server Appliance.

For more information on staging patches, see Stage Patches to vCenter Server Appliance.

For more information on installing patches, see Install vCenter Server Appliance Patches.

For issues resolved in this patch see Resolved Issues.

For Photon OS updates, see VMware vCenter Server Appliance Photon OS Security Patches

For more information on patching using the Appliance Management Interface, see Patching the vCenter Server Appliance by Using the Appliance Management Interface.

Release Notes Change Log

This section describes updates to the Release Notes.

Resolved Issues

The resolved issues are grouped as follows.

vMotion Issues
  • vSphere vMotion operations for encrypted virtual machines might fail after a restart of the vCenter Sever system

    After a restart of a vCenter Server system, compatibility check errors might fail vSphere vMotion operations for encrypted virtual machines. You might see logs similar to:

    RuntimeFault.summary Session does not have Cryptographer.RegisterHost privilege.

    This issue is resolved in this release.

  • Power-on or vSphere vMotion operations with virtual machines might fail with an infinite loop error

    Power-on or vSphere vMotion operations with virtual machines might fail with an infinite loop error if the .vmx configuration file is corrupt.

    This issue is resolved in this release.

  • The disk mode of a virtual machine might change after migration by using vSphere Storage vMotion

    If you migrate a virtual machine by using Storage vMotion, the disk mode of that virtual machine might change without a warning. For instance, from Independent-Persistent to Dependent.

    This issue is resolved in this release.

  • Migrating a virtual machine might fail due to inability to access the parent disk

    The migration of a virtual machine might fail with the FileNotFound error during the network file copy process when the destination host has access to the shared child disk of the source host and cannot access the parent disk.

    This issue is resolved in this release.

  • Virtual machine migration operations such as instant clone provisioning might fail due to a race condition

    Due to a rare condition between operations that create a namespace database with solutions such as VMware AppDefense, and migration of virtual machines by using Storage vMotion or the Enhanced vMotion Compatibility, the migration might fail.

    This issue is resolved in this release.

Backup and Restore Issues
  • Backup of the VMware vCenter Server Appliance might not start if the vmonapi service cannot start while a proxy is configured or not responsive

    While a proxy is configured, or if a proxy is not responsive, the vmonapi service, which provides the API to start and stop vCenter Server services, is not running. This blocks backups of the vCenter Server Appliance.

    This issue is resolved in this release.

Auto Deploy Issues
  • VMware vSphere Auto Deploy Discovered Hosts tab might display an error after creating or editing a deployment rule

    When you prepare your system to provision ESXi hosts with vSphere Auto Deploy to network boot, if a host does not match any deployment rule during configuration, an error might be triggered when you create a rule later. As a result, you might not see the host on the Discovered Hosts tab and the error Unable to retrieve deployed hosts: name 'item' is not defined. is displayed.

    This issue is resolved in this release. 

Guest OS Issues
  • You cannot set a primary virtual NIC

    You cannot customize the vCenter Server Appliance guest operating system to set a virtual NIC as a primary.

    This issue is resolved in this release. With this fix you can customize a virtual NIC as a primary virtual NIC, when the virtual NIC is the first NIC and also has a static IPv4 and a gateway configured.

  • Customization of virtual machines by using Microsoft Sysprep on vSphere 6.7 might fail and virtual machines stay in customization state

    Customization of virtual machines by using Microsoft Sysprep on vSphere 6.7 might fail if Windows virtual machines use disposable disks. Sysprep might change the driver letter of the disposable disks during customization. As a result, the virtual machines remain in customization state and become unresponsive.

    This issue is resolved in this release.

Tools Issues
  • The c:\sysprep directory might not be deleted after Windows guest customization

    The temporary c:\sysprep directory might not be deleted after you run Windows guest customization.

    This issue is resolved in this release. With this fix, all temporary files and folders are deleted by leveraging the Windows API and after virtual machine reboot.

  • VMware Open Virtualization Format (OVF) Tool might fail to overwrite all files in a destination folder

    Even when you use the --overwrite option of the OVF Tool, existing files in the destination folder might not be deleted or overwritten, and only manual delete works.

    This issue is resolved in this release.

  • You might not see the configured CPU shares when exporting a virtual machine to OVF

    When you export a virtual machine to OVF by using the OVF Tool, the configured CPU shares might not be exported.

