VMware

VMware vCenter Server 5.1 Update 1c Release Notes

vCenter Server 5.1 Update 1c | 17 OCT 2013 | Build 1364037

vCenter Server 5.1 Update 1c Installation Package | 17 OCT 2013 | Build 1364042

vCenter Server Appliance 5.1 Update 1c | 17 OCT 2013 | Build 1364079

Last updated: 13 MAR 2014

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New

This release of VMware vCenter Server 5.1 Update 1c delivers a bug fix that has been documented in the Resolved Issues section.

Earlier Releases of vCenter Server 5.1

Features and known issues of vCenter Server 5.1 are described in the release notes for each release. To view release notes for earlier releases of vCenter Server 5.1, click the following links:

Internationalization

VMware vSphere 5.1.Update 1 is available in the following languages:

  • English
  • French
  • German
  • Japanese
  • Korean
  • Simplified Chinese

Compatibility and Installation

Important For virtual machines whose MAC addresses need to remain unique, for example, for licensing reasons, you must validate the MAC addresses against the MAC address requirements and restrictions in this release before upgrading. In your upgrade plans, take into account the detected potential issues that the new requirements and restrictions might cause.

ESXi, vCenter Server, and vSphere Web Client Version Compatibility

The VMware Product Interoperability Matrix provides details about the compatibility of current and previous versions of VMware vSphere components, including ESXi, VMware vCenter Server, the vSphere Web Client, and optional VMware products. In addition, check this site for information about supported management and backup agents before installing ESXi or vCenter Server.

The vSphere Client and the vSphere Web Client are packaged with the vCenter Server and modules ZIP file. You can install one or both clients from the VMware vCenter™ Installer wizard.

Inventory Service Database

The Inventory Service database does not have a scheduled backup. You should back up the Inventory Service database as part of your regular vCenter Server database administration. To move the Inventory Service database to a different host machine, back up the database on the source machine and restore the database on the destination machine as described in the vSphere Installation and Setup documentation.

vSphere Client Connections to Linked Mode Environments with vCenter Server 5.x

vCenter Server 5.1 can exist in Linked Mode only with other instances of vCenter Server 5.1.

Installation Notes for This Release

Read the vSphere Installation and Setup documentation for step-by-step guidance on installing and configuring ESXi and vCenter Server.

Although the installations are straightforward, several subsequent configuration steps are essential. In particular, read the following:

Upgrades and Installations Disallowed for Unsupported CPUs

vSphere 5.1 Update 1 supports only CPUs with LAHF and SAHF CPU instruction sets. During an installation or upgrade, the installer checks the compatibility of the host CPU with vSphere 5.1 Update 1. If your host hardware is not compatible, a purple screen appears with an incompatibility information message, and you cannot install or upgrade to vSphere 5.1 Update 1.

Upgrades for This Release

For instructions about upgrading vCenter Server and ESX/ESXi hosts, see the vSphere Upgrade documentation.

vCenter Server Upgrades

vCenter Server 5.1 Update 1c supports the following upgrade scenarios.

  • You can perform in-place upgrades on 64-bit systems from vCenter Server 4.x , vCenter Server 5.0.x, vCenter Server 5.1 , vCenter Server 5.1.0a, vCenter Server 5.1.0b, vCenter Server 5.1 Update 1a, and vCenter Server 5.1 Update 1b to vCenter Server 5.1 Update 1c. You cannot upgrade an instance of vCenter Server 4.x that is running on Windows XP Professional x64 Edition.

  • Customers with VirtualCenter 2.5 update 6 and later with 32-bit operating system will be required to perform a migration upgrade to vCenter Server 5.0 as the first step in the upgrade process due to the 32bit/64bit differences. After this migration upgrade, customers can perform an in-place upgrade from version 5.0 to version 5.1.x. See the version 5.0 vSphere Upgrade documentation.

  • vCenter Server 5.1 Update 1c can manage ESXi 5.x hosts in the same cluster with ESX/ESXi 4.x hosts. vCenter Server 5.1 cannot manage ESX 2.x or 3.x hosts.

  • Important When upgrading from vCenter Server 5.1.0b to vCenter Server 5.1 Update 1c for non-English locales, the installation of vCenter Single Sign On must be performed through the command line. Use the following command for upgrading:

    <Exe name> /S /v"/L*v <log location>/ /qn"

    Example: For vCenter Single Sign On installation use the following command:

    VMware-SSO-Server.exe /S /v"/L*v \"%temp%\vim-sso-msi.log\" /qn"

    For further information, see Knowledge Base article 2037976.

Open Source Components for VMware vSphere 5.1 and vCenter Server 5.1 Update 1c

The copyright statements and licenses applicable to the open source software components distributed in vSphere 5.1 and vCenter Server 5.1 Update 1c are available at http://www.vmware.com/download/open_source.html. You can also download the source files for any GPL, LGPL, or other similar licenses that require the source code or modifications to source code to be made available for the most recent generally available release of vSphere.

Product Support Notices

  • vSphere Client. In vSphere 5.1, all new vSphere features are available only through the vSphere Web Client. The traditional vSphere Client will continue to operate, supporting the same feature set as vSphere 5.0, but not exposing any of the new features in vSphere 5.1.

    vSphere 5.1 and its subsequent update and patch releases are the last releases to include the traditional vSphere Client. Future major releases of VMware vSphere will include only the vSphere Web Client.

    For vSphere 5.1, bug fixes for the traditional vSphere Client are limited to security or critical issues. Critical bugs are deviations from specified product functionality that cause data corruption, data loss, system crash, or significant customer application down time where no workaround is available that can be implemented.

  • VMware Toolbox. vSphere 5.1 is the last release to include support for the VMware Tools graphical user interface, VMware Toolbox. VMware will continue to update and support the Toolbox command-line interface (CLI) to perform all VMware Tools functions.

  • VMI Paravirtualization. vSphere 4.1 was the last release to support the VMI guest operating system paravirtualization interface. For information about migrating virtual machines that are enabled for VMI so that they can run on later vSphere releases, see Knowledge Base article 1013842.

  • Windows Guest Operating System Customization. vSphere 5.1 is the last release to support customization for Windows 2000 guest operating systems. VMware will continue to support customization for newer versions of Windows guests.

  • VMCI Sockets. Guest-to-guest communications (virtual machine to virtual machine) are deprecated in the vSphere 5.1 release. This functionality will be removed in the next major release. VMware will continue support for host to guest communications.

Resolved Issues

This release resolves the following issues:

  • Trusted Platform Module (TPM) attestation information for ESXi hosts is not reported after vCenter Server reboots or vpxd service restarts
    After vCenter Server is rebooted or vpxd service is restarted, TPM attestation values are deleted. The attestation report displays no information. This issue occurs on servers on which Trusted Execution Technology by Intel is enabled and the TPM is enabled. You are impacted only if you use an add on solution that provides remote verification.

    This issue is resolved in this release.

Known Issues

The known issues are grouped as follows.

Known issues not previously documented are marked with the * symbol.

Installation Issues
  • vCenter Single Sign On installation fails with error 32010
    vCenter Single Sign On installation fails with the following error:

    Error 32010. Failed to create database users. There can be several reasons for this failure. For more information, see the vmMSSQLCmd.log file in the system temporary folder.

    Also, the vCenter Single Sign On installation rolls back when you click OK in the error message dialog box.

    This issue occurs if the password set during installation does not meet the GPO policy.

    Workaround: When setting your password, ensure that you meet all of the following criteria:
    • Password must meet localos/AD domain GPO policy.
    • Limit password length to not more than 32 characters.
    • Avoid using special characters semicolon (;), double quotes ("), circumflex (^), single ('), and backward slash (\) in your password.

  • Inventory Service and Profile Driven Storage Service fail to start
    Inventory Service and Profile Driven Storage Service fail to start if vCenter Server and Inventory Service are not installed in the default location. This issue might occur on Microsoft Windows Server 2008 R2 Standard with the locale set to Japanese.

