check-circle-line exclamation-circle-line close-line

vCenter Server 6.7 Update 3b |  DEC 5 2019 | ISO Build 15132721

vCenter Server Appliance 6.7 Update 3b | DEC 5 2019 | ISO Build 15132721

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New

Earlier Releases of vCenter Server 6.7

Features and known issues of vCenter Server are described in the release notes for each release. Release notes for earlier releases of vCenter Server 6.7 are:

For internationalization, compatibility, installation and upgrade, open source components and product support notices see the VMware vCenter Sever 6.7 Update 1 Release Notes.

Patches Contained in This Release

This release of vCenter Server 6.7 Update 3b delivers the following patches. See the VMware Patch Download Center for more information on downloading patches.

Security Patch for VMware vCenter Server 6.7 Update 3b

Third-party product fixes (for example: JRE, tcServer). This patch is applicable for vCenter Server for Windows, Platform Services Controller for Windows, and vSphere Update Manager.

NOTE: This patch updates only the JRE version 1.8.0_221.

For vCenter Server and Platform Services Controller for Windows

Download Filename VMware-VIMPatch-T-6.7.0-15132721.iso
Build 15132721
Download Size 40.7 MB
md5sum d44836d28fca3488f1d59a59e2bee4c4
sha1checksum a37f0e12a5c510ca3da95b959838b3b76f1bd9a0

These vCenter Server components depend on JRE and have to be patched:

  • vCenter Server
  • Platform Services Controller
  • vSphere Update Manager

Download and Installation

You can download this patch by going to the VMware Patch Download Center and choosing VC from the Select a Product drop-down menu. 

  1. Mount the  VMware-VIMPatch-T-6.7.0-15132721.iso file to the system where the vCenter Server component is installed.  
  2. Double-click  ISO_mount_directory/autorun.exe.
  3. In the vCenter Server Java Components Update wizard, click Patch All.

Full Patch for VMware vCenter Server Appliance 6.7 Update 3b

Product Patch for vCenter Server Appliance containing VMware software fixes, security fixes, and Third Party Product fixes (for example: JRE and tcServer).

This patch is applicable to the vCenter Server Appliance and Platform Services Controller Appliance.

For vCenter Server and Platform Services Controller Appliances

Download Filename VMware-vCenter-Server-Appliance-6.7.0.42000-15132721-patch-FP.iso
Build 15132721
Download Size 1991.4 MB
md5sum e5108aee9fd1ee100110531549bfb3d9
sha1checksum 84099a7ba256d768a155b3e44a47397b098709dd

Download and Installation

You can download this patch by going to the VMware Patch Download Center and choosing VC from the Select a Product drop-down menu.

  1. Attach the VMware-vCenter-Server-Appliance-6.7.0.42000-15132721-patch-FP.iso​​​ file to the vCenter Server Appliance CD or DVD drive.
  2.  Log in to the appliance shell as a user with super administrative privileges (for example, root) and run the following commands:
    • To stage the ISO:
      software-packages stage --iso
    • To see the staged content:
      software-packages list --staged
    • To install the staged rpms:
      software-packages install --staged

For more information on using the vCenter Server Appliance shells, see VMware knowledge base article 2100508.

For more information on patching the vCenter Server Appliance, see Patching the vCenter Server Appliance.

For more information on staging patches, see Stage Patches to vCenter Server Appliance.

For more information on installing patches, see Install vCenter Server Appliance Patches.

For issues resolved in this patch see Resolved Issues.

For Photon OS updates, see VMware vCenter Server Appliance Photon OS Security Patches

For more information on patching using the Appliance Management Interface, see Patching the vCenter Server Appliance by Using the Appliance Management Interface.

Resolved Issues

The resolved issues are grouped as follows.

Security Issues
  • Update to VMware Postgres

    VMware Postgres is updated to version 9.6.15.

  • Update of the SQLite database

    The SQLite database is updated to version 3.29.0.

  • Update to BZip2

    The BZip2 library is updated to version 1.0.8.

  • Update to Simple Logging Facade for Java (SLF4J)

    The SLF4J package is updates to version 1.7.28.

  • Update to JRE

    Oracle (Sun) JRE is updated to version 1.8.221.

