VMware

VMware vCenter Configuration Manager Release Notes

VMware vCenter Configuration Manager 5.7.2 | 24 June 2014 | Build 242

Last Document Update: 24 June 2014

Check frequently for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New

vCenter Configuration Manager 5.7.2 provides several new features and resolves multiple product issues. For updates to the VCM installation and user interface, see the Installation section.

  • Data Performance Caching

    You can set the cache auto refresh day time mappings. VCM performs the automatic refresh of the cache based on the days and times that you define. The refresh times are based on the local time, instead of UTC, and appear in 24-hour format. The value for the refresh date and time is a double-delimited string. You can define an unlimited number of refresh days and times. You can set the delimited entry times in any order. During VCM installation, the value defaults to 4:00 AM for each day of the week.

  • vCenter Hosts Storage iSCSI and Non-iSCSI Bus Adapters

    Two nodes now exist to distinguish the vCenter Server Hosts Storage Bus Adapters. The iSCSI node displays information about the hosts storage iSCSI bus adapters that connect the hosts to iSCSI devices. The Others node displays information about the hosts storage non-iSCSI bus adapters that connect the hosts to non-iSCSI devices, such as SCSI controllers, virtual machine chipsets, IDE controllers, smart arrays, and so on.

  • Custom Information Type Filters

    You can create custom information types (CITs) and filters so that VCM can collect data from configuration files on Linux and UNIX platforms to monitor and enforce the compliance of those platforms. You use the CITs to collect data from files on Linux and UNIX managed machines, and create compliance rules to ensure that the files on these machines are compliant. VCM uses the custom information data class (CIDC) that you associate with the CIT to parse the Linux and UNIX configuration files.

    The VCM online help describes how to create custom information types, including how to create the collection filter and provide the path information, how to collect the configuration file from Linux and UNIX managed machines so that you can obtain the property names and values to use in your compliance rule later, and how to create a compliance rule to have VCM report on compliance based on the content of the file on the managed Linux and UNIX machines.

    The VCM online help describes the parsers used to parse the supported file types, examples of identification expressions, details about the parser directive types and parser directives, and whether the parser directive is required. Supported parsers include the Sh parser, tabular parser, INI parser, tree parser, and Tokenizer parser. You can also write custom parsers for VCM to handle files of complex formats.

  • VCM Patching Support for CentOS and Oracle Enterprise Linux

    VCM supports patching of CentOS and Oracle Enterprise Linux platforms. The Software Content Repository Tool 5.1 works with VCM 5.7.2 to download patch content for these platforms.

    A physical or virtual machine can potentially be a patching repository machine if it is a Red Hat 6 server X86_64 Linux machine that has the VCM 5.7.2 Linux Agent and the Software Content Repository (SCR) Tool 5.1 installed.

    To download patch content for CentOS, the SCR Tool accesses http://vault.centos.org. You can also use the mirrors returned from the Web service at http://mirrorlist.centos.org. To download patch content for OEL, the SCR Tool accesses http://public-yum.oracle.com.

  • Software Content Repository Tool

    The Software Content Repository Tool 5.1 supports VCM patching of CentOS and Oracle Enterprise Linux platforms. VCM supports the x86 and x86_64 architectures for the CentOS platform, and the x86 and x86_64 architectures for the Oracle Enterprise Linux platform.

    New properties files include CENTOS-rt.properties and ORACLELINUX-rt.properties. You obtain the bundle of properties files, Sample-SCR-5.1-Properties.tgz, at the same location where you downloaded the SCR Tool.

    With the Software Content Repository Tool 5.1, the logging.properties file does not exist. Individual properties files exist for each platform, and the logging levels and output file names now reside in the individual <platform>-rt.properties file for each platform type. To change the logging levels for a particular platform, you edit the respective <platform>-rt.propertes file, and set the custom logging levels and output file names in the individual properties file for each run of the SCR Tool.

    Minimum storage required for CentOS and Oracle Enterprise Linux patch content files and payload is described in the Software Content Repository Tool 5.1 Guide at http://www.vmware.com/support/pubs/vcm_pubs.html.

