vCenter Server 6.0 Update 2 | 15 MARCH 2016 | ISO Build 3634788 vCenter Server Appliance 6.0 Update 2 | 15 MARCH 2016 | ISO Build 3634788 vCenter Server 6.0 Update 2 on Windows Build 3634793 vCenter Server 6.0 Update 2 on vCenter Server Appliance Build 3634794 Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New

Two-factor authentication for vSphere Web Client : Protect the vSphere Web Client using the following form of authentication: RSA SecurID Smart card (That is the UPN based Common Access Card)

: Protect the vSphere Web Client using the following form of authentication: Support to change vSphere ESX Agent Manager logging level : This release supports dynamic increase or decrease of vSphere ESX Agent Manager (EAM) logging levels without restarting EAM.

: This release supports dynamic increase or decrease of vSphere ESX Agent Manager (EAM) logging levels without restarting EAM. vCenter Server 6.0 Update 2 enables support for TLS versions 1.1 and 1.2 for most of the vSphere components without breaking the previously supported compatibility or interoperability. Some of the vSphere components that still support only TLS version 1.0 are listed here: vSphere Client Virtual SAN Observer on vCenter Server Appliance (vCSA) Syslog on vCSA The previous TLSv1.1 & TLSv1.2 compatibility issues regarding Auto Deploy & iPXE on the vCSA have been resolved.

The previous TLSv1.1 & TLSv1.2 compatibility issues regarding Auto Deploy & iPXE on the vCSA have been resolved. vSphere Web Client support: vSphere Web Client now supports Microsoft Windows 10 OS.

vSphere Web Client now supports Microsoft Windows 10 OS. vCenter Server database support: vCenter Server now supports the following external databases: Microsoft SQL Server 2012 Service Pack 3 Microsoft SQL Server 2014 Service Pack 1

vCenter Server now supports the following external databases: Resolved Issues: This release of vCenter Server 6.0 Update 2 addresses issues that have been documented in the Resolved Issues section.

Earlier Releases of vCenter Server 6.0

Patches Contained in this Release

This release of vCenter Server 6.0 Update 2 delivers the following patches. See the VMware Patch Download Center for more information on downloading patches.

Internationalization

VMware vSphere 6.0 is available in the following languages:

English

French

German

Japanese

Korean

Simplified Chinese

Spanish

Traditional Chinese

Components of VMware vSphere 6.0, including vCenter Server, ESXi, the vSphere Web Client, and the vSphere Client do not accept non-ASCII input.

Compatibility

ESXi, vCenter Server, and vSphere Web Client Version Compatibility

The VMware Product Interoperability Matrix provides details about the compatibility of current and earlier versions of VMware vSphere components, including ESXi, VMware vCenter Server, the vSphere Web Client, and optional VMware products. Check the VMware Product Interoperability Matrix also for information about supported management and backup agents before you install ESXi or vCenter Server.

The vSphere Web Client is packaged with the vCenter Server. You can install the vSphere Client from the VMware vCenter autorun menu that is part of the modules ISO file.

Hardware Compatibility for ESXi

To view a list of processors, storage devices, SAN arrays, and I/O devices that are compatible with vSphere 6.0, use the ESXi 6.0 information in the VMware Compatibility Guide.

Device Compatibility for ESXi

To determine which devices are compatible with ESXi 6.0, use the ESXi 6.0 information in the VMware Compatibility Guide.

Some devices are deprecated and no longer supported on ESXi 6.0. During the upgrade process, the device driver is installed on the ESXi 6.0 host. The device driver might still function on ESXi 6.0, but the device is not supported on ESXi 6.0. For a list of devices that are deprecated and no longer supported on ESXi 6.0, see KB 2087970.

Third-Party Switch Compatibility for ESXi

VMware now supports Cisco Nexus 1000V with vSphere 6.0. vSphere requires a minimum NX-OS release of 5.2(1)SV3(1.4). For more information about Cisco Nexus 1000V, see the Cisco Release Notes. As in previous vSphere releases, Cisco Nexus 1000V AVS mode is not supported.

Guest Operating System Compatibility for ESXi

To determine which guest operating systems are compatible with vSphere 6.0, use the ESXi 6.0 information in the VMware Compatibility Guide.

Virtual Machine Compatibility for ESXi

Virtual machines that are compatible with ESX 3.x and later (hardware version 4) are supported with ESXi 6.0. Virtual machines that are compatible with ESX 2.x and later (hardware version 3) are not supported. To use such virtual machines on ESXi 6.0, upgrade the virtual machine compatibility. See the vSphere Upgrade documentation.

Installation and Upgrades for This Release

Installation Notes for This Release

Read the vSphere Installation and Setup documentation for guidance about installing and configuring ESXi and vCenter Server.

Although the installations are straightforward, several subsequent configuration steps are essential. Read the following documentation:

"License Management and Reporting" in the vCenter Server and Host Management documentation

"Networking" in the vSphere Networking documentation

"Security" in the vSphere Security documentation for information on firewall ports

vSphere 6.0 Recommended Deployment Models

VMware recommends only two deployment models:

vCenter Server with embedded Platform Services Controller . This model is recommended if one or more standalone vCenter Server instances are required to be deployed in a data center. Replication between these vCenter Server with embedded Platform Services Controller models are not recommended.

vCenter Server with external Platform Services Controller. This model is recommended only if multiple vCenter Server instances need to be linked or want to have reduced footprint of Platform Services Controller in the data center. Replication between these vCenter Server with external Platform Services Controller models are supported.

Read the vSphere Installation and Setup documentation for guidance on installing and configuring vCenter Server.

Also, read KB 2108548 for guidance on installing and configuring vCenter Server.

vCenter Host OS Information

Read the Knowledge Base article KB 2091273.

Backup and Restore for vCenter Server and the vCenter Server Appliance Deployments that Use an External Platform Services Controller

Although statements in the vSphere Installation and Setup documentation restrict you from attempting to backup and restore vCenter Server and vCenter Server Appliance deployments that use an external Platform Services Controller, you can perform this task by following the steps in KB 2110294.

Migration from Embedded Platform Services Controller to External Platform Services Controller

vCenter Server with embedded Platform Services Controller cannot be migrated automatically to vCenter Server with external Platform Services Controller. Testing of this migration utility is not complete.

Before installing vCenter Server, determine your desired deployment option. If more than one vCenter Servers are required for replication setup, always deploy vCenter with external Platform Services Controller.

Migrating Third-Party Solutions

For information about upgrading with third-party customizations, see the vSphere Upgrade documentation. For information about using Image Builder to make a custom ISO, see the vSphere Installation and Setup documentation.

Upgrades and Installations Disallowed for Unsupported CPUs

vSphere 6.0 supports only processors available after June (third quarter) 2006. Comparing the processors supported by vSphere 5.x, vSphere 6.0 no longer supports the following processors:

AMD Opteron 12xx Series

AMD Opteron 22xx Series

AMD Operton 82xx Series

Upgrade Notes for This Release

During an installation or upgrade, the installer checks the compatibility of the host CPU with vSphere 6.0. If your host hardware is not compatible, a purple screen appears with an incompatibility information message, and the vSphere 6.0 installation process stops.

For instructions about upgrading vCenter Server and ESX/ESXi hosts, see the vSphere Upgrade documentation.

Open Source Components for VMware vSphere 6.0

The copyright statements and licenses applicable to the open source software components distributed in vSphere 6.0 are available at http://www.vmware.com. You need to log in to your My VMware account. Then, from the Downloads menu, select vSphere. On the Open Source tab, you can also download the source files for any GPL, LGPL, or other similar licenses that require the source code or modifications to source code to be made available for the most recent available release of vSphere.