    This issue is resolved in this release.

Storage Issues
  • Bulk virtual machine provisioning requests with the ResourceLeaseDurationSec parameter passed through VMware vSphere Storage DRS might fail

    When multiple requests on virtual machine provisioning pass through vSphere Storage DRS with the ResourceLeaseDurationSec parameter specified in the placement spec, vSphere Storage DRS provides initial placement recommendations and allocates space for all of them, blocking the usage of datastore space. This might result in provisioning failures.

    This issue is resolved in this release.

  • vCenter Server might stop responding when adding a fault message in the vSphere Storage DRS

    vCenter Server might stop responding when the vpxd service tries to access and add a fault message of a decommissioned or removed datastore in vSphere Storage DRS.

    This issue is resolved in this release.

  • A wave of Config Update events triggered by a vSphere API for Storage Awareness call might cause an out of memory error or irregular API calls

    Each Config Update event triggers a full sync with a vSphere API for Storage Awareness provider. As a result, sync threads pile up. If the number of events of type Config Update is large, the result is an out of memory error or irregular triggers of periodic getEvents API calls.

    This issue is resolved in this release.

  • The vpxd service might fail when the vSphere Storage DRS provides an initial placement operation

    One of the internal data structures in vSphere Storage DRS initial placement workflow might be overwritten with a NULL value, which might result in a null pointer reference and a vpxd service failure.

    This issue is resolved in this release.

  • ESXi hosts with visibility to RDM LUNs might take a long time to start or experience delays during LUN rescans

    A large number of RDM LUNs might cause an ESXi host to take a long time to start or experience delay while performing a LUN rescan. If you use APIs, such as MarkPerenniallyReserved or MarkPerenniallyReservedEx, you can mark a specific LUN as perennially reserved, which improves the start time and rescan time of the ESXi hosts.

    This issue is resolved in this release.

  • Expanding the disk of a virtual machine by using VMware vRealize Automation might fail with an error for insufficient disk space on a datastore

    If vSphere Storage DRS does not provide a recommendation while you run an operation to expand the disk of a virtual machine by using VMware vRealize Automation, the operation might fail, because of insufficient space on the current datastore. This issue happens when vSphere Storage DRS picks a wrong matching disk for the operation. As a result, you might see the error Insufficient disk space on datastore.

    This issue is resolved in this release.

  • vSphere Storage DRS tasks might take long or time out

    vSphere Storage DRS tasks might take long or time out due to slow or delayed response from the vSphere Replication Management server.

    This issue is resolved in this release.

  • Provisioning of virtual machines might fail if the same replication group is used for some or all virtual machine files and disks

    VMware vSphere Storage Policy Based Management (SPBM) might not filter the unique replication group ID during a queryReplicationGroup call to an API for Storage Awareness (VASA) provider. As a result, provisioning of virtual machines might fail if the same replication group is used for some or all virtual machine files and virtual disks.

    This issue is resolved in this release. 

  • Posting of VMware vSphere Virtual Volumes compliance alarms for a StorageObject type to a vCenter Server system might fail

    If you use an API for Storage Awareness (VASA) provider, posting of vSphere Virtual Volumes compliance alarms for a StorageObject type to a vCenter Server system might fail due to a mapping mismatch.

    This issue is resolved in this release. 

vCenter Server, vSphere Web Client, and vSphere Client Issues
  • You cannot add permissions for a user or group beyond the first 200 security principals in an Active Directory domain by using the vSphere Client

    If you grant permissions to a user or group from an Active Directory domain by using the vSphere Client, the search for security principals is limited to 200 and you cannot add users to any principal beyond that list.

    This issue is resolved in this release.

  • The vpxd service might fail to start if certificates in the TRUSTED_ROOTS store exceed 20

    When the certificates in the TRUSTED_ROOTS store on a vCenter Server system pile to more than 20, the vpxd service might fail to start. The vSphere Web Client and vSphere Client display the following error:
    [400] An error occurred while sending an authentication request to the vCenter Single Sign-On server.

    This issue is resolved in this release. With this fix, the TRUSTED_ROOTS store can support up to 30 certificates in both vCenter Server for Windows and the vCenter Server Appliance.

  • Firstboot might fail during deployment of vCenter Server Appliance using an external Platform Services Controller due to a lag in the time synchronization

    Firstboot might fail during the deployment of a vCenter Server Appliance using an external Platform Services Controller if time between the Platform Services Controller node and the vCenter Server system is not synced.