  • Option for Maximum Retries on Linux and UNIX Patch Download Failures

    VCM now supports multiple attempts to download Linux and UNIX patches in the case of a patch download failure. During the patch download step in the Linux or UNIX patch deployment job chain, if some of the patches fail to download, the patch download step attempts to download only the failed patches the specified number of times. If none of the patches are downloaded, VCM sets the patch download step and subsequent steps in the job chain as failed, and as a result VCM fails the entire job chain. For more information, see the VCM online help.

  • Enforceable Compliance Data Types

    Several new data types support enforceable compliance for virtual environments. When VCM performs a remediation action, the corresponding value is changed in the vCenter Server instance.

    • Change vCenter Server Settings as a Compliance Enforcement Action

      All of the vCenter Server settings data that VCM collects while collecting vCenter Server data are available for compliance enforcement. These settings appear in Console > Virtual Environments > vCenter > Settings. When VCM performs a remediation action, the corresponding value is changed in vCenter Server. You can use the vSphere Client to validate the changed settings.

    • Perform Snapshot of a VM as a Compliance Enforcement Action

      The current snapshot age is available for compliance enforcement. When Current Snapshot Age is noncompliant for a conditional compliance rule, VCM triggers the Snapshot VM action.

    • Delete a Snapshot of a VM as a Compliance Enforcement Action

      The Snapshot Age is available for compliance enforcement. When Snapshot Age is noncompliant for a conditional compliance rule, VCM triggers the Delete Snapshot VM action.

    • Change Host Advanced Settings as a Compliance Enforcement Action

      All of the Host advanced settings discovered after VCM collects data from vCenter Server are available for compliance enforcement. These settings appear in Console > Virtual Environments > vCenter > Hosts > Advanced Configuration > Advanced Settings. When VCM performs a remediation action, the corresponding value is changed in vCenter Server. You can use the vSphere Client to validate the changed settings.

  • Managed Machines Patching Support

    VCM 5.7.2 adds patching support for the following platforms:

    • Oracle Enterprise Linux 5.10
    • CentOS 5.10

    In addition to these versions, VCM also supports all intermediate minor versions of supported major versions for Red Hat Linux and its derivatives Oracle Enterprise Linux and CentOS. For example, if 5.4 of RHEL is supported, any 5.x version of RHEL will also be supported unless otherwise indicated for a particular version.

  • Agent Support

    Linux and Windows Agents supported for VCM 5.7.2 include the following versions:

    • Linux Agent version is now updated to 5.7.2.
    • Windows Agent version is now updated to 5.7.2.

    VCM 5.7.2 ends support for the HP-UX PA-RISC platform.

  • Supported Browsers

    The VCM Collector machine, and any other machines that will access the VCM Web console interface on the VCM Collector, must have a compatible Web browser installed. VCM supports the following browsers:

    • Internet Explorer version 8 and 9.
    • Internet Explorer version 10 in compatibility mode.
    • Internet Explorer version 11 in compatibility mode.
    • Mozilla Firefox version 6.0 or later with the Internet Explorer IE Tab add-on. This add-on requires Internet Explorer 6.0 to be installed on the machine.

Updated Documentation

In this release, new features are documented in the VCM online help, the Software Content Repository Tool 5.1 Guide, and these release notes.

The new Software Content Repository Tool 5.1 Guide includes support for CentOS and Oracle Enterprise Linux platforms, including new properties files. Logging is accomplished in the individual <platform>-rt.properties file for each platform type. See the feature list above for a summary of Software Content Repository Tool 5.1.

The VCM Advanced Installation Guide has been reissued to address minor corrections and clarifications. See the Updated Information table in the VCM Advanced Installation Guide for details.

You can access the Software Content Repository Tool 5.1 Guide, VCM Advanced Installation Guide and the VCM 5.7.2 online help on the VMware Web site at http://www.vmware.com/support/pubs/vcm_pubs.html.

Installation

Be aware of the following behavior in the VCM 5.7.2 Typical Installation and Advanced Installation.

  • Foundation Checker 5.7.2 Checks for the Existence of McAfee Solidifier
    Foundation Checker includes a new system check that runs during VCM Advanced and Typical installations, and determines whether McAfee Solidifier is installed. If McAfee Solidifier is installed, Foundation Checker displays a warning message to indicate that the installation will fail if McAfee Solidifier is not running in update mode or if an exception rule is not defined in McAfee Solidifier. See the Known Issues section.