  • Update to Apache Log4j Core

    The Apache Log4j Core 2.8.x branch is updated to 2.8.2 and the 1.2.x branch to 1.2.17.

  • Update to cURL

    cURL in the vCenter Server Appliance is updated to 7.65.3.

  • Update to OpenSSL

    The OpenSSL package is updated to version openssl-1.0.2s.

  • Update to the Spring Framework

    The Spring Framework is updated to version 4.3.25.

  • Update to the Apache Tomcat

    The Apache Tomcat is updated to version 8.5.45.

  • Upgrade of Eclipse Jetty

    Eclipse Jetty is upgraded to version 9.4.20.

  • Update to Apache Commons collections

    Apache Commons collections is updated to version 3.2.2.

  • Update to the Expat XML parser

    The Expat XML parser is updated to version 2.2.7.

Networking Issues
  • You might see a vector::reserve error when deploying virtual machines from templates and the vpxd service might fail

    Your vCenter Server system reports an error similar to: A general system error occurred, vector::reserve when you try to deploy a virtual machine from a template. When a virtual machine reconfiguration task that connects a vNIC to a distributed portgroup accidentally triggers the Auto Expand feature, if a portgroup is removed at the same time, the port number of the virtual switch might be wrongly updated. This causes the vpxd service to fail.

    This issue is resolved in this release.

  • You cannot find opaque networks in the Ovf Enivornment xml

    You cannot find opaque networks in the AdapterSection of the Ovf Enivornment xml of a virtual machine in either the vSphere Web Client or vSphere Client.

    This issue is resolved in this release. The fix adds the list of opaque networks to the AdapterSection section of the Ovf Enivornment xml.

  • You might see duplicate IP addresses in the vSphere Client

    After a restart of the vCenter Server daemon, vpxd, for virtual machines with multiple NICs, you might see duplicate IP addresses in the vSphere Client. This is because a reference table in the vCenter Server database does not update correctly.

    This issue is resolved in this release. 

Miscellaneous Issues
  • vCenter Server stops responding and the vpxd service continuously fails at VMware vSphere Storage DRS recommendations

    This problem might occur when the system files of a virtual machine are located in one datastore and the working directory is located on another datastore. If such a virtual machine has an ISO image mounted from a datastore in the same cluster as its virtual disk, the vpxd service might fail while checking affinity rule violations for the DrmDisks.

    This issue is resolved in this release.

Backup Issues
  • Backups scheduled by using the vCenter Server Appliance Management Interface do not delete old backups according to retention policy on SMB and NFS shares

    If you schedule backups on SMB or NFS shared storage by using the vCenter Server Appliance Management Interface, old backups might not be removed according to the set retention policy.

    This issue is fixed in this release.

  • Multiple static routes defined for eth0 cause file-based backup to fail

    When eth0 is configured with multiple static routes, file-based backup by using the vCenter Server Appliance Management Interface fails. You can see error messages similar to ERROR: BackupManager encountered an exception: While reading from '/etc/systemd/network/10-eth0.network' [line 15]: section 'Route' already exists.

    This issue is resolved in this release. However, route configurations in /etc/systemd/network/10-eth0.network might be lost after a restore and you must reconfigure eth0.

Installation, Upgrade, and Migration Issues
  • You cannot run certificate-related API calls after an update from vCenter Server 6.7 Update 2 to 6.7 Update 2a or 6.7 Update 2c

    After an update from vCenter Server 6.7 Update 2 to 6.7 Update 2a or 6.7 Update 2c, if you run a certificate-related API call, you get errors similar to Cannot find service com.vmware.vcenter.certificate_management.vcenter or com.vmware.vapi.std.errors.operation_not_found, or vapi.method.input.invalid.interface.

    This issue is resolved in this release.

  • vCenter Server upgrades might fail due to Windows Authenticator error

    vCenter Server upgrades might fail with an error similar to Upgrade Phase 'vcdb:Export' failed. Exception: None is not a valid string in this context. If you use Windows Authenticator, parameters such as vcSvcUsername, vcSvcDomain and vcSvcPassword might be passed blank and cause the authentication error.

    This issue is resolved in this release. 

  • vCenter Server upgrade to 6.7.x might fail while starting the Content Library service

    vCenter Server upgrade to 6.7.x might fail if a Content Library administrator user role is not present. 

