vSphere Command-Line Interface 4.1
vSphere CLI 4.1 Release Notes
Welcome to the vSphere CLI 4.1 release notes. Any version numbers referenced in this document are placeholders and do not represent any commitment by VMware to have any specific features in the software included in any specific versions.
This document contains the following information:
About vSphere CLI
The vSphere CLI command set allows you to run common system administration commands against ESX/ESXi systems from any machine with network access to those systems. You can run most vSphere CLI commands against a vCenter Server system and target any ESX/ESXi system that the vCenter Server system manages. vSphere CLI commands are especially useful for ESXi hosts because ESXi does not include a service console.
vSphere CLI commands run on top of the vSphere SDK for Perl. The vSphere CLI and the vSphere SDK for Perl are included in the same installation package.
Whats New in vSphere CLI 4.1
The following vSphere CLI commands have been added since the last documented release, vSphere CLI 4.0:
vicfg-hostops– Allows you to examine, stop, and reboot hosts and to instruct hosts to enter and exit maintenance mode.
vicfg-authconfig– Allows you to add an ESX/ESXi host to an Active Directory domain, remove the host, and list Active Directory domain information.
vicfg-ipsec– Supports IPsec setup.
vSphere CLI 4.1 also includes the following new functionality:
- The following options have been added to
si session– Manage iSCSI sessions.
esxcli swiscsi nic– Manage iSCSI network interfaces.
esxcli swiscsi vmknic– List VMkernel network interfaces available for binding to particular iSCSI adapter.
esxcli swiscsi vmnic– List available uplink adapters for use with a specified iSCSI adapter.
esxcli vaai device– Display information about devices claimed by the VMware VAAI (vStorage APIs for Array Integration) Filter Plugin.
esxcli corestorage– List devices or plugins. Used in conjunction with hardware acceleration.
esxcli network– List active connections or list active ARP table entries.
esxcli vms– List and forcibly stop virtual machines that do not respond to normal stop operations.
- Some of the parity issues between vSphere CLI and the ESX service console have been resolved.
- You can now run vCLI commands using SSPI (
--passthroughauth) against both vCenter Server and ESX/ESXi systems.
- Lockdown mode allows vSphere administrators to block direct access to ESXi systems. With lockdown mode enabled, all operations must go through a vCenter Server system. The following commands cannot run against vCenter Server systems and can therefore not be used in lockdown mode:
vSphere CLI 4.1 includes the following changed functionality:
vmware-cmd -Thas been changed to
vmware-cmd --vihost | -hto be compatible with other vSphere CLI commands.
vmware-cmd -hhas been changed to
The vSphere CLI package installers for Linux and Windows install the vSphere CLI and the vSphere SDK for Perl. Instead of using an installable package, you can deploy the vSphere Management Assistant (vMA), which includes the vSphere SDK for Perl, the vSphere CLI, and a set of other software components.
vSphere CLI 4.1 documentation includes the vSphere Command-Line Interface Installation and Scripting Guide and the vSphere Command-Line Interface Reference (HTML). For the Reference, download and unzip the ZIP file and click on
get option of
credstore_admin.pl is deprecated. Do not use this option; it is scheduled for removal in an upcoming release.
TSO is enabled on ESX/ESXi systems by default. In previous releases of vSphere, the
vicfg-vmknic -t command allowed you to disable TSO. The option is not supported against ESX/ESXi 4.1 and later.
You can install vSphere CLI on the following Windows platforms:
- Windows XP SP3 32 bit
- Windows 2003 32 bit
- Windows Vista Enterprise SP1 32 bit
- Windows 2008 64 bit
You can install vSphere CLI on the following Linux platforms:
- Red Hat Enterprise Linux (RHEL) 5.2 (32 bit and 64 bit)
- SLES 10 (32 bit and 64 bit)
- SLES 11 (32 bit and 64 bit)
- Ubuntu 9.04 (32 bit and 64 bit)
vSphere CLI is also included in the vSphere Management Assistant (vMA), a virtual machine which includes prepackaged software. Developers and administrators can use vMA to run agents and scripts to manage ESX and ESXi systems. vMA 4.1 includes vSphere CLI 4.1 running on a CentOS system.
