VMware

VMware vCenter Server 5.1.0b Release Notes

vCenter Server™ 5.1.0b | 20 December 2012 | Build 947939

vCenter Server™ Appliance 5.1.0b | 20 December 2012 | Build 947940

Last updated: 13 March 2014

Check for additions and updates to these release notes

What's in the Release Notes

The release notes cover the following topics:

What's New

This release of VMware vCenter Server 5.1.0b includes a number of bug fixes that have been documented in the Resolved Issues section. A few notable improvements are as follows:

  • Timeout errors occurring when logging in to the vSphere Client have been addressed.
  • You can log in to a vSphere Web Client as a user of an Active Directory domain that has a non-standard UPN.

Internationalization

VMware vSphere 5.1.0b is available in the following languages:

  • English
  • French
  • German
  • Japanese
  • Korean
  • Simplified Chinese

Compatibility and Installation

ESXi, vCenter Server, and vSphere Web Client Version Compatibility

The VMware Product Interoperability Matrix provides details about the compatibility of current and previous versions of VMware vSphere components, including ESXi, VMware vCenter Server, the vSphere Web Client, and optional VMware products. In addition, check this site for information about supported management and backup agents before installing ESXi or vCenter Server.

The vSphere Client and the vSphere Web Client are packaged with the vCenter Server and modules ZIP file. You can install one or both clients from the VMware vCenter™ Installer wizard.

Inventory Service Database

The Inventory Service database does not have a scheduled backup. You should back up the Inventory Service database as part of your regular vCenter Server database administration. To move the Inventory Service database to a different host machine, back up the database on the source machine and restore the database on the destination machine as described in the vSphere Installation and Setup documentation.

vSphere Client Connections to Linked Mode Environments with vCenter Server 5.x

vCenter Server 5.1 can exist in Linked Mode only with other instances of vCenter Server 5.1.

Installation Notes for This Release

Read the vSphere Installation and Setup documentation for step-by-step guidance on installing and configuring ESXi and vCenter Server.

Although the installations are straightforward, several subsequent configuration steps are essential. In particular, read the following:

Upgrades and Installations Disallowed for Unsupported CPUs

vSphere 5.1 supports only CPUs with LAHF and SAHF CPU instruction sets. During an installation or upgrade, the installer checks the compatibility of the host CPU with vSphere 5.1. If your host hardware is not compatible, a purple screen appears with an incompatibility information message, and you cannot install or upgrade to vSphere 5.1.

Upgrades for This Release

For instructions about upgrading vCenter Server and ESX/ESXi hosts, see the vSphere Upgrade documentation.

vCenter Server Upgrades

vSphere 5.1.0b supports the following upgrade scenarios.

  • You can perform in-place upgrades on 64-bit systems from vCenter Server 4.x , vCenter Server 5.0, vCenter Server 5.1 and vCenter Server 5.1.0a to vCenter Server 5.1.0b. You cannot upgrade an instance of vCenter Server 4.x that is running on Windows XP Professional x64 Edition.

  • Customers with VirtualCenter 2.5 update 6 and later with 32-bit operating system will be required to perform a migration upgrade to vCenter Server 5.0 as the first step in the upgrade process due to the 32bit/64bit differences. After this migration upgrade, customers can perform an in-place upgrade from version 5.0 to version 5.1.x. See the version 5.0 vSphere Upgrade documentation.

  • vCenter Server 5.1.0b can manage ESXi 5.x hosts in the same cluster with ESX/ESXi 4.x hosts. vCenter Server 5.1 cannot manage ESX 2.x or 3.x hosts.

  • Important When upgrading from vCenter Server 5.1 to vCenter Server 5.1.0b for non-English locales, the installation of vCenter Single Sign On must be performed through the command line. Use the following command for upgrading:

    <Exe name> /S /v"/L*v <log location>/ /qn"

    Example: For vCenter Single Sign On installation use the following command:

    VMware-SSO-Server.exe /S /v"/L*v \"%temp%\vim-sso-msi.log\" /qn"

Open Source Components for VMware vSphere 5.1 and vCenter Server 5.1.0b

The copyright statements and licenses applicable to the open source software components distributed in vSphere 5.1 and vCenter Server 5.1.0b are available at http://www.vmware.com/download/vsphere/open_source.html, on the Open Source tab. You can also download the source files for any GPL, LGPL, or other similar licenses that require the source code or modifications to source code to be made available for the most recent generally available release of vSphere.

Product Support Notices

  • vSphere Client. In vSphere 5.1, all new vSphere features are available only through the vSphere Web Client. The traditional vSphere Client will continue to operate, supporting the same feature set as vSphere 5.0, but not exposing any of the new features in vSphere 5.1.

    vSphere 5.1 and its subsequent update and patch releases are the last releases to include the traditional vSphere Client. Future major releases of VMware vSphere will include only the vSphere Web Client.

    For vSphere 5.1, bug fixes for the traditional vSphere Client are limited to security or critical issues. Critical bugs are deviations from specified product functionality that cause data corruption, data loss, system crash, or significant customer application down time where no workaround is available that can be implemented.

  • VMware Toolbox. vSphere 5.1 is the last release to include support for the VMware Tools graphical user interface, VMware Toolbox. VMware will continue to update and support the Toolbox command-line interface (CLI) to perform all VMware Tools functions.

  • VMI Paravirtualization. vSphere 4.1 was the last release to support the VMI guest operating system paravirtualization interface. For information about migrating virtual machines that are enabled for VMI so that they can run on later vSphere releases, see Knowledge Base article 1013842.

  • Windows Guest Operating System Customization. vSphere 5.1 is the last release to support customization for Windows 2000 guest operating systems. VMware will continue to support customization for newer versions of Windows guests.

  • VMCI Sockets. Guest-to-guest communications (virtual machine to virtual machine) are deprecated in the vSphere 5.1 release. This functionality will be removed in the next major release. VMware will continue support for host to guest communications.

Resolved Issues

This release resolves issues in the following subject areas.

Upgrade and Installation

  • vCenter Single Sign On installation fails with error 20020
    vCenter Single Sign On installation fails with the following error when you select the destination folder to install the software:

    Error 20020. Failed to update values in server.xml file

    This issue occurs when you attempt to install vCenter Single Sign On on a folder with spaces, for which no short name exists. To verify this, run the dir /x command in the parent folder of the folder with spaces.

    This issue is resolved in this release

  • Installation of vCenter Single Sign On fails if the database name contains a hyphen
    When the Microsoft SQL Server database name contains a hyphen, (for example SSO-DB), vCenter Single Sign On installation fails with the following error:

    Error 29114.Cannot connect to DB

    This issue is resolved in this release.

  • Installation of other VMware components on the same machine as the Single Sign On service may fail
    During Single Sign On installation, one of its services is installed with a random port. This port is picked up from a range in which are the default port numbers of other vSphere components. As a result, the installation of another vSphere service on the same machine might fail.

    This issue is resolved in this release.

vCenter Server and vSphere Client

  • Active Directory users with customized UPN user names cannot use Windows session credentials to log into the vSphere Web Client
    Active Directory users might have a custom suffix in their UPN instead of using the domain name as the suffix. For example, the user name alice@company.com can be customized to be alice@sales.company.com. Active Directory users with these custom suffixes cannot log into the vSphere Web Client using Windows session credentials when vCenter Single Sign On is installed on a Windows system.

    Users who log in with a smartcard whose UPN includes a custom suffix might not be provided their Windows system user name and password. For example, because CAC smartcard users always log in with the smartcard, they are not provided with their Windows credentials. These users cannot log in to a vSphere environment if Single Sign On is enabled with the Use Windows Credentials feature.

    This issue is resolved in this release

  • Installation of vCenter Single Sign On recovery fails if the master password has changed
    If you have changed the Single Sign On master password, you must regenerate node.pkg in order to restore your Single Sign On backup using the current master password. If you select not to do this, you will need to provide the original master password when restoring. After changing the master password, execute the following prior to creating a Single Sign On backup bundle: rsautil configure-riat -a generate-node-pkg -m MasterPassword.