Product Support Notices

vCenter Server database . VMware continues to support Oracle 11g and 12c as an external database in vSphere 6.0. VMware will drop support for Oracle 11g and 12c as an external database for vCenter Server Appliance in a future major release.

vSphere Web Client . The Storage Reports selection from an object's Monitor tab is no longer available in the vSphere 6.0 Web Client.

vSphere Client. The Storage Views tab is no longer available in the vSphere 6.0 Client.

Resolved Issues

Installation and Upgrade Issues

Attempts to deploy a new Platform Services Controller (PSC) node and joining it to the existing vSphere.local domain might fail

Installing the VMware Platform Services Controller and joining it to the existing vSphere.local domain might fail during VMware Identity Manager first boot if there is no Identity Source marked as Default in the vSphere.local domain.

For more information, see KB 2144402. This issue is resolved in this release.

Installing the VMware Platform Services Controller and joining it to the existing domain might fail during VMware Identity Manager first boot if there is no Identity Source marked as in the domain. For more information, see KB 2144402. Upgrading vCenter Server from 5.5 Update 3b to 6.0 Update 1b might fail

Upgrading vCenter Server from 5.5 Update 3b to 6.0 Update 1b might fail if SSLv3 is disabled on port 7444 of vCenter Server 5.5 Update 3b. An upgrade from vCenter Server 5.5 Update 3b to 6.0 Update 2 works fine if SSLv3 is disabled by default on 7444 port of vCenter Server 5.5 Update 3b. For more information, see KB 2139396. Note: When you upgrade vCenter Server from 5.5 Update 3b to 6.0 Update 2, SSLv3 is enabled by default for port 7444 on vCenter Server 6.0 Update 2. This issue is resolved in this release.

Upgrading vCenter Server from 5.5 Update 3b to 6.0 Update 1b might fail if SSLv3 is disabled on port 7444 of vCenter Server 5.5 Update 3b. An upgrade from vCenter Server 5.5 Update 3b to 6.0 Update 2 works fine if SSLv3 is disabled by default on 7444 port of vCenter Server 5.5 Update 3b. For more information, see KB 2139396. Upgrading the Platform Services Controller to 6.0 Update 1 or later might cause an error while accessing the Platform Services Controller landing page

After upgrading the Platform Services Controller (PSC) to 6.0 Update 1 or later, when you access the PSC landing page, an error message similar to the following is displayed:

503 Service Unavailable (Failed to connect to endpoint: [N7Vmacore4Http20NamedPipeServiceSpecE:0x7ff1]

For more information, see KB 2134058. This issue is resolved in this release.

After upgrading the Platform Services Controller (PSC) to 6.0 Update 1 or later, when you access the PSC landing page, an error message similar to the following is displayed: CLI installation of vCenter Server Virtual Appliance fails in an IPv6 environment

Installing the vCenter Server Virtual Appliance using a command line interface installer might fail in an environment that uses IPv6 as the Internet Protocol. This issue is resolved in this release.

Installing the vCenter Server Virtual Appliance using a command line interface installer might fail in an environment that uses IPv6 as the Internet Protocol. In vSphere, the I/O filter upgrade or uninstall operations might fail in a cluster environment

In a cluster environment where the Distributed Resource Scheduler (DRS) is disabled either by you or due to lack of license entitlement, the I/O filter upgrade and uninstall operations fail with an error. This issue is resolved in this release.

In a cluster environment where the Distributed Resource Scheduler (DRS) is disabled either by you or due to lack of license entitlement, the I/O filter upgrade and uninstall operations fail with an error. Installation or deployment of an additional Platform Services Controller 6.0 Update 1b might fail during vmafd first boot

Installation or deployment of an additional Platform Services Controller (PSC) 6.0 Update 1b or vCenter Server 6.0 Update 1b with Embedded PSC might fail during vmafd first boot, if it is joined to an existing SSO Domain.

For more information, see KB 2144612. This issue is resolved in this release.

Installation or deployment of an additional Platform Services Controller (PSC) 6.0 Update 1b or vCenter Server 6.0 Update 1b with Embedded PSC might fail during vmafd first boot, if it is joined to an existing SSO Domain. For more information, see KB 2144612. In the vCenter Server Appliance Management Interface, the vCenter Server Appliance update status might be stuck at 70 percent

In the vCenter Server Appliance Management Interface, the vCenter Server Appliance update status might be stuck at 70 percent, although the update is successful in the back end. You can check the update status in the /var/log/vmware/applmgmt/software-packages.log file. After a successful update, a message similar to the following is seen in the log file:

Packages upgraded successfully, Reboot is required to complete the installation This issue is resolved in this release.

In the vCenter Server Appliance Management Interface, the vCenter Server Appliance update status might be stuck at 70 percent, although the update is successful in the back end. You can check the update status in the file. After a successful update, a message similar to the following is seen in the log file: During the vCenter Server Appliance installation, asynchronous issue might be seen in the End User License Agreement page

During the installation of vCenter Server Appliance, the contents in the End User License Agreement page might be inconsistent with the English version. This issue is resolved in this release.

Security Issues

Update to the Oracle (Sun) JRE

The Oracle (Sun) JRE is updated to version 1.7.0.91.

The Oracle (Sun) JRE is updated to version 1.7.0.91.

Update to glibc package to address a security issue

The vCenter Server glibc package is updated to resolve a security issue. The Common Vulnerabilities and Exposures project (cve.mitre.org) has assigned the name CVE-2015-7547 to this issue. For more information, see KB 2144032.



vCenter Server, vSphere Web Client, and vSphere Client Issues

When vSphere Web Client 6.0 is used to move or copy a Virtual Machine Disk (VMDK) between folders, the descriptor is the only file that is moved or copied

When vSphere Web Client 6.0 is used to move or copy a Virtual Machine Disk (VMDK) between folders, the descriptor is the only file that is moved or copied. The flat file is retained in the source folder.

This issue is resolved in this release.

When vSphere Web Client 6.0 is used to move or copy a Virtual Machine Disk (VMDK) between folders, the descriptor is the only file that is moved or copied. The flat file is retained in the source folder.

Attempts to apply VMFS filter when performing an extend operation on vCenter Server 6.x database might not work

When you run an extend operation on vCenter Server or use the QueryAvailableDisksForVmfs API to increase the datastore size, the Same Host and Transports Filter might not work. An error message similar to the following might be written to the vpxd.log file:

SQLError was thrown: "ODBC error: (42S22) - [Microsoft][SQL Server Native Client 10.0][SQL Server]Invalid column name 'LUN_TYPE'." is returned when executing SQL statement "select distinct T2.UUID from VPX_PSA_PATH T1, VPX_SCSI_LUN T2, VPX_PSA_TARGET T3, VPX_PSA_DEVICE T4, VPX_PSA_TARGET_TRANSPORT T5 where T1.HOST_ID = ? and T1.TARGET_LINK_KEY = T3.KEY_VAL and T4.LINK_KEY = T2.KEY_VAL and T1.LUN_LINK_KEY = T4.KEY_VAL and T2.LUN_TYPE = 'DISK' AND T3.ID = T5.ID"

vpxd-61781.log 6304 2015-09-03T15:31:17.446+02:00 error vpxd[16664] [Originator@6876 sub=lunUtil opID=F95BE428-0000320F-e2] [GetLunsSeenBySameHostsAsDS] Query getLunsOnHostWithoutLocalTransport failed with error "ODBC error: (42S22) - [Microsoft][SQL Server Native Client 10.0][SQL Server]Invalid column name 'LUN_TYPE'." is returned when executing SQL statement "select distinct T2.UUID from VPX_PSA_PATH T1, VPX_SCSI_LUN T2, VPX_PSA_TARGET T3, VPX_PSA_DEVICE T4, VPX_PSA_TARGET_TRANSPORT T5 where T1.HOST_ID = ? and T1.TARGET_LINK_KEY = T3.KEY_VAL and T4.LINK_KEY = T2.KEY_VAL and T1.LUN_LINK_KEY = T4.KEY_VAL and T2.LUN_TYPE = 'DISK' AND T3.ID = T5.ID"

This issue is resolved in this release.