    This issue is resolved in this release.

  • User login and logout events might not contain the IP address of the user

    If you log in to a vCenter Server system by using either the vSphere Web Client or the vSphere Client, the login event might display 127.0.0.1 instead of the IP address of the user. In addition, you might not see track of vCenter Single Sign-On configuration changes in the Events view.

    This issue is resolved in this release. The fix adds a new audit log file in the vCenter Single Sign-On logs. You can also see the new events in the Monitor > Events view in the vSphere Web Client and the vSphere Client.

  • The vCenter Server daemon service vpxd might fail to start with an error for invalid descriptor index

    The vpxd service might fail to start with an error for invalid descriptor index in the parameter VPX_HCI_CONFIG_INFO.LOCKDOWN_MODE.
    This issue affects environments on vCenter Server for Windows 6.7 Update 1 or later that use an MS SQL Database server. If you create a hyperconverged infrastructure cluster by using the Quickstart workflow and restart the vCenter Server system, vpxd might not start due to a failure with data handling from the SQL database server.
    You might see similar logs in the vpxd.log:
    [VdbStatement::ResultValue:GetValue] Error to get value at pos: 1, ctype: 4 for SQL "VPX_HCI_CONFIG_INFO.LOCKDOWN_MODE" Init failed. VdbError: Error[VdbODBCError] (-1) ODBC error: (07009) - [Microsoft][SQL Server Native Client 11.0]Invalid Descriptor Index Failed to intialize VMware VirtualCenter. Shutting down

    This issue is resolved in this release.

Virtual Machines Management Issues
  • Cloning a virtual machine from a snapshot of a template might fail with an error

    The error A general system error occurred: missing vmsn file appears when you clone a virtual machine from a snapshot of a template.

    This issue is resolved in this release.

  • An internal error might occur in alarm definitions of the vSphere Web Client

    An internal error might occur when you try to edit the predefined alarm containing xxx Exhaustion on xxx, for example Autodeploy Disk Exhaustion on xxx, and add or change the alarm actions.

    This issue is resolved in this release.

Security Issues
  • Update to VMware Postgres

    VMware Postgres is updated to version 9.6.11.

  • Numbering of firewall rules might unexpectedly change if you reorder the rules

    If you create more than 9 firewall rules in a vCenter Server Appliance and change the order, setting a rule with a double-digit numbering among rules with one-digit numbering, the numbering might change. For instance, if you move a rule with number 10, such as 10 RETURN all -- X.X.X.10 anywhere, to position 2, the numbering might change to 2 RETURN all -- X.X.X.10 anywhere.

    This issue is resolved in this release.

  • Update to JRE​

    Oracle (Sun) JRE is updated to version 1.8.202.

  • A composed URL might display Apache server details

    If you compose a URL such as https://:9443/vsphere-client/inventory-viewer/locales/help , you might see Apache server details such as version.

    This issue is resolved in this release.

  • Upgrade of Apache httpd

    Apache httpd is updated to version 2.4.37 to resolve a security issue with identifier CVE-2018-11763.

  • Update to OpenSSL

    The OpenSSL package is updated to version openssl-1.0.2q.

  • Update to the libxml2 library

    The ESXi userworld libxml2 library is updated to version 2.9.8.

  • Update to the OpenSSH version

    The OpenSSH is updated to version 7.4p1-7.

Miscellaneous Issues
  • Attempts to log in to a vCenter Server system after an upgrade to vCenter Server 6.7 might fail with a credentials validation error

    After an upgrade of your system to vCenter Server 6.7, if you try to log in to the system by using either the vSphere Web Client or vSphere Client, and a security token or smartcard, the login might fail with an error Unable to validate the submitted credential.

    This issue is resolved in this release.

  • The vCenter Server daemon service vpxd might fail to start after a server reboot

    After a server reboot, while vpxd loads the inventory from the database, it performs a workload calculation based on the inventory size and the number of available CPU cores. Certain rare combinations of these inputs might lead to an incorrect calculation, causing an error that prevents the service from starting. You might see the following error:
    Init failed: The data being fetched is NULL at column position 0

    This issue is resolved in this release. A previous workaround involved disabling one or more CPU cores in the vCenter Server Appliance to fix the calculation. You can undo the workaround after you apply this update.