  • VCM 5.7.2 Installation Disables Data Performance Cache Tables
    When you install VCM 5.7.2, or upgrade from VCM 5.7.1, the VCM installation or upgrade drops all of the data performance cache tables, and disables data caching for all views. To use data performance caching, you must enable the views again. For more information, see the VCM online help.

Upgrades to This Release

To upgrade your version of VCM to the current version, you must be running VCM 5.4.0 or later. To migrate your environment to the current version of VCM, you must be running VCM 5.3, EMC Ionix SCM 5.0 or later, or Configuresoft ECM 4.11.1 or later.

  • Upgrades
    An upgrade installs the new version of VCM on the 64-bit Windows machines in single-tier, two-tier, or three-tier installation configurations.

    In this release, the upgrade process verifies your VCM certificates and gives you the option to select or generate new certificates. You must select or generate new certificates if the current certificates are expired.

  • Migrations
    A migration to VCM 5.7.2 requires that you install VCM in a 64-bit environment and migrate your 32-bit database to the 64-bit database. Before you perform the migration, update your environment to include the Windows Server 2008 R2 operating system, SQL Server 2008 R2 or SQL Server 2012, and SQL Server Reporting Services, and then migrate your existing VCM, SCM, or ECM data to the 64-bit environment.

For more information about upgrading an existing instance of VCM, see the VCM Advanced Installation Guide on the VMware Web site at http://www.vmware.com/support/pubs/vcm_pubs.html.

Open Source Components for vCenter Configuration Manager

The copyright statements and licenses applicable to the open source software components distributed in vCenter Configuration Manager 5.7.2 are available at Download VMware vCenter Configuration Manager, on the Open Source tab. You can also download the source files for any GPL, LGPL, or other similar licenses that require the source code or modifications to source code to be made available for the most recent generally available release of vSphere.

The OpenSSL library is updated to version openssl-0.9.8za to address CVE-2014-0224, CVE-2014-0198, CVE-2010-5298, and CVE-2014-3470.

OpenSSL

Internationalization

The VCM 5.7.2 release addresses and resolves internationalization defects that affected how VCM processes and displays non-ASCII characters, non-ASCII account issues, non-ASCII characters in email messages, saving a compliance rule when using the Last Reboot data type, and setting the date for non-VCM initiated changes.

Feature and Product Support Notices

As part of the vCenter Operations Management Suite, VCM continues to provide configuration and change management, compliance assessment and remediation, patch assessment, and patch deployment for your virtual and physical environments.

General support is ending for the following features and products. VMware will continue to provide technical support for these features and products through the end of their support lifecycles.

  • Software Provisioning
  • Operating System Provisioning

For VCM 5.7 and later, the product capabilities related to software provisioning and operating system provisioning have not been enhanced. These functions will eventually be deprecated from VCM as VMware vCloud Automation Center and Application Director provide these management solutions.

Resolved Issues

The following issues are resolved in the VCM 5.7.2 release.

  • VCM cannot create a compliance rule with last logon data property
    When VCM attempted to create a compliance rule using the Accounts data type with a basic rule to check Last Logon for X Days Ago, a failure occurred and VCM displayed the following error: Failed to insert conditions for compliance UI rule: Last Logon -- Invalid date format(s) encountered.

  • This issue is resolved in this release.

  • Report wizard error when using two date filters
    When using the Report wizard to create a report to display new accounts that were created between two valid dates, VCM reported an error, because the Date/Time entry format was not recognized.

  • This issue is resolved in this release.

  • vCenter Operations Manager compliance job hangs
    VCM now has improved performance of the scheduled vCenter Operations Manager compliance jobs.

  • This issue is resolved in this release.

  • License Manager displays server counts after adding unlimited Suite licenses
    VCM displayed incorrect server license counts after adding the vCloud unlimited license key into VCM.

  • This issue is resolved in this release.

  • VCM instance with more than 38,000 machines is in a bad state and cannot recover
    VCM Collector memory throttling for large-scale environments required adjustments to resolve resource contention in the Collector.