When you run an extend operation on vCenter Server or use the API to increase the datastore size, the might not work. An error message similar to the following might be written to the file: DataService might not support pagination of results on multi linked vCenter Servers

On vSphere Client, DataService might not support pagination of queries. This issue causes the vSphere Client pages to list wrong items. This issue is resolved in this release.

On vSphere Client, DataService might not support pagination of queries. This issue causes the vSphere Client pages to list wrong items. Inventory might not be visible in vSphere Web Client even after you log in to vCenter Server with the correct permissions

Inventory might not be visible in vSphere Web Client even after you log in to vCenter Server with the correct permissions.

A message similar to the following can be seen in inv-svc.log :

User <DOMAIN>\<Username> does not have privileges [System.View] on object For more information, see KB 2125628. This issue is resolved in this release.

Inventory might not be visible in vSphere Web Client even after you log in to vCenter Server with the correct permissions. A message similar to the following can be seen in : When you log into vSphere Web Client, the Customer Experience Improvement Program might report an error message

When you log in to vSphere Web Client, the Customer Experience Improvement Program might fail, and report an error message similar to the following:

Error occurred while processing request. Check vsphere Web client Logs for details.

This issue is seen in vSphere Web Client Update 1 and above. This issue is resolved in this release.

When you log in to vSphere Web Client, the Customer Experience Improvement Program might fail, and report an error message similar to the following: If user is a member of more than 300 groups in the Active Directory, the Windows Session Authentication login might fail due to an error in the VMware Client Integration Plugin

In a complex Active Directory setup, if you are a member of more than 300 groups, the Windows Session Authentication login might fail. This is caused by an error in the VMware Client Integration Plugin. The Windows Session Authentication login might also fail due to timeout.

An error message similar to the following is displayed:

Windows Session Authentication login has failed as a result of an error caused by the VMware Client Integration Plugin

This issue is resolved in this release.

In a complex Active Directory setup, if you are a member of more than 300 groups, the Windows Session Authentication login might fail. This is caused by an error in the VMware Client Integration Plugin. The Windows Session Authentication login might also fail due to timeout. An error message similar to the following is displayed: Windows Session Authentication (SSPI) login might fail on the VMware-csd side, if you are a member of multiple groups

You might be unable to log in to the vSphere Web Client with SSPI (Windows Session Credentials) if you are a member of multiple groups in Active Directory. The SSPI Windows Session login might fail on the VMware-csd side.

This issue is resolved in this release.

You might be unable to log in to the vSphere Web Client with SSPI (Windows Session Credentials) if you are a member of multiple groups in Active Directory. The SSPI Windows Session login might fail on the VMware-csd side. When vSphere Web Client is used in an environment that is configured for vSphere Replication or Site Recovery Manager, some of the vSphere Web Client remote permission checks might fail

If vSphere Web Client is used in an environment, that is configured for vSphere Replication or Site Recovery Manager, permission checks executed against the remote environment might fail or return erroneous results.

This issue is resolved in this release.

If vSphere Web Client is used in an environment, that is configured for vSphere Replication or Site Recovery Manager, permission checks executed against the remote environment might fail or return erroneous results. After you replace the vCenter Server certificates in VMware vSphere 6.0, the ESXi Agent Manager and Auto Deploy solution user might fail to log in

After you replace the solution user certificates on vCenter Server, the ESXi Agent Manager, and an Auto Deploy solution user fail might to log in. This happens when the certificate manager of VMware Certificate Authority updates the ESXi Agent Manager and Auto Deploy certificates after replacing the vCenter Server certificates from VMware vSphere 6.0 Update 2. For more information, see KB 2112577. This issue is resolved in this release.

After you replace the solution user certificates on vCenter Server, the ESXi Agent Manager, and an Auto Deploy solution user fail might to log in. This happens when the certificate manager of VMware Certificate Authority updates the ESXi Agent Manager and Auto Deploy certificates after replacing the vCenter Server certificates from VMware vSphere 6.0 Update 2. In vCenter Server 6.0, when one of the data providers exceeds the allowed time limit of 120 seconds, the entire batch query might fail

In vCenter Server 6.0, if a data provider exceeds the allowed time limit of 120 seconds, the entire batch query might fail with an error.

This issue is resolved in this release.

In vCenter Server 6.0, if a data provider exceeds the allowed time limit of 120 seconds, the entire batch query might fail with an error. Deploying vApp from the vApp template fails on vCloud Director with an error

Deploying a vApp on vCloud Director through the vApp template fails with a Profile-Driven storage error.

When you refresh the storage policy, an error message similar to the following is displayed:

The entity vCenter Server is busy completing an operation.

This issue is resolved in this release.

Deploying a vApp on vCloud Director through the vApp template fails with a Profile-Driven storage error. When you refresh the storage policy, an error message similar to the following is displayed: Generating a root signing certifcate using the VMware Certificate Authority (VMCA) tool picks only few parameters that are populated in the root.cfg file

When you generate a new root signing certificate or a certificate signing request using the VMware Certificate Authority (VMCA) through the Certificate Manager Utility (CMU), we do not honor all the parameters in the certool.cfg file we create for the root signing certificate.

This issue is resolved in this release.

When you generate a new root signing certificate or a certificate signing request using the VMware Certificate Authority (VMCA) through the Certificate Manager Utility (CMU), we do not honor all the parameters in the file we create for the root signing certificate. For multiple hosts in a cluster, the vSphere Web Client displays Health Check status as unknown

For multiple hosts in a cluster, the vSphere Web Client displays the vSphere Distributed Switch (VDS) Health Check where Virtual LAN, Maximum Transmission Unit (MTU), and the Teaming statuses are Unknown .

This issue is resolved in this release.

For multiple hosts in a cluster, the vSphere Web Client displays the vSphere Distributed Switch (VDS) Health Check where Virtual LAN, Maximum Transmission Unit (MTU), and the Teaming statuses are . The vSphere Certificate Manager might create Certificate Signed Requests for VMware Certificate Authority by copying information from existing certificates

The vSphere Certificate Manager might create Certificate Signed Requests for VMware Certificate Authority's root signing certificate, by copying information from existing certificates.



This issue is resolved in this release.

The vSphere Certificate Manager might create Certificate Signed Requests for VMware Certificate Authority's root signing certificate, by copying information from existing certificates. Attempts to log in to vCenter Server as an Active Directory user in an Integrated Active Directory environment might fail

In an Integrated Active Directory environment, attempts to log in to vCenter Server as an Active Directory user might fail if vCenter Server is added to the domain through a secondary data center, while the reverse lookup in the DNS entry is disabled.

This issue is resolved in this release.

In an Integrated Active Directory environment, attempts to log in to vCenter Server as an Active Directory user might fail if vCenter Server is added to the domain through a secondary data center, while the reverse lookup in the DNS entry is disabled. When an IO filter is upgraded to a new version, vCenter Server might not recognize the filter

When IO filter is upgraded to a new version, vCenter Server might not recognize the filter. As a result a new filter policy corresponding to filter must be created and applied to the virtual disk.