  • The vmdir-syslog.log file is overfilled with log messages when migrating a vCenter Server or a Platform Services Controller instance from Windows to vCenter Server Appliance

    When migrating a vCenter Server or a Platform Services Controller instance from Windows to vCenter Server Appliance, the entry cn=DSE Root is replicated with no security descriptor. As a result, the vmdird-syslog.log file is overfilled with No SD found for cn=DSE Root messages.

    This issue is resolved in this release. This fix changes the log level to verbose and suppresses the log messages after the migration from Windows to vCenter Server Appliance.

  • The vCenter Server daemon service vpxd might fail if you log out immediately after initiating a FileManager operation

    If you log out immediately after initiating a FileManager operation such as delete, move, or copy, the vpxd service might fail, because the task might not be picked up for execution from the task queue.

    This issue is resolved in this release.

CIM and API Issues
  • API queries might time out when many objects are associated with tags

    API calls, such as listAttachedObjects, listAttachedObjectsOnTags, and listAllAttachedObjectsOnTags, might take very long to complete and ultimately time out, when many objects are associated with each tag. This is because previously, separate remote procedure calls were sent to the vmware-vpxd service to perform permission checks on each vCenter Server object.

    This issue is resolved in this release. With this fix, the tagging APIs make batched AuthZ calls to vmware-vpxd to perform permission checks on all the associated objects.

Install, Upgrade and Migration Issues
  • Migration of vCenter Server for Windows to vCenter Server Appliance might stop at 75% if system time is not synchronized with an NTP server

    During stage 2 of a migration from vCenter Server for Windows to vCenter Server Appliance, if the vCenter Server system time is not synchronized with an NTP server, the session might timeout and the migration stops without a warning. The installer interface might indefinitely display progress at 75%.

    This issue is resolved in this release.

  • Upgrading vCenter Server for Windows to 6.7 Update 2 from earlier versions of the 6.7 line might fail

    If you try to upgrade a vCenter Server for Windows system with an external SQL Server that uses Windows authentication to 6.7 Update 2 from an earlier version of the 6.7 line, the operation might fail.

    This issue is resolved for upgrades from vCenter Server 6.7 Update 1 to 6.7 Update 2. For upgrades from 6.7.0 or 6.7.0.x versions to 6.7 Update 2, see VMware knowledge base article 67561

  • vCenter Server upgrades might fail due to compatibility issue between VMware Tools version 10.2 and later, and ESXi version 6.0 and earlier

    VMware Tools version 10.2 and later might not be compatible with ESXi version 6.0 and earlier. As a result, upgrades of vCenter Server systems might fail.

    This issue is resolved in this release. If you already face the issue, either update the ESXi container to version 6.7 or roll back the VMware Tools version to 10.1.5. When the upgrade of the vCenter Server system is complete, upgrade both the VMware Tools and the ESX container.

Convergence Issues
  • Certificates might be lost after a convergence of a vCenter Server instance with an external Platform Services Controller to a vCenter Server instance with an embedded Platform Services Controller

    Key Management Server (KMS) and Certificate Authority (CA) certificates might be lost after a convergence of a vCenter Server instance with an external Platform Services Controller to a vCenter Server instance with an embedded Platform Services Controller. You might see a warning similar to:
    Not connected (Trust not established. View Details)

    This issue is resolved in this release.

  • The vCenter Server Convergence Tool might fail to convert an external Platform Services Controller to an embedded Platform Services Controller due to conflicting IP address and FQDN

    If you have configured an external Platform Services Controller with an IP address as an optional FQDN field during the deployment, the vCenter Server Convergence Tool might fail to convert the external Platform Services Controller to an embedded Platform Services Controller because of a name conflict.

    This issue is resolved in this release.

  • Convergence of a vCenter Server instance with an external Platform Services Controller to a vCenter Server instance with an embedded Platform Services Controller might fail with an error for missing certificates

    Convergence of a vCenter Server instance with an external Platform Services Controller to a vCenter Server instance with an embedded Platform Services Controller might fail with an error such as No certificates were found for entry [location_password_default] of type [Secret Key].

    This issue is resolved in this release.