You can run most vSphere CLI commands against ESX/ESXi 4.x and ESX/ESXi 3.5 Update 2 and later. When you run vSphere CLI 4.x against ESX/ESXi 3.5 Update 2 and later, only the commands and command options supported by Remote CLI 3.5 Update 2 are supported. Call each command with
--help for more information. In a few cases, command options supported by Remote CLI 3.5 Update 2 against ESX/ESXi systems are not supported by vSphere CLI 4.0 and later. See VMware KB Article 1008940 for information on
running vSphere CLI 4.x commands against ESX/ESXi 3.5 Update 2 systems.
See VMware KB Article 1008194 for information on parity between vSphere CLI commands and ESX service console commands.
Installing vSphere CLI
The vSphere CLI Linux installer has changed.
To install vSphere CLI:
- Uninstall any existing versions of vSphere CLI by running
<install_dir>/bin/vmware-uninstall-vSphere-CLI.pl. The default installation directory is
- Delete any existing versions of
rm -rf <install_dir>/vmware-vsphere-cli-distrib
- Download and untar vSphere CLI 4.1.
The vSphere CLI Linux installer stops installation if required modules cannot be found on your Linux system. The installer installs other missing Perl modules, but does not overwrite existing versions of those modules. See the vSphere Command-Line Interface Installation and Scripting Guide
The vSphere CLI Windows installer works as before and installs the vSphere SDK for Perl, the vSphere CLI, and all prerequisite software including Active Perl. If you do not want to overwrite an existing Active Perl installation, use a different system for installing vSphere CLI.
Important: Reboot your Windows system after installation. If you don't, ActivePerl might report that it cannot find some of the Perl modules.
Resolved IssuesThe following issues that were reported in previous releases have been resolved.
vicfg-dumppart --list results in error. When you run
vicfg-dumppart --listagainst an ESX/ESXi host that does not have a diagnostic partition configured, the following error results:
Use of uninitialized value in length at /usr/bin/vicfg-dumppart line 307
Starting SNMP service with vicfg-snmp sometimes fails. Starting the SNMP service by running
vicfg-snmpsometimes fails with the following error:
# snmpwalk -m all -c public -v1 <IP address> enterprises.6876
Timeout: No Response from <ip-address>
The problem occurs under different conditions on ESX and ESXi systems.ESX: When you call the
vicfg-snmpvSphere CLI command against ESX systems, the SNMP service starts successfully. However, if you later attempt to access the service by running
snmpwalk, the call to
snmpwalktimes out and displays the error.
ESXi: When you call the
vicfg-snmpvSphere CLI command against ESXi systems, the SNMP service starts successfully and you can run
snmpwalkto access the service. However, if you disable SNMP and then enable it, a call to
Host updated successfullywhen an obsolete bulletin is installed. An obsolete bulletin is a bulletin containing VIBs that are superseded by what is already installed. Because the bulletin is old, it does not need to be installed. When
vihostupdateencounters an obsolete bulletin, it does not perform installation or update but skips the bulletin. The message is incorrect.
The vSphere CLI 4.1 release has the following new known issues:
Documentation about vNetwork Distributed Switch misleading The vSphere CLI Installation and Scriptig Guide erroneously stated that you can manage vNetwork Distributed Switches (vDS) and dvPort Groups using the
vicfg-vswitchcommand. You can only add uplink adapters to already existing vDS using
vicfg-vswitch. Use the vSphere Client or the vSphere Web Services SDK for other vDS management tasks.
Workaround: No workaround needed. The documentation has been updated.
Running vicfg-snmp -r or vicfg-snmp -D against ESX systems fails. On an ESX system, when you try to reset the current SNMP settings by running the command
vicfg-snmp –ror to disable the SNMP agent by running the command
vicfg-snmp –D, the command fails. The failure happens because the command tries to run the
esxcfg-firewallcommand, which becomes locked and hangs. With
vicfg-snmp –Dcommand results in a time-out and signals an error.