    This issue is resolved in this release.

  • Patching vCenter Server 6.7.x with vCenter Server High Availability enabled might fail

    Patching a vCenter Server system with vCenter Server High Availability enabled to a later version of 6.7.x might fail. Patching works only if you remove the vCenter Server High Availability cluster configuration, patch the vCenter Server system, and then reconfigure vCenter Server High Availability.

    This issue is resolved in this release. For more information, see VMware knowledge base article 55938.

vCenter Server, vSphere Web Client, and vSphere Client Issues
  • VMware vSphere Storage DRS system calculations for space utilization might override user-defined settings

    You might see vSphere Storage DRS working with space utilization different from what you have defined as parameters. For instance, if you set 100 GB as minimum level of consumed space for each datastore, the system might use a threshold of 90%. This is due to an algorithm that constantly uses datastore space utilization as a metric to schedule vSphere Storage DRS. The algorithm uses a percentage of utilization instead of using the hard-set threshold.

    This issue is resolved in this release. The fix aligns the algorithm with the user-defined parameters for space utilization.

  • vSAN UI does not appear in vSphere Client after upgrade to 6.7 Update 3

    If your vCenter Server system was originally at version 5.5 or earlier, the server UUID is in uppercase. The upgrade to 6.7 Update 3 causes a problem that blocks the vSAN UI from appearing in the vSphere Client.
    You might see a similar message in the vSphere Client log file:
    Caused by: com.vmware.vsphere.client.vsandp.core.sessionmanager.common.NotAuthenticatedException:
    Authentication information for the specified site is missing. Authenticate with the site and try again.
    at com.vmware.vsphere.client.vsandp.core.sessionmanager.common.VcClient.getConnection
    Caused by: com.vmware.vsphere.client.vsandp.core.sessionmanager.vlsi.client.sso.tokenstore.NoTokenException: No token for site: 3D428B1A-E589-47EB-BB83-B7D8A32A97E8

    A related issue occurs because vSAN used a legacy endpoint to connect to the vCenter Single Sign-On administration service, which causes the following error to appear: Certificate chain not trusted.

    These issues are resolved in this release.

  • Cannot enable vSAN performance service in vSphere Client

    When you enable the vSAN performance service in the vSphere Client, the operation might time out after 30 seconds. The following error message is displayed:
    ​java.net.SocketTimeoutException: Read timed out.

    This issue is resolved in this release.

Convergence Issues
  • Converging a vCenter Server instance with an external Platform Services Controller to a vCenter Server instance with an embedded Platform Services Controller fails with an STS system tenant error

    Converging a vCenter Server instance with an external Platform Services Controller to a vCenter Server instance with an embedded Platform Services Controller by using the vSphere Client might fail with an error similar to Failed to set up STS system tenant. The failure happens during firstboot.

    This issue is resolved in this release.

  • Convergence of a vCenter Server Appliance with an external Platform Services Controller to a vCenter Server Appliance with an embedded Platform Services Controller connected in Embedded Linked Mode fails after the first node is converged

    Converging instances of vCenter Server Appliance with an external Platform Services Controller into vCenter Server Appliance with an embedded Platform Services Controller connected in Embedded Linked Mode might fail after the first node is converged, because during the convergence the VMware Directory Service (vmdir) is set in standalone mode. As a result, the convergence of the subsequent vCenter Server nodes fails.

    This issue is resolved in this release. For more details, see VMware knowledge base article 71391.

Virtual Machine Management Issues
  • A scheduled task to take snapshots of multiple virtual machines might start immediately instead of at the scheduled time

    When you schedule a task to take snapshots of multiple virtual machines, the task starts immediately instead of at the scheduled time.

    This issue is resolved in this release.

CLI Issues
  • If a vCenter Server system is joined to a child Active Directory domain and has added it as a vCenter Single Sign-On identity source, you cannot reconfigure it by using the CLI sso-config utility

    When a vCenter Server system is joined to a child Active Directory domain and has added it as an identity source, you cannot use the CLI sso-config utility to reconfigure that identity source, such as for smart card authentication. The sso-config utility might return null even if the identity source exists.

    This issue is resolved in this release.