    Workaround: To work around this issue, perform one of the following:
    • Install vCenter Server and Inventory Service in the default location.
    • Install vCenter Server and Inventory Service in a non-default location without creating an install folder manually.

  • vCenter Single Sign On installation fails with error 29980
    vCenter Single Sign On installation fails with the following error:

    Error 29980. The entry is not a valid port number. The port number must be a numeric value between 1 and 65535.

    This issue occurs if you do not type a valid port number in the port number field during vCenter Single Sign On installation and proceed with the installation.

    Workaround: Reinstall vCenter Single Sign On, and during installation, type the port number in the port number text box.

  • vCenter Single Sign On installation fails with error 20003 when 32-bit Java is installed on the machine
    When you have a 32-bit Java installed and you have the environment variable JAVA_HOME or JRE_HOME pointing to the 32-bit location in C:\Program Files (x86)\, your SSO installation would fail.

    Workaround: Temporarily remove the JAVA_HOME environment variable or set it to a location that is not in C:\Program Files (x86)\

  • Unable to create a SQL Server database for vCenter Server with Microsoft SQL 2008 R2 (KB 2044492)

  • On Windows 2012 or Windows 8 machines without internet connectivity, attempts to install vSphere Client or SSO might fail with error 28173
    If .NET Framework is not installed on Windows Server 2012 or Windows 8 machines and the machines are not connected to the internet, attempts to install vSphere Client or SSO on these machines might fail with an error message similar to the following:
    Internal Error 28173

    Workaround: Install .NET Framework 3.5 SP1 on the machines before installing vSphere Client or SSO.
  • During vCenter Single Sign On 1.0.0 installation a warning message is displayed
    When installing vCenter Single Sign On 1.0.0, if you log in as a domain user, the installation automatically discovers the identity sources as part of the vCenter Single Sign On installation process. The vCenter Single Sign On installer might display the following warning message if it is not able to discover the identity source:

    Error 29155: Identity sources could not be discovered automatically. You can manually add your Active Directory as an identity source after the installation, by using the vSphere Web Client.

    Workaround: None.

  • Inventory Service fails to validate the Lookup Service URL during Inventory Service installation due to truncation of the admin@system-Domain account password
    If you define a admin@System-Domain password longer than 32 characters when you install vCenter Single Sign On, the password is truncated to 32 characters. When the Inventory Service installer then tries to authenticate the Lookup Service URL, it encounters a password mismatch and the authentication fails.

    Workaround: Limit the password to less than 32 characters for admin@System-domain when installing vCenter Single Sign On.

  • After updating vCenter Server Appliance to 5.1 Update 1c vSphere Web Client might appear inaccessible or plugin modules might not be visible in the vSphere Web Client
    After updating the vCenter Server Appliance to 5.1 Update 1c, the appliance does not prompt for reboot or automatically reboot. When the vSphere Web Client is later updated with a newer version of a plug-in module found on vCenter Server, the vSphere Web Client might appear inaccessible or the new plug-in might not be visible in the vSphere Web Client.

    Workaround: After updating the vCenter Server Appliance or a vSphere Web Client plug-in, reboot the vCenter Server Appliance to complete the process.

  • Inventory Service fails to start on installation after rollback of vCenter Single Sign On installation using Simple Install
    After vCenter Single Sign On installation rollback, if you select the new installation folder as the subfolder under the folder used for the previous installation, the Inventory Service fails to start.

    For example, if the initial installation folder used is C:\Program Files\VMware\Infrastructure, and you choose the subfolder C:\Program Files\VMware\Infrastructure\abc for the installation after rollback, the Inventory Service fails to start.

    Workaround: If vCenter Single Sign On installation rolls back using Simple Install, select the same installation folder used for the previous installation.

  • vCenter Single Sign On requires manually created database users for external database
    The Manually Created Database User checkbox has been removed and there is no option for the installer to automatically create a user.

    Workaround: Run the following script to manually create the database user prior to installing vCenter Single Sign On:

    < SSOInstaller Folder >\Single Sign On\DBScripts\SSOServer\schema\< Database >\rsaIMSLite< DB >SetupUsers.sql

  • Windows Authentication check-box not available
    The Windows Authentication checkbox has been removed and there is no option to use Windows Authentication to connect to an SQL Server.

    Workaround: None.

  • Bundled Database users must set a password that meets the GPO policy
    You must set your own password for RSA_USER and RSA_DBA and this password must satisfy the GPO policy.

    Workaround: When setting your password, ensure that you meet all of the following criteria:

    • Password must meet localos/AD domain GPO policy.
    • Limit password length to not more than 32 characters.
    • Avoid using special characters semicolon (;), double quotes ("), circumflex (^), single ('), and backward slash (\) in your password.
  • Upgrading from vSphere 5.1 to vSphere 5.1 Update 1 with Simple Install displays a warning message
    When upgrading from vSphere 5.1 to vSphere 5.1 Update 1 with Simple Install, the following warning message is displayed:

    You cannot use vCenter Simple Install for this install/upgrade. vCenter package components are already installed. To upgrade installed components or install additional components, click the links for the individual component installers in Autorun.

    Workaround: Use the individual installers to upgrade from vSphere 5.1 to vSphere 5.1.1.
  • If Auto Deploy encounters a rule that applies a host profile, it applies that rule even if the host profile no longer exists
    Assume that one of the rules in an Auto Deploy ruleset applies a host profile, and you delete the host profile from the vSphere Client or the vSphere Web Client. If you do not remove the rule from the ruleset, the host profile is still applied to hosts that are booted with Auto Deploy.

    Workaround: You can determine whether any rules use deleted host profiles by using the Get-DeployRuleSet PowerCLI comdlet. The cmdlet shows the string deleted in the rule's item list. You can then run the Remove-DeployRule cmdlet to remove the rule.

  • Installation of vCenter Server and related components fails if the user name of the logged-in user contains non-ASCII characters
    If the user name of the user who is currently logged in contains non-ASCII characters, installation of vCenter Server, vCenter Inventory Server, vCenter Single Sign On, or vSphere Web Client fails with the error message: The user name contains non-ASCII characters. Please log in with a user name that contains only ASCII characters.

    Workaround: Log in with a user name that does not contain non-ASCII characters and retry the installation.

  • Auto Deploy installation fails if the installation path includes non-ASCII characters
    If you select a folder that includes non-ASCII characters when you run the Auto Deploy installer, the following error results
    : Error 29106 .Unknown error.

    Workaround: Select a folder that includes only ASCII characters in the path name.

  • VMware VirtualCenter Management Webservice service fails to start after vCenter Server is installed in a location containing any combination of the special characters !, @, or #
    If the vCenter Server installation path contains any combination of the special characters !, @, or #, the vCenter Server installation is successful but the VMware VirtualCenter Management Webservice service does not start, and logging in to vCenter Server fails with the error do not have permissions. For example, the following installation path would produce the error: C:\VMware!@SingleSign@On!#$Installer.

    Workaround: Install vCenter Server in the default location or in a custom location without the special characters.

  • vCenter Single Sign On server installation fails on systems running IBM DB2 9.7 Fix Pack 1 or earlier
    Components of vCenter Single Sign On require DB2 9.7 Fix Pack 2 or later. When you attempt to install vCenter Single Sign On on a system running earlier versions of DB2 9.7, installation fails.

    Workaround: Update the DB2 9.7 instance to Fix Pack 2 or later.

  • Installation fails when you install vCenter Single Sign On with a local database on a Turkish version of Windows 2008 R2 64 bit
    You might receive an error (Error 20003 or 20010) when you install vCenter Single Sign On in a Turkish Windows environment and the database is on the local system. This error occurs when Microsoft SQL Server capitalizes certain letters, which makes the database incompatible with vCenter Single Sign On.

    Workaround:

    1. Install the database on a separate system running an English version of Windows 2008 Server.
    2. Run the vCenter Single Sign On installer on the system running the Turkish version of Windows 2008 Server.
    3. Connect to the database remotely.