The problem does not occur on ESXi systems.
Workaround: Rebooting the ESX system removes the lock file and applies the previously executed
vicfg-snmpcommand that caused the lock. However, if you try to run
vicfg-snmp -Dagain, an error results again.
Group ID length in vSphere Client shorter than group ID length in vCLI. If you specify a group ID using the vSphere Client, only nine characters are allowed. In contrast, you can specify up to ten characters if you specify the group ID using the
Workaround: No workaround.
Problems with resxtop and esxcli on Ubuntu 9.04 64 bit. When you install vSphere CLI on Ubuntu 9.04 64 bit, and then attempt to run
esxclicommand, the following error results:
No such file or directory.The reason is that in contrast to other 64 bit Linux distributions, Ubuntu 9.04 does not have 32-bit compatibility libraries installed by default.
Workaround: Follow the steps in the vSphere Command-Line Interface Installation and Scripting Guide, which instruct you to install a number of non-default prerequisite software, as follows:
sudo apt-get update
sudo apt-get install libssl-dev perl-doc liburi-perl libxml-libxml-perl libcrypt-ssleay-perl ia32-libs
Cannot clone VMDK files from a non-VMFS directory using vmkfstools vCLI. When you attempt to run the
vmkfstoolsvCLI to clone a VMDK file that is not located in a VMFS directory, the command fails with a message
Invalid datastore path. The operation does not fail if you use the
vmkfstoolsservice console command.
Workaround: Move the VMDK file into the VMFS datastore and repeat the clone operation.
vmkfstools might print misleading error when running against free ESXi. When you run the
vmkfstoolsvCLI against an ESXi host with a free license, some options, e.g.
vmkfstools createvirtualdisk, might return a message like the following:
Unable to create virtual disk with specified parameters
The error message should instead indicate that the operation cannot be performed because of licensing issues.
Workaround: No workaround. While the error is misleading, performing the operation against free ESXi is not supported.
On ESX systems, running snmpwalk fails after a call to vicfg-snmp -E. When you enable SNMP by running
vicfg-snmp -E, the ESX firewall blocks port 161 from being open as an input port. As a result, calls to
snmpwalkdo not work properly.
Workaround: Run the following command in the ESX service console to manually open port 161 as an input port:
/usr/sbin/esxcfg-firewall -o 161,udp,in,hostdSnmp
After the port has been opened, calls to
Running resxtop for extended periods might result in memory problems. Memory usage by
resxtopmight increase over time depending on what happens on the ESX/ESXi system being monitored. Because
resxtopalso causes extra CPU consumption on ESX/ESXi, VMware recommends that you not leave
resxtoprunning for a long time, that is, for a few weeks.
The total number of iterations on ESX/ESXi 4.1 (
-n) is set to a default value of 10,000. After resxtop has generated 10,000 displays, it shuts itself down. That means that if a default delay of five seconds between two displays is used,
resxtopmight shut itself down after around 14 hours.
Workaround: Although you can use the
-noption to change the total number of iterations, it is better to run
resxtoponly when you need the data. If you have to collect
resxtopstatistics over a long time, shut down and restart
resxtopperiodically instead of running one
resxtopinstance for weeks or months.
Running vicfg-hostops to change state of multiple hosts fails when one host is already in that state. You run a
vicfg-hostopsoperation on multiple hosts in a datacenter or cluster. If the operation fails on one of the hosts because the host is already in the state you want to set it to, the operation is not performed on other hosts in the datacenter or cluster. For example, if you run
vicfg-hostopsto put multiple hosts in a cluster into maintenance mode, the operation stops when it encounters a host that is already in maintenance mode. The operation does not process the other hosts in the cluster.
Workaround: In your script, perform a check whether the host is already in the state you want to set it to. Have your script call the
vicfg-hostopsoperation only if the host is not yet in that state.