This issue is resolved in this release.

When IO filter is upgraded to a new version, vCenter Server might not recognize the filter. As a result a new filter policy corresponding to filter must be created and applied to the virtual disk. Virtual machine and data deletion might occur when you restore the vCenter Server Appliance 6.0 from backup

The virtual machines created during or after the backup window might not be available in the vCenter Server inventory or stored in the datastore.

This issue is resolved in this release.

The virtual machines created during or after the backup window might not be available in the vCenter Server inventory or stored in the datastore. In vSphere Web Client, truncation issue might be seen in the Storage Adapter page

In vSphere Web Client, when you add the host configuration to the data center, truncation issue might be seen in the Storage Adapter page.

This issue is resolved in this release.

In VMware vCenter Server 6.0.x, the Storage Distributed Resource Scheduler (SDRS) virtual machine settings do not get saved after a vpxd service restart

After you restart the VMware vCenter Server 6.0.x or the vpxd service, the virtual machine custom automation and VMDK affinity configuration in SDRS might be lost. This happens when the virtual machine override settings are not persistent after the vCenter Server 6.0.x or the vpxd service is restarted.

This issue is resolved in this release.

After you restart the VMware vCenter Server 6.0.x or the vpxd service, the virtual machine custom automation and VMDK affinity configuration in SDRS might be lost. This happens when the virtual machine override settings are not persistent after the vCenter Server 6.0.x or the vpxd service is restarted. Delta disk names of the source VM are retained in the disk names of the cloned VM

When you create a hot clone of a VM that has one or more snapshots, the delta disk names of the source VM are retained in the cloned VM. This issue is resolved in this release.

When you create a hot clone of a VM that has one or more snapshots, the delta disk names of the source VM are retained in the cloned VM. The DNS settings for specific Virtual Network Adapters (NIC) might not be appropriately associated after customization of a VM

While deploying virtual machines with two Virtual Network Adapters (NICs), the DNS Server and DNS domain settings might be configured on the first NIC, and not on the last NIC. As a result, after you customize the VM, the DNS settings are associated with the last NIC. This issue is resolved in this release.

While deploying virtual machines with two Virtual Network Adapters (NICs), the DNS Server and DNS domain settings might be configured on the first NIC, and not on the last NIC. As a result, after you customize the VM, the DNS settings are associated with the last NIC. In vCenter Server 5.0, the serial port details might be invisible, although it is visible with a direct connection to the ESXi host

The serial port network backup details are not stored in the vCenter Server database. As a result, the serial port details might be invisible in vCenter Server 5.0.

You cannot apply a 6.0 Update 2 update to vCenter Server 5.0. This issue is resolved in this release.

The serial port network backup details are not stored in the vCenter Server database. As a result, the serial port details might be invisible in vCenter Server 5.0. You cannot apply a 6.0 Update 2 update to vCenter Server 5.0. vpxd service might fail when a VM template is deployed in vSphere Distributed Resource Scheduler (DRS) cluster

vCenter Server service (vpxd) might fail during a virtual machine power on operation in a Distributed Resource Scheduler (DRS) cluster. This issue is resolved in this release.

vCenter Server service (vpxd) might fail during a virtual machine power on operation in a Distributed Resource Scheduler (DRS) cluster. While creating a virtual machine the vpxd service might fail with an HTTP 503 error

While creating a virtual machine using API, the vpxd service might fail.

This issue is resolved in this release.

While creating a virtual machine using API, the vpxd service might fail. Renaming a VM through PowerCLI or any direct vCenter Server API script, and restarting vCenter Server might revert the VM name to its original value

Renaming a virtual machine through PowerCLI or any direct vCenter Server API script, and restarting vCenter Server might revert the VM name to its original value.

For more information, see KB 2144061. This issue is resolved in this release.

vMotion and Storage vMotion Issues

The Enhanced vMotion Compatibility might not work across different High Availability (HA) source and destination clusters

When High Availability (HA) clusters on the source and destination are different, the Enhanced vMotion Compatibility might not work, and vSphere Storage DRS might fail. In a cross cluster, the heartbeat datastore access varies between different FDM primary agents that might cause the failure.

This issue is resolved in this release.

Certificate Management Issues

Adding a VMware vSphere ESXi host to VMware vCenter Server 6.0 fails with an error

When you replace the VMware Certificate Authority root certificate with an enterprise subordinate certificate, you might not be able to join a VMware vSphere ESXi host to the VMware vCenter Server. An error message similar to the following is displayed:

Signed certificate could not be retrieved due to a start time error

For more information, refer KB 2123386.



This issue is resolved in this release.

Server Configuration Issues

When Active Directory as the LDAP Identity Source is edited, the default domain setting might be lost

The default domain configuration settings in vSphere Web Client might be lost when Active Directory as the LDAP Identity Source is edited. This issue is resolved in this release.

The default domain configuration settings in vSphere Web Client might be lost when Active Directory as the LDAP Identity Source is edited. When sso-config script is used to configure the vCloud Automation Center settings, the certificate parameter might stop

When sso-config script is used to configure vCloud Automation Center settings, the parameter that is used to configure certificates might stop at the first certificate. The issue might be caused by the leading space between multiple certificates in the sso-config command. This issue is resolved in this release.

When script is used to configure vCloud Automation Center settings, the parameter that is used to configure certificates might stop at the first certificate. The issue might be caused by the leading space between multiple certificates in the command. Reconfiguring vCenter Server with Embedded Platform Services Controller to a vCenter Server with External Platform Services Controller might fail

Attempts to reconfigure a vCenter Server with Embedded Platform Services Controller to a vCenter Server with External Platform Services Controller might fail if you have more than one external Platform Services Controller in the same vSphere domain. Error messages similar to the following are displayed in the Windows Command Prompt for vCenter Server or the vCenter Server Appliance SSH session:



Error 19: Possible errors:

LDAP error: Constraint violation

Win Error: Operation failed with error ERROR_WRITE_PROTECT (19)



This issue is resolved in this release.

Guest Operating System Issues

Retain NetBIOS setting in Windows guest operating system after customization

Customization of a VM causes NetBIOS setting in Windows VM to return to its default value. This might erase the actual settings in the guest OS. This issue is resolved in this release.

Known Issues

The known issues are grouped as follows.

New known issues documented in this release are highlighted as New Issue .

vCenter Server for Windows Installation Issues

If you uninstall vCenter Server, the embedded PostgreSQL database is removed

If you uninstall vCenter Server from a Microsoft Windows virtual machine or physical host, the embedded PostgreSQL database is also uninstalled and all the data stored in it is lost.

Workaround: To prevent losing the data from your database, back up the PostgreSQL database and then restore it.

When you use a database server alias name to create a DSN, the installation of vCenter Server fails

When you use a database server alias name to create a DSN, the installation of vCenter Server with an external Microsoft SQL database fails. The following error appears during the installation of the inventory service: An error occurred while starting invsvc . Workaround: Use the IP address or the host name of the database server to create a DSN.

If you use a user name that contains high-ASCII or non-ASCII characters, you cannot install vCenter Server using SQL Server with Windows integrated authentication

When you use a user name that contains native high-ASCII or non-ASCII characters, the installation of vCenter Server using SQL Server with Windows integrated authentication fails. An error appears while a security operation is performed. Workaround: Use a user name with ASCII characters only.

If you use a password that contains high-ASCII or non-ASCII characters, you cannot install vCenter Server using SQL Server with Windows integrated authentication

When you use a password that contains native high-ASCII or non-ASCII characters, the installation of vCenter Server using SQL Server with Windows integrated authentication fails. An error appears while starting service invsvc . Workaround: Use password with ASCII characters only.