  • Installation of vCenter Single Sign On high availability or recovery node fails if Master Password and Administrator password are different
    The following behavior occurs when you install vCenter Single Sign On in high availability mode:

    • When you provide the correct vCenter Single Sign On Administrator password, validation appears to be successful, but installation fails with an error that the vCenter Single Sign On Master Password is incorrect.
    • When you provide the correct vCenter Single Sign On Master Password, validation fails because the installer is expecting the vCenter Single Sign On Administrator password.

    The following behavior occurs when you install vCenter Single Sign On in recovery mode:

    • When you provide the correct vCenter Single Sign On Administrator password, installation fails with an error that the vCenter Single Sign On Master Password is incorrect.
    • When you install vCenter Single Sign On on a domain machine and you provide the correct vCenter Single Sign On Master Password, installation fails with an error that the SSPI Service account cannot be configured because the installer is expecting the vCenter Single Sign On Administrator password.
    • When you install Single Sign On on a workgroup machine, installation fails with an error that the Lookup Service configuration failed. The log file contains an error that the vCenter Single Sign On Administrator password is incorrect.

    Workaround: Ensure that the same password is used for the vCenter Single Sign On Master Password and the vCenter Single Sign On Administrator password. You can verify the passwords using the following commands. The default <ssoserver folder> is typically C:\Program Files\VMware\Infrastructure\SSOServer.

    • vCenter Single Sign On Master Password:
      <ssoserver folder>\utils>rsautil.cmd manage-secrets -a list

    • vCenter Single Sign On Administrator password:
      <ssoserver folder>\utils>rsautil.cmd manage-identity-sources -a list -u admin

    You can set the passwords using the following commands:

    • vCenter Single Sign On Master Password:
      <ssoserver folder>\utils\rsautil.cmd manage-secrets -a change -m <master password> -N <new Master Password>

    • vCenter Single Sign On Administrator password:
      <ssoserver folder>\utils\rsautil.cmd reset-admin-password -m <master password> -u <admin> -p <pass>

    The vCenter Single Sign On Administrator password expires by default in 365 days. When you reset this password, reset the vCenter Single Sign On Master Password as well to ensure that they remain the same.

  • Installation fails when you attempt to install vCenter Single Sign On in an IPv6 environment
    When you use the command netsh interface ipv4 uninstall with reboot in a purely IPv6 environment on Windows 2003, 2008, or 2008 R2, vCenter Single Sign On installation fails. The following error occurs: Error 29114. Cannot connect to database. In addition, this error might appear in the install.log file: Error: Failed to access configuration database: Network error IOException: Address family not supported by protocol family: create.

    Workaround: Use the FQDN or host name of the vCenter Server system. The best practice is to use the FQDN, which works in all cases, instead of the IP address, which can change if assigned by DHCP. In addition, you must reinstall the IPv4 interface using the following command: netsh interface ipv4 install.
    Alternatively, on Windows 2003, 2008, or 2008 R2, navigate to the Change Adapter Settings dialog box and deselect the check box: Internet Protocol Version 4 (TCP/IPv4).

  • vCenter Single Sign On database installation fails when you use a double quotation mark in your password
    When you use a double quote character (") in your Single Sign On password, installation of the Single Sign On database fails. An error message appears when you install Single Sign On SQL Express.

    Workaround: Do not use a Single Sign On password that contains a double quotation mark.

  • vCenter Single Sign On installation fails when the system's host name contains unsupported characters
    An error message appears and Single Sign On installation fails when the Single Sign On system's host name contains non-ASCII or high-ASCII characters.

    Workaround: Use only ASCII characters for the host names of systems where Single Sign On is installed.

  • vCenter Single Sign On installation fails when the Single Sign On folder name contains unsupported characters
    An error message appears, and Single Sign On installation fails when the Single Sign On build folder name contains non-ASCII or high-ASCII characters.

    Workaround: Use only ASCII characters for source folders that contain Single Sign On installer files.

  • Connection to the MSSQL database fails during vCenter Single Sign On installation
    The error message Database connection has failed appears when you install vCenter Single Sign On and you are using manually created MSSQL database users. For MSSQL databases, you must use SQL Server Authentication database users. Windows Authentication users are not supported.

    Workaround: Ensure that the manually-created database users are using SQL Server authentication.

  • Insufficient privileges error occurs when you use manually created DB2 database users
    When you install vCenter Single Sign On and the installer requests Single Sign On database information for existing databases, you can select the Use manually created DB users check box. If you are using a DB2 database and have manually created users with the rsaIMSLiteDB2SetupUsers.sql script, you might receive an error that the database users do not have sufficient privileges.

    Workaround: The rsaIMSLiteDB2SetupUsers.sql script, which is located in the <installation directory>\Single Sign On\DBScripts\SSOServer\schema\db2 directory, does not include two of the required privileges. If you use the script to manually create users, edit the script to include the following privileges:
    GRANT DBADM ON DATABASE TO USER RSA_DBA;
    GRANT CREATETAB ON DATABASE TO USER RSA_USER;

Upgrade Issues

Known issues that affect both installation and upgrade are listed under Installation Issues.

  • Inventory objects might not be visible after upgrading a vCenter Server Appliance configured with Postgres database
    When a vCenter Server Appliance configured with Postgres database is upgraded from 5.0 Update 2 to 5.1 Update 1c, inventory objects such as datacenters, vDS and so on that existed before the upgrade might not be visible. This issue occurs when you use vSphere Web Client to connect to vCenter Server appliance.

    Workaround: Restart the Inventory service after upgrading vCenter Server Appliance.

  • Upgrading from Single Sign-On 5.1 to Single Sign-On 5.1 Update 1 for non-English locales fails with database table error 2229
    When you attempt to upgrade from Single Sign-On 5.1 to Single Sign-On 5.1 Update 1 for all supported non-English locales, the upgrade fails with a database table error 2229 similar to the following:

    Product: vCenter Single Sign On -- Error 2229.Database: . Table 'Control' could not be loaded in SQL query: SELECT `Control`, `Type`, `X`, `Y`, `Width`, `Height`, `Attributes`, `Property`, `Text`, `Control_Next`, `Help` FROM `Control` WHERE `Dialog_`=?.

    Workaround: Follow these steps to continue with the upgrade:
    1. Locate log file %TEMP%vim-sso-msi.log
    2. Search for the *.mst file that was used as a cache file during previous installation. For example: c:\Windows \Installer\xxxxx.mst
    3. Locate the *.mst file and delete it.
    4. Run the Single Sign-On upgrade again.

  • Suspended virtual machine has an additional Power Off option after upgrading to vCenter Server 5.1
    A suspended virtual machine displays an additional Power Off option after upgrading to vCenter Server 5.1. If you attempt to select the Power Off option the following error is displayed:
    The attempted operation cannot be performed in the current state (Suspended).

    Workaround: None.

  • vCenter Single Sign On installation fails if the installation folder has characters such as & and %
    Attempts to install vCenter Single Sign On in a custom location fails if the destination folder name has characters such as % or &. An error message similar to the following is displayed:
    Error 20020. Failed to update values in server.xml file

    Workaround: None.

  • The user interface (UI) of vSphere Storage Appliance (VSA) might not be able display the progress status of operations that are running
    VSA uses the streaming functionality of BlazeDS. As BlazeDS is incompatible with the tcServer version used by vCenter Server 5.1 Update 1c, the UI of VSA might not display the progress status of operations such as VSA configuration, VSA network reconfiguration and so on. This issue applies to VSA 5.1.1 running with vSphere 5.1 Update 1.

    Workaround: Install VSA 5.1.3 to resolve this issue.

  • Update of vCenter Server Appliance 5.1.x to vCenter Server Appliance 5.1 Update 1c halts at web UI while showing update status as installing updates
    When you attempt to upgrade vCenter Server Appliance 5.1.x to vCenter Server Appliance 5.1 Update 1c, the update process halts for nearly an hour and the update status at Web UI shows as installing updates. However, eventually, the update completes successfully after an hour.