  • This issue is resolved in this release.

  • Purging a job from the user interface, or from an associated stored procedure, constantly fails, but is possible with a manual purge
    Improvement in performance was required for VCM to correctly purge jobs.

  • This issue is resolved in this release.

  • Scheduled reports do not export
    On a non-Built-in split installation, the export of scheduled reports failed.

  • This issue is resolved in this release.

  • Filtering of users and groups does not return any results when attempting to add a user to a right
    In Console > Windows > Security > User Rights > By Right, when you filtered users and groups, then attempted to add a user to a right, VCM did not return any results. When you attempted to filter the select list panel in User Rights > By User, VCM exhibited symptoms of mismatches between User Rights and SIDs data.

  • This issue is resolved in this release.

  • Automating the VCM Windows Agent installation displays success even when the installation fails
    When VCM attempted to install the Windows Agent, if the installation failed, VCM reported that the installation succeeded.

  • This issue is resolved in this release.

  • VCM fails AD discovery when FQDN is enabled
    After running an initial Active Directory discovery of machines, running successive AD discoveries in that domain failed when FQDN was enabled.

  • This issue is resolved in this release.

  • On the Windows patch assessment template summary window, clicking the number for machines not patched does not display all of the necessary patches
    When you click a Windows patching assessment template to view Windows patch assessment results, on the patch template summary window, in the Patch Status by Asset Classification section, when you clicked the not patched number, VCM did not display all of the necessary patches.

  • This issue is resolved in this release.

  • Compliance reports display an incorrect number of hosts and vCenter Servers
    When you ran compliance reports, VCM displayed an incorrect number of hosts and vCenter Servers, and the compliance reports displayed the values as Unknown.

  • This issue is resolved in this release.

  • Windows patches from a different patching assessment template appear in the patch deployment wizard
    After you used the Windows Security Bulletin filterset to collect data, and created a patch assessment template that contained a single bulletin, when you accessed that bulletin, the bulletin included patches from another template, and did not include the expected patches.

  • This issue is resolved in this release.

  • The AD object column named User-Workstations always displays Not Collected, regardless of the collection filter used
    In Administration > Settings > VCM for Active Directory > Display Settings, when you edited the Users display setting, and added the User-Workstations column, when you viewed this column in Active Directory > Objects > Users, VCM displayed Not Collected in this column.

  • This issue is resolved in this release.

  • Database performance issues cause compliance jobs to become unresponsive
    When attempting to run compliance jobs, some jobs ran for a long period of time, and some jobs became unresponsive.

  • This issue is resolved in this release.

  • VCM Web console becomes unresponsive when attempting to add a scheduled report
    When you attempted to add a scheduled report in a 3-tier installation environment, VCM reported a Java script error after 15 to 20 minutes.

  • This issue is resolved in this release.

  • Windows dynamic patching assessment template displays incorrect results when correlating a product to a patch bulletin template
    When you added rules to correlate products to bulletins in a Windows dynamic patching assessment template, VCM displayed an incorrect number of patches.

  • This issue is resolved in this release.

  • VCM does not process compliance exceptions when an Administrator other than the Administrator who installed VCM creates the exceptions
    When an Administrator created compliance exceptions, if that Administrator was not the Administrator who installed VCM, VCM did not process the exceptions. The Administrator who installed VCM has rights for all exceptions. Although other users can edit a compliance template and can create exceptions for that template, they do not have rights on global exceptions.

  • This issue is resolved in this release.

  • VCM Installation Manager does not detect SQL Server 2008 R2
    In a VCM Typical Installation, Foundation Checker did not specifically check for SQL Server 2008 R2. If the version was SQL Server 2008, Foundation Checker incorrectly passed the system check.

  • This issue is resolved in this release.

  • VCM reports a stored procedure error when you edit a machine group mapping
    In Administration > Settings > General Settings > Patching > Machine Group Mapping, when you clicked Edit, VCM displayed the following error:
    The stored procedure 'ecm_sp_patching_alternate_location_machine_name_get_ui' doesn't exist.

  • This issue is resolved in this release.