When you set up vCenter Server to use an external database from the vCenter Server installer, you might not be able to select a system DSN

When you configure vCenter Server to use an external SQL database from the vCenter Server installer, the system DSNs configured by using a SQL server driver are not displayed in the list of available DSNs. Workaround: When you configure a system DSN for the external SQL server database, use SQL Server Native Client.

If you have uninstalled the IPv4 stack, VMware vCenter Server 6.0.0 installation might fail

If you have uninstalled the IPv4 stack, the installation of VMware vCenter Server 6.0.0 might fail while trying to start the VMwareAfdService. The error messages that appear are: An error occurred while starting service 'VMwareAfdService' Failed to clean up VKS binaries, Error: 2 Please search these symptoms in the VMware Knowledge Base for any known issues and possible workarounds. If none can be found, please collect a support bundle and open a support request. Installation of component VCSServiceManager failed with error code '1603'. Check the logs for more details. Workaround: Before you install VMware vCenter Server 6.0.0, make sure the IPv4 stack is installed. If the command netsh interface ipv4 show interfaces results in a message: The request is not supported , the IPv4 stack has been uninstalled and should be reinstalled. To reinstall the IPv4 stack, run the netsh interface ipv4 install command and reboot the machine.

The vCenter Server installation or uninstallation process might fail or stop responding on Windows Server 2008 R1 SP2

The Windows Installer on Windows Server 2008 R1 SP2 has issues with handling multiple packages. Because of these issues the vCenter Server installation might stop responding, or if you attempt to install and uninstall vCenter Server a few times, the process might fail. Workaround: Apply the patch from Microsoft KB 981669 which addresses the Windows Installer issue.

Attempts to uninstall the Platform Services Controller might fail

If you attempt to uninstall a Platform Services Controller that has one or more active associated vCenter Server instances, the operation might fail with an error message Setup Interrupted . There is no clear message stating that the issue occurs because of vCenter Server instances registered with the Platform Services Controller. Workaround: Repoint the vCenter Server to another Platform Services Controller in the same vSphere domain as the Platform Services Controller you intend to uninstall.

Installation of vCenter Server might fail if the time skew between the machine on which you install vCenter Server and the Platform Services Controller is three minutes or more

vCenter Server installation might fail if there is no time synchronization between the Platform Services Controller and the machine on which you install vCenter Server. Time difference of more than 3 seconds, the wizard displays the time difference in seconds.

If the time skew is between 3 seconds and 2 minutes, a message informing you about the time difference is displayed. You can close the information dialog box and continue the installation. If the time skew is between 2 and 4 minutes, a message warning you about the wide margin time difference is displayed. If the time difference is more than 4 minutes, you cannot proceed with the installation. Workaround: If you see the warning message that the time difference is between 2 and 4 minutes, stop the vCenter Server installation and synchronize the clock of the machine on which you install vCenter Server with the clock of the Platform Services Controller. Run the vCenter Server installer again.

vCenter Server installation fails if the system name input (FQDN or IP address) does not exactly match the Platform Services Controller input as FQDN/FQDN or IP/IP

If you use an FQDN or IP address when you install the Platform Services Controller, the vCenter Server input should match with the Platform Services Controller input. If you provided a FQDN during the Platform Services Controller installation, when you register vCenter Server with that Platform Services Controller, you must provide the FQDN of the Platform Services Controller. If you provided an IP address during the Platform Services Controller installation, when you register vCenter Server with that Platform Services Controller, you must provide the IP address of the Platform Services Controller. Otherwise, the vCenter Server installation fails on first boot. Workaround: Make sure that the vCenter Server and Platform Services Controller inputs always match.

Installation of vCenter Server in pure IPv6 environment might fail if you do not have full DNS support

Attempts to install vCenter Server in a pure IPv6 environment might fail if you do not have full DNS support. This is because the Platform Services Controller installer does a reverse lookup to get the machine name. Workaround: If you do not have full DNS support, you must ensure that both forward and reverse lookup works in vCenter Server with embedded Platform Services Controller deployment.

You cannot uninstall vCenter Server for Windows by right-clicking the Windows installer package and selecting Uninstall

You can uninstall vCenter Server for Windows by using either Windows Add/Remove Programs, or the vCenter Server for Windows installer package. However, when you right-click the vCenter Server for Windows installer package and select Uninstall , no message is displayed. If you right-click the vCenter Server for Windows installer package and select Uninstall again, you receive a message stating that the product is already uninstalled. Workaround: Use Windows Add/Remove Programs to uninstall vCenter Server for Windows.

vCenter Server for Windows does not support user data source name (DSN) for external databases

Only system DSNs are supported for vCenter Server for Windows installations. If you add a user DSN, it is not displayed in the Database Configuration page of vCenter Server for Windows. Workaround: When you install vCenter Server for Windows, add a system DSN for the external database.

You cannot install vCenter Server for Windows if you use a custom user name service account containing non-ASCII or high-ASCII characters

vCenter Server for Windows installation fails to configure the vCenter Server service account if you log in to the Operating System as a user defined by a custom account policy, and the user name contains non-ASCII or high-ASCII characters. Workaround: The custom user account you log in with must consist only of ASCII characters.

Uninstalling or cancelling an install of vCenter Server for Windows might not always clean up all directories and files in the user data directory or installation directory

If you attempt to uninstall or cancel an install of vCenter Server for Windows, before the services start, the user data directory under C:\ProgramData\VMware\vCenterServer or the installation directory under C:\Program Files\VMware\vCenterServer might not be deleted completely from your system. This might affect a subsequent attempt to install vCenter Server for Windows. Workaround: Reboot the machine before attempting a fresh install again.

No logs are generated after running vc-support.bat

When you attempt to generate logs by running the C:\Program Files\VMware\vCenter Server\bin\vc-support.bat command, an error occurs and the logs are not generated if the Operating System login user name contains high-ASCII or non-ASCII characters. Workaround: Run the C:\Program Files\VMware\vCenter Server\bin\vc-support.bat command after logging in to the Operating System with a user name containing only ASCII characters.

vCenter Server installation fails if you add a service account with special characters @ or \

While installing vCenter Server, you can specify a service account instead of using the default Windows Local System account. If the account name you select has special characters @ or \ , the installation might fail with a vpxd first boot error. Workaround: During the installation of vCenter Server, create a service account without special characters @ or \ .

A first boot script fails during the deployment of vCenter Server with an external Platform Services Controller

When you attempt to deploy vCenter Server with an external Platform Services Controller, the first boot fails during the deployment when you enter the IP address or host name of the Platform Services Controller. Workaround: Enter the same system network name that you used during the deployment of the Platform Services Controller.

vCenter Server Appliance Deployment Issues

Silent upgrader prompts user to trust ESXi host

The silent scripted installer or upgrader might prompt the user to accept the fingerprint of the target ESXi host or vCenter Server on which the new vCSA is to be deployed, if the fingerprint is not in the known host file.



Workaround:

The silent scripted installer or upgrader might prompt the user to accept the fingerprint of the target ESXi host or vCenter Server on which the new vCSA is to be deployed, if the fingerprint is not in the known host file. Workaround: Add the public key of the target ESXi host or vCenter Server to the known host file.



Add the --no-esx-ssl-verify option to your CLI installer or upgrader command to disable the SSL fingerprint check.

