VMware Server 2.0.1 Release Notes
VMware Server Version 2.0.1 | 31 March 2009 | Build 156745
Document last updated: April 13, 2009
VMware Server is a free virtualization product for Microsoft Windows
and Linux servers that enables you to provision new server capacity by
partitioning a physical server into multiple virtual machines. For more detailed information about the features included in VMware Server 2.0.x, see the VMware Server Users Guide. Review the Known Issues section for additional information.
These release notes cover the following topics:
Server 2.0.1 is a maintenance release that resolves security as well as some known issues. With this release of VMware Server, certain new features and support have been added.
Support for New Guest Operating Systems
VMware provides support for the following operating systems for Server 2.0.1:
- Asianux Server 3.0 Service Pack 1
- CentoOS 4.7
- CentOS 5.2
- Windows Essential Business Server (EBS) and Small Business Server (SBS) 2008
- Windows Small Business Server 2003 Service Pack 2
- Windows XP Service Pack 3
- Windows Vista Service Pack 1
The following issues are known to occur with VMware Server 2.0.1.
- VMware Tools notifies you to upgrade VMware Tools even when the latest version is installed
After you log in to a guest operating system as a non built-in administrator and upgrade VMware Tools from Server 2.0 to Server 2.0.x, VMware Tools shows the following message:
VMware Tools can be upgraded although it is the latest version.
This issue is applicable to Windows Vista and Windows 2008 guest operating systems running on Windows Vista or Windows 2008 hosts.
Log in by using the built-in administrator account in Windows Vista or Windows 2008 guest operating system before upgrading VMware Tools.
- VI Web Access login screen fails to load occasionally
The login screen of VI Web Access occasionally fails to load, especially when you try to access a Server 2.0.x installation by using VI Web Access for the first time.
Refresh VI Web Access or access VI Web Access in another instance of the Web browser.
- When attempting to install VMware Server on a Windows host, you might see the message Please verify the md5 hash value of this executable and then press 'Yes' to continue.
Workaround: This message is sometimes displayed when the installer package size is large. You can check the md5 hash value to verify the package before you continue the installation. The md5 hash values are listed on the VMware Server 2 download page.
When attempting to install VMware Server on a Windows 2003 Server host, you might see the error message Error 1718. File installer_name.msi was rejected by digital signature policy.
Workaround: For more information and possible workarounds, see http://support.microsoft.com/kb/925336. Make sure that your operating system has all the latest updates applied.
When attempting to install VMware Server on a Windows 2003 Server host, you might see the error message System Administrator has set policies to prevent this installation.
Workaround: Right-click the installer file, choose Run as, and enter the Administrator username and password. Additional configuration steps might be required. See http://social.technet.microsoft.com/forums/en-US/exchangesvrdeploy/thread/f290d33a-f492-4546-b020-9fcd36217225.
- When upgrading on a Windows host, the installer might prompt you to reboot the system. After the system is rebooted, you might see the message This installation package could not be opened. Verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer Package.
Workaround: Manually restart the installation from the VMware Server installer executable.
- On Windows Server 2008, network settings are not preserved when upgrading to the release version of VMware Server 2.
- On Windows, the VMware Server desktop and Start menu shortcuts use the NetBIOS name in the connection URL. This might cause VI Web Access to fail to connect to VMware Server. VMware Remote Console connections might also fail, with the error Error opening the remote virtual machine machine_name: The host name could not be resolved.
Workaround: Enter the correct host name as the Fully Qualified Domain Name (FQDN) when prompted by the Windows installer. Or, if the URL specified in the shortcut does not work, use the correct host name, IP address, or localhost, as appropriate, in the connection URL. You can also manually enter the short name and the FQDN, or localhost, in the /etc/hosts file.
- When you connect to VI Web Access using Firefox 3, a Security Connection Error is displayed, indicating that the VMware Server host is using an invalid security certificate. The certificate is not trusted because it is self signed.
Workaround: To allow VI Web Access to connect to the host:
- Click Or you can add an exception.
- Click Add Exception.
- Click Get Certificate.
- Verify that Permanently store this exception is selected.
- Click Confirm Security Exception.
- If you use a CIFS datastore and the Windows Credential Manager becomes unavailable for that storage location, virtual machines using that datastore become inaccessible. If you attempt to remove the CIFS datastore from VMware Server while virtual machines are stored on the datastore or virtual CD/DVD drives are connected to ISO image files on the datastore, it will fail with an error message indicating that resources are in use.
Workaround: If you have a virtual machine stored on a CIFS datastore that is inaccessible:
If any virtual machines are connected to an image file stored on a CIFS datastore that is inaccessible:
- Remove the virtual machine, but DO NOT delete the associated disk files.
- Move the virtual machine files to a non-CIFS datastore (unless you want to re-add the CIFS datastore).