  • Guest annotations do not display correctly when exported to CSV
    In Console > Virtual Environments > Guests > Annotation, when you hovered the mouse over the annotation in the Value column and viewed the number of paragraphs in the annotation, then clicked the Export displayed data button on the toolbar to export the guest annotations to CSV, if an annotation had more than one paragraph, the additional paragraphs appeared on different rows of the spreadsheet instead of being formatted with the first paragraph.

  • This issue is resolved in this release.

  • Grouping by the Data Age column does not display any data
    When you grouped the patching assessment template data by the Data Age column, and attempted to expand the grouped Data Age results in the patching assessment template data grid, if the column grouping action referenced a data age that was not an integer, such as Not Collected, VCM did not display any results for the grouped data.

  • This issue is resolved in this release.

  • Windows patch assessments take a long time to finish when exceptions are enabled
    Performance improvements have significantly reduced the Windows patch assessment time, even when patching exceptions are enabled.

  • This issue is resolved in this release.

  • Scheduled patch assessment occasionally errors out
    Due to the number of concurrent patch assessments, VCM occasionally failed the patch assessment job, and displayed an error indicating that the patch assessment had not returned any results, but the patch assessment job succeeded. In Administration > Settings > General Settings > Patching > General, when you selected Number of concurrent assessments, and increased the number to greater than one, the scheduled assessment jobs succeeded.

  • This issue is resolved in this release.

  • Ping failed on a Windows 2008 R2 VCM Collector machine
    On a VCM Collector that had the HTTP Agent installed, if you uninstalled the Agent, the authentication level remained as mutual authentication, which caused a problem if you attempted to install the VCM Agent again, because the installation required the authentication level to be set to collector authentication.

  • This issue is resolved in this release.

  • Deleting an Active Directory machine group without collecting the Groups data type again causes a failure in upgrade
    After you added a domain group in Administration > User Manager > VCM Logins, and collected the Groups data type from the domain controller, if you removed the group from the Active Directory machine, then upgraded from VCM 5.6 or later, the upgrade failed.

  • This issue is resolved in this release.

  • Deadlocks in database transactions caused performance problems in some scenarios
    The performance of collections, compliance, and patch assessments was adversely affected, and caused VCM to become unresponsive.

  • This issue is resolved in this release.

  • Cannot deploy patches to DCOM machines using a UNC path
    After you upgraded to VCM 5.7.1, and attempted to patch managed machines using the VCM Agent with the DCOM protocol, if you used a custom UNC path instead of the standard deployment for the machine group mapping, VCM could not obtain the patch file. As a result, VCM displayed the error No Valid credentials for network location, and the patch job failed.

  • This issue is resolved in this release.

  • VCM Collector restarts causing collections to go into recovery mode
    When the VCM Collector threadpools reached the maximum number of hung threads, the VCM Collector restarted, which caused the collection jobs to go into recovery mode after the Collector restarted.

  • This issue is resolved in this release.

  • Extremely slow performance when accessing the security profile for the vCenter Server Hosts advanced configuration
    When you accessed the Security Profile data grid in Console > Virtual Environments > vCenter > Hosts > Advanced Configuration, VCM exhibited a significant delay in displaying the security profile data.

  • This issue is resolved in this release.

  • Using the Create Report wizard to create new machine group reports fails
    In Reports > Machine Group Reports, when you added a new machine group report, selected Create Report from Wizard, selected the SRS Table report type, and selected the report data as Virtualization > vCenter - Networking - Port Groups - Ports, when you selected the vCenter - Networking - Port Groups - Ports/Direct Path I/O Issue column and finished the wizard, the report creation failed.

  • This issue is resolved in this release.

  • Virtual Environment vCenter Summary dashboard takes a long time to display data
    When you accessed the Host Summary dashboard in Console > Dashboards > Virtual Environments > Host Summary, VCM took a long time to display the data.

  • This issue is resolved in this release.

  • Virtual Environment vCenter Compliance dashboard takes a long time to display data
    When you accessed the Compliance Posture dashboard in Console > Dashboards > Virtual Environments > Compliance Posture, VCM took a long time to display the data.

  • This issue is resolved in this release.

  • Virtual Environment non-iSCSI Adapters did not appear in the console
    When you accessed Console > Virtual Environments > vCenter > Hosts > Storage > Bus Adapter, iSCSI adapters appeared, but non-iSCSI adapters did not appear.