    This issue is resolved in this release

  • In vCenter Single Sign On Multi-Site deployment mode, installation of the secondary node fails
    When you attempt to install the secondary node of vCenter Single Sign On, installer might fail to correctly identify the primary vCenter Single Sign On node due to which installation of the secondary node can fail with the error message:

    Error 29103. Cannot read file or directory.

    This issue is resolved in this release

  • Configuration of vCenter Single Sign On in vCenter Server Appliance fails if vCenter Server Appliance is in IPv6 network environment
    When vCenter Server Appliance is using IPv6 address and has Fully Qualified Domain Name (FQDN) which DNS can not resolve, the configuration of the embedded vCenter Single Sign On service fails with the following error:

    Error: An unexpected error occurred during the installation of the appliance SSO service

    This issue is resolved with this release.

  • Authentication failed error is displayed instead of password expired when you attempt to log in to system domain and active directory
    When you try to login to the system domain and active directory where the password is already expired, the authentication failed error is displayed instead of an error stating that the password has expired.

    This issue is resolved with this release.

  • vCenter Server takes an unusually long time to start and the vSphere Client might time out
    When a large number of permissions are assigned to objects in the vCenter Server inventory, the vCenter Server service does not start as quickly as expected because vCenter Server verifies that the users and groups exist in the identity source. Also, the connection to the vSphere Client might time out when you log in with Windows session credentials.
    The following messages appear in the vCenter Server logs while the service is starting:

    [SSO] [SsoAdminFacadeImpl] [FindGroup]
    [UserDirectorySso] GetUserI nfo (DOMAIN\ *USER OR GROUP*, true) res: DOMAIN\ *USER OR GROUP*
    [UserDirectorySso] NormalizeUserName (DOMAIN\ *USER OR GROUP*, false) re: DOMAIN\ *USER OR GROUP*

    This issue is resolved with this release.

  • Single Sign On and Inventory Service installer displays a warning popup message
    In vCenter Server, the vCenter Single Sign On and vCenter Inventory Service installer might display a warning popup message about not able to resolve FQDN with nslookup. However, the nslookup is able to resolve forward and reversed address from command prompt.
    This issue occurs in vCenter Server supported localized environments.

    This issue is resolved with this release.

  • vSphere Client in Japanese displays an error message after clicking Manage vSphere Licenses link
    When running the vSphere Client on a Windows system with the locale set to Japanese, attempt to access Manage vSphere Licenses link fails with following error message:

    vSphere Client internal error occurred in Japanese

    This issue is resolved with this release.

Security

  • Directory traversal vulnerability allows an authenticated remote user to retrieve arbitrary files
    The vCenter Server Appliance (vCSA) contains a directory traversal vulnerability that allows an authenticated remote user to retrieve arbitrary files. Exploitation of this issue may expose sensitive information stored on the server.

    The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the names CVE-2012-6324 to this issue.

Known Issues

The known issues are grouped as follows.

Installation Issues
  • During vCenter Single Sign On 1.0.0 installation a warning message is displayed
    When installing vCenter Single Sign On 1.0.0, if you log in as a domain user, the installation automatically discovers the identity sources as part of the vCenter Single Sign On installation process. The vCenter Single Sign On installer might display the following warning message if it is not able to discover the identity source:

    Error 29155: Identity sources could not be discovered automatically. You can manually add your Active Directory as an identity source after the installation, by using the vSphere Web Client.

    Workaround: None.

  • vCenter Single Sign On installation fails with error 29133
    vSphere vCenter Single Sign On installation fails with the following error:

    Error 29133. Administrator login error

    This error occurs if you use semicolon (;), double quote ("), circumflex (^), single quote ('), or backward slash (\) in the vCenter Single Sign On administrator password.

    Workaround: Do not use password that contain these characters.

  • Inventory Service fails to validate the Lookup Service URL during Inventory Service installation due to truncation of the admin@system-Domain account password
    If you define a admin@System-Domain password longer than 32 characters when you install vCenter Single Sign On, the password is truncated to 32 characters. When the Inventory Service installer then tries to authenticate the Lookup Service URL, it encounters a password mismatch and the authentication fails.

    Workaround: Limit the password to less than 32 characters for admin@System-domain when installing vCenter Single Sign On.

  • After updating vCenter Server Appliance to 5.1.0b vSphere Web Client might appear inaccessible or plugin modules might not be visible in the vSphere Web Client
    After updating the vCenter Server Appliance to 5.1.0b, the appliance does not prompt for reboot or automatically reboot. When the vSphere Web Client is later updated with a newer version of a plug-in module found on vCenter Server, the vSphere Web Client might appear inaccessible or the new plug-in might not be visible in the vSphere Web Client.

    Workaround: After updating the vCenter Server Appliance or a vSphere Web Client plug-in, reboot the vCenter Server Appliance to complete the process.

  • Inventory Service fails to start on installation after rollback of vCenter Single Sign On installation using Simple Install
    After vCenter Single Sign On installation rollback, if you select the new installation folder as the subfolder under the folder used for the previous installation, the Inventory Service fails to start.

    For example, if the initial installation folder used is C:\Program Files\VMware\Infrastructure, and you choose the subfolder C:\Program Files\VMware\Infrastructure\abc for the installation after rollback, the Inventory Service fails to start.

    Workaround: If vCenter Single Sign On installation rolls back using Simple Install, select the same installation folder used for the previous installation.

  • vCenter Single Sign On requires manually created database users for external database
    The Manually Created Database User checkbox has been removed and there is no option for the installer to automatically create a user.

    Workaround: Run the following script to manually create the database user prior to installing vCenter Single Sign On:

    < SSOInstaller Folder >\Single Sign On\DBScripts\SSOServer\schema\< Database >\rsaIMSLite< DB >SetupUsers.sql

  • Windows Authentication check-box not available
    The Windows Authentication checkbox has been removed and there is no option to use Windows Authentication to connect to an SQL Server.

    Workaround: None.

  • Bundled Database users must set a password that meets the GPO policy
    You must set your own password for RSA_USER and RSA_DBA and this password must satisfy the GPO policy.

    Workaround: When setting your password, ensure that you meet all of the following criteria:

    • Password must meet localos/AD domain GPO policy.
    • Limit password length to not more than 32 characters.
    • Avoid using special characters semicolon (;), double quotes ("), circumflex (^), single ('), and backward slash (\) in your password.

  • Installation of Profile-Driven Storage via vCenter Server might fail with an error code 1603
    If the Look Up service URL has a sts string, attempts to install the Profile-Driven Storage by using vCenter Server installer might fail with a message similar to the following:

    The wizard was interrupted before Profile-Driven Storage could be completely installed.

    The vpxd service is unable to start, as the sts URL in the vpxd.cfg file is incorrect.

    Workaround: Use the following steps to rectify the sts URL in the vpxd.cfg file:

    1. Open the file SsoData/ssoLocations.txt that might be available in the temporary folder (%tmp%).
      Note: If you are unable to locate the SsoData/ssoLocations.txt file in the temporary folder, run the following command to fetch URLs from lookup service:

      <InstallationFolder>\ssoregtool\regtool.cmd storeSsoData ?d https://<lookup service-ip>:7444/lookupservice/sdk -f <output path>


    2. The output in the ssoLocations.txt file might be similar to following:

      groupcheck = https://<lookup service-ip>:7444/sso-adminserver/sdk
      admin = https://<lookup service-ip>:7444/sso-adminserver/sdk
      sts = https://<lookup service-ip>:7444/sso-adminserver/sdk

    3. Copy the sts URL from the ssoLocations.txt file and update the sts URL in the vpxd.cfg as follows:
      <sts>
      <uri>https://<lookup service-ip>:7444/sso-adminserver/sdk</uri>
      </sts>


  • Upgrading from vSphere 5.1 to vSphere 5.1.0b with Simple Install displays a warning message
    When upgrading from vSphere 5.1 to vSphere 5.1.0b with Simple Install, the following warning message is displayed:

    You cannot use vCenter Simple Install for this install/upgrade. vCenter package components are already installed. To upgrade installed components or install additional components, click the links for the individual component installers in Autorun.

    Workaround: Use the individual installers to upgrade from vSphere 5.1 to vSphere 5.1.0b.