After you complete these steps for all virtual machines using the CIFS datastore:
- Edit the virtual machine's CD/DVD drive and disconnect the image file or remove that CD/DVD drive from the virtual machine.
- Move the ISO image to a non-CIFS datastore (unless you want to re-add the CIFS datastore).
- Remove the datastore.
- Add the datastore.
- Add the virtual machine to the inventory.
- On some SLES hosts, VMware services do not start automatically after reboot.
Workaround: To start VMware services, log on to the host as root and enter the command:
- If you click Install VMware Tools in VI Web Access after uninstalling VMware Tools, the VMware Tools image is not mounted in the guest.
Workaround: To successfully mount the VMware Tools image:
- In VI Web Access, click Eject Installer to cancel the VMware Tools installation.
- In VMware Remote Console, disconnect the CD/DVD drive by selecting Devices > CD/DVD Drive 1 > Disconnect.
- In VI Web Access, click Install VMware Tools.
- In VMware Remote Console, complete the VMware Tools installation.
- Automatic VMware Tools upgrade might fail in Windows 2003 Server guests.
Workaround: Upgrade VMware Tools interactively.
- In RHEL 4.6 AS 64-bit guests, mouse behavior is not correct after VMware Tools is installed.
Workaround: Restart the guest or the Xsession after VMware Tools is installed.
- On RHEL systems, sometimes the arrow keys that allow you to cycle between multiple instances of VMware Remote Console in full screen mode are grayed out and cannot be used.
Workaround: Close all instances of VMware Remote Console and delete the file /tmp/vmware-$USER/vmplayer-daemon-$DISPLAY (for example, /tmp/vmware-root/vmplayer-daemon-:0.0). Then restart one or more instances of VMware Remote Console.
- In Netware 6 guests with VMware Tools installed, it is not possible to transfer control of the mouse from VMware Remote Console back to your computer unless you press Ctrl+Alt.
- Connected devices are not listed in the VMware Tools control panel Devices tab.
Workaround: Users that have the appropriate permissions can connect and disconnect devices using VI Web Access or VMware Remote Console.
The vmnet-netifup daemons do not terminate when VMware Server is stopped.
Workaround: Disable IPv6 on your host.
- If you create quiesced backups and you set vmwriter.overwriteSnapshots to TRUE in the VMware VSS Writer configuration file, existing snapshots for all virtual machines on that host are overwritten unless the snapshots are locked.
Workaround: Lock any snapshots that you don't want to overwrite in the Configure VM Snapshots tab.
On Red Hat Enterprise Linux 5 with SELinux enabled, the host agent will not start due to library loading errors.
Workaround: Use the chcon command to change the security context for any libraries that fail to load, for example:
chcon -t texrel_shlib_t /usr/lib/vmware/vmacore/libvmacore.so.1.0.
- On Linux hosts, USB devices are not correctly released from a powered off virtual machine. It is possible to connect released devices to another virtual machine, but then neither virtual machine can successfully use the devices when both virtual machines are powered on.
Workaround: Do not attempt to share a USB device between virtual machines. Manually disconnect the USB device before you connect it to a different virtual machine.
- If you rename a virtual machine in the VI Web Access inventory panel, the virtual machine is not automatically moved to the correct alphabetical position in the inventory list. Collapsing and expanding the inventory list does not fix navigation in the inventory panel, which can cause other unexpected results.
Workaround: Refresh the page after renaming a virtual machine.
- If you create a new preallocated virtual disk (by selecting the Allocate all disk space now file option) in the Add Hardware wizard, you can only add one new preallocated disk at a time. If you select More Hardware and attempt to add a second new preallocated virtual disk before you finish adding the first preallocated virtual disk, the wizard might hang in a Loading state.
Workaround: Click Finish after adding each new preallocated virtual disk, rather than selecting More Hardware to create multiple virtual disks at the same time. Alternatively, do not select Allocate all disk space now.
- When adding a new permission, the error Database temporarily unavailable or has network problems is displayed.
- Stop the VMware Server host agent (at the command line, enter /etc/init.d/vmware-mgmt stop).
- Create a backup copy of the /etc/vmware/hostd/authorization.xml file.
- Open the /etc/vmware/hostd/authorization.xml file in an editor and set NextAceId to the next integer value that is not being used as as an ACEDataId. For example, if the file contains the entry setting NextAceId to 11, set NextAceId to 12.
- Save the updated file.
- Restart the host agent (at the command line, enter /etc/init.d/vmware-mgmt start).
- If you use the Quick Find feature in the Create Permissions dialog box in VI Web Access, the search might fail with a general system error.
Workaround: Close the dialog box and reopen it before attempting to search again.
- If you use Avira AntiVir antivirus software on Windows hosts, you might have problems running virtual machines.
If you have a legacy version of Neoteris Secure Application Manager installed on a client system where you are running VMware Remote Console, VMware Remote Console may fail to connect to a virtual machine on a Windows host.