  • This issue is resolved in this release.

  • Computers that are group members appear with a member type of Groups instead of Computers
    In Console > Windows > Directory Services > Domain Group Members, when you selected a group that contained computer accounts, the computer accounts appeared with a member type of Groups instead of Computers.

  • This issue is resolved in this release.

  • VCM cannot collect the appropriate data for Active Directory group membership
    When you attempted to have VCM collect Active Directory group membership data, VCM only reported one member, and the AD User Summary report in Reports > Active Directory Reports > Objects did not display the primary group.

  • This issue is resolved in this release.

  • Data collections from vCenter Server display duplicate network information on a virtual machine
    When you configured a virtual machine to have multiple NICs, assigned a different port group to each NIC, then collected data from vCenter Server, when you logged in to VCM and selected Console > Virtual Environments > vCenter > Guests > Network, the virtual machine had a greater number of NICs than expected.

  • This issue is resolved in this release.

  • A split installation locks the VCM Agents to DCOM on the machines used for the Web server, database server, and VCM Collector
    In a split installation, the Web server machine could not use HTTP for Agents, because the installation locked the Agent to DCOM, and you could not change the protocol for the Web or database machines from DCOM to HTTP.

  • This issue is resolved in this release.

  • Windows patch deployment fails when failover from HTTP to DCOM fails
    On a VCM Collector with the HTTP remote client installed and DCOM enabled, after you removed the enterprise certificate, ran a Windows patch assessment, and attempted to deploy a patch, when you viewed the patch deployment job in Patching > Job Management > Windows > Job Manager > History, VCM reported that the job succeeded, but when you collected the patch assessment data again from the managed machines, and verified the patch status, the patch was not deployed.

  • This issue is resolved in this release.

  • VCM installer does not check the VCM Collector certificate validity during an upgrade
    When you upgraded to VCM 5.7.1, the VCM installer used an expired Collector Certificate. The installer did not require you to generate a new certificate to replace the expired certificate, so VCM did not report that the certificate was expired or that it was not available in the certificate store, and as a result the upgrade failed.

  • This issue is resolved in this release.

  • Symantec Endpoint Protection 12 does not appear in the Anti-Virus dashboard
    When you viewed the Windows Anti-Virus dashboard in Console > Dashboards > Windows > Anti-Virus, Symantec Endpoint Protection 12 did not appear.

  • This issue is resolved in this release.

  • Virtual Environment compliance rules do not allow for the path selection policy or available ports
    When you created a Virtual Environment compliance rule, VCM did not allow compliance checks for the path selection policy or available ports.

  • This issue is resolved in this release.

  • Duplicate entries for some virtual machines appear in the guest storage Disk Name and Disk File columns
    When you viewed the storage data for vCenter Server guests in Console > Virtual Environments > vCenter > Guests > Storage, duplicate entries appeared for some guest virtual machines in the Disk Name and Disk File columns.

  • This issue is resolved in this release.

  • Cannot remove bulletins from a patching assessment template
    When you attempted to remove a bulletin from a patching assessment template, if the bulletin applied to both the client and the server for the same architecture, and you attempted to remove the bulletin only for the client or the server, but not both, the bulletin was not removed. This issue was reported only for Linux and UNIX patching assessment templates.

  • This issue is resolved in this release.

  • vCenter Server guests CPU usage values appear empty
    When you viewed the CPU usage for vCenter Server guests in Console > Virtual Environments > vCenter > Guests > Summary, the values in the column were empty.

  • This issue is resolved in this release.

  • Windows imported patching assessment template fails when deployed
    When you attempted to deploy a Windows imported patching assessment template in Patching > Windows > Imported Templates, VCM reported that no machine patch data was available, and as a result the patch deployment failed.

  • This issue is resolved in this release.

  • vCenter Server scheduled collections fail
    When you scheduled the collection of data from a vCenter Server instance, if you used a deprecated filter, the Agent caused the inspection of the deprecated filter to time out, and as a result the scheduled collections failed.

  • This issue is resolved in this release.

