vCenter Server 6.7 Update 3m | MAR 18 2021 | ISO Build 17713310

vCenter Server Appliance 6.7 Update 3m | MAR 18 2021  | ISO Build 17713310

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New

Earlier Releases of vCenter Server 6.7

New features, resolved, and known issues of vCenter Server are described in the release notes for each release. Release notes for earlier releases of vCenter Server 6.7 are:

For internationalization, compatibility, installation and upgrade, open source components and product support notices see the VMware vCenter Sever 6.7 Update 1 Release Notes.

Upgrade Notes for This Release

For more information on vCenter Server versions that support upgrade to vCenter Server 6.7 Update 3m, refer to VMware knowledge base article 67077.

Patches Contained in This Release

This release of vCenter Server 6.7 Update 3m delivers the following patch. See the VMware Patch Download Center for more information on downloading patches.

NOTE: vCenter Server 6.7 Update 3m does not provide a security patch to update the JRE component of vCenter Server for Windows and Platform Services Controller for Windows. Instead, you must download the VMware-VIM-all-6.7.0-17713310.iso file from file from Download Patches on vmware.com.

Full Patch for VMware vCenter Server Appliance 6.7 Update 3m

Product Patch for vCenter Server Appliance containing VMware software fixes, security fixes, and third-party product fixes (for example, JRE and tcServer).

This patch is applicable to the vCenter Server Appliance and Platform Services Controller Appliance.

For vCenter Server and Platform Services Controller Appliances

Download Filename VMware-vCenter-Server-Appliance-6.7.0.47000-17713310-patch-FP.iso
Build 17713310
Download Size 2044.0 MB
md5sum 2e00e4896cf20fcf55d00748cd9baec0
sha1checksum e3ba14d12be7c775fe9ba948ddc69daee2e2d299

Download and Installation

You can download this patch by going to the VMware Patch Download Center and selecting VC from the Select a Product drop-down menu.

  1. Attach the VMware-vCenter-Server-Appliance-6.7.0.47000-17713310-patch-FP.iso file to the vCenter Server Appliance CD or DVD drive.
  2. Log in to the appliance shell as a user with super administrative privileges (for example, root) and run the following commands:
    • To stage the ISO:
      software-packages stage --iso
    • To see the staged content:
      software-packages list --staged
    • To install the staged rpms:
      software-packages install --staged

For more information on using the vCenter Server Appliance shells, see VMware knowledge base article 2100508.

For more information on patching the vCenter Server Appliance, see Patching the vCenter Server Appliance.

For more information on staging patches, see Stage Patches to vCenter Server Appliance.

For more information on installing patches, see Install vCenter Server Appliance Patches.

For issues resolved in this patch see Resolved Issues.

For Photon OS updates, see VMware vCenter Server Appliance Photon OS Security Patches

For more information on patching using the Appliance Management Interface, see Patching the vCenter Server Appliance by Using the Appliance Management Interface.
 

Product Support Notices

  • End of support for Internet Explorer
    Internet Explorer is removed as a supported web browser for use with the vSphere Client.
  • VMware Host Client in maintenance mode 
    The VMware Host Client is in maintenance mode until the release of a new client. For more information, see The Future of the ESXi Host Client blog.
  • First Class Disks (FCD), also known as an Improved Virtual Disk (IVD) or Managed Virtual Disk, which are named virtual disk independent of a virtual machine, do not support the NFSv4 protocol.

Resolved Issues

The resolved issues are grouped as follows.

Security Issues
  • Update of Eclipse Jetty

    Eclipse Jetty is updated to version 9.4.34.v20201102.

  • Update to the Apache Tomcat server

    The Apache Tomcat server is updated to version 8.5.61/ 7.0.107.

  • Update to OpenSSL

    The OpenSSL package is updated to version openssl-1.0.2x.

  • Update to JRE

    Oracle (Sun) JRE is updated to version 1.8.0_281.

  • Update to the Jackson package

    The Jackson package is updated to versions 2.11.4.

  • Update to the Python library

    The Python third-party library is updated to version 3.5.10.

  • Update of the SQLite database

    The SQLite database is updated to version 3.34.0.

  • Update to VMware PostgreSQL

    VMware PostgreSQL is updated to version 9.6.20.

  • The vpxd service fails with a core dump and vCenter Server becomes unresponsive until vpxd recovers

    In rare cases, in environments with VirtualVmxnet3 virtual Ethernet adapters attached to virtual machines and backed with the VirtualDeviceBackingInfo data object type, the vpxd service fails with a core dump in /var/core. As a result, vCenter Server becomes unresponsive until vpxd recovers.

    This issue is resolved in this release.