Workaround: Uninstall Neoteris Secure Application Manager and upgrade to the most recent version, available through Juniper Networks.
- When you attempt to install a new version of the VMware Remote Console add-on over an existing version in Internet Explorer version 7.0.5730.11, a message indicating that the installation was canceled is displayed, and the installation fails. It is not possible to delete the add-on.
Workaround: Upgrade Internet Explorer to a more recent version.
- On some Linux guest systems, including Red Hat Enterprise Linux 4 and Suse 9.3, the guest operating system binds virtual network adapters to specific MAC addresses. When the MAC address changes (for example, when the virtual machine is cloned), you must update the associated guest operating system configuration.
- If you are not using the default ports (8222/8333) for VI Web Access, clicking Help from the virtual network editor on the host displays a failure to load page error in the Web browser instead of the appropriate help page.
Workaround: Change port number in the help URL or access the virtual network editor help from VI Web Access.
The following issues are resolved in Server 2.0.1:
New: Host code execution vulnerability from a guest operating system
A critical vulnerability in the virtual machine display function might allow a guest operating system to run code on the host. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2009-1244 to this issue.
VMnc codec heap overflow vulnerabilities
The VMnc codec assists in record and replay of sessions which are records of the dynamic virtual machine state over a period of time. Two heap overflow vulnerabilities might allow a remote attacker to execute arbitrary code on VMware hosted products. For an attack to be successful, the user must visit a malicious Web page or open a malicious video file.
The Common Vulnerabilities and Exposures project has assigned the names CVE-2009-0909 and CVE-2009-0910 to these issues.
- A VMCI privilege escalation on Windows-based hosts or Windows-based guests
The Virtual Machine Communication Interface (VMCI) provides fast and efficient communication between two or more virtual machines on the same host and between a virtual machine and the host operating system. A vulnerability in vmci.sys might allow privilege escalation on Windows-based machines. This might occur on Windows-based hosts or inside Windows-based guest operating systems. Current versions of ESX Server do not support the VMCI interface and hence they are not affected by this vulnerability. To correct this vulnerability on Windows-based hosts, see Virtual Machine Communication Interface (VMCI) privilege escalation on Windows-based Workstation, Player, ACE and Server (KB 1009826).
The Common Vulnerabilities and Exposures project has assigned the name CVE-2009-1147 to this issue.
- A remote denial-of-service vulnerability in authd for Windows-based hosts
A vulnerability in vmware-authd.exe might cause a denial-of-service condition on Windows hosts. The Common Vulnerabilities and Exposures project has assigned the name CVE-2009-0177 to this issue.
- Updated vm-support script
This release improves data collection when the vm-support script is run by the Server administrator on request of VMware support or its support partners. The file that contains the SSL keys for communication between Server and vCenter and other applications is no longer collected.
For more details, see the KB article Data Security Best Practices - SSL keys for communicating with VirtualCenter and other applications (KB 1008166).
- Windows-based host privilege escalation in hcmon.sys
A vulnerability in an I/O Control (ioctl) function in hcmon.sys might be used
to escalate privileges on a Windows-based host. The Common Vulnerabilities and Exposures project has assigned the name CVE-2009-1146 to this issue.
New releases of hosted products address a denial-of-service problem described in CVE-2008-3761, which can only be exploited by a privileged Windows account.
Denial-of -service vulnerability in a virtual device
A vulnerability in a guest virtual device driver might allow a guest operating system to cause the host and consequently any virtual machine on that host to fail. The Common Vulnerabilities and Exposures project has
assigned the name CVE-2008-4916 to this issue.
Mount installer option mounts current CD-ROM image instead of VMware Tools installer image
If a CD-ROM image is mounted to a virtual machine with VMware Tools installed, the Mount installer option in the Web UI incorrectly mounts the CD-ROM image instead of the VMware Tools image. The issue is resolved in this release.
Unable to install the latest version of VIX API on Server 2.0.x
You cannot install VMware VIX API 1.6.2 of due to an issue with the MSI installer for VIX API. This issue is resolved in this release.
The default VI Web Access HTTP connection port is 8222 and the default HTTPS port is 8333. If you use these defaults, or any values other than 80 (HTTP) and 443 (HTTPS), you must specify the port number when you connect to VMware Server using VI Web Access. You must also allow connection to these ports through your firewall.
An example URL to connect to VI Web Access is http://server_host:8222
If you want to use ports 80 (HTTP) and 443 (HTTPS), override the default values during installation.
Note: If you are running IIS or Apache web server on the default ports, specify alternate HTTP and HTTP ports when prompted by the Windows installer or vmware-config.pl. Alternatively, stop IIS's default Web site or any other Web site running on these ports. On Linux, shut down Apache or any other application using these ports and make sure they are not configured to restart automatically.
This issue is resolved in this release.