    Workaround: None.

  • Script errors appear when upgrading vCenter Server 5.1.x to vCenter Server 5.1 Update 1c
    If SSO, Inventory Service, and vCenter Server 5.1.x are installed on the same virtual machine and you upgrade to vCenter Server 5.1 Update 1c, SSO upgrades first and the system restarts. After the virtual machine restarts, the vCenter Server autorun file opens followed by several script errors similar to the following:

    An error has occurred in the script on this page
    Line: 571
    Error:'VC_EXPRESS' is undefined
    Code:0


    After the script errors stop to appear the vCenter Server installer screen does not respond to any actions performed on it.

    Workaround: After installing SSO and before restarting the virtual machine, close the vCenter Server installer and then restart the virtual machine. Once the virtual machine has started, open the vCenter Server installer.

  • VDS configuration fails for ESXi systems booted with Auto Deploy
    In a cluster, only two hosts are capable of running a virtual machine that is enabled for Fault Tolerance (FT). One of the hosts is rebooted with Auto Deploy. VDS configuration fails, and the host remains in maintenance mode after it is reconnected to the vCenter Server system.
    This happens when only the ESXi system that is being rebooted can host the secondary virtual machine. The Fault Tolerance process adds the secondary virtual machine to the booting ESXi host's inventory and vDS migration fails with a Resource In Use error.
    The problem has been observed in the following situations:
    • During upgrade of ESXi hosts that are in a cluster.
    • If many hosts in a cluster reboot simultaneously, so that only one or two hosts are fully booted.
    • In a small cluster (two or three hosts).

    Workaround: If you see the problem during an upgrade, disable Fault Tolerance on the virtual machines temporarily. The virtual machines can migrate to the already upgraded host. Reenable Fault Tolerance after the upgrade process is complete.
    If you see the problem when multiple hosts are rebooting or in a small cluster, wait until several hosts in the cluster have completed the boot process, and reboot the affected host. You can also disable Fault Tolerance for the virtual machine whose secondary virtual machine is assigned to the affected host.

  • vCenter Server domain admin users might not have permission to login to vCenter Server if upgrade is done using Simple Install
    If you use the Simple Install method during upgrade, some vCenter Server domain administrator users who had permission before the upgrade might not have permission to log in to vCenter Server after the upgrade. This happens if vCenter Single Sign On fails to discover some identity sources.

    Workaround: Use the Independent Install method. During upgrade, the installer provides a list of users who have vCenter Server administrator access and a list of users who will be deleted.

  • Upgrade of vCenter Server and vCenter Inventory Service from 5.1 to 5.1 Update 1c might fail if vCenter Single Sign On is not accessible during upgrade
    Attempts to upgrade vCenter Server and vCenter Inventory Service might fail if the vCenter Single Sign On is not accessible during upgrade.

    Workaround: Ensure that the vCenter Single Sign On is up and running during vCenter Server and Inventory service upgrade.

  • During upgrade of vSphere Authentication Proxy from version 5.0 to version 5.1 "bad user name or password" warning appears
    When you upgrade vSphere Authentication Proxy from version 5.0 to version 5.1, on systems with vCenter Server Heartbeat installed, the installer might display the warning Error 29453 login failed due to bad user name or password. You can ignore the warning and proceed with the installation.

Licensing Issues
  • ESXi 5.1 cannot be added to vCenter Server using the named administrator account
    When you attempt to add an ESXi 5.1 host to vCenter Server using a named administrator account, a license download error might occur: License file download from <IP address> to vCenter Server failed due to exception: vim.fault.HostConnectFault.

    Workaround: Use the root account to add an ESXi 5.1 host to vCenter Server.

Security Issues
  • Replacing the SSL key and certificate of vCenter Service on the vCenter Server appliance displays an error: VC_CFG_RESULT=655
    When you attempt to replace the SSL key and certificate of vCenter Service on the vCenter Server appliance by using the vpxd_servicecfg certificate change command the following error message is displayed:

    VC_CFG_RESULT=655

    This error usually appears when the supplied private key file contains a key encoded in the PKCS#8 format with the header BEGIN PRIVATE KEY. The configuration program only supports key encoded in the PKCS#1 format with the header BEGIN RSA PRIVATE KEY.

    Workaround: Perform the following steps to resolve the issue:

    1. Convert the private key to PKCS#1 format using the openssl command as follows:

      openssl rsa -in original-user-key-file -out pkcs1-key-file
    2. Re-attempt the vpxd_servicecfg certificate change command with the new key file:

      vpxd_servicecfg certificate change user-cert-file pkcs1-key-file

Networking Issues
  • Caution: For virtual machines whose MAC addresses need to remain unique, for example, for licensing reasons, you must validate the MAC addresses against the MAC address requirements and restrictions in this release before upgrading. In your upgrade plans, take into account the detected potential issues that the new requirements and restrictions might cause.

  • Prefix- and range-based MAC address allocation is supported only in vCenter Server 5.1 and ESXi 5.1
    Prefix- and range-based MAC address allocation is supported only in vCenter Server 5.1 and ESXi 5.1. If you add pre-5.1 hosts to vCenter Server 5.1, and use anything other than VMware OUI prefix- or range-based MAC address allocation, virtual machines assigned MAC addresses that are not VMware OUI prefixed fail to power on their pre-5.1 hosts.
    The prefix- and range-based MAC address allocation schemes are not supported on pre-5.1 hosts because pre-5.1 hosts explicitly validate if an assigned MAC address uses the VMware OUI 00:50:56 prefix. If the MAC address is not prefixed with 00:50:56, the virtual machine pre-5.1 host fails to power on.

    Workaround:

    1. Do not add pre-5.1 hosts to 5.1 vCenter Server.

    2. If the virtual machine is newly created and is placed on pre-5.1 hosts, edit the virtual machine settings. If the MAC address of the new virtual machine is not prefixed with 00:50:56, change its MAC address to a manual address type and provide another valid MAC address prefixed with 00:50:56. After applying the change, the MAC addresses using non-VMware OUI and VMware OUI prefixes can co-exist in vCenter Server.

  • vMotion and Storage vMotion for virtual machines on monoflat disks with a snapshot do not function
    Monoflat is a disk format that is no longer supported by VMware. Monoflat disks can be powered on when attached to virtual machines, but VMware does not recommend migration of the attached virtual machines. The migration fails when there is a snapshot present.

    Workaround: Change to another disk format before attempting migrations. VMware supports Virtual Machine File System (VMFS) disk formats eagerzeroedthick, zeroedthick, thin disk, and 2gbsparse.

  • maxProxySwitchPorts setting not persistent after stateless host reboot
    The maximum number of ports on a host is reset to 512 after the host is rebooted and a host profile applied. When you set maxProxySwitchPorts on a specific stateless host on a distributed switch, the setting might not persist when the host is rebooted. This applies only to stateless hosts that are part of a distributed switch and have had the maxProxySwitchPorts setting changed.

    Workaround: Manually change the maxProxySwitchPorts settings for the hosts after reboot.

  • Encapsulated remote mirror sessions require the destination IP to be a valid unicast IP
    In an encapsulated remote mirror session, a vSphere distributed switch redirects the original traffic to the specified destination IP. If you selected a multicast or broadcast IP address as the destination for the session, the original traffic is mirrored to multiple destinations. This can consume a lot of physical network bandwidth. If you specified an invalid IP address, such as a reserved IP address, the original traffic is not mirrored.

    Workaround: Configure valid unicast IP addresses as the destination of encapsulated remote mirror session.

  • Searching for distributed virtual port groups by private VLAN might return the wrong results in a multiple vCenter Server environment
    When you manage multiple vCenter Servers with one instance of the vSphere Web Client, a search for distributed virtual port groups that have specific private VLAN settings might return not only the specific port groups, but also port groups that should not be part of the results.

    Workaround: Perform another search.