  • If Auto Deploy encounters a rule that applies a host profile, it applies that rule even if the host profile no longer exists
    Assume that one of the rules in an Auto Deploy ruleset applies a host profile, and you delete the host profile from the vSphere Client or the vSphere Web Client. If you do not remove the rule from the ruleset, the host profile is still applied to hosts that are booted with Auto Deploy.

    Workaround: You can determine whether any rules use deleted host profiles by using the Get-DeployRuleSet PowerCLI comdlet. The cmdlet shows the string deleted in the rule's item list. You can then run the Remove-DeployRule cmdlet to remove the rule.

  • VDS configuration fails for ESXi systems booted with Auto Deploy
    In a cluster, only two hosts are capable of running a virtual machine that is enabled for Fault Tolerance (FT). One of the hosts is rebooted with Auto Deploy. VDS configuration fails, and the host remains in maintenance mode after it is reconnected to the vCenter Server system.
    This happens when only the ESXi system that is being rebooted can host the secondary virtual machine. The Fault Tolerance process adds the secondary virtual machine to the booting ESXi host's inventory and vDS migration fails with a Resource In Use error.
    The problem has been observed in the following situations:

    • During upgrade of ESXi hosts that are in a cluster.
    • If many hosts in a cluster reboot simultaneously, so that only one or two hosts are fully booted.
    • In a small cluster (two or three hosts).

    Workaround: If you see the problem during an upgrade, disable Fault Tolerance on the virtual machines temporarily. The virtual machines can migrate to the already upgraded host. Reenable Fault Tolerance after the upgrade process is complete.
    If you see the problem when multiple hosts are rebooting or in a small cluster, wait until several hosts in the cluster have completed the boot process, and reboot the affected host. You can also disable Fault Tolerance for the virtual machine whose secondary virtual machine is assigned to the affected host.

  • Installation of vCenter Server and related components fails if the user name of the logged-in user contains non-ASCII characters
    If the user name of the user who is currently logged in contains non-ASCII characters, installation of vCenter Server, vCenter Inventory Server, vCenter Single Sign On, or vSphere Web Client fails with the error message: The user name contains non-ASCII characters. Please log in with a user name that contains only ASCII characters.

    Workaround: Log in with a user name that does not contain non-ASCII characters and retry the installation.

  • Auto Deploy installation fails if the installation path includes non-ASCII characters
    If you select a folder that includes non-ASCII characters when you run the Auto Deploy installer, the following error results
    : Error 29106 .Unknown error.

    Workaround: Select a folder that includes only ASCII characters in the path name.

  • VMware VirtualCenter Management Webservice service fails to start after vCenter Server is installed in a location containing any combination of the special characters !, @, or #
    If the vCenter Server installation path contains any combination of the special characters !, @, or #, the vCenter Server installation is successful but the VMware VirtualCenter Management Webservice service does not start, and logging in to vCenter Server fails with the error do not have permissions. For example, the following installation path would produce the error: C:\VMware!@SingleSign@On!#$Installer.

    Workaround: Install vCenter Server in the default location or in a custom location without the special characters.

  • vCenter Single Sign On server installation fails on systems running IBM DB2 9.7 Fix Pack 1 or earlier
    Components of vCenter Single Sign On require DB2 9.7 Fix Pack 2 or later. When you attempt to install vCenter Single Sign On on a system running earlier versions of DB2 9.7, installation fails.

    Workaround: Update the DB2 9.7 instance to Fix Pack 2 or later.

  • Installation fails when you install vCenter Single Sign On with a local database on a Turkish version of Windows 2008 R2 64 bit
    You might receive an error (Error 20003 or 20010) when you install vCenter Single Sign On in a Turkish Windows environment and the database is on the local system. This error occurs when Microsoft SQL Server capitalizes certain letters, which makes the database incompatible with vCenter Single Sign On.

    Workaround:

    1. Install the database on a separate system running an English version of Windows 2008 Server.
    2. Run the vCenter Single Sign On installer on the system running the Turkish version of Windows 2008 Server.
    3. Connect to the database remotely.

  • Installation of vCenter Single Sign On high availability or recovery node fails if Master Password and Administrator password are different
    The following behavior occurs when you install vCenter Single Sign On in high availability mode:

    • When you provide the correct vCenter Single Sign On Administrator password, validation appears to be successful, but installation fails with an error that the vCenter Single Sign On Master Password is incorrect.
    • When you provide the correct vCenter Single Sign On Master Password, validation fails because the installer is expecting the vCenter Single Sign On Administrator password.

    The following behavior occurs when you install vCenter Single Sign On in recovery mode:

    • When you provide the correct vCenter Single Sign On Administrator password, installation fails with an error that the vCenter Single Sign On Master Password is incorrect.
    • When you install vCenter Single Sign On on a domain machine and you provide the correct vCenter Single Sign On Master Password, installation fails with an error that the SSPI Service account cannot be configured because the installer is expecting the vCenter Single Sign On Administrator password.
    • When you install Single Sign On on a workgroup machine, installation fails with an error that the Lookup Service configuration failed. The log file contains an error that the vCenter Single Sign On Administrator password is incorrect.

    Workaround: Ensure that the same password is used for the vCenter Single Sign On Master Password and the vCenter Single Sign On Administrator password. You can verify the passwords using the following commands. The default <ssoserver folder> is typically C:\Program Files\VMware\Infrastructure\SSOServer.

    • vCenter Single Sign On Master Password:
      <ssoserver folder>\utils>rsautil.cmd manage-secrets -a list

    • vCenter Single Sign On Administrator password:
      <ssoserver folder>\utils>rsautil.cmd manage-identity-sources -a list -u admin

    You can set the passwords using the following commands:

    • vCenter Single Sign On Master Password:
      <ssoserver folder>\utils\rsautil.cmd manage-secrets -a change -m <master password> -N <new Master Password>

    • vCenter Single Sign On Administrator password:
      <ssoserver folder>\utils\rsautil.cmd reset-admin-password -m <master password> -u <admin> -p <pass>

    The vCenter Single Sign On Administrator password expires by default in 365 days. When you reset this password, reset the vCenter Single Sign On Master Password as well to ensure that they remain the same.

  • Installation fails when you attempt to install vCenter Single Sign On in an IPv6 environment
    When you use the command netsh interface ipv4 uninstall with reboot in a purely IPv6 environment on Windows 2003, 2008, or 2008 R2, vCenter Single Sign On installation fails. The following error occurs: Error 29114. Cannot connect to database. In addition, this error might appear in the install.log file: Error: Failed to access configuration database: Network error IOException: Address family not supported by protocol family: create.

    Workaround: Use the FQDN or host name of the vCenter Server system. The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if assigned by DHCP. In addition, you must reinstall the IPv4 interface using the following command: netsh interface ipv4 install.
    Alternatively, on Windows 2003, 2008, or 2008 R2, navigate to the Change Adapter Settings dialog box and deselect the check box: Internet Protocol Version 4 (TCP/IPv4).

  • vCenter Single Sign On database installation fails when you use a double quotation mark in your password
    When you use a double quote character (") in your Single Sign On password, installation of the Single Sign On database fails. An error message appears when you install Single Sign On SQL Express.

    Workaround: Do not use a Single Sign On password that contains a double quotation mark.

  • vCenter Single Sign On installation fails when the system's host name contains unsupported characters
    An error message appears and Single Sign On installation fails when the Single Sign On system's host name contains non-ASCII or high-ASCII characters.

    Workaround: Use only ASCII characters for the host names of systems where Single Sign On is installed.

  • vCenter Single Sign On installation fails when the Single Sign On folder name contains unsupported characters
    An error message appears, and Single Sign On installation fails when the Single Sign On build folder name contains non-ASCII or high-ASCII characters.

    Workaround: Use only ASCII characters for source folders that contain Single Sign On installer files.

  • Connection to the MSSQL database fails during vCenter Single Sign On installation
    The error message Database connection has failed appears when you install vCenter Single Sign On and you are using manually created MSSQL database users. For MSSQL databases, you must use SQL Server Authentication database users. Windows Authentication users are not supported.

    Workaround: Ensure that the manually-created database users are using SQL Server authentication.