Users with read-only role cannot display some information on target servers. You create a user running the
vicfg-uservCLI, and you assign the
read-onlyrole to the user. When that user attempts to retrieve information from an ESX/ESXi host, the information is not always available. For example, when the user runs
vicfg-module, no modules are displayed even if those modules actually exist. When the user runs
vicfg-dumppart, no diagnostic partitions are displayed.
Workaround: No workaround for this issue. You can log in as a user with read and write permissions to display the information.
Patch installation using
vihostupdatemight fail on ESXi hosts for patch file sizes greater than 256MB. If you run
vihostupdateto install patches on an ESXi host that does not have a scratch directory, and if the downloaded file size is above 256MB, patch installation fails. When the ESXi server boots initially, the system tries to auto-configure a scratch directory. If no storage is available for the scratch directory, the scratch directory is not configured and points to a temporary directory.
Workaround: Configure a scratch directory on a VMFS volume using the vSphere Client, then run
On Ubuntu 9.04, SSL_connect messages result from running vmware_cmd. When you run
vmware-cmdon an Ubuntu 9.04 system,
SSL_connect:messages are displayed. The messages do not affect command execution.
Workaround:Run the following command to make sure all required modules are up to date:
sudo apt-get install libssl-dev perl-doc liburi-perl libxml-libxml-perl libcrypt-ssleay-perl
On Ubuntu 9.04, message "no packages found matching libxml-libxml-perl". On Ubuntu 9.04, the following message might display when your run the installer:
No packages found matching libxml-libxml-perl In which directory do you want to install the executable files? [/usr/bin]The message indicates that the
libxmlmodule is not up to date.
Workaround: Run the following command to make sure all required modules are up to date:
sudo apt-get install libssl-dev perl-doc liburi-perl libxml-libxml-perl libcrypt-ssleay-perl
See the vSphere CLI Installation and Scripting Guide for more information on required and recommended Perl modules.
Connection failure message when running the esxcli vSphere CLI under Linux. When you run an
esxclicommand on a Linux system that is using SELinux enhanced security, the command reports
Connect to 220.127.116.11 failed.The command records the following information in /var/log/messages
setroubleshoot: SELinux is preventing esxcli from loading /usr/lib/vmware-vcli/bin/esxcli/_ssl.so which requires text relocation.
Workaround: Make one of these changes on the system on which you run
- Run the following command to resolve the text relocation issue:
chcon -t textrel_shlib_t /usr/lib/vmware-vcli/bin/esxcli/_ssl.so
- Disable SELinux or change the SELinux policy to permissive. Note that this is a significant change to the security of the client system. Do not make this change unless you have in-depth knowledge of SELinux and your local network security policies.
- Run the following command to resolve the text relocation issue:
Missing DLL error during first command execution after installation (Windows). A vCLI installation on Windows completes successfully. However, when you later run vCLI commands, errors about missing DLLs might result. For example:
lib2xml.dll wasn't found
Workaround: Reboot your Windows system.
The following known issues documented for vSphere 4.0 have not yet been resolved:
Problems using vmkfstools to create VMFS3 volume when using VML name of LUN. When you run
vmkfstools -C vmfs3to create a VMFS3 volume, and you use the VML name for the LUN, the command might fail even if the VML name is a soft link to a device name (naa.xxx name). The command might fail, for example, if a VMFS3 volume already exists on the LUN.
Workaround: Use the device name (naa.xxx or eui.xx) to refer to the LUN.
Running vmkfstools -C does not prompt for confirmation. When you run
vmkfstools -Cto create a VMFS (Virtual Machine File System) on a partition that already has a VMFS on it, the command erases the existing VMFS and creates the new VMFS without prompting for confirmation.
Workaround: No workaround. Check the command carefully before running it.
resxtop not supported in replay mode. The
resxtopcommand is supported only in interactive mode and batch mode. The
esxtopservice console command is supported in interactive mode, batch mode, and replay mode.
Workaround: On ESX systems, use
esxtopinstead. On ESXi systems, no workaround.
resxtop Storage Panel "l" interactive command replaced by "u". When you use
resxtopin interactive mode and view the Storage Adapter panel, you can no longer type "l" to expand the view to the LUN level. Instead, an error results.