  • Viewing the history of a patching assessment template generates an error after you select dates
    After you selected dates in the history for a patching assessment template, VCM displayed the following error: The conversion of a varchar data type to a datetime data type resulted in an out-of-range value.

  • This issue is resolved in this release.

  • Compliance reports are missing snapshot data for some guest machines
    When you ran compliance reports, if you had an exception defined in vCenter Server, with an exception condition defined for either a compliance template, virtual object group, or compliance rule, if you did not explicitly define the condition for the virtual object name, such as LIKE '%vCenter_Name%', the compliance results were incorrect.

  • This issue is resolved in this release.

  • Automatic patch deployment does not deploy patches
    When you scheduled an automatic patch deployment, VCM only triggered the automatic patch assessments, and did not deploy any patches.

  • This issue is resolved in this release.

  • Patch deployment fails for DCOM managed machines that require a connection string to be set
    In cases where a managed machine was not correctly identified in DNS, and a connection string was used to override the name or BIOS resolution, patch deployment jobs failed with the error: Network path was not found.

  • This issue is resolved in this release.

  • Scheduled jobs fail after upgrade to VCM 5.7.1
    When you attempted to add scheduled jobs using a date that was far into the future, an overflow condition occurred and the jobs did not appear.

  • This issue is resolved in this release.

  • VCM Agent would not upgrade
    VCM reported the Agents as being the current version, but the Agents were not updated during an upgrade from 5.6 to 5.7.1.

  • This issue is resolved in this release.

  • Inconsistencies occur in patching exception definition pages
    When you defined new patching exceptions, and one or more exceptions were already defined, if you used different sponsors and a user-defined status, or if you set the date for the patching exception to expire, when you added the new exceptions, the behavior differed as compared to editing a previously defined exception.

  • This issue is resolved in this release.

Known Issues

This list of issues pertains to VCM 5.7.2 only. Some known issues from earlier releases might also apply to this release. If you encounter an issue that is not provided in this list of known issues, you can review the known issues from earlier releases, search the VMware Knowledge Base, or let us know by providing feedback.

The following issues are known to occur in the VCM 5.7.2 release.

  • VCM installation in an LDAP and NIS+ environment fails to obtain the primary Group ID from /etc/passwd
    When you install VCM in an environment that includes LDAP and the NIS+ directory service, and you create a user account and group in NIS+, include the proper UIDs and GIDs in the csi.config file, and set the flags to create the user and group to N (No), when you run the VCM installation, the /ECMu/1.0/package.py script cannot obtain the primary GID from /etc/passwd, because the GID does not exist. As a result, VCM fails to set the group permissions on $CSI_ROOT_DIRECTORY/ECMu/1.0/bin/RunLow, and the installation fails.
    Workaround: None

  • You cannot set Network Authority to the CMDelegate account when the protocol of a Windows machine is unknown
    When you use VCM Remote before an Agent is installed on the managed machine, or when you use an earlier version of VCM Remote, then manually install an HTTP Agent, the protocol setting is empty in Administration > Machines Manager > Licensed Machines > Licensed Windows Machines, and does not change when you run the Change Protocol action. You cannot set the Network Authority to the CMDelegate account, because the Network Authority requires HTTP as the protocol.
    Workaround: Wait 2 to 5 minutes for VCM Remote to update the protocol to HTTP in the user interface, then set the Network authority to the CMDelegate account.

  • VCM does not update the list of snapshots after you delete a snapshot
    After you collect data from a vCenter Server instance that includes multiple hosts, guests, and snapshots, when you navigate to Console > Virtual Environments > vCenter > Guests > Snapshot, select one or more snapshots, and click Delete Snapshot, when you view the list of snapshots in Console > Virtual Environments > vCenter > Guests > Snapshot, VCM does not update the list of snapshots, even though the snapshots are deleted. This behavior also occurs if you use the Virtual Environment Compliance remediation action to delete a snapshot.
    Workaround: Collect the vCenter Server Guests data from the managed machines, and view the updated list of snapshots.