  • The converge.log file might miss debug level logs when converging a vCenter Server instance with an external Platform Services Controller to a vCenter Server instance with an embedded Platform Services Controller

    When you run the vscaConvergeCli command with logging level set to verbose, the logging level for the converge-util is set to debug, but the converge.log file might not record the debug log messages. As a result, when troubleshooting you cannot see expected level of details in the log file.

    This issue is resolved in this release.

Networking Issues
  • You might see a message that an upgrade of VMware vSphere Distributed Switch is running even after the upgrade is complete

    You might see a message An Upgrade for the vSphere Distributed switch in datacenter is in progress even after the upgrade is complete. This happens if no host member is available in the vSphere Distributed Switch configuration, or if a host member has failed to upgrade several times.

    This issue is resolved in this release. If you already face the issue that no host member is available in the VDS, run the following commands:
    update vpx_dvs upgrade_status set upgrade_status=0
    vmon-cli -r vpxd

  • vSphere Distributed Switch might become out of sync for some ESXi hosts after upgrade to vSphere Distributed Switch 6.6

    When you migrate a virtual machine that uses a vSAN datastore from an ESXi host in one data center to an ESXi host in another data center, the port on the source distributed switch might not be released in the vCenter Server system. As a result, the vSphere Distributed Switch might become out of sync when you upgrade to vSphere Distributed Switch 6.6.

    This issue is resolved in this release.

  • You cannnot migrate virtual machines by using vSphere vMotion between ESXi hosts with NSX managed virtual distributed switches (N-VDS) and vSphere Standard Switches

    With vCenter Server 6.7 Update 2, you can migrate virtual machines by using vSphere vMotion between ESXi hosts with N-VDS and vSphere Standard Switches. To enable the feature, you must upgrade your vCenter Server system to vCenter Server 6.7 Update 2 and ESXi 6.7 Update 2 on both source and destination sites.

    This issue is resolved in this release.

Server Configuration Issues
  • You cannot restart the vpxd service when the KMS certificate is expired or close to the expiration date

    When the KMS certificate is expired or close to the expiration date, you cannot restart the vpxd service and the vCenter Server system upgrade might fail.

    This issue is resolved in this release.

Known Issues

The known issues are grouped as follows.

vCenter Server, vSphere Web Client, and vSphere Client Issues
  • You might fail to log in to a vCenter Sever system due to a failure of the VMware Security Token Service service (vmware-stsd)

    The vmware-stsd service fails in certain customer environments if you add the Active Directory Integrated Windows Authentication (IWA) as an identity source. The addition of IWA as an identity source might generate core dumps that fill up the /storage/core directory and eventually might cause log in failure to the vCenter Server system.

    In the vmware-sts-idmd.log log, you might see entries similar to:
    [2018-11-02T13:28:42.168-07:00 IDM Shutdown INFO ] [IdmServer] Stopping IDM Server...
    [2018-11-02T13:28:42.523-07:00 IDM Shutdown INFO ] [IdmServer] IDM Server has stopped
    [2018-11-02T13:29:38.270-07:00 IDM Startup INFO ] [IdmServer] Starting IDM Server...
    [2018-11-02T13:29:38.272-07:00 IDM Startup INFO ] [IdmServer] IDM Server has started
    [2018-11-02T13:39:40.913-07:00 IDM Shutdown INFO ] [IdmServer] Stopping IDM Server...
    [2018-11-02T13:39:40.913-07:00 IDM Shutdown INFO ] [IdmServer] IDM Server has stopped

    In the /var/log/vmware/sso/utils/vmware-stsd.err log, you see entries similar to:
    Nov 02, 2018 1:29:40 PM org.apache.catalina.startup.Catalina load
    INFO: Initialization processed in 663 ms
    SLF4J: Class path contains multiple SLF4J bindings.
    SLF4J: Found binding in [jar:file:/usr/lib/vmware-sso/vmware-sts/webapps/ROOT/WEB-INF/lib/log4j-slf4jimpl-
    2.2.jar!/org/slf4j/impl/StaticLoggerBinder.class]
    SLF4J: Found binding in [jar:file:/usr/lib/vmware-sso/vmware-sts/webapps/ROOT/WEB-INF/lib/slf4j-log4j12-
    1.7.10.jar!/org/slf4j/impl/StaticLoggerBinder.class]
    SLF4J: See http://www.slf4j.org/codes.html#multiple_bindings for an explanation.
    SLF4J: Actual binding is of type [org.apache.logging.slf4j.Log4jLoggerFactory]
    Nov 02, 2018 1:29:50 PM org.apache.catalina.startup.Catalina start
    INFO: Server startup in 10097 ms
    Service killed by signal 11

    Workaround: Remove the vCenter Server system from the Active Directory domain and add the LDAP Server as identity source. For more information, see VMware knowledge base article 60161.