Workaround: Type "u" to expand to the LUN level.
vicfg-route displays gateway that has been removed. If you add a gateway using
vicfg-route, and then remove that gateway, a follow-up call to
vicfg-routestill displays the gateway although it has actually been removed.
Diagnostic partition change is not persistent under certain conditions. If you call
vicfg-dumppartto change the diagnostic partition, and if your ESX/ESXi system experiences a failure within an hour after this change is made and before the host is rebooted, the diagnostic partition reverts to the original setting.
esxcfg-boot -bimmediately after changing the partition to ensure this problem does not occur.
ESXi: Reboot the ESXi system immediately after changing the partition.
When using svmotion in interactive mode, cannot specify non-ASCII characters as input. When you use
svmotionin interactive mode, you cannot specify non-ASCII input, for example, a German datacenter name.
svmotionin non-interactive mode and use quotes around the datacenter name.
Error when using vicfg-iscsi to set up IP, subnet, and gateway separately. You perform a factory reset on a QLogic hardware iSCSI card that results in an error. If you then use the
vicfg-iscsivSphere CLI to set IP address, subnet mask, and gateway separately, an error status results in which the addresses for IP, subnet mask, default gateway, and DNS are set to NULL (0.0.0.0). This is also a problem if the address is 0.0.0.0 for other reasons.
Workaround: Use the following command to reset the IP address, subnet mask, and gateway at the same time:
vicfg-iscsi --network --ip
Cannot modify hardware iSCSI adapter MTU using
vicfg-iscsi. When you call
vicfg-iscsi <conn_params> --pnp --mtu <number> <vmhba>to modify the MTU for a hardware iSCSI adapter, the MTU does not actually changed and an error indicates the property is not settable.
vicfg-vmknic completes successfully but displays error. Set up an ESXi Installable system with a DHCP IP address, then set an explicit IP address by running
vicfg-vmknic -i -n -p. The IP address is set successfully, but a SOAP error is displayed instead of a success message. This problem has been found on ESXi Installable only.
Workaround: No workaround needed, the IP address is set successfully.
On Windows, Warnings During Startup if chcp Program Not Available. On Windows operating systems, if the chcp program is not present or is not in your PATH environment variable, vSphere CLI commands display the following warning message on startup:
'chcp' is not recognized as an internal or external command, operable program or batch file.
By default, the program is not included with Windows XP 64 bit, but included with all other supported versions of Windows.
Workaround: No workaround needed. The commands are not affected. If you want to avoid the warning, make sure chcp is installed and in your PATH.
On Linux, cannot install into a non-default directory if it does not have a bin directory. If you run the vSphere CLI installer and specify as the installation location a directory that does not contain a
bindirectory, the installer ignores the specified directory and installs the package in the
/usr/bindirectory instead. For example, if you specify
/home/user, the installer creates a
/home/bindirectory and installs the software there.
Workaround: Create the bin directory before installation.
lcrypto installation error on some Linux platforms. When you install the package that includes the vSphere SDK for Perl and the vSphere CLI, you might see the following error on some Linux platforms:
ld: cannot find -lcrypto
Unable to link the Crypt::SSLeay Perl module. Secured connections will be unavailable until you install the Crypt::SSLeay module.
Workaround: Install OpenSSL using the appropriate installation process for your Linux platform.
vicfg-volume does not maintain global datacenter information in a distributed environment. In a distributed environment a user has mounted (persistent/no persistent) an unresolved volume from one ESX/ESXi system using
vicfg-volume -M. From another ESX/ESXi system, the user runs
vicfg-volume -rto resignature that unresolved volume. If the mounted volume is not active, running the volume resignature command unmounts the volume. The volume appears as a resignatures volume to all hosts in the environment. In contrast, if you use vSphere Client to mount an unresolved volume from one host and issue resignature from another host, the vSphere Client generates a warning to let users know that volume has been mounted on another host and resignature does not succeed.
Workaround: Use the vSphere Client instead of the vSphere CLI to resignature volumes in a distributed environment.