  • Insufficient privileges error occurs when you use manually created DB2 database users
    When you install vCenter Single Sign On and the installer requests Single Sign On database information for existing databases, you can select the Use manually created DB users check box. If you are using a DB2 database and have manually created users with the rsaIMSLiteDB2SetupUsers.sql script, you might receive an error that the database users do not have sufficient privileges.

    Workaround: The rsaIMSLiteDB2SetupUsers.sql script, which is located in the <installation directory>\Single Sign On\DBScripts\SSOServer\schema\db2 directory, does not include two of the required privileges. If you use the script to manually create users, edit the script to include the following privileges:
    GRANT DBADM ON DATABASE TO USER RSA_DBA;
    GRANT CREATETAB ON DATABASE TO USER RSA_USER;

Upgrade Issues

Known issues that affect both installation and upgrade are listed under Installation Issues.
  • Suspended virtual machine has an additional Power Off option after upgrading to vCenter Server 5.1
    A suspended virtual machine displays an additional Power Off option after upgrading to vCenter Server 5.1. If you attempt to select the Power Off option the following error is displayed:

    The attempted operation cannot be performed in the current state (Suspended).

    Workaround: None.

  • vCenter Server domain admin users might not have permission to login to vCenter Server if upgrade is done using Simple Install
    If you use the Simple Install method during upgrade, some vCenter Server domain administrator users who had permission before the upgrade might not have permission to log in to vCenter Server after the upgrade. This happens if vCenter Single Sign On fails to discover some identity sources.

    Workaround: Use the Independent Install method. During upgrade, the installer provides a list of users who have vCenter Server administrator access and a list of users who will be deleted.

  • Upgrade of vCenter Server and vCenter Inventory Service from 5.1 to 5.1.0b might fail if vCenter Single Sign On is not accessible during upgrade
    Attempts to upgrade vCenter Server and vCenter Inventory Service might fail if the vCenter Single Sign On is not accessible during upgrade.

    Workaround: Ensure that the vCenter Single Sign On is up and running during vCenter Server and Inventory service upgrade.

  • During upgrade of vSphere Authentication Proxy from version 5.0 to version 5.1 "bad user name or password" warning appears
    When you upgrade vSphere Authentication Proxy from version 5.0 to version 5.1, on systems with vCenter Server Heartbeat installed, the installer might display the warning Error 29453 login failed due to bad user name or password. You can ignore the warning and proceed with the installation.

Licensing Issues
  • ESXi 5.1 cannot be added to vCenter Server using the named administrator account
    When you attempt to add an ESXi 5.1 host to vCenter Server using a named administrator account, a license download error might occur: License file download from <IP address> to vCenter Server failed due to exception: vim.fault.HostConnectFault.

    Workaround: Use the root account to add an ESXi 5.1 host to vCenter Server.

Security Issues
  • Replacing the SSL key and certificate of vCenter Service on the vCenter Server appliance displays an error: VC_CFG_RESULT=655
    When you attempt to replace the SSL key and certificate of vCenter Service on the vCenter Server appliance by using the vpxd_servicecfg certificate change command the following error message is displayed:

    VC_CFG_RESULT=655

    This error usually appears when the supplied private key file contains a key encoded in the PKCS#8 format with the header BEGIN PRIVATE KEY. The configuration program only supports key encoded in the PKCS#1 format with the header BEGIN RSA PRIVATE KEY.

    Workaround: Perform the following steps to resolve the issue:

    1. Convert the private key to PKCS#1 format using the openssl command as follows:

      openssl rsa -in original-user-key-file -out pkcs1-key-file
    2. Re-attempt the vpxd_servicecfg certificate change command with the new key file:

      vpxd_servicecfg certificate change user-cert-file pkcs1-key-file

Networking Issues
  • Prefix- and range-based MAC address allocation is supported only in vCenter Server 5.1 and ESXi 5.1
    Prefix- and range-based MAC address allocation is supported only in vCenter Server 5.1 and ESXi 5.1. If you add pre-5.1 hosts to vCenter Server 5.1, and use anything other than VMware OUI prefix- or range-based MAC address allocation, virtual machines assigned MAC addresses that are not VMware OUI prefixed fail to power on their pre-5.1 hosts.
    The prefix- and range-based MAC address allocation schemes are not supported on pre-5.1 hosts because pre-5.1 hosts explicitly validate if an assigned MAC address uses the VMware OUI 00:50:56 prefix. If the MAC address is not prefixed with 00:50:56, the virtual machine pre-5.1 host fails to power on.

    Workaround:

    1. Do not add pre-5.1 hosts to 5.1 vCenter Server.

    2. If the virtual machine is newly created and is placed on pre-5.1 hosts, edit the virtual machine settings. If the MAC address of the new virtual machine is not prefixed with 00:50:56, change its MAC address to a manual address type and provide another valid MAC address prefixed with 00:50:56. After applying the change, the MAC addresses using non-VMware OUI and VMware OUI prefixes can co-exist in vCenter Server.

  • vMotion and Storage vMotion for virtual machines on monoflat disks with a snapshot do not function
    Monoflat is a disk format that is no longer supported by VMware. Monoflat disks can be powered on when attached to virtual machines, but VMware does not recommend migration of the attached virtual machines. The migration fails when there is a snapshot present.

    Workaround: Change to another disk format before attempting migrations. VMware supports Virtual Machine File System (VMFS) disk formats eagerzeroedthick, zeroedthick, thin disk, and 2gbsparse.

  • maxProxySwitchPorts setting not persistent after stateless host reboot
    The maximum number of ports on a host is reset to 512 after the host is rebooted and a host profile applied. When you set maxProxySwitchPorts on a specific stateless host on a distributed switch, the setting might not persist when the host is rebooted. This applies only to stateless hosts that are part of a distributed switch and have had the maxProxySwitchPorts setting changed.

    Workaround: Manually change the maxProxySwitchPorts settings for the hosts after reboot.

  • Encapsulated remote mirror sessions require the destination IP to be a valid unicast IP
    In an encapsulated remote mirror session, a vSphere distributed switch redirects the original traffic to the specified destination IP. If you selected a multicast or broadcast IP address as the destination for the session, the original traffic is mirrored to multiple destinations. This can consume a lot of physical network bandwidth. If you specified an invalid IP address, such as a reserved IP address, the original traffic is not mirrored.

    Workaround: Configure valid unicast IP addresses as the destination of encapsulated remote mirror session.

  • Searching for distributed virtual port groups by private VLAN might return the wrong results in a multiple vCenter Server environment
    When you manage multiple vCenter Servers with one instance of the vSphere Web Client, a search for distributed virtual port groups that have specific private VLAN settings might return not only the specific port groups, but also port groups that should not be part of the results.

    Workaround: Perform another search.

  • Naming a network protocol profile with surrogate pair characters results in error
    Creating a network protocol profile using surrogate pair characters results in failure and an error message related to UTF-8 handling in the vSphere Web Client.

    Workaround: Avoid using surrogate pair characters for network protocol profiles.

  • Unable to join vCenter Server to Linked Mode group
    You are unable to join vCenter Server to a Linked Mode group if you changed the vCenter Server HTTPS port during a vCenter Server upgrade.

    Workaround:

    1. Open the vSphere Client.
    2. Navigate to Administration > vCenter Server Settings > Advanced Settings.
    3. Select the key named VirtualCenter.VimApiURL.
    4. In the value field, change the port number in the URL to the one you were given during vCenter Server Upgrade.
    5. Restart the service VMware VirtualCenter Server.
    6. Start the Modify Linked Mode configuration by clicking Start Menu > VMware > vCenter Server Linked Mode Configuration. This option links a vCenter Server to a linked mode group.

  • Standard Switch topology in the vSphere Web Client shows the failover policy for both the switch level and the port group level
    The port state icon and the Stand By or Unused label apply to the failover policy at the switch level. When a port group is selected, the orange line applies to the failover policy at the port group level.

    Workaround: None. The orange-highlighted physical network adapters are used for port group traffic even if they are labeled Stand By or Unused in the topology.

