ESXi – Doug's Blog

Announcing the General Availability of VMware vSphere 7.0 U3f

Update as of July 24, 2022: If your vCenter Server is or was previously attached to an Active Directory domain that used Integrated Windows Authentication (IWA) as an Identity Source, skip this vCenter release and go to vCenter 7.0 U3g. VMware KB 89027 explains the issue in more detail.

As of July 12, 2022, VMware has officially released vSphere version 7.0 U3f. This particular release addresses a number of security patches for vCenter Server, including CVE-2022-22982. This particular CVE has a CVSSv3 score of 5.3 (Moderate) and is explained in more detail in VMware’s VMSA-2022-0018 Security Advisory.

As for ESXi, this patch release addresses a number of security advisories, PRs, as well as updating drivers and VIBs on ESXi hosts. The specific security advisories addressed in this release include: CVE-2022-23816, CVE-2022-23825, CVE-2022-26373, CVE-2022-28693, and CVE-2022-29901. These security advisories are explained in more detail in VMware’s VMSA-2022-0020 Security Advisory.

vCenter Server 7.0 U3f | Build 20051473

Release Notes: https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u3f-release-notes.html
Documentation: https://docs.vmware.com/en/VMware-vSphere/index.html
Download: https://customerconnect.vmware.com/downloads/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/7_0

ESXi 7.0 U3f | Build 20036589

Release Notes: https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3f-release-notes.html

Announcing the General Availability of VMware vSphere 7.0 U3d

As of March 29, 2022, VMware has officially released vSphere version 7.0 U3d. The most notable thing I’ve seen from this patch release is that the vCenter Server patch addresses CVE-2022-22948. This particular CVE has a CVSSv3 score of 5.5 (Moderate) and is explained in more detail in VMware’s VMSA-2022-0009 Security Advisory. As for ESXi, this patch release addresses a number of issues and PRs, as well as updating drivers and VIBs on ESXi hosts.

vCenter Server 7.0 U3d | Build 19480866

Release Notes: https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-vcenter-server-70u3d-release-notes.html
Documentation: https://docs.vmware.com/en/VMware-vSphere/index.html
Download: https://customerconnect.vmware.com/downloads/info/slug/datacenter_cloud_infrastructure/vmware_vsphere/7_0

ESXi 7.0 U3d | Build 19482537

Release Notes: https://docs.vmware.com/en/VMware-vSphere/7.0/rn/vsphere-esxi-70u3d-release-notes.html

Announcing General Availability of VMware vCenter Server 6.7 U3a

What’s New?

The vCenter Server 6.7 Update 3a release addresses the following critical issues for the VMware vCenter Server Appliance:

Fix to address vCSA SSH backup MITM issue – Now you can enforce strict certificate validation for file-based backup and restore operations by including the root CA certificate in all file transfers. For more information, see VMware knowledge base article 75156.
Fix for vSAN UI does not appear in vSphere Client after upgrade to 6.7 Update 3
Fix for the following convergence issues :
- Convergence, domain repointing and fresh installation of a vCenter Server Appliance with an embedded Platform Services Controller connected in Embedded Linked Mode might fail with error install.vmafd.vmdir_vdcpromo_error_21
- Convergence of a vCenter Server instance with an external Platform Services Controller to a vCenter Server instance with an embedded Platform Services Controller fails with error 41204

The following important CVE fixes in the vCenter Server Appliance:

1.) [CVE-2018-14682, CVE-2018-14681]: libmspack
2.) [CVE-2018-20843] package: expat branch :1.0
3.) [CVE-2019-12900]: bzip2
4.) [CVE-2019-13117, CVE-2019-13118]: libxslt
5.) [CVE-2019-13232] package: unzip branch :1.0
6.) [CVE-2019-13638] package: patch branch :1.0
7.) [CVE-2019-15902, CVE-2016-10905, CVE-2019-10638]: linux

Documentation and Links

Download Link:
– vCenter-all
– ESXi Product Patches

Documentation:
– Photon OS Security Patches
– vCenter Server 6.7 U3a Release Notes

Announcing General Availability of VMware vCenter Server 6.5 U3d

What’s New?