Convergence Issues
  • You might not see load balancer details after vCenter Server system convergence

    If you converge your existing system with a load balancer configured for several external Platform Service Controllers to the embedded deployment model, you might not see load balancer details in the System Configuration tab of the vSphere Client. As a result, you cannot decommission the load balancer.

    Workaround: Manually decommission each external Platform Services Controller.

vMotion Issues
  • You cannot migrate virtual machines by using vSphere vMotion on different NSX Logical Switches

    In vCenter Server 6.7 Update 2, migration of virtual machines using vSphere vMotion between two different NSX Logical Switches is not supported. You can still migrate virtual machines with vSphere vMotion on the same NSX Logical Switch.

    Workaround: None

Upgrade and Installation Issues
  • Upgrade to vCenter Server 6.7 fails during firstboot due to a PostgreSQL sequence owner error

    Upgrade to vCenter Server 6.7 fails during firstboot, because the sequence owner is postgres instead of vc. You might see this error:
    vCenter Server Firstboot Failure – must be owner of relation vpx_sn_vdevice_backing_rel_seq.

    Workaround: In vCenter Server 6.7 Update 2, the message must be owner of relation vpx_sn_vdevice_backing_rel_seq is replaced with the message Source vCenter Server schema validation found a sequences issue and points for more information to VMware knowledge base article 55747.

  • Upgrade of vCenter Server for Windows might fail with an error that uninstallation of 5.5 products failed

    If you reconfigure an embedded deployment node of vCenter Server for Windows to an external deployment model and repoint to the new external Platform Services Controller, upgrade of your vCenter Server system from vCenter Server 6.5 Update 2d to 6.7 Update 2 might fail with an error similar to Uninstallation of 5.5 products failed with error code '1603'.

    Workaround: Restart your vCenter Server system after the reconfiguration and retry the upgrade.

  • You cannot use the GUI installer for vSphere 6.7 Update 2 on virtual machines with Ubuntu 14.04 OS

    You cannot use the GUI installer for vSphere 6.7 Update 2 on virtual machines with Ubuntu 14.04 OS, because the libnss3 package is not installed by default.

    Workaround: Install the latest version of libnss3 by executing the command sudo apt-get install libnss3.

  • After upgrade to vCenter Server 6.7 Update 2 from 6.0.x, the Hardware Status tab in the vSphere Web Client might display no host data

    After an upgrade to vCenter Server 6.7 Update 2 from vCenter Server 6.0.x, you might not be able to see hardware details for ESXi hosts in the Hardware Status tab of the vSphere Web Client. Instead, a No host data available error is displayed.

    Workaround: For more information on the issue, see VMware knowledge based article 2148520.

Tools Issues
  • Deployment of virtual machines to ESXi hosts might fail due to GBK encoding

    If you use GBK encoding in the .vmx file of a virtual machine, deployment of that virtual machine to ESXi hosts might fail.

    Workaround: None

Backup and Restore Issues
  • Backups with third-party software might fail due to non-alphanumeric characters in the names of source datastores or datacenters

    In vCenter Server 6.7 systems, backups with third-party software might be unsuccessful if the name of the source datastore or datacenter contains non-alphanumeric characters. Changes in the encoding cause download and upload of files to fail.

    Workaround: Rename the datastores and datacenters that contain non-alphanumeric characters in the name. 

Networking Issues
  • A virtual machine NIC gets a non-sequential list of MAC addresses, even when you allow sequential selection of MAC addresses from MAC address pools

    If you create a base virtual machine with sequential selection of MAC addresses, after a restart of vCenter Server, the order of the network adapters might be nonsequential. If you make a clone from the base virtual machine, the MAC addresses of the clone might also be nonsequential.

    Workaround: You must open the Edit menu of the base virtual machine and click OK to make sure that network adapters are sorted as expected before cloning other virtual machines. 

Known Issues from Prior Releases

To view a list of previous known issues, click here.