Storage Issues
  • Storage device names using non-ASCII or high-ASCII characters appear as unreadable in the vSphere Web Client UI
    During OVF deployment, the names of storage devices named with non-ASCII or high-ASCII characters appear garbled or unreadable in the vSphere Web Client UI.

    Workaround: Name storage devices using ASCII characters only.

  • Virtual machine observed datastore latency
    You might see incorrect virtual machine observed datastore latency values when running SDRS or SIOC on a datastore connected to a combination of ESXi 5.0 and ESXi 5.1 hosts. ESXi 5.1 collects a new statistic called "virtual machine observed datastore latency" which is not collected in ESXi 5.0. Because of this difference, it is not possible to correctly average statistics values between a mixture of ESXi 5.0 and ESXi 5.1 hosts. This can also result in less aggressive SDRS I/O load balancing behavior when a datastore cluster has datastores mounted with a combination of ESXi 5.0 and ESXi 5.1 hosts compared to a datastore cluster with only ESXi 5.1 hosts.

    Workaround: Upgrade all hosts to ESXi 5.1.

  • Enabling historic performance charts for datastores and datastore clusters in a Storage DRS environment
    In a vSphere 5.1 environment, if you have the Collection Level for the statistics set to the default of 1, only real-time performance charts are displayed for Storage DRS data counters related to datastore and datastore cluster metrics. If you select a different time interval, the chart displays No data available. This is the result of many datastore and datastore cluster metrics having been moved to Stats Collection Level 3, by default, in order to improve performance.

    Workaround: To enable historic performance charts for datastore and datastore cluster metrics, move the Storage DRS counters to Stats Collection Level 1. For more information, see the Knowledge Base article 2009532. Be aware that changes in the counter levels may cause a significant increase in data collection and storage, along with a corresponding decrease in performance. For more information, see Modifying Performance Counter Collection Levels in the vSphere Web Services Programming Guide and the vSphere API Reference.

  • Storage vMotion might fail with an error message
    When storage configuration is overloaded and stressed, a file on a VMFS datastore might take much longer to open. This delay can cause Storage vMotion of a virtual machine to fail with the error message A parent disk path is required for snapshot of disk /path/to/disk/XXX.vmdk.

    Workaround: Use one of the following methods to reload the virtual machine disk information and then perform Storage vMotion again.

    • Create a dummy snapshot and then immediately remove it.
    • Migrate the virtual machine to another host. Do not change the datastore.
    • After powering off the virtual machine, detach the virtual disk and then reattach it again.
    • After powering off the virtual machine, unregister the virtual machine and then register it again.
    • Restart the management agent via DCUI, or by executing /etc/init.d/hostd restart.

    To avoid the Storage vMotion failure when the storage array is stressed and slow, edit the following option in the /etc/vmware/config file to increase the number of open disk retries:diskLibMiscOptions.openRetries = large number, such as 99.

Server Configuration Issues
  • Validating host customizations fails while editing host profiles
    You might receive the following error while validating host customizations from the Host Profile editor:
    Cannot validate host customizations for host.

    This error might occur when old host customization values are saved in vCenter Server, such as, when a host was previously assigned to an old host profile with a different configuration.

    Workaround: Perform the following to reset the host customizations:

    1. Right-click the host listed in the error.
    2. Select All vCenter Actions > Host Profiles > Reset Host Customizations.

  • Network policy compliance failures continue for host profiles created from ESXi 4.1 or ESXi 4.0 hosts applied to ESXi 5.1 hosts
    After applying a host profile created from an ESXi 4.1 or ESXi 4.0 host to an ESXi 5.1 host, the following host profile compliance failures might continue:

    For port group [PORT GROUP NAME] network policy property spec.policy.nicTeaming.failureCriteria doesn't match
    For port group [PORT GROUP NAME] network policy property spec.policy.nicTeaming.reversePolicy doesn't match

    The above network settings are not supported on ESXi 5.1 hosts and are no longer configured when applying a host profile containing those settings.

    Workaround: Two possible remedies are available:

    • After applying the host profile originally created from an ESXi 4.1 host to an ESXi 5.1 host, create a new host profile from the ESXi 5.1 host and attach that to that ESXi 5.1 host and other affected ESXi 5.1 hosts.
    • Modify the NIC Teaming policy in the host profile to the User must explicitly choose the policy option option instead of the Apply specified NIC teaming policy.

  • Host profile compliance errors occur when removing ESXi hosts from vCenter Server inventory
    While checking host profile compliance, vCenter Server sometimes needs to query an ESXi host for data related to Host Profiles. The target host for the compliance check operation is not necessarily the ESXi host that vCenter Server uses for these Host Profile data queries. A race condition exists when a customer removes an ESXi host from the vCenter Server inventory and performs a compliance check operation at the same time. During this time, a query for Host Profile data results in an error with the message Host Unavailable For Checking Compliance.

    Workaround: After removing the host from the vCenter Server inventory, check the host profile compliance again. vCenter Server attempts to use a different host to query for Host Profile data.

  • Host Profile compliance failures for Firewall Rulesets might occur after remediating ESXi 5.1 host with ESXi 5.0 host profile
    When checking compliance using a host profile created from an ESXi 5.0 host, you might see compliance failures related to the CIMHttpsService and CIMHttpService.

    In some cases, a mismatch in a host profile might exist between the enabled state of the Firewall Rulesets for the CIM/WBEM services (CIMHttpService and CIMHttpsService) and the Service Startup Policy for the CIM/WBEM service (sfcb-watchdog). When the service starts, the firewall ports automatically open. This results in the compliance failure for the CIM service firewall rulesets.

    Workaround: Perform one of the following workarounds.

    • Make the host profile consistent by editing the Firewall Ruleset subprofiles for CIMHttpService and CIMHttpsService in the host profile so that the enabled parameter is True.
    • Go to the Security Profile configuration of the ESXi host from which the host profile was created (or the new reference host, if it has changed since creation), and manually refresh the Firewall info. Then, perform a Update host profile from reference host operation.

    Alternatively, if you are using the vSphere Web Client, perform the "Copy Settings From Host" operation to update the host profile.

vCenter Server and vSphere Client Issues
  • Logging into vCenter Server 5.1 using the use windows session credentials option fails with the error: Cannot complete login due to an incorrect username or password

    For more information, see KB 2035510.
    Workaround : None

  • vCenter Server 5.x is unable to function correctly when installed with Oracle 11.2.0.3 Patch 10 or later
    vCenter Server 5.0 and 5.1 does not function correctly when installed with Oracle 11.2.0.3 Patch 10 or later. With this, creating a new virtual machine on vCenter Server 5.x fails with the following error message.

    An internal error occurred in the vSphere Client
    Details: Object reference not set to an instance of an object.

    For more information, see KB 2039874.
    Workaround : None

  • Active Directory users with customized UPN user names cannot use UPN (User principal name) format user name and password to log into the vSphere Web Client and vSphere Client.
    Active Directory users might have a custom suffix in their UPN instead of using the domain name as the suffix. For example, the user name alice@company.com can be customized to be alice@sales.company.com. Active Directory users with these custom suffixes cannot log into the vSphere Web Client and vSphere Client using UPN format user name (ex: alice@sales.company.com).

    Workaround: Such Active Directory users must login to vSphere Web Client and vSphere Client using either Windows session credentials or NetBIOS format user name.

  • vCenter Server and vCenter Single Sign On services fail to start
    When you change the host name or port assignment of the Single Sign On database server, Single Sign On fails. As a result, vCenter Server fails to start. This issue can also occur when you use SQL Server Express Edition, which is installed with Single Sign On and vCenter Server. If SQL Server Express Edition is configured to use dynamic ports, the port assignment might change when you reboot the system. This occurs when the port is already occupied by another service.

    Workaround: When you change the host name or port of the Single Sign On database server, you must reconfigure Single Sign On with the new host name or port.