Validation of the SSO FQDN/IP address field is not performed dynamically

While installing the vCenter Server Appliance 6.0 build using HTML 5 installer, validation of content in the SSO FQDN/ IP address field is not completed. The installer accepts the input in any given format, for example sso-hostname and allows complete installation. However during the first boot, execution of the script fails as the system is unable to find the certification with the host name in the required format, sso-hostname.xxx.yyy .



Workaround: Enter the details in the SSO FQDN/ IP address field in the accepted format, sso-hostname.xxx.yyy

Attempts to deploy vCenter Server Appliance using an ISO image file might display incorrect deployment status

When you deploy vCenter Server Appliance using an ISO image file, the deployment wizard might not display the actual process of the deployment. The wizard stops responding and displays as "Powering on appliance" even though the vCSA deployment is completed.



Workaround : The status of deployment can be checked in appliance console.

psc_restore command fails in multi-node PSC environment

Attempt to run psc_restore command in a restored PSC node fails in multi-node PSC environment when there are two-way replication agreements among the PSC nodes in the federation.



Workaround: In multi-node PSC environment when there are two-way replication agreements among the PSC nodes in the federation, make sure that at least one object on a PSC node replicates with the other nodes before taking backup of the PSC nodes in the federation.

Attempt to run command in a restored PSC node fails in multi-node PSC environment when there are two-way replication agreements among the PSC nodes in the federation. Workaround: In multi-node PSC environment when there are two-way replication agreements among the PSC nodes in the federation, make sure that at least one object on a PSC node replicates with the other nodes before taking backup of the PSC nodes in the federation.

Starting the vSphere Web Client by clicking the URL on the last page of the vCenter Server Appliance deployment wizard might fail

If you deployed a vCenter Server Appliance with an external Platform Services Controller and the Platform Services Controller is configured behind an F5 Load Balancer, after you click the URL on the last page of the vCenter Server Appliance deployment wizard, the vSphere Web Client interface does not appear and the following exception is generated:

HTTP Status 400 - BadRequest, Not able to respond to the request posted to /SAML2/SSOSSL/ Workaround: Refresh the Web page.

You cannot deploy the vCenter Server Appliance with an external Oracle database, if the database was used in a previous deployment attempt

The vCenter Server Appliance installer prevents deployment of the vCenter Server Appliance with an external Oracle database that has been used in a previous vCenter Server Appliance deployment and does not provide you with the option to reuse or delete the database. You receive an error message The vCenter Server database is locked. Another vCenter Server service is using this database and must be stopped. This issue occurs even if the vCenter Server Appliance that uses the database is powered off or removed from the ESXi host. Workaround: Use a new instance of an Oracle database or select to use the embedded database.

The vCenter Server Appliance installation fails when connecting to an External Platform Services Controller

The vCenter Server Appliance installation with an external Platform Services Controller might fail if the time between the existing Platform Services Controller and the ESXi host or NTP server, depending on the vCenter Server Appliance time configuration settings, is not synchronized. No warning messages are displayed during the vCenter Server Appliance installation to report the time skew. Workaround: Synchronize the clock of the deployed Platform Services Controller and the ESXi host on which the vCenter Server Appliance is to be deployed or the NTP server the vCenter Server Appliance is to use after installation.

If you restart the guest operating system of the vCenter Server Appliance, the vpxd service might fail to start

When you deploy the vCenter Server Appliance, you can decide whether to use VMware Tools-based or NTP server-based time synchronization. If you set up the vCenter Server Appliance to use NTP server-based time synchronization, the guest operating system of the vCenter Server Appliance is synchronized with an NTP server. If the host on which you deploy the vCenter Server Appliance is not configured to use the same NTP server or if the time on the ESXi host is different from the time on the guest OS of the vCenter Server Appliance, when you restart the vCenter Server Appliance, the NTP daemon starts early and sets the correct time. However, the VMware Tools service starts later than the NTP daemon, and sets the vCenter Server Appliance system time to the host system time. By the time the NTP daemon corrects the time again, the vpxd service already attempts to start and fails. Workaround: Set up the ESXi host to use the same NTP server for time synchronization as the vCenter Server Appliance and then deploy the vCenter Server Appliance.

You cannot enter an IPv6 address of the ESXi host in the vCenter Server Appliance deployment wizard

The vCenter Server Appliance deployment wizard does not accept an IPv6 address to connect to the ESXi host for deploying the vCenter Server Appliance. Workaround: Connect to the ESXi host by using an FQDN.

The vCenter Server Appliance scripted installer fails if more DNS servers are provided simultaneously

The scripted installation of vCenter Server Appliance fails if you provide more than one DNS server during the installation process. Workaround: You should use only one DNS server at a time, and after the installation has finished, you can add more DNS servers.

There is no pre-check function available for the network settings entered by you in the network configuration page and this could result in a firstboot error

There is no pre-check function available, to ensure that the values entered by you for text boxes such as static options (network address, subnet mask, network gateway, network DNS Servers, system name (FQDN or IP)) are valid. So if you enter a wrong value in any of these fields, a firstboot error might occur. Also, there is no pre-check function to ensure that the current FQDN, for the DHCP option, is already in use. Workaround: Ensure that the values provided for the different network settings are valid. These settings are static options (network address, subnet mask, network gateway, network DNS servers, system name (FQDN or IP)) and the DHCP option: FQDN (Optional).

The user interface installer of the vCenter Server Appliance might require the Client Integration plug-in to run, depending on browser type, this prompt may vary

When launching the vCenter Server Appliance installer, the tool may request an application to be launched. Workaround: If a prompt appears when opening the vCenter Server Appliance scripted installer, follow the instructions for each type of browser: Google Chrome. Allow the installer to launch the application. Mozilla Firefox. Select csd.exe and click OK . Internet Explorer. Click Allow .

The vCenter Server Appliance scripted installer does not support custom HTTPS port number for interacting with vCenter Server instance

vCenter Server 6.0 supports customization of the HTTPS port. When connecting the vCenter Server Appliance to vCenter Server, this port is necessary to connect to vCenter Server. Currently, this port cannot be customized in the vCenter Server Appliance scripted installer. Workaround: To use a custom HTTPS port, use the HTML5 user interface installer to install vCenter Server and Platform Services Controller.

vCenter Server 6.0 supports customization of the HTTPS port. When connecting the vCenter Server Appliance to vCenter Server, this port is necessary to connect to vCenter Server. Currently, this port cannot be customized in the vCenter Server Appliance scripted installer. The vCenter Server Appliance scripted installer allows you to proceed with the installation with less than 15 GB of available disk space, which is below the minimum requirement

When installing vCenter Server Appliance using the scripted installer, the tool proceeds to install the software on hosts with less than 15 GB space available on the datastore. The installer proceeds, but vCenter Server Appliance might fail to power on the virtual machine. Workaround: You should ensure that the ESXi host has at least 15 GB available space.

Help is not working for help.war file installation

The file help.war is downloaded as a root file that causes the permission error when you attempt to install it. The files under /pickup have owner vsphere-client and group users that are used by the Java Virtual Machine. Workaround: Perform the following steps: Download help.war to the /usr/lib/vmware-virgo folder of your vCenter Server Appliance. Change it to the following: owner vsphere-client and group users :

chown vsphere-client help.war

chgrp users help.war Change your account to vsphere-client.

If you stay root the copy operation changes the owner to root again.

su vsphere-client Verify that the server is already running and copy help.war to /usr/lib/vmware-virgo/server/pickup . If you start or restart the server after copying help.war to /pickup , the help does not work because /pickup is emptied each time.



On any Windows OS, if vcsa-setup.html is refreshed on Firefox browser, a blank banner message might appear after allowing the Client Integration Plugin to run

Refreshing the vcsa-setup.html file might result in a blank banner on top in the Firefox browser. This is an intermittent issue. The blank banner appears after allowing the Client Integration Plugin to run on the browser. For example, allowing the vmware-csd process to run on Firefox.