Server Configuration Issues
  • Authenticating Active Directory users by using SmartCard or eToken fails with a permission error

    In the vSphere Web Client or vSphere Client, you might see a permission error when authenticating Active Directory users by using SmartCard or eToken, because if configured with Integrated Windows Authentication (IWA), group information of the trusted domains might be missing. This issue happens when the contacted Domain Controller is not a Global Catalog.

    This issue is resolved in this release. The fix provides the option to force queries of Global Catalog–enabled Domain Controllers first.
    To set the option, use the following commands:
    # /opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\netlogon\Parameters]' QueryGlobalCatalogEnable 1
    # /opt/likewise/bin/lwsm restart lwreg


    To revert to the default settings, use the following commands:
    # /opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\netlogon\Parameters]' QueryGlobalCatalogEnable 0
    # /opt/likewise/bin/lwsm restart lwreg

  • Active Directory authentication or joining a domain is slow

    Active Directory authentication or joining a domain might be slow when configured with Integrated Windows Authentication (IWA), because of infrastructure issues such as network latency and firewalls in some of the domain controllers.

    This issue is resolved in this release. The fix provides the option to blacklist selected domain controllers in case of infrastructure issues.

    To set the option, use the following commands:
    # /opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\netlogon\Parameters]' BlacklistedDCs DC_IP1,DC_IP2,...
    # /opt/likewise/bin/lwsm restart lwreg


    To revert to the default settings, use the following commands:
    # /opt/likewise/bin/lwregshell set_value '[HKEY_THIS_MACHINE\Services\netlogon\Parameters]' BlacklistedDCs ""
    # /opt/likewise/bin/lwsm restart lwreg

  • Users cannot log in to a vCenter Server system due to a domain offline issue

    On request by the VMware Identity Manager, the Likewise Service Manager daemon provides a list of service identification numbers. During the resolution of the entries in this list, if a respective domain is temporarily offline, the operation stops. As a result, some service identification numbers remain unresolved and users from any of the other domains cannot log in to the vCenter Server system.

    This issue is resolved in this release. The fix introduces an error message log for offline domains but enables the operation to continue and complete the resolution of all available domains. In the Likewise Service Manager log, you can see the domain offline errors.

  • After a change in the host name or FQDN, virtual machines guest OS customization might fail

    After a change in the hostname or FQDN of a vCenter Server, the guest OS customization of virtual machines might fail. The data-encipherment certificate is not replaced during a host name or FQDN change, which causes the issue.

    This issue is resolved in this release.

vMotion Issues
  • After migration of virtual machines by using vSphere Storage vMotion, the VM Summary tab might not display the updated storage usage field

    When changing datastores, the disk space used could change if the storage policy or thin provisioning values are different. After migration of virtual machines by using Storage vMotion, the VM Summary tab in either the vSphere Web Client or vSphere Client might not display the updated storage usage field.

    This issue is resolved in this release.

High Availability Issues
  • Duplicate DNS records after configuring a vCenter Server High Availability environment might interrupt access to the vCenter Server system

    After configuring or patching a vCenter Server High Availability environment followed by a failover, access to the vCenter Server system might be blocked due to duplicate DNS records for the vCenter Sever Appliance.

    This issue is resolved in this release. Before patching vCenter Server High Availability environments, clean up duplicate DNS records by following the steps described in VMware knowledge base article 76406.

Known Issues

The known issues are grouped as follows.

Virtual Machine Management Issues
  • VMware Service Lifecycle Manager restarts the vpxd service every couple of days

    If you enable Storage I/O Control for a datastore with a large number of connected ESXi hosts, a large amount of I/O events might pile up for handling by the vpxd service. In such a case, the VMware Service Lifecycle Manager might restart vpxd.

    Workaround: Disable Storage I/O Control for datastores with a large amount of connected ESXi hosts or reduce the number of connected hosts.

Miscellaneous Issues
  • After updating to vCenter Server 6.7 Update 3, the rsyslog service stops forwarding logs after some time

    After updating a vCenter Server system to 6.7 Update 3, the rsyslog service might stop forwarding logs to the system after a short undefined period of time.

    Workaround: To resume forwarding logs to the configured remote server, restart the syslog service by using the command systemctl restart syslog. For more information, see VMware knowledge base article 75088.

Known Issues from Prior Releases

To view a list of previous known issues, click here.