  • Naming a network protocol profile with surrogate pair characters results in error
    Creating a network protocol profile using surrogate pair characters results in failure and an error message related to UTF-8 handling in the vSphere Web Client.

    Workaround: Avoid using surrogate pair characters for network protocol profiles.

  • Unable to join vCenter Server to Linked Mode group
    You are unable to join vCenter Server to a Linked Mode group if you changed the vCenter Server HTTPS port during a vCenter Server upgrade.

    Workaround:

    1. Open the vSphere Client.
    2. Navigate to Administration > vCenter Server Settings > Advanced Settings.
    3. Select the key named VirtualCenter.VimApiURL.
    4. In the value field, change the port number in the URL to the one you were given during vCenter Server Upgrade.
    5. Restart the service VMware VirtualCenter Server.
    6. Start the Modify Linked Mode configuration by clicking Start Menu > VMware > vCenter Server Linked Mode Configuration. This option links a vCenter Server to a linked mode group.

  • Standard Switch topology in the vSphere Web Client shows the failover policy for both the switch level and the port group level
    The port state icon and the Stand By or Unused label apply to the failover policy at the switch level. When a port group is selected, the orange line applies to the failover policy at the port group level.

    Workaround: None. The orange-highlighted physical network adapters are used for port group traffic even if they are labeled Stand By or Unused in the topology.

Storage Issues

  • RDM LUNs get detached from virtual machines that migrate from VMFS datastore to NFS datastore
    If you use the vSphere Web Client to migrate virtual machines with RDM LUNs from VMFS datastore to NFS datastore, the migration  operation completes without any error or warning messages, but the RDM LUNs get detached from the virtual machine after migration. However, the migration operation creates a VMDK file with size same as that of RDM LUN on NFS datastore, to replace the RDM LUN.
    If you use vSphere Client, an appropriate error message is displayed in the compatibility section of the migration wizard.

    Workaround: None

  • Storage device names using non-ASCII or high-ASCII characters appear as unreadable in the vSphere Web Client UI
    During OVF deployment, the names of storage devices named with non-ASCII or high-ASCII characters appear garbled or unreadable in the vSphere Web Client UI.

    Workaround: Name storage devices using ASCII characters only.

  • Virtual machine observed datastore latency
    You might see incorrect virtual machine observed datastore latency values when running SDRS or SIOC on a datastore connected to a combination of ESXi 5.0 and ESXi 5.1 hosts. ESXi 5.1 collects a new statistic called "virtual machine observed datastore latency" which is not collected in ESXi 5.0. Because of this difference, it is not possible to correctly average statistics values between a mixture of ESXi 5.0 and ESXi 5.1 hosts. This can also result in less aggressive SDRS I/O load balancing behavior when a datastore cluster has datastores mounted with a combination of ESXi 5.0 and ESXi 5.1 hosts compared to a datastore cluster with only ESXi 5.1 hosts.

    Workaround: Upgrade all hosts to ESXi 5.1.

  • Enabling historic performance charts for datastores and datastore clusters in a Storage DRS environment
    In a vSphere 5.1 environment, if you have the Collection Level for the statistics set to the default of 1, only real-time performance charts are displayed for Storage DRS data counters related to datastore and datastore cluster metrics. If you select a different time interval, the chart displays No data available. This is the result of many datastore and datastore cluster metrics having been moved to Stats Collection Level 3, by default, in order to improve performance.

    Workaround: To enable historic performance charts for datastore and datastore cluster metrics, move the Storage DRS counters to Stats Collection Level 1. For more information, see the Knowledge Base article 2009532. Be aware that changes in the counter levels may cause a significant increase in data collection and storage, along with a corresponding decrease in performance. For more information, see Modifying Performance Counter Collection Levels in the vSphere Web Services Programming Guide and the vSphere API Reference.

  • Storage vMotion might fail with an error message
    When storage configuration is overloaded and stressed, a file on a VMFS datastore might take much longer to open. This delay can cause Storage vMotion of a virtual machine to fail with the error message A parent disk path is required for snapshot of disk /path/to/disk/XXX.vmdk.

    Workaround: Use one of the following methods to reload the virtual machine disk information and then perform Storage vMotion again.

    • Create a dummy snapshot and then immediately remove it.
    • Migrate the virtual machine to another host. Do not change the datastore.
    • After powering off the virtual machine, detach the virtual disk and then reattach it again.
    • After powering off the virtual machine, unregister the virtual machine and then register it again.
    • Restart the management agent via DCUI, or by executing /etc/init.d/hostd restart.

    To avoid the Storage vMotion failure when the storage array is stressed and slow, edit the following option in the /etc/vmware/config file to increase the number of open disk retries:diskLibMiscOptions.openRetries = large number, such as 99.

Server Configuration Issues
  • Validating host customizations fails while editing host profiles
    You might receive the following error while validating host customizations from the Host Profile editor:
    Cannot validate host customizations for host.

    This error might occur when old host customization values are saved in vCenter Server, such as, when a host was previously assigned to an old host profile with a different configuration.

    Workaround: Perform the following to reset the host customizations:

    1. Right-click the host listed in the error.
    2. Select All vCenter Actions > Host Profiles > Reset Host Customizations.

  • Network policy compliance failures continue for host profiles created from ESXi 4.1 or ESXi 4.0 hosts applied to ESXi 5.1 hosts
    After applying a host profile created from an ESXi 4.1 or ESXi 4.0 host to an ESXi 5.1 host, the following host profile compliance failures might continue:

    For port group [PORT GROUP NAME] network policy property spec.policy.nicTeaming.failureCriteria doesn't match
    For port group [PORT GROUP NAME] network policy property spec.policy.nicTeaming.reversePolicy doesn't match

    The above network settings are not supported on ESXi 5.1 hosts and are no longer configured when applying a host profile containing those settings.

    Workaround: Two possible remedies are available:

    • After applying the host profile originally created from an ESXi 4.1 host to an ESXi 5.1 host, create a new host profile from the ESXi 5.1 host and attach that to that ESXi 5.1 host and other affected ESXi 5.1 hosts.
    • Modify the NIC Teaming policy in the host profile to the User must explicitly choose the policy option option instead of the Apply specified NIC teaming policy.

  • Host profile compliance errors occur when removing ESXi hosts from vCenter Server inventory
    While checking host profile compliance, vCenter Server sometimes needs to query an ESXi host for data related to Host Profiles. The target host for the compliance check operation is not necessarily the ESXi host that vCenter Server uses for these Host Profile data queries. A race condition exists when a customer removes an ESXi host from the vCenter Server inventory and performs a compliance check operation at the same time. During this time, a query for Host Profile data results in an error with the message Host Unavailable For Checking Compliance.

    Workaround: After removing the host from the vCenter Server inventory, check the host profile compliance again. vCenter Server attempts to use a different host to query for Host Profile data.

  • Host Profile compliance failures for Firewall Rulesets might occur after remediating ESXi 5.1 host with ESXi 5.0 host profile
    When checking compliance using a host profile created from an ESXi 5.0 host, you might see compliance failures related to the CIMHttpsService and CIMHttpService.

    In some cases, a mismatch in a host profile might exist between the enabled state of the Firewall Rulesets for the CIM/WBEM services (CIMHttpService and CIMHttpsService) and the Service Startup Policy for the CIM/WBEM service (sfcb-watchdog). When the service starts, the firewall ports automatically open. This results in the compliance failure for the CIM service firewall rulesets.

    Workaround: Perform one of the following workarounds.

    • Make the host profile consistent by editing the Firewall Ruleset subprofiles for CIMHttpService and CIMHttpsService in the host profile so that the enabled parameter is True.
    • Go to the Security Profile configuration of the ESXi host from which the host profile was created (or the new reference host, if it has changed since creation), and manually refresh the Firewall info. Then, perform a Update host profile from reference host operation.