    1. Stop the vCenter Single Sign On server.
    2. Enter the following command:
      <ssoserver folder>\utils> ssocli configure-riat -a configure-db --database-host <new database server> --database-port <new database port> -m <master password>
    3. Edit the following text file to replace the port number with the new value in the line that begins with db.url=:
      <ssoserver folder>\webapps\lookupservice\WEB-INF\classes\config.properties
    4. Start the vCenter Single Sign On server.
  • Logging into vCenter Server through the vSphere Web Client fails if you specify a non-ASCII user name
    If you provide a valid vCenter Server user name composed of non-ASCII characters when you attempt to log in using the vSphere Web Client, the login attempt fails with the following error:

    Provided credentials are not valid.

    Workaround: Use only ASCII characters in user names.

  • Data for multi-selected virtual machines loads slowly in the vSphere Web Client
    In the vSphere Web Client, if you select a large number of virtual machines in a list by pressing Ctrl+A, Shift+End, or Shift+Home, the virtual machine data might take longer than expected to load.

    Workaround: Press Esc to cancel the multi-select operation.

  • Unable to power on a virtual machine in the vSphere Web Client
    If you power off a virtual machine from within the guest operating system, the virtual machine's state might not be updated in the vSphere Web Client. If you then attempt to power on the virtual machine, the operation fails with the error message: This action is not available for any of the selected objects at this time.

    Click the refresh button in the vSphere Web Client and repeat the power on operation.

  • The vCenter Server Appliance Web interface does not work in Firefox 14
    In Firefox 14 or later, the Administration, Services, and Storage tabs do not appear in the vCenter Server Appliance Web interface. The Admin page appears but is blank. This prevents configuration of the Active Directory membership and other settings.

    Workaround: Use another supported browser, or use the Firefox Extended Support Release, which is based on Firefox 10 and can be downloaded from http://www.mozilla.org/en-US/firefox/organizations/all.html.

  • Uninstalled plug-ins appear in the vSphere Web Client Plug-in Management interface
    If you uninstall a currently-loaded vSphere Web Client plug-in, the Plug-in Management Interface continues to show the plug-in until the Web server is restarted. The plug-in functionality itself is no longer available in the vSphere Web Client.

    Workaround: Restart the Web server.

  • Virtual machine console in the vSphere Web Client is not responsive to mouse input
    For virtual machines running some Linux distributions, the console might not initially respond to mouse input when you launch the console from the vSphere Web Client.

    Workaround: Click Full Screen to switch the console to full screen mode.

  • A Web browser context menu appears when right-clicking an object in the vSphere Web Client inventory.
    When using Windows 8 with Internet Explorer 10, when you navigate to an object in the vSphere Web Client inventory and right-click, the browser context menu is displayed over the object's context menu. .

    Workaround: Right-click somewhere else in the application to allow the object's context menu to be displayed.

  • Unable to delete folder
    If you have the Folder.Delete folder permission defined at the folder level only, attempting to remove that folder produces an error message stating that you do not have the correct permissions.

    Workaround: None.

  • Failed to read request errors in vpxd.log
    Error messages similar to the following might appear in vpxd.log:
    2012-05-15T08:41:03.120Z [7F7DCB7C6700 error 'QsAdapter.HTTPService'] Failed to read request; stream: UNIX(/var/run/vmware/vpxd-qsadapter-pipe), error: N7Vmacore16TimeoutExceptionE(Operation timed out)
    2012-05-15T08:41:03.120Z [7F7DCB889700 error 'SoapAdapter.HTTPService'] Failed to read request; stream: TCP(), error: N7Vmacore16TimeoutExceptionE(Operation timed out)
    2012-05-15T08:41:33.124Z [7F7DCB5BE700 error 'SSL SoapAdapter.HTTPService'] Failed to read request; stream: SSL(no stream), error: N7Vmacore16TimeoutExceptionE(Operation timed out)
    2012-05-15T08:41:48.125Z [7F7DCB57D700 error 'SSL SoapAdapter.HTTPService'] Failed to read request; stream: SSL(no stream), error: N7Vmacore16TimeoutExceptionE(Operation timed out)
    2012-05-15T08:41:48.125Z [7F7DCAD75700 error 'SSL SoapAdapter.HTTPService'] Failed to read request; stream: SSL(no stream), error: N7Vmacore16TimeoutExceptionE(Operation timed out)
    2012-05-15T08:41:58.127Z [7F7DCBC58700 error 'SoapAdapter.HTTPService'] Failed to read request; stream: TCP(), error: N7Vmacore16TimeoutExceptionE(Operation timed out)

    These log entries are not real errors and are indicative only of an attempt to connect to an external service that is not running.

    Workaround: None.

  • Tag names cannot contain surrogate pair characters
    If you attempt to create a tag with a name containing surrogate pair characters, the tag creation fails.

    Workaround: Do not use surrogate pair characters in tag names.

  • Changes to the host name of the vCenter Server system are not reflected in the vSphere Web Client or vSphere Web Client inventory
    If you change the host name of a vCenter Server system or vCenter Server Appliance, the local machine shows the new host name, but the old name appears in the vSphere Web Client and vSphere Client inventory.

    Workaround: Use the vSphere Web Client or vSphere Client to change the display name of the vCenter Server system.

    In the vSphere Web Client, do the following:

    1. Navigate to the vCenter Server instance and select the Manage tab.
    2. Under Settings, click General.
    3. In the Edit vCenter Server Settings dialog box, select Runtime Settings.
    4. In vCenter Server name, type the name for the vCenter Server system.
    5. Click OK.

    In the vSphere Client, do the following:

    1. Select Administration > vCenter Server Settings.
    2. If the vCenter Server system is part of a Linked Mode group, select the server to configure from the Current vCenter Server drop-down list.

      Note: Linked Mode is not supported on the vCenter Server Appliance.

    3. In the navigation panel, select Runtime Settings.
    4. In vCenter Server Name, type the name for the vCenter Server system.
    5. Click OK.

  • The vSphere Web Client becomes unresponsive when running multiple operations
    When you perform operations affecting multiple virtual machines, such as powering on or powering off multiple virtual machines, the vSphere Web Client might become unresponsive until tasks complete. This is due to a limitation in Flash on how many tasks can run in parallel. The vSphere Web Client will become responsive when all tasks are sent to the server.

    Workaround: None.

  • Backup of the Inventory Service database fails
    A backup of the Inventory Service database while the Inventory Service is running fails due to a bad_certificate error.

    Workaround: Shut down the inventory service before taking a backup.

    On a Windows system, do the following:

    1. Stop the Inventory Service:
      1. Open the Windows Administrative Tools control panel and select Services.
      2. Right-click VMware vCenter Inventory Service and select Stop.
    2. Open the command prompt and change to the directory vCenter_Server_installation_directory\Infrastructure\Inventory Service\scripts.

      vCenter_Server_installation_directory is the directory where you installed vCenter Server. By default, this is C:\VMware\.

    3. Run the following command at the prompt to back up the Inventory Service database: backup.bat -file backup_file_name.

    On a vCenter Server Appliance, do the following:

    1. Open a console and run the service vmware-inventory service stop command to stop the Inventory Service.
    2. Change the directory to /usr/lib/vmware-vpx/inventoryservice/scripts/.
    3. Run the following command to back up the Inventory Service database: ./backup.sh -file backup_file_name.

  • Cannot add an ESXi host to the vCenter Server Appliance using the local-link IPv6 address
    If you try to add an ESXi host to the vCenter Server Appliance using a local-link IPv6 address of the form fe80::*, you see the error message, Cannot contact the specified host.

    Workaround: Use a valid IPv6 address for the host that is not a local-link address.

  • Enabling DRS for a cluster produces an erroneous warning about DPM being enabled
    If you resume an Edit Cluster Services task from the Work in Progress pane and enable DRS, you might see a message incorrectly stating that DPM will be enabled. This occurs after you log out of and log back into the vSphere Web Client while the Edit Cluster Services task is saved to the Work in Progress pane.

    Workaround: No workaround is required. DPM will not be enabled.

  • Search fails and Hardware Health and Health Status plug-ins are disabled in the vSphere Client
    The vSphere Client does not connect to the inventory service when installed on Windows 2003 or Windows XP. This has the following effects:

    • When you try to search the vSphere Client inventory, you see the error message, Login to the query service failed. A communication error occurred while sending data to the server. (The underlying connection was closed: An unexpected error occurred on a send.)
    • Hardware Health and Health Status plug-ins are disabled and cannot be viewed in the vSphere Client.