  • The Syslog-TLS protocol in your vCenter Server system defaults to TLS1.2 to remove incorrect cipher-block chaining (CBC) padding

    In vCenter Server 6.7 Update 3m, the Syslog-TLS protocol in your vCenter Server system is set to TLS1.2 by default to remove possible incorrect CBC padding.

    This issue is resolved in this release. If you need to reconfigure the TLS settings, you must download the latest version of the TLSReconfigurator tool.

Virtual Machine Management Issues
  • NEW: You cannot deploy virtual machines by using a VM template after an upgrade to vCenter Server 6.7 Update 3l

    After an upgrade to vCenter Server Update 6.7 Update 3l, you cannot deploy virtual machines by using the Guest OS customization option and a VM template with computer name longer than 15 characters. The issue only occurs if the computer name of the VM template exceeds 15 characters.

    This issue is resolved in this release.

  • The slash character '/' appears as '%252f' or '%2f' after you create a virtual machine snapshot

    In either the vSphere Client or vSphere Web Client, if the name of a virtual machine snapshot contains the slash character '/', you see different characters after saving the snapshot. For example, if you include a date such as 2020/12/1, you see 2020%252f12%252f1 in the vSphere Client or 12%2f1%2f2020 in the vSphere Web Client.

    This issue is resolved in this release for the vSphere Client. For the vSphere Web Client, avoid using slash ('/') or percent ('%') characters in the name of a virtual machine snapshots.

  • Enabling Enhanced vMotion Compatibility (EVC) on a cluster fails with an error EVCAdmissionFailedVmActive

    When you try to enable EVC on a cluster, the operation might fail with an error EVCAdmissionFailedVmActive, although no virtual machine in the cluster is active or conflicting the feature requirements of EVC.

    This issue is resolved in this release. The fix prevents failures to enable EVC due to a runtime state.

Networking Issues
  • If you refresh ports after virtual machine operations, ports might be renamed

    If you refresh ports by using the command RefreshDVPortState after virtual machine operations, such as cloning, some ports in reserved state might be reset to free and reused by other virtual machines. As a result, virtual machines originally assigned to such ports are disconnected and port names change.

    This issue is resolved in this release.

  • User with read-only privileges can change the Network I/O Control configuration of a vSphere Distributed Switch

    In some environments, users with read-only permissions on a folder, which contains a vSphere Distributed Switch, might be able to modify the switch settings, such as VDS > Configure > Resource Allocation > System traffic.

    This issue is resolved in this release.

  • Devices with backing type VirtualDevice.BackingInfo might cause the vpxd service to fail due to a duplicate device key

    If you use the VirtualDeviceBackingInfo object type for backing of devices in your environment, the vNIC key might duplicate for some devices. As a result, the vpxd service fails with a core dump in /var/core.

    This issue is resolved in this release.

  • The vpxd service fails with a duplicate key value error

    When adding an ESXi host to a vSphere Distributed Switch in your vCenter Server system, the vpxd service might fail with a message such as ERROR: duplicate key value violates unique constraint "pk_vpx_dvport_membership". As a result, the vCenter Server Appliance fails over.

    This issue is resolved in this release.

vCenter Server Appliance, vCenter Server, vSphere Web Client, and vSphere Client Issues
  • You do not see historical data in Performance Charts in the vSphere Client

    You see real-time data, but no historical data for the past day, week or month in the Performance Charts in the vSphere Client. The stats data is present in the vCenter Server database, but not displayed.

    This issue is resolved in this release.

  • If the identity source is configured as Integrated Windows Authentication (IWA), a vCenter Server system with frequent Active Directory authentications might become unresponsive

    If the identity source is configured as IWA, frequent lookups during Active Directory authentications might cause a deadlock. As a result, a vCenter Server system with frequent Active Directory authentications might become unresponsive.

    This issue is resolved in this release.

Backup and Restore Issues
  • vCenter Server Appliance Management Interface (VAMI) backup retention policy for FTP, FTPS, and SCP protocols might not work

    In some environments, if you use the vCenter Server Appliance Management Interface to back up a vCenter Server instance, and set a retention policy, old backups are not deleted according to the policy. The issue affects backups with FTP, FTPS, and SCP protocols. In the /var/log/vmware/applmgmt/backup.log file, you see an error such as Incorrect padding.

    This issue is resolved in this release.

Guest OS Issues
  • If you customize a Linux guest OS with SELinux enforcing mode enabled, timezone updates after the customization might fail

    If you customize a Linux guest OS with SELinux enforcing mode enabled, timezone updates after the customization might fail, because the /etc/localtime file might have inaccurate context. As a result, you cannot update the timezone after the customization.

