The vCenter Server 6.7 Update 3a release addresses the following critical issues for the VMware vCenter Server Appliance:
- Fix to address vCSA SSH backup MITM issue – Now you can enforce strict certificate validation for file-based backup and restore operations by including the root CA certificate in all file transfers. For more information, see VMware knowledge base article 75156.
- Fix for vSAN UI does not appear in vSphere Client after upgrade to 6.7 Update 3
- Fix for the following convergence issues :
- Convergence, domain repointing and fresh installation of a vCenter Server Appliance with an embedded Platform Services Controller connected in Embedded Linked Mode might fail with error
- Convergence of a vCenter Server instance with an external Platform Services Controller to a vCenter Server instance with an embedded Platform Services Controller fails with error
The following important CVE fixes in the vCenter Server Appliance:
1.) [CVE-2018-14682, CVE-2018-14681]: libmspack
2.) [CVE-2018-20843] package: expat branch :1.0
3.) [CVE-2019-12900]: bzip2
4.) [CVE-2019-13117, CVE-2019-13118]: libxslt
5.) [CVE-2019-13232] package: unzip branch :1.0
6.) [CVE-2019-13638] package: patch branch :1.0
7.) [CVE-2019-15902, CVE-2016-10905, CVE-2019-10638]: linux
Documentation and Links
– ESXi Product Patches
– Photon OS Security Patches
– vCenter Server 6.7 U3a Release Notes
The vCenter Server 6.5 Update 3d release addresses the following critical issue for the VMware vCenter Server Appliance:
Fix to address vCSA SSH backup MITM issue – Now you can enforce strict certificate validation for file-based backup and restore operations by including the root CA certificate in all file transfers. For more information, see VMware knowledge base article 75156.
Continue reading “Announcing General Availability of VMware vCenter Server 6.5 U3d”
As part of our planned upgrade to vSphere 6.7, we needed the ability to quickly scan the various vCenter Servers for host profiles that may be configured for version 5.5 or older. According to the vSphere 6.7 Release Notes, if these older host profiles are found, the vCenter pre-upgrade check will fail.
Continue reading “PowerCLI: Find Host Profiles and Versions in vCenter”
This script is an idea that spun off of my previous post, PowerCLI: Find UEFI-Enabled VMs. If you’re preparing to enable Secure Boot in a VMware environment, it may be helpful to identify the VMs that cannot be upgraded. As you might recall, enabling secure boot requires the following:
- VMware vSphere 6.5 or higher
- Virtual hardware version 13 or higher
- VMs need to be configured with EFI boot firmware
Continue reading “PowerCLI: Find BIOS-Enabled VMs”
With all the news regarding the Spectre and Meltdown CPU vulnerabilities over the past several months, there’s been a greater focus to get VMware virtual machines to virtual hardware version 9 or higher, as noted by Andrea Mauro’s post regarding these vulnerabilities. In addition to that, several companies and organizations may be looking to enable Secure Boot, a feature first introduced with vSphere 6.5. However, in order to enable secure boot, the virtual machine needs to be configured with both EFI boot firmware AND be on virtual hardware version 13 or higher.
Continue reading “PowerCLI: Find UEFI-Enabled VMs”
Earlier this week, someone on our team received a request to change a VMware virtual machine’s NIC from e1000 to VMXNET3. While the change was a bit manual in nature due to the Guest OS configuration changes, it got us thinking… How many other VM’s might still have e1000 NIC adapters? So, I started working on a script to find out.
Continue reading “Finding NICs That Aren’t VMXNET3”
Hello again, everyone! Recently, I’ve been working on a script that will create new VM Port Groups on a virtual standard switch (vSS) in a given cluster. While this could probably be alleviated by using a virtual distributed switch (vDS), let’s assume that you have a need to stick with vSS for whatever reason (licensing, company standards, etc.).
In this script, it validates that the VLAN number is in fact a whole number within the range of 1 through 4905. At the end of the script, it asks if you’d like to add another port group to the same cluster or not. I found this to be very handy if you’re standing up a new cluster that only contained vSS, or simply adding more port groups to an existing cluster.
Continue reading “PowerCLI: Create New VM Port Groups in a Cluster”
During a recent technical engagement with a vendor, my team was asked to verify that VAAI was disabled for all hosts attached to that vCenter. There are several different ways to go about doing this, so I figured I would put this blog post together to showcase some of the different ways in which this can be accomplished. There are three settings that need to be reviewed (or changed). They are: DataMover.HardwareAcceleratedMove, DataMover.HardwareAcceleratedInit, and VMFS3.HardwareAcceleratedLocking. A value of 1 means the setting is enabled, and a value of 0 means the setting is disabled.
Continue reading “PowerCLI: Get or Set VAAI Settings for VMware Hosts”