    Workaround: No workaround is available for 32-bit Windows XP. For Windows 2003 or 64-bit Windows XP, apply the appropriate hotfix as listed below.

    Platform: x64
    Language: English
    Location: (http://hotfixv4.microsoft.com/Windows%20Server%202003/sp3/Fix192447/3790/free/351403_ENU_x64_zip.exe)

    Platform: ia64
    Language: English
    Location: (http://hotfixv4.microsoft.com/Windows%20Server%202003/sp3/Fix192447/3790/free/351397_ENU_ia64_zip.exe)

    Platform: i386
    Language: English
    Location: (http://hotfixv4.microsoft.com/Windows%20Server%202003/sp3/Fix192447/3790/free/351385_ENU_i386_zip.exe)

  • Attaching an Oracle database to vCenter Server Appliance produces an error about incompatible schema
    If you attempt to configure the vCenter Server Appliance with an external Oracle database that was used previously with a vCenter Server 5.0 Appliance, you see the error message, Error: Incompatible DB schema version.

    Workaround: You can use the vCenter Server Appliance setup wizard to reset the database. Doing so will destroy all records currently in the database. To keep the records in the database, follow the upgrade process as described in the vSphere Upgrade documentation to upgrade the vCenter Server Appliance and database from vCenter Server 5.0 to vCenter Server 5.1.

    To reset the database:

    1. Log in to the vCenter Server Appliance Web interface and start the setup wizard.
    2. Enter the database information.

      The wizard displays the message, The database has been initialized with an incompatible schema version.

    3. Select reset the DB contents.

  • Errors related to python scripts appear when an invalid configuration file is uploaded to the vCenter Server Appliance configuration wizard
    In the vCenter Server Appliance initial configuration wizard, if you select Upload configuration file and select an invalid file, the Web interface displays errors related to python scripts.

    Workaround: None.

  • Login or navigation errors after upgrading a vCenter Server Appliance with a static IP address
    After upgrading a vCenter Server Appliance with a static IP address, you might experience the following errors:

    • When you attempt to log in to the vCenter Server Appliance Web interface, you might see the error, Unable to connect to server. Please try again.
    • When you attempt to navigate to a new page in the vCenter Server Appliance Web interface, you might see the error, Not Found.

    Workaround: Clear the browser cache and log in to the vCenter Server Appliance Web interface again.

  • Active Directory is not discovered as an identity source if the vCenter Server Appliance is joined to an Active Directory domain before vCenter Single Sign On is started
    This might occur when the vCenter Server Appliance is joined to an Active Directory domain as part of its initial configuration through the Web interface configuration wizard. After the configuration, the related vCenter Server and vCenter Single Sign On services might work, but Active Directory is not discovered as an identity source.

    Workaround: Do one of the following.

    • Restart the vCenter Server Appliance.
    • Restart vCenter Single Sign On, followed by the vSphere Web Client service.

  • Unable to reconfigure vCenter Server Appliance settings that failed on initial configuration
    The first time you log in to the vCenter Server Appliance, the initial configuration wizard prompts you to accept the EULA and configure database options, vCenter Single Sign On, and Active Directory. If any of these steps fail, the configuration wizard completes the remaining steps and starts the vCenter Server service.

    If you attempt to reconfigure any of the settings that the wizard failed to configure, you see the message, Error: VPXD must be stopped to perform this operation.

    Workaround: Do the following:

    1. Log in to the vCenter Server Appliance console, and execute the following command: /etc/init.d/vmware-vpxd stop
    2. Log in to the vCenter Server Appliance Web interface and reconfigure the settings as needed.
    3. Restart the vCenter Server service using the Web interface.

  • The related item listed in the Advanced Search results might not be the item specified in the search criteria
    When you perform an Advanced Search in the vSphere Web Client and specify a relationship between objects, the search results are correct, but the related object shown in the results might not be the object that you specified in the search criteria.

    For example, if you search for all folders that have a host whose name contains example, the correct list of folders appears in the search results. However, the host listed in the related objects column might not be the host whose name contains example, but a host with a different name that is also located in that folder.

    Workaround: None.

  • Some Chinese or Japanese characters do not display correctly in the vSphere Web Client
    When you access the vSphere Web Client from a Linux system with the default language set to Chinese or Japanese, some text in the vSphere Web Client is displayed as rectangular boxes instead of the correct Chinese or Japanese characters.

    Workaround: Install Linux with the default language set to English, and change the default language to Chinese or Japanese after installation.

  • The initial configuration wizard for the vCenter Server Appliance does not support static IP address configuration
    When you log in to the vCenter Server Appliance Web interface for the first time after deployment, the configuration wizard starts and prompts you to accept the EULA and configure database options, vCenter Single Sign On, and Active Directory. The wizard does not present network configuration options. The vCenter Server Appliance is configured to use DHCP by default.

    Workaround: If you completed the initial configuration wizard, changing to a static network configuration requires changing the SSL certificate of the appliance:

    1. On the Admin page of the vCenter Server Appliance Web interface, click the Toggle certificate setting button to change the Certificate regeneration enabled option to Yes.
    2. Configure the static IP address for the vCenter Server Appliance.

    If you have not yet completed the initial configuration wizard, do the following:

    1. Log in to the vCenter Server Appliance Web interface.
    2. Accept the EULA and then click Cancel.
    3. Configure the network.

      If you change the host name or IP address, you will be disconnected from the Web interface. Log in again using the new host name or IP address.

    4. On the vCenter Server page, click the Summary tab.
    5. Click the Launch button next to Setup wizard. Complete the setup wizard to finish the initial configuration of the appliance.

    If you use vCenter Server to deploy the vCenter Server Appliance as an OVF, you can configure a static IP address during deployment. However, this applies only to environments that have a vCenter Server instance deployed.

  • Host name cannot be changed in vCenter Server Appliance Web interface
    Attempting to change the host name in the vCenter Server Appliance Web interface might fail. This issue occurs when an appliance is configured to use a static IP address and host name. From the Network" tab, if you edit both the host name and IP address and then save these settings, only the IP address changes. The host name remains unchanged.

    Workaround: If you need to change both the host name and the IP address, make the changes in two separate operations.

  • Changing MTU for independent hardware iSCSI in the vSphere Client requires that you enable Jumbo Frames first
    When you use the vSphere Client to modify the MTU parameter on the Advanced Settings dialog box, you need to check the Jumbo Frame box first. Otherwise, the MTU change does not propagate to the independent hardware adapter. In the vSphere Web Client, the Jumbo Frame box is not present, so you change the value in the MTU input box.

    Workaround:
    In the vSphere Client:

    1. Select a host from the inventory panel.
    2. Click the Configuration tab and click Storage Adapters in the Hardware panel.
    3. Select an independent hardware adapter from the list of storage adapters.
    4. Click Properties, and click Advanced.
    5. Enable Jumbo Frames by checking the Jumbo Frame box.
    6. Edit the value in the MTU entry box and click OK.
    7. Note: If you enable Jumbo Frames, but for the MTU size enter the value that does not exceed 1500 Bytes, the Jumbo Frames enablement is ignored.

    In the vSphere Web Client:
    1. Browse to the host in the vSphere Web Client object navigator.
    2. Click the Manage tab, and click Storage.
    3. Click Storage Adapters, and select the independent hardware iSCSI adapter from the list of adapters.
    4. Under Adapter Details, click the Advanced Options tab and click Edit.
    5. Change the value of the MTU parameter.

  • Cannot log in to vCenter Server after you replace SSL certificates
    After you replace the SSL certificates for vCenter Server, you might not be able to log in to the server. This is because vCenter Server is not restarted when you replace SSL certificates. You must restart the server to refresh the certificate for Single Sign On.

    Workaround: Restart vCenter Server after you replace SSL certificates.

  • Java IO exception appears in log file when you start vCenter Single Sign On on vCenter Server Appliance
    When you start vCenter Single Sign On on a vCenter Server Appliance, a Java IO exception might appear in /var/log/vmware/sso/catalina.out.