  • Patch deployment fails for some Linux and UNIX managed machines, such as CentOS and OEL, when SELinux is enabled on the managed machine
    VCM installs the Linux Agent with inetd or xinetd by default. When SELinux is enabled on the managed machine, and the Linux Agent on the managed machine is running in inetd mode, patch deployment fails and VCM displays an error similar to the following:

    error: install: %pre scriptlet failed (2), skipping <PACKAGE>

    For example, when deployment of an RPM fails, VCM displays an error message such as:

    error: install: %pre scriptlet failed (2), skipping nfs-utils-1:1.2.3-15.el6_2.1

    When a Linux or UNIX managed machine has the Linux Agent installed with inetd, and has SELinux enabled, Package Manager on the managed machine cannot access a patch repository machine. If the managed machine must access a patch repository machine when Package Manager installs a package, such as an RPM, SELinux does not entitle Package Manager to proceed with the installation, because the Package Manager process runs in the Linux Agent and inherits the inetd context from the Linux Agent.
    Workaround: Redeploy the Linux Agent to the managed machine in daemon mode.

  • McAfee Solidifier blocks the VCM installation
    When you attempt to install VCM on a machine that has McAfee Solidifier installed, the installation fails.
    Workaround: To install VCM on a machine that has McAfee Solidifier installed, either put McAfee Solidifier in update mode, add an exception rule in McAfee Solidifier, or disable McAfee Solidifier until VCM is installed, and then enable it again.

  • VCM Collector is not trusted as a Managing Agent after upgrade from VCM 5.4
    On a VCM Collector that has VCM 5.4 installed and data collected from managed machines, when you upgrade the Collector to VCM 5.7.2, neither the Trust status or the Managing Agent status are enabled for the Collector machine.
    Workaround: After you upgrade the Collector to VCM 5.7.2, restart the Collector service, then navigate to Administration > Settings > Certificates on the Collector, and verify that the Trust status and Managing Agent status are enabled for the Collector.

  • VCM installation or upgrade from VCM 5.7.1 fails if the Agent certificate already exists on the VCM Collector
    When you install a VCM Collector to 5.7.2, or upgrade from VCM 5.7.1, when you click the Select button in the Select Certificate window to select the Enterprise Certificate, if the Agent certificate already exists on the Collector, the installation stops responding. Although you might see the available certificates listed in this window the first time you attempt to run the installation or upgrade, if you view the Select Certificate window again, the certificates do not appear and the installation stops responding.
    Workaround: Before you install or upgrade VCM, remove the Agent certificate from the personal and Trusted Root Certification authority on the VCM Collector. To verify that the Agent certificate no longer exists, start the Microsoft Management Console (MMC) on the VCM Collector, and view the list of certificates.

  • VCM Installation Manager should set the principal account in a split installation or VCM upgrade
    In a two-tier or three-tier split installation that is not using a Built-in account, or for a VCM upgrade, VCM Installation Manager should set the principal account for the VCM Collector to the Collector Service account, or to an existing domain and user account, so that WebSubmit can function and VCM can handle scheduled activities.
    Workaround: To manually set the principal account for the VCM Collector, in VCM click Admin > Settings > General Settings > Collector, edit the Collector default principal setting, and specify a domain name and user account name. The user account must already be available in Administration > User Manager > VCM Logins.

  • VCM displays incorrect results for a virtual environment conditional compliance rule on vCenter Server advanced configuration settings if you use the greater than (>) operator or the greater than or equal to (>=) operator in the conditional rule properties for the compliance check
    When you create a conditional compliance rule for vCenter Server advanced configuration settings, if you use the > or >= operator in the conditional properties for the compliance check in the rule, and specify a number that is greater than or equal to the existing value, after you run the respective compliance template, and the value found is less than the expected value, VCM displays the result as compliant instead of noncompliant.
    Workaround: None

  • VCM 5.7.2 Linux Agent does not conform to Federal Information Processing Standards (FIPS)
    Due to time constraints involved in the replacement of OpenSSL to address recently discovered vulnerabilities, the Linux Agent included with vCenter Configuration Manager 5.7.2 does not provide the level of FIPS 140-2 conformance that was available in previous versions of this Agent.
    Workaround: If you are concerned with FIPS 140-2 conformance, see VMware Knowledge Base article KB 2081085 for instructions on how to obtain and deploy a FIPS 140-2 compliant version of the 5.7.2 Linux Agent.