The vCenter Server 6.5 Update 3d release addresses the following critical issue for the VMware vCenter Server Appliance:

Fix to address vCSA SSH backup MITM issue – Now you can enforce strict certificate validation for file-based backup and restore operations by including the root CA certificate in all file transfers. For more information, see VMware knowledge base article 75156.

My Upcoming Central PA VMUG Presentation

Hey everyone! I wanted to spread the word about my upcoming presentation at the Central PA VMUG on Thursday, November 1st in State College! Last year, I spoke at the Pittsburgh VMUG on the topic of PowerCLI and my journey into scripting. This year, I plan on revisiting that presentation with several new updates and maybe even do live demo (assuming I can get my home lab completely set up and configured in time)! Plus, I’m looking forward to catching up with the Central PA VMUG crew as well as meeting many others in the #vCommunity!

For those who may not know, October 2017 was my first time ever presenting at a local VMUG meeting. In fact, I wasn’t really engaged in the VMware Community all that much until about April 2017, when I started my blog and began using Twitter a lot more. Sure, I’ve been using VMware’s products and services since about 2010, but the only real ‘engagement’ I’ve done in the community was attend the occasional VMUG or UserCon.

Finding NICs That Aren’t VMXNET3

Earlier this week, someone on our team received a request to change a VMware virtual machine’s NIC from e1000 to VMXNET3. While the change was a bit manual in nature due to the Guest OS configuration changes, it got us thinking… How many other VM’s might still have e1000 NIC adapters? So, I started working on a script to find out.

PowerCLI: Enable/Disable SSH and Lockdown Mode

So, as you can probably tell from my past couple of posts, I’ve been spending a bit of time working with PowerCLI to script and automate several tasks for managing VMware environments. My most recent script combines four tasks I seem to do often when performing cluster-wide maintenance; Enabling and Disabling both SSH and Lockdown Mode. This was actually one of the scripts I discussed at the recent Western PA VMUG meeting held on October 20, 2017.

In this script, like many of my other scripts, it asks the user to enter the vCenter server to connect to, as well as the cluster to work with. Then, the user is presented with five options:

Enable SSH
Disable Lockdown Mode
Disable SSH
Enable Lockdown Mode
Exit

PowerCLI: Create New VM Port Groups in a Cluster

Hello again, everyone! Recently, I’ve been working on a script that will create new VM Port Groups on a virtual standard switch (vSS) in a given cluster. While this could probably be alleviated by using a virtual distributed switch (vDS), let’s assume that you have a need to stick with vSS for whatever reason (licensing, company standards, etc.).

In this script, it validates that the VLAN number is in fact a whole number within the range of 1 through 4905. At the end of the script, it asks if you’d like to add another port group to the same cluster or not. I found this to be very handy if you’re standing up a new cluster that only contained vSS, or simply adding more port groups to an existing cluster.

PowerCLI: Get or Set VAAI Settings for VMware Hosts

During a recent technical engagement with a vendor, my team was asked to verify that VAAI was disabled for all hosts attached to that vCenter. There are several different ways to go about doing this, so I figured I would put this blog post together to showcase some of the different ways in which this can be accomplished. There are three settings that need to be reviewed (or changed). They are: DataMover.HardwareAcceleratedMove, DataMover.HardwareAcceleratedInit, and VMFS3.HardwareAcceleratedLocking. A value of 1 means the setting is enabled, and a value of 0 means the setting is disabled.

PowerCLI: Find a VM Based on RDM’s LUN ID

Let’s say you have a LUN ID that you clearly know is a RDM. How do you determine what virtual machine is associated with that disk?

Recently, I was prepping a cluster for routine ESXi patching. As part of my preparation, I scanned the cluster for RDM disks first to ensure that they were set to Perennially Reserved = True. After doing the RDM scan, I found a cluster that had a single RDM disk, but didn’t know which VM it was associated with. Although VMware has a Knowledge Base article (KB2001823) on how to do find RDM’s and which VM’s they’re associated with, it looks like it will find all RDM’s and VM’s across the entire vCenter Server. Since I know the cluster, and I know the RDM LUN ID, I wanted to narrow down the results for my particular needs.