    For example:

    java.io.IOException: ClientAbortException: java.net.SocketException: Broken pipe
    at com.sun.xml.ws.server.SDDocumentImpl.writeTo(SDDocumentImpl.java:278)
    at com.sun.xml.ws.transport.http.HttpAdapter.publishWSDL(HttpAdapter.java:539)

    In addition, when you stop the Single Sign On server on the vCenter Server Appliance, a memory leak error might appear in /var/log/vmware/sso/catalina.out.

    For example:

    SEVERE: The web application [/ims] appears to have started a thread named [Thread-4] but has failed to stop it.

    Workaround: None.

  • vCenter Server might fail to start or you cannot log in to the vSphere Web Client after you restart the Single Sign On server system
    When you restart the machine where vCenter Single Sign On is installed, changes to the system might occur. For example, updates are applied to the operating system, the machine name changes, or the machine is added or removed from an Active Directory domain. These changes might cause the Single Sign On server to become unresponsive, even though Single Sign On is running. As a result, vCenter Server does not start. This can also happen if you clone or change the parameters of a virtual machine where Single Sign On is installed (for example, the amount of RAM, the number of CPUs, the MAC address, and so on).

    Workaround: Perform the following steps.

    1. On the system where Single Sign On is installed, locate the Single Sign On installation directory and run the following command from the utils folder:
      rsautil manage-secrets -a recover -m masterPassword
    2. Restart the Single Sign On service.
    3. Start the vCenter Server service.
  • Active Directory domain to which vCenter Server system belongs does not appear in the Single Sign On server list of identity sources
    On Windows, if vCenter Server is installed on a machine that is joined to an Active Directory domain, the domain users do not appear in the vSphere Client or the vSphere Web Client. On Linux, the error message Unable to retrieve domain user appears.

    Workaround: Configure a reverse lookup zone, a related pointer record, and synchronize the system clock.

  • The vCenter Server appliance does not support Active Directory configuration using IPv6
    If you attempt to configure Active Directory on the vCenter Server appliance using IPv6, the configuration fails.

    Workaround: Configure Active Directory on the vCenter Server appliance using IPv4.

  • The vCenter Server Appliance does not support IPv6 addresses in the proxy setting
    If you attempt to enter an IPv6 address for the proxy setting on the vCenter Server Appliance Web console Networking page, the configuration fails.

    Workaround: Use an IPv4 address for the proxy setting for the vCenter Server Appliance.

  • The vSphere Web Client login page takes several minutes to open after certain operations
    Typically, when you open the vSphere Web Client URL in a browser, you can expect the login page to open immediately. But if you just completed the installation, or if you restart the vSphere Web Client service, or configure the vCenter Server Appliance, the login page does not open immediately. You might see a blank page for a few minutes followed by an HTTP 404 page.

    Workaround: Wait for few minutes and try refreshing the page again. If after 2-4 minutes, you refresh the page, the login page opens correctly.

  • On Linux systems, the font appears incorrectly on some vSphere Web Client pages
    The Linux and UNIX shell (*nix/*nux) Web hosting services do not apply the Adobe Flex Spark skins correctly on some vSphere Web Client pages. For example, bold fonts in titles do not appear as bold.

    Workaround: Install the Microsoft True Type Core Fonts, msttcorefonts, for your operating system. For example, on Ubuntu systems, type sudo apt-get install msttcorefonts at the command prompt.

  • Cannot log into the vSphere Web Client with Windows session credentials
    The vSphere Web Client does not support logging in with Windows session credentials when you are logged into Windows as a local operating system user. When you log into the vSphere Web Client with Windows session credentials, you must be an Active Directory user of a domain which exists as an identity source in vCenter Single Sign On.

    Note: Logging in with Windows session credentials is not supported for vCenter Server 5.0 systems.

    Workaround: To use Windows session credentials to log into the vSphere Web Client from a browser on a Windows system, you must log into the Windows system as an Active Directory user of a domain which exists as an identity source in vCenter Single Sign On.

  • When you click Log Browser in the vSphere Web Client, an Unauthorized Access error appears
    When you click the Log Browser link in the vSphere Web Client, an error message appears: Exception: https://<system-address>:12443/vmwb/logbrowser: Unauthorized access. This error occurs after you replace the default vCenter Single Sign On server's SSL certificate, either directly or by regenerating the certificate in the vCenter Server Appliance.

    Workaround: To resolve this issue see KB 2037927.

  • Updated Authentication fails when vCenter Single Sign On system (System-Domain) users attempt to log into the vSphere Web Client
    The default password policy for vCenter Single Sign On system users specifies that passwords expire in 365 days. However, vCenter Single Sign On does not issue a warning when a user's password is approaching expiration.

    Workaround: vCenter Single Sign On administrator users can change expired passwords for System-Domain users. Request that an administrator resets your password. If you are a Single Sign On administrator user, use the ssopass command-line tool to reset the password.

    On Windows:

    1. Open a terminal window and navigate to C:\Program Files\VMware\Infrastructure\SSOServer\ssolscli
    2. Run the following command.
      ssopass <username>
    3. Enter the current password for the user, even if it has expired.
    4. Enter the new password and enter it again for confirmation.

    On Linux (vCenter Server Appliance):

    1. Open a terminal window and navigate to /usr/lib/vmware-sso/bin.
    2. Run the following command.
      ./ssopass <username>
    3. Enter the current password for the user, even if it has expired.
    4. Enter the new password and enter it again for confirmation.

    The tool tries to automatically generate the LookupService URL from the current machine environment. In case you want to provide a different URL, or your connections to the default-picked URL cannot be established, you can provide the URL with the --ls-url parameter.

    The hostname provided in the URL must match the hostname provided during install.

  • Cannot use Windows session authentication in the vSphere Web Client when vCenter Single Sign On is configured for high availability
    Using Windows session authentication requires several consecutive calls to be made to Single Sign On and all of the calls must go to the same server. Because the Security Token Service (STS) client does not accept cookies that are sent from the STS, there is no guarantee that the calls will go to the same server in a high-availability configuration.

    Workaround: None

Virtual Machine Management Issues
  • Customizing a Windows virtual machine fails during the clone or deployment process
    In vCenter Server, guest customization of a Windows 2008, Windows 2008 R2, or Windows 7 virtual machine fails with an error: Windows Setup encountered an internal error while loading or searching for an unattended answer file. This issue occurs because the customization specification contains any of the following characters &, >, <, ", or ' in any of the following fields: Computer Name, Registered Owner Name, or Registered Organization Name.

    Workaround: Do not use special characters for any of these fields.

  • The vSphere Client and the vSphere Web Client allow to create a virtual disk with the 2TB-1MB size, while the maximum supported size is 2TB-512Bytes
    If you create a virtual disk with the vSphere Client and the vSphere Web Client, you can create a virtual disk with the maximum size of 2TB-1MB. However, the maximum supported size of a virtual disk is 2TB-512Bytes.

    Workaround: Use the vmkfstools command to create the virtual disk with the size of 2TB-512Bytes:
    vmkfstools -c --createvirtualdisk disk_size

VMware HA and Fault Tolerance Issues
  • In a vSphere HA cluster using Fault Tolerance, virtual machines might no longer be protected if an All Paths Down (APD) error occurs on all nodes
    In a vSphere HA cluster, if there is APD on primary and secondary nodes for the datastore that hosts a virtual machine, the virtual machine might become unprotected. This is due to a failure to start the Secondary VM as the new Primary VM that results from a timing issue with APD reporting that could cause the virtual machine to become unknown. This issue does not seem occur in a cluster with a smaller number of fault tolerant virtual machines

    Workaround:

    1. From vCenter Server, un-register the virtual machine and then re-register it using the same name as before. The virtual machine comes back up on the old primary node.
    2. Reconfigure the vSphere HA cluster and Fault Tolerance setup as it was previously configured.

Miscellaneous Issues
  • The vSphere Web Client log browser does not display some log types
    On Windows installations of vCenter Server and the vSphere Web Client, the log browser does not display the following log types:

    • Install
    • Lookup Server
    • SSO-service-cfg

    The issue does not occur in vLogBrowser in VMware Workbench.

    Workaround: Generate and download a log bundle. Use a text editor to view the log files.