Workaround: While allowing vmware-csd process to run on Firefox for the first time, select the Remember my Choice option for vmware-csd links and refresh the vcsa-setup.html file. This should prevent the blank banner on refresh of the vcsa-setup.html file.

Alternatively, close Firefox browser and reopen vcsa-setup.html .

The Install and Upgrade buttons might not appear in the vCenter Server Appliance installer if you run it in Mozilla Firefox on a Windows 2008 Server OS, if the proxy settings are not configured properly

After you install the Client Integration Plug-in and open vcsa-setup.html in Mozilla Firefox on a Windows 2008 Server OS, you must allow the Client Support Daemon plug-in to run. After you select vmware-csd and click OK , the Install and Upgrade buttons might still not appear. The countdown for detecting the Client Integration Plug-in goes down to zero but nothing happens. This issue is related to the browser proxy settings. Workaround: Fix the Mozilla Firefox proxy settings: Navigate to the Firefox Options menu. Click Advanced , and click the Network tab. Click Settings . If Use system proxy settings is selected, click the Auto-detect proxy settings for this network radio button. If the Use manual proxy configuration is selected, set the proxy server for your network.

The vmware-csd process sometimes crashes if Windows updates are not installed, or if you do not have permission for the Client Integration Plugin log location

After launching vcsa-setup.html , the browser prompts you to allow the Client Integration plugin. For example, allow the vmware-csd process. After allowing the plugin to run, the vmware-csd process may crash. This issue could be produced if Windows updates are not installed or if you, as a Windows user, do not have permission to write in the Client Integration Log location. The log location is Users\%USER%\AppData\Local\VMware\ . Workaround: You need to install all Windows updates. Also you need to obtain permission to write in the Client Integration Plugin log location, which is Users\%USER%\AppData\Local\VMware\ .

After launching , the browser prompts you to allow the Client Integration plugin. For example, allow the process. After allowing the plugin to run, the process may crash. This issue could be produced if Windows updates are not installed or if you, as a Windows user, do not have permission to write in the Client Integration Log location. The log location is . Dynamic DNS is not supported when installing vCenter Server Appliance in an IPv6 environment

When you install vCenter Server Appliance in an IPv4 environment, you can use Dynamic DNS by entering a value in the FQDN Optional text box. When you install vCenter Server Appliance in an IPv6 environment, the FQDN Optional text box is available, but if you enter a value, the installation will fail. Workaround: Leave the FQDN Optional text box empty when you install vCenter Server Appliance in an IPv6 environment.

The command line deployment option --sso-ssl-thumbprint does not work for Platform Service Controller and vCenter Server Appliance

The command line deployment tool for vCenter Server Appliance provides the option --sso-ssl-thumbprint to verify the certificate of Platform Service Controller through a SHA1 checksum. Currently the option does not work. Workaround: Manually verify the SHA1 checksum before you deploy vCenter Server Appliance.

vCenter Server for Windows and vCenter Server Appliance Deployment Issues

Unable to log in to vSphere Client with the Use Windows Session Credentials option

Attempts to log in to vSphere Client with the "Use Windows Session Credentials" option might fail as the login takes more than the configured time out value. An error message similar to the following:



Windows session credentials cannot be used to log into this server.

Enter a user name and password.



A performance improvement has been made in this area, however, you might still encounter the issue under certain circumstances.



Workaround: None vCenter Server for Windows and vCenter Server Appliance installations fail when using non-ASCII or high ASCII characters in text boxes

Entering non-ASCII or high ASCII characters such as (é,è, ä, ö) in text boxes during vCenter Server for Windows or vCenter Server Appliance installation causes the install process to fail. Workaround: When deploying vCenter Server for Windows or vCenter Server Appliance, use only regular ASCII characters in the text boxes, with the exception of the following characters: brackets, slash (/), backslash (\), caret (^), colon (:), semicolon (;), angle brackets (< and >), single quotation mark ('), double quotation mark ("), dollar sign ($), and ampersand (&).

Attempts to log in to vSphere Client with the "Use Windows Session Credentials" option might fail as the login takes more than the configured time out value. An error message similar to the following: A performance improvement has been made in this area, however, you might still encounter the issue under certain circumstances. Workaround: None When you deploy Platform Services Controller or vCenter Server in an IPv6 environment, or you connect it to an external database, provide only fully qualified domain names (FQDNs)

The installation of the Platform Services Controller or vCenter Server does not support the use of IPv6 addresses. In addition, to configure the Platform Services Controller or vCenter Server with an external database, provide the FQDN of the target database server. Workaround: None.

vCenter Server for Windows and vCenter Server Appliance installations fail when using an external database with manually customized database objects

If you attempt to use an external database with manually created database objects, the installation fails. The installer displays the error messages: install.vdcs.db.version.check.error and Installation of component VCSService Manager Failed with error code 1603 . Workaround: Do not use an external database with manually customized database objects or when prompted by the wizard choose to erase the custom schema and create a new schema.

Client Integration Plug-In Installation Issues

New Issue VMware-ClientIntegrationPlugin-6.0.0 cannot be installed using Window System Account credentials

InstallCertificate method does not create the CIP directory in C:\ProgramData\VMware folder when vmware-csd.exe runs with --install parameter using the Windows system account.

This results in installation failure of VMware-ClientIntegrationPlugin.

Workaround: None

Installation and uninstallation of the VMware Client Integration Plug-in might fail if some antivirus software is running

When you try to install or uninstall the VMware Client Integration Plug-in while some antivirus software, for example, Avira Antivirus is running, the operation might fail. The antivirus software might block access to the Windows host files. An error message might be displayed: Error overwriting hosts file: boost::filesystem::copy_file: Access is denied: C:\Windows\System32\drivers\etc\hosts.new, C:\Windows\System32\drivers\etc\hosts\ . Workaround: Disable the antivirus software before you install or uninstall the VMware Client Integration Plug-in.

vSphere Web Client login page might not detect correct version of Client Integration Plug-in

Although an earlier version of the Client Integration Plug-in might be installed on your system, the login page for the vSphere Web Client does not prompt you to upgrade the Client Integration Plug-in. After you log in to the vSphere Web Client, and select Help > About VMware vSphere, the dialog displays a link to upgrade the Client Integration Plug-in. Workaround: Log in to the vSphere Web Client, and select Help > About VMware vSphere. Click the Upgrade Client Integration Plug-in link to install the latest version of the plug-in.

VMware vSphere Authentication Proxy Installation Issues

VMware vSphere Authentication Proxy installation fails with error

When you log in with Active Directory domain administrator credentials to perform the installation, the VMware vSphere Authentication Proxy installation fails with the following error:

Error 1920. Service VMware vSphere Authentication Proxy Adapter (vmware-cam-adapter) failed to start... Workaround: None.

Review also the Installation Issues section of the release notes. Many installation issues can also impact your upgrade process.

New Issue Attempts to upgrade vCenter Server Appliance or the Platform Services Controller Appliance from 6.0 Update 1 or 6.0 Update 1b to 6.0 Update 2 fail if IPv6 is disabled

Attempts to upgrade vCenter Server Appliance or the Platform Services Controller Appliance from 6.0 Update 1 or 6.0 Update 1b to 6.0 Update 2 fail if IPv6 is disabled. Workaround: Before the upgrade, enable IPv6 in the legacy setup and then perform the upgrade.