    Alternatively, if you are using the vSphere Web Client, perform the "Copy Settings From Host" operation to update the host profile.

vCenter Server, vSphere Client, and vShere Web Client Issues

  • In French and German locales the decimal mark is represented by a period in the advanced performance chart*
    The decimal mark in the numerical values displayed by the advanced perfromance chart is a period (.). This is an issue applicable to French and German locale vSphere Web client, where the decimal mark should be a comma (,).

    Workaround: None
  • Change in virtual machine names might not be reflected in certain sections of the advanced performance charts*
    If you change a virtual machine's name and view the advanced performance charts, the new name might fail to appear in the Performance chart Legend table and the Select object for this chart list.

    Workaround: Log off the vSphere Web Client and re-login.
  • Active Directory (AD) user cannot login to vCenter Server after deleting and recreating the user in AD under a different organization unit
    If an Active Directory user is deleted and recreated in the Active Directory under a different organization unit, the user might not be able to login to vCenter Server.

    Workaround: Move the user from one organization unit to another, instead of deleting and recreating the user.
  • Logging into vCenter Server 5.1 using the use windows session credentials option fails with the error: Cannot complete login due to an incorrect username or password

    For more information, see KB 2035510.
    Workaround: None

  • vCenter Server 5.x is unable to function correctly when installed with Oracle 11.2.0.3 Patch 10 or later
    vCenter Server 5.0 and 5.1 does not function correctly when installed with Oracle 11.2.0.3 Patch 10 or later. With this, creating a new virtual machine on vCenter Server 5.x fails with the following error message.

    An internal error occurred in the vSphere Client
    Details: Object reference not set to an instance of an object.

    For more information, see KB 2039874.
    Workaround: None

  • Active Directory users with customized UPN user names cannot use UPN (User principal name) format user name and password to log into the vSphere Web Client and vSphere Client.
    Active Directory users might have a custom suffix in their UPN instead of using the domain name as the suffix. For example, the user name alice@company.com can be customized to be alice@sales.company.com. Active Directory users with these custom suffixes cannot log into the vSphere Web Client and vSphere Client using UPN format user name (ex: alice@sales.company.com).

    Workaround: Such Active Directory users must login to vSphere Web Client and vSphere Client using either Windows session credentials or NetBIOS format user name.

  • Data for multi-selected virtual machines loads slowly in the vSphere Web Client
    In the vSphere Web Client, if you select a large number of virtual machines in a list by pressing Ctrl+A, Shift+End, or Shift+Home, the virtual machine data might take longer than expected to load.

    Workaround: Press Esc to cancel the multi-select operation.

  • Unable to power on a virtual machine in the vSphere Web Client
    If you power off a virtual machine from within the guest operating system, the virtual machine's state might not be updated in the vSphere Web Client. If you then attempt to power on the virtual machine, the operation fails with the error message: This action is not available for any of the selected objects at this time.

    Click the refresh button in the vSphere Web Client and repeat the power on operation.

  • Uninstalled plug-ins appear in the vSphere Web Client Plug-in Management interface
    If you uninstall a currently-loaded vSphere Web Client plug-in, the Plug-in Management Interface continues to show the plug-in until the Web server is restarted. The plug-in functionality itself is no longer available in the vSphere Web Client.

    Workaround: Restart the Web server.

  • Virtual machine console in the vSphere Web Client is not responsive to mouse input
    For virtual machines running some Linux distributions, the console might not initially respond to mouse input when you launch the console from the vSphere Web Client.

    Workaround: Click Full Screen to switch the console to full screen mode.

  • Unable to delete folder
    If you have the Folder.Delete folder permission defined at the folder level only, attempting to remove that folder produces an error message stating that you do not have the correct permissions.

    Workaround: None.

  • Failed to read request errors in vpxd.log
    Error messages similar to the following might appear in vpxd.log:
    2012-05-15T08:41:03.120Z [7F7DCB7C6700 error 'QsAdapter.HTTPService'] Failed to read request; stream: UNIX(/var/run/vmware/vpxd-qsadapter-pipe), error: N7Vmacore16TimeoutExceptionE(Operation timed out)
    2012-05-15T08:41:03.120Z [7F7DCB889700 error 'SoapAdapter.HTTPService'] Failed to read request; stream: TCP( ), error: N7Vmacore16TimeoutExceptionE(Operation timed out)
    2012-05-15T08:41:33.124Z [7F7DCB5BE700 error 'SSL SoapAdapter.HTTPService'] Failed to read request; stream: SSL(no stream), error: N7Vmacore16TimeoutExceptionE(Operation timed out)
    2012-05-15T08:41:48.125Z [7F7DCB57D700 error 'SSL SoapAdapter.HTTPService'] Failed to read request; stream: SSL(no stream), error: N7Vmacore16TimeoutExceptionE(Operation timed out)
    2012-05-15T08:41:48.125Z [7F7DCAD75700 error 'SSL SoapAdapter.HTTPService'] Failed to read request; stream: SSL(no stream), error: N7Vmacore16TimeoutExceptionE(Operation timed out)
    2012-05-15T08:41:58.127Z [7F7DCBC58700 error 'SoapAdapter.HTTPService'] Failed to read request; stream: TCP( ), error: N7Vmacore16TimeoutExceptionE(Operation timed out)

    These log entries are not real errors and are indicative only of an attempt to connect to an external service that is not running.

    Workaround: None.

  • Tag names cannot contain surrogate pair characters
    If you attempt to create a tag with a name containing surrogate pair characters, the tag creation fails.

    Workaround: Do not use surrogate pair characters in tag names.

  • Changes to the host name of the vCenter Server system are not reflected in the vSphere Web Client or vSphere Web Client inventory
    If you change the host name of a vCenter Server system or vCenter Server Appliance, the local machine shows the new host name, but the old name appears in the vSphere Web Client and vSphere Client inventory.

    Workaround: Use the vSphere Web Client or vSphere Client to change the display name of the vCenter Server system.

    In the vSphere Web Client, do the following:

    1. Navigate to the vCenter Server instance and select the Manage tab.
    2. Under Settings, click General.
    3. In the Edit vCenter Server Settings dialog box, select Runtime Settings.
    4. In vCenter Server name, type the name for the vCenter Server system.
    5. Click OK.

    In the vSphere Client, do the following:

    1. Select Administration > vCenter Server Settings.
    2. If the vCenter Server system is part of a Linked Mode group, select the server to configure from the Current vCenter Server drop-down list.

      Note: Linked Mode is not supported on the vCenter Server Appliance.

    3. In the navigation panel, select Runtime Settings.
    4. In vCenter Server Name, type the name for the vCenter Server system.
    5. Click OK.

  • The vSphere Web Client becomes unresponsive when running multiple operations
    When you perform operations affecting multiple virtual machines, such as powering on or powering off multiple virtual machines, the vSphere Web Client might become unresponsive until tasks complete. This is due to a limitation in Flash on how many tasks can run in parallel. The vSphere Web Client will become responsive when all tasks are sent to the server.

    Workaround: None.

  • Cannot add an ESXi host to the vCenter Server Appliance using the local-link IPv6 address
    If you try to add an ESXi host to the vCenter Server Appliance using a local-link IPv6 address of the form fe80::*, you see the error message, Cannot contact the specified host.

    Workaround: Use a valid IPv6 address for the host that is not a local-link address.

  • Enabling DRS for a cluster produces an erroneous warning about DPM being enabled
    If you resume an Edit Cluster Services task from the Work in Progress pane and enable DRS, you might see a message incorrectly stating that DPM will be enabled. This occurs after you log out of and log back into the vSphere Web Client while the Edit Cluster Services task is saved to the Work in Progress pane.

    Workaround: No workaround is required. DPM will not be enabled.

  • Search fails and Hardware Health and Health Status plug-ins are disabled in the vSphere Client
    The vSphere Client does not connect to the inventory service when installed on Windows 2003 or Windows XP. This has the following effects:

    • When you try to search the vSphere Client inventory, you see the error message, Login to the query service failed. A communication error occurred while sending data to the server. (The underlying connection was closed: An unexpected error occurred on a send.)
    • Hardware Health and Health Status plug-ins are disabled and cannot be viewed in the vSphere Client.
    Workaround: No workaround is available for 32-bit Windows XP. For Windows 2003 or 64-bit Windows XP, apply the appropriate hotfix as listed below.