    This issue is resolved in this release.

  • Guest ОS customization fails on virtual machines with SUSE Linux Enterprise Server for SAP Applications with error Unknown distribution

    Attempts to customize SUSE Linux Enterprise Server for SAP Applications on a virtual machine fail with the error Unknown distribution in the guest OS customization log. The issue is specific for SUSE Linux Enterprise Server for SAP Applications.

    This issue is resolved in this release.

Auto Deploy Issues
  • A busy VMware vCenter Server High Availability cluster might work in degraded state due to too many Auto Deploy cache files

    In vCenter Server systems with heavy loads, a busy vCenter Server High Availability cluster might start working in degraded state due to too many vSphere Auto Deploy cache files. The temporary files that vSphere Auto Deploy creates might fail to sync with vCenter Server High Availability.
    In the vCenter Server High Availability logs, you see multiple lines such as:
    File /var/lib/rbd/cache/a1/adc6caeb2489e21006b8d8035b8052 not present, skipping replication

    This issue is resolved in this release.

Miscellaneous Issues
  • You cannot generate a support bundle by using the vCenter Server Appliance Management Interface (VAMI) or vSphere Client because of timeout

    It can take around 20 minutes to generate a support bundle for vCenter Server 6.7 Update 3l and the operation might fail with a timeout error. This problem occurs when a vSAN support bundle collection script cannot quit properly during the generation of the support bundle.

    This issue is resolved in this release.

  • vSphere ESX Agent Manager (EAM) simultaneously puts many ESXi hosts in Maintenance Mode, which causes multiple issues

    Since no restriction exists, EAM might simultaneously trigger Maintenance Mode on a large number of ESXi hosts in a cluster. If vSphere DRS is enabled on the cluster, EAM complies with the vSphere DRS recommendations which hosts to put into Maintenance Mode. If vSphere DRS is not enabled, EAM might attempt to put all of the hosts on the cluster into Maintenance Mode. As a result, some hosts might fail to enter Maintenance Mode, or vSphere vMotion operations fail or time out, or other services managed by EAM fail.

    This issue is resolved in this release. In the /etc/vmware-eam/eam.properties file, you can add the setting eam.mm.policy.one.by.one=true to make sure that EAM starts Maintenance Mode for ESXi hosts in clusters one at a time. You must restart the EAM service by using the command service-control --restart eam for the setting to take effect. This setting affects all EAM agencies in your vCenter Server system that are configured to install software VIBs on clusters.

  • The VMware Platform Services Controller Health Monitor service, pschealth, intermittently fails and restarts

    The pschealth service might intermittently fail due to an invalid memory free operation, and restart. You see core.pschealthd.* files in the /storage/core partition.

    This issue is resolved in this release.

Known Issues

The known issues are grouped as follows.

Installation, Upgrade, and Migration Issues
  • After an upgrade to vCenter Server 6.7 Update 3l and later, you might see existing or new HPE VASA providers in disconnected state

    If the inventory of your vCenter Server system has vSphere Virtual Volumes supported by either of HPE 3PAR StoreServ or HPE Primera VASA providers, you might see the providers get into a disconnected state after an upgrade to vCenter Server 6.7 Update 3l or later. The issue affects 3PAR 3.3.1 MU5 storage, but not 3PAR 3.3.1 MU3 storage. 

    Workaround: Upgrade to vCenter Server 7.0 Update 1c and later. For upgrade compatibility, see VMware knowledge base article 67077.
    Alternatively, you can restore your system to a backup prior to vCenter Server 6.7 Update 3l.
    If you are not already using HPE 3PAR 3.3.1 MU5 VASA provider, postpone the VASA provider upgrade to HPE 3PAR 3.3.1 MU5 until HPE resolves the issue. For more information, see VMware knowledge base article 83038.

Security Issues
  • Remote HTTPS servers might not send the HTTP Strict-Transport-Security response header (HSTS) ports 5480 and 5580

    In some environments, remote HTTPS servers running on ports 5480 and 5580 might not return HSTS.

    Workaround: None

Auto Deploy and Image Builder Issues
  • If an ESXi host machine uses UEFI firmware, you cannot use VMware vSphere Auto Deploy in a VLAN network

    You might not be able to use vSphere Auto Deploy to deploy an ESXi image over a VLAN network environment when the ESXi host machine uses UEFI firmware. UEFI Secure boot fails at the ipxe binary loading stage because the implementation of VLAN support of some UEFI firmware vendors might not fully support iPXE.

    Workaround: None

Known Issues from Prior Releases

To view a list of previous known issues, click here.

check-circle-line exclamation-circle-line close-line
Scroll to top icon