Attempts to upgrade vCenter Server Appliance or the Platform Services Controller Appliance from 6.0 Update 1 or 6.0 Update 1b to 6.0 Update 2 fail if IPv6 is disabled. New Issue Attempts to uninstall authentication proxy fail

Attempts to uninstall authentication proxy on vCenter Server 6.0 Update 2 fail. An error message similar to the following is displayed: Error 29455.vCenter Server version is not supported Workaround: Click OK to uninstall the authentication proxy successfully.

Attempts to uninstall authentication proxy on vCenter Server 6.0 Update 2 fail. An error message similar to the following is displayed: New Issue In vCenter Server 6.0, health message under the Summary tab does not display the previous month and year data

In vCenter Server 6.0, health message under the Summary tab does not display the previous month and year data. The Summary tab displays the following health message:

Performance statistics rollup from Past Week to Past Month is not occurring in the database For more information, see KB 2135488. Workaround: See KB 2135488.

In vCenter Server 6.0, health message under the tab does not display the previous month and year data. The tab displays the following health message: Attempts to upgrade vCenter Server from 5.5 Update 3, 5.5 Update 3a, or 5.5 Update 3b to 6.0 Update 2 fail during pre-upgrade check

vCenter Server upgrade from 5.5 Update 3, 5.5 Update 3a, or 5.5 Update 3b to 6.0 Update 2 fail during the pre-upgrade check stage. This happens when you use SQL 2012 or 2014 AlwaysOn Availability Groups (AAG) setup.

When the pre-upgrade check fails, a message similar to the following can be seen:

Source vcenter server validation found an issue: ERROR:cannot execute statement(rc=-1). Workaround: Configure your database to meet the vCenter Server upgrade requirements. For more information, see KB 2144262.

New Issue SSLv3 remains enabled on Auto Deploy after upgrade from earlier release of vSphere 6.0 to vSphere 6.0 Update 1 and above

When you upgrade from an earlier release of vSphere 6.0 to vSphere 6.0 Update 1 and above, the SSLv3 protocol remains enabled on Auto Deploy. Workaround: Perform to the following steps to disable SSLv3 using PowerCLI commands: Run the following command to Connect to vCenter Server:



PowerCLI C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI> Connect-VIServer -Server <FQDN_hostname or IP Address of vCenter Server>



Run the following command to check the current sslv3 status:



PowerCLI C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI> Get-DeployOption



Run the following command to disable sslv3:



PowerCLI C:\Program Files (x86)\VMware\Infrastructure\vSphere PowerCLI> Set-DeployOption disable-sslv3 1



Restart the Auto Deploy service to update the change.

When you upgrade from an earlier release of vSphere 6.0 to vSphere 6.0 Update 1 and above, the SSLv3 protocol remains enabled on Auto Deploy. New Issue vCenter Server Appliance installer is not supported by a 64-bit Firefox browser

When you attempt to install vCenter Server Appliance 6.0, the Client Integration Plugin detects an unsupported OS, and displays an error message similar to the following:

vCenter Server Appliance installer cannot run on this OS. It must be run on Windows Workaround: Use an alternative supported browser, or install a 32-bit version of the Mozilla Firefox browser. Supported browsers are: Microsoft Internet Explorer 10.0.19 and later. Google Chrome 39 and later (32-bit only). Mozilla Firefox 34 and later (32-bit only).

When you attempt to install vCenter Server Appliance 6.0, the Client Integration Plugin detects an unsupported OS, and displays an error message similar to the following:

New Issue Content Library creation might fail when vCenter Server is upgraded to 6.0 Update 2

When vCenter Server is upgraded to 6.0 Update 2, the Content Library creation might fail with an error. Workaround:

Find the signing certificate and the root CA used by SSO from vmware-identity-sts.log or websso.log . Check whether the root CA is present in TRUSTED_ROOTS of VMware Endpoint Certificate Store. If it is not present in the VMware Endpoint Certificate Store, add the root CA to TRUSTED_ROOTS.

Alternatively we can also look into vmdir under DN: 'cn=TrustedCertificateChains,cn=fc8b434d-8404-4107-a28a-ffe027b1e623,cn=Ldus,cn=ComponentManager,dc=vsphere,dc=local' to identify all the signing certificates and their root CAs. For vCenter Server Appliance: Identify the root CA from the vmware-identity-sts.log file.

Look for the Security Assertion Markup Language token KeyInfo element and the <ds:X509Certificate> tag

For example:

<ds:X509Certificate>MIIFEzCCA/ugAwIBAgIJAIhibbQofa1VMA0GCSqGSIb3DQEBCwUAMIGyMQswCQYDVQQGEwJVUzET

MBEGA1UECBMKQ2FsaWZvcm5pYTESMBAGA1UEBxMJUGFsbyBBbHRvMRUwEwYDVQQKEwxWTXdhcmUs

IEluYy4xNzA1BgNVBAMTLmJscjctN3RoLWRoY3AtNDctMjcuZW5nLnZtd2FyZS5jb20gQ0EgMzQw

OWE0MGQxKjAoBgkqhkiG9w0BCQEWG3NzbC1jZXJ0aWZpY2F0ZXNAdm13YXJlLmNvbTAeFw0xNjAy

MDEwOTMxMjdaFw0yNjAxMjkwOTMxMjdaMIGyMQswCQYDVQQGEwJVUzETMBEGA1UECBMKQ2FsaWZv

cm5pYTESMBAGA1UEBxMJUGFsbyBBbHRvMRUwEwYDVQQKEwxWTXdhcmUsIEluYy4xNzA1BgNVBAMT

LmJscjctN3RoLWRoY3AtNDctMjcuZW5nLnZtd2FyZS5jb20gQ0EgMzQwOWE0MGQxKjAoBgkqhkiG

9w0BCQEWG3NzbC1jZXJ0aWZpY2F0ZXNAdm13YXJlLmNvbTCCASIwDQYJKoZIhvcNAQEBBQADggEP

ADCCAQoCggEBANPkC1QUF79+cmgq6EZhrJL81UO6pH04fQQ9yM38o55TkFvtAapVBXq7uJ8T0nO4

a04JwiqW9El4hce/Z3+nOHOckWJ0VSCFoqox1FVpYW4fXSeHfuQ0ktVnyIyMz/vYTAWrnj493YIY

QuiXMeNJwxvG/gHwz+TiRlMSVBiXCQeD9NNRCG8qljSgkrd2yW2rTCBL9h09XleKmtkt0HeGT0pf

pM9fKQ7lM6JZQUN9WS8wP5YKASv5M029qGxPzSpq5YOp7EmFr5bbSXI9sb+/W5VrU1vdO6LVaYOK

wKFHm8xe2hNyLAMCWzHVHyNNfcbTSNj/IZ1jE+EtAA6lSv0bgT0CAwEAAaOCASgwggEkMB0GA1Ud

DgQWBBQiBchoMNnNgbc1vtiO1cuuZPNOOTCB5wYDVR0jBIHfMIHcgBQiBchoMNnNgbc1vtiO1cuu

ZPNOOaGBuKSBtTCBsjELMAkGA1UEBhMCVVMxEzARBgNVBAgTCkNhbGlmb3JuaWExEjAQBgNVBAcT

CVBhbG8gQWx0bzEVMBMGA1UEChMMVk13YXJlLCBJbmMuMTcwNQYDVQQDEy5ibHI3LTd0aC1kaGNw

LTQ3LTI3LmVuZy52bXdhcmUuY29tIENBIDM0MDlhNDBkMSowKAYJKoZIhvcNAQkBFhtzc2wtY2Vy

dGlmaWNhdGVzQHZtd2FyZS5jb22CCQCIYm20KH2