    Platform: x64
    Language: English
    Location: (http://hotfixv4.microsoft.com/Windows%20Server%202003/sp3/Fix192447/3790/free/351403_ENU_x64_zip.exe)

    Platform: ia64
    Language: English
    Location: (http://hotfixv4.microsoft.com/Windows%20Server%202003/sp3/Fix192447/3790/free/351397_ENU_ia64_zip.exe)

    Platform: i386
    Language: English
    Location: (http://hotfixv4.microsoft.com/Windows%20Server%202003/sp3/Fix192447/3790/free/351385_ENU_i386_zip.exe)

  • Attaching an Oracle database to vCenter Server Appliance produces an error about incompatible schema
    If you attempt to configure the vCenter Server Appliance with an external Oracle database that was used previously with a vCenter Server 5.0 Appliance, you see the error message, Error: Incompatible DB schema version.

    Workaround: You can use the vCenter Server Appliance setup wizard to reset the database. Doing so will destroy all records currently in the database. To keep the records in the database, follow the upgrade process as described in the vSphere Upgrade documentation to upgrade the vCenter Server Appliance and database from vCenter Server 5.0 to vCenter Server 5.1.

    To reset the database:

    1. Log in to the vCenter Server Appliance Web interface and start the setup wizard.
    2. Enter the database information.

      The wizard displays the message, The database has been initialized with an incompatible schema version.

    3. Select reset the DB contents.

  • Errors related to python scripts appear when an invalid configuration file is uploaded to the vCenter Server Appliance configuration wizard
    In the vCenter Server Appliance initial configuration wizard, if you select Upload configuration file and select an invalid file, the Web interface displays errors related to python scripts.

    Workaround: None.

  • Login or navigation errors after upgrading a vCenter Server Appliance with a static IP address
    After upgrading a vCenter Server Appliance with a static IP address, you might experience the following errors:

    • When you attempt to log in to the vCenter Server Appliance Web interface, you might see the error, Unable to connect to server. Please try again.
    • When you attempt to navigate to a new page in the vCenter Server Appliance Web interface, you might see the error, Not Found.


    Workaround: Clear the browser cache and log in to the vCenter Server Appliance Web interface again.

  • Active Directory is not discovered as an identity source if the vCenter Server Appliance is joined to an Active Directory domain before vCenter Single Sign On is started
    This might occur when the vCenter Server Appliance is joined to an Active Directory domain as part of its initial configuration through the Web interface configuration wizard. After the configuration, the related vCenter Server and vCenter Single Sign On services might work, but Active Directory is not discovered as an identity source.

    Workaround: Do one of the following.

    • Restart the vCenter Server Appliance.
    • Restart vCenter Single Sign On, followed by the vSphere Web Client service.

  • Unable to reconfigure vCenter Server Appliance settings that failed on initial configuration
    The first time you log in to the vCenter Server Appliance, the initial configuration wizard prompts you to accept the EULA and configure database options, vCenter Single Sign On, and Active Directory. If any of these steps fail, the configuration wizard completes the remaining steps and starts the vCenter Server service.

    If you attempt to reconfigure any of the settings that the wizard failed to configure, you see the message, Error: VPXD must be stopped to perform this operation.

    Workaround: Do the following:

    1. Log in to the vCenter Server Appliance console, and execute the following command: /etc/init.d/vmware-vpxd stop
    2. Log in to the vCenter Server Appliance Web interface and reconfigure the settings as needed.
    3. Restart the vCenter Server service using the Web interface.

  • The related item listed in the Advanced Search results might not be the item specified in the search criteria
    When you perform an Advanced Search in the vSphere Web Client and specify a relationship between objects, the search results are correct, but the related object shown in the results might not be the object that you specified in the search criteria.

    For example, if you search for all folders that have a host whose name contains example, the correct list of folders appears in the search results. However, the host listed in the related objects column might not be the host whose name contains example, but a host with a different name that is also located in that folder.

    Workaround: None.

  • Some Chinese or Japanese characters do not display correctly in the vSphere Web Client
    When you access the vSphere Web Client from a Linux system with the default language set to Chinese or Japanese, some text in the vSphere Web Client is displayed as rectangular boxes instead of the correct Chinese or Japanese characters.

    Workaround: Install Linux with the default language set to English, and change the default language to Chinese or Japanese after installation.

  • The initial configuration wizard for the vCenter Server Appliance does not support static IP address configuration
    When you log in to the vCenter Server Appliance Web interface for the first time after deployment, the configuration wizard starts and prompts you to accept the EULA and configure database options, vCenter Single Sign On, and Active Directory. The wizard does not present network configuration options. The vCenter Server Appliance is configured to use DHCP by default.

    Workaround: If you completed the initial configuration wizard, changing to a static network configuration requires changing the SSL certificate of the appliance:

    1. On the Admin page of the vCenter Server Appliance Web interface, click the Toggle certificate setting button to change the Certificate regeneration enabled option to Yes.
    2. Configure the static IP address for the vCenter Server Appliance.

    If you have not yet completed the initial configuration wizard, do the following:

    1. Log in to the vCenter Server Appliance Web interface.
    2. Accept the EULA and then click Cancel.
    3. Configure the network.

      If you change the host name or IP address, you will be disconnected from the Web interface. Log in again using the new host name or IP address.

    4. On the vCenter Server page, click the Summary tab.
    5. Click the Launch button next to Setup wizard. Complete the setup wizard to finish the initial configuration of the appliance.

    If you use vCenter Server to deploy the vCenter Server Appliance as an OVF, you can configure a static IP address during deployment. However, this applies only to environments that have a vCenter Server instance deployed.

  • Host name cannot be changed in vCenter Server Appliance Web interface
    Attempting to change the host name in the vCenter Server Appliance Web interface might fail. This issue occurs when an appliance is configured to use a static IP address and host name. From the Network" tab, if you edit both the host name and IP address and then save these settings, only the IP address changes. The host name remains unchanged.

    Workaround: If you need to change both the host name and the IP address, make the changes in two separate operations.

  • Changing MTU for independent hardware iSCSI in the vSphere Client requires that you enable Jumbo Frames first
    When you use the vSphere Client to modify the MTU parameter on the Advanced Settings dialog box, you need to check the Jumbo Frame box first. Otherwise, the MTU change does not propagate to the independent hardware adapter. In the vSphere Web Client, the Jumbo Frame box is not present, so you change the value in the MTU input box.

    Workaround:
    In the vSphere Client:

    1. Select a host from the inventory panel.
    2. Click the Configuration tab and click Storage Adapters in the Hardware panel.
    3. Select an independent hardware adapter from the list of storage adapters.
    4. Click Properties, and click Advanced.
    5. Enable Jumbo Frames by checking the Jumbo Frame box.
    6. Edit the value in the MTU entry box and click OK.
    7. Note: If you enable Jumbo Frames, but for the MTU size enter the value that does not exceed 1500 Bytes, the Jumbo Frames enablement is ignored.

    In the vSphere Web Client:
    1. Browse to the host in the vSphere Web Client object navigator.
    2. Click the Manage tab, and click Storage.
    3. Click Storage Adapters, and select the independent hardware iSCSI adapter from the list of adapters.
    4. Under Adapter Details, click the Advanced Options tab and click Edit.
    5. Change the value of the MTU parameter.

  • Cannot log in to vCenter Server after you replace SSL certificates
    After you replace the SSL certificates for vCenter Server, you might not be able to log in to the server. This is because vCenter Server is not restarted when you replace SSL certificates. You must restart the server to refresh the certificate for Single Sign On.

    Workaround: Restart vCenter Server after you replace SSL certificates.

  • Java IO exception appears in log file when you start vCenter Single Sign On on vCenter Server Appliance
    When you start vCenter Single Sign On on a vCenter Server Appliance, a Java IO exception might appear in /var/log/vmware/sso/catalina.out.

    For example:

    java.io.IOException: ClientAbortException: java.net.SocketException: Broken pipe
    at com.sun.xml.ws.server.SDDocumentImpl.writeTo(SDDocumentImpl.java:278)
    at com.sun.xml.ws.transport.http.HttpAdapter.publishWSDL(HttpAdapter.java:539)

    In addition, when you stop the Single Sign On server on the vCenter Server Appliance, a memory leak error might appear in /var/log/vmware/sso/catalina.out.

    For example:

    SEVERE: The web application [/ims] appears to have started a thread named [Thread-4] but has failed to stop it.

    Workaround: None.

  • vCenter Server might fail to start or you cannot log in to the vSphere Web Client after you restart the Single Sign On server system
    When you restart the machine where vCenter Single Sign On is installed, changes to the system might occur. For example, updates are applied to the operating system, the machine name changes, or the machine is added or removed from an Active Directory domain. These changes might cause the Single Sign On server to become unresponsive, even though Single Sign On is running. As a result, vCenter Server does not start. This can also happen if you clone or change the parameters of a virtual machine where Single Sign On is installed (for example, the amount of RAM, the number of CPUs, the MAC address, and so on).

    Workaround: Perform the following steps.

    1. On the system where Single Sign On is installed, locate the Single Sign On installation directory and run the following command from the utils folder:
      rsautil manage-secrets -a recover -m masterPassword
    2. Restart the Single Sign On service.
    3. Start the vCenter Server service.
  • Active Directory domain to which vCenter Server system belongs does not appear in the Single Sign On server list of identity sources
    On Windows, if vCenter Server is installed on a machine that is joined to an Active Directory domain, the domain users do not appear in the vSphere Client or the vSphere Web Client. On Linux, the error message Unable to retrieve domain user appears.

    Workaround: Configure a reverse forward lookup zone, a related pointer record, and synchronize the system clock.

  • The vCenter Server appliance does not support Active Directory configuration using IPv6
    If you attempt to configure Active Directory on the vCenter Server appliance using IPv6, the configuration fails.

    Workaround: Configure Active Directory on the vCenter Server appliance using IPv4.

  • The vCenter Server Appliance does not support IPv6 addresses in the proxy setting
    If you attempt to enter an IPv6 address for the proxy setting on the vCenter Server Appliance Web console Networking page, the configuration fails.

    Workaround: Use an IPv4 address for the proxy setting for the vCenter Server Appliance.

  • The vSphere Web Client login page takes several minutes to open after certain operations
    Typically, when you open the vSphere Web Client URL in a browser, you can expect the login page to open immediately. But if you just completed the installation, or if you restart the vSphere Web Client service, or configure the vCenter Server Appliance, the login page does not open immediately. You might see a blank page for a few minutes followed by an HTTP 404 page.

    Workaround: Wait for few minutes and try refreshing the page again. If after 2-4 minutes, you refresh the page, the login page opens correctly.

  • On Linux systems, the font appears incorrectly on some vSphere Web Client pages
    The Linux and UNIX shell (*nix/*nux) Web hosting services do not apply the Adobe Flex Spark skins correctly on some vSphere Web Client pages. For example, bold fonts in titles do not appear as bold.

    Workaround: Install the Microsoft True Type Core Fonts, msttcorefonts, for your operating system. For example, on Ubuntu systems, type sudo apt-get install msttcorefonts at the command prompt.

  • Cannot log into the vSphere Web Client with Windows session credentials
    The vSphere Web Client does not support logging in with Windows session credentials when you are logged into Windows as a local operating system user. When you log into the vSphere Web Client with Windows session credentials, you must be an Active Directory user of a domain which exists as an identity source in vCenter Single Sign On.

    Note: Logging in with Windows session credentials is not supported for vCenter Server 5.0 systems.

    Workaround: To use Windows session credentials to log into the vSphere Web Client from a browser on a Windows system, you must log into the Windows system as an Active Directory user of a domain which exists as an identity source in vCenter Single Sign On.

  • When you click Log Browser in the vSphere Web Client, an Unauthorized Access error appears
    When you click the Log Browser link in the vSphere Web Client, an error message appears: Exception: https://<system-address>:12443/vmwb/logbrowser: Unauthorized access. This error occurs after you replace the default vCenter Single Sign On server's SSL certificate, either directly or by regenerating the certificate in the vCenter Server Appliance.

    Workaround: To resolve this issue see KB 2037927.

  • Authentication fails when vCenter Single Sign On system (System-Domain) users attempt to log into the vSphere Web Client
    The default password policy for vCenter Single Sign On system users specifies that passwords expire in 365 days. However, vCenter Single Sign On does not issue a warning when a user's password is approaching expiration.

    Workaround: vCenter Single Sign On administrator users can change expired passwords for System-Domain users. Request that an administrator resets your password. If you are a Single Sign On administrator user, use the ssopass command-line tool to reset the password.

    On Windows:

    1. Open a terminal window and navigate to C:\Program Files\VMware\Infrastructure\SSOServer\ssolscli
    2. Run the following command.
      ssopass <username>
    3. Enter the current password for the user, even if it has expired.
    4. Enter the new password and enter it again for confirmation.

    On Linux (vCenter Server Appliance):

    1. Open a terminal window and navigate to /usr/lib/vmware-sso/bin.
    2. Run the following command.
      ./ssopass <username>
    3. Enter the current password for the user, even if it has expired.
    4. Enter the new password and enter it again for confirmation.

    The tool tries to automatically generate the LookupService URL from the current machine environment. In case you want to provide a different URL, or your connections to the default-picked URL cannot be established, you can provide the URL with the --ls-url parameter.

    The hostname provided in the URL must match the hostname provided during install.

  • Cannot use Windows session authentication in the vSphere Web Client when vCenter Single Sign On is configured for high availability
    Using Windows session authentication requires several consecutive calls to be made to Single Sign On and all of the calls must go to the same server. Because the Security Token Service (STS) client does not accept cookies that are sent from the STS, there is no guarantee that the calls will go to the same server in a high-availability configuration.

    Workaround: None

Virtual Machine Management Issues
  • Customizing a Windows virtual machine fails during the clone or deployment process
    In vCenter Server, guest customization of a Windows 2008, Windows 2008 R2, or Windows 7 virtual machine fails with an error: Windows Setup encountered an internal error while loading or searching for an unattended answer file. This issue occurs because the customization specification contains any of the following characters &, >, <, ", or ' in any of the following fields: Computer Name, Registered Owner Name, or Registered Organization Name.

    Workaround: Do not use special characters for any of these fields.

  • The vSphere Client and the vSphere Web Client allow to create a virtual disk with the 2TB-1MB size, while the maximum supported size is 2TB-512Bytes
    If you create a virtual disk with the vSphere Client and the vSphere Web Client, you can create a virtual disk with the maximum size of 2TB-1MB. However, the maximum supported size of a virtual disk is 2TB-512Bytes.

    Workaround: Use the vmkfstools command to create the virtual disk with the size of 2TB-512Bytes:
    vmkfstools -c --createvirtualdisk disk_size

VMware HA and Fault Tolerance Issues
  • In a vSphere HA cluster using Fault Tolerance, virtual machines might no longer be protected if an All Paths Down (APD) error occurs on all nodes
    In a vSphere HA cluster, if there is APD on primary and secondary nodes for the datastore that hosts a virtual machine, the virtual machine might become unprotected. This is due to a failure to start the Secondary virtual machine as the new Primary virtual machine that results from a timing issue with APD reporting that could cause the virtual machine to become unknown. This issue does not seem occur in a cluster with a smaller number of fault tolerant virtual machines

    Workaround:

    1. From vCenter Server, un-register the virtual machine and then re-register it using the same name as before. The virtual machine comes back up on the old primary node.
    2. Reconfigure the vSphere HA cluster and Fault Tolerance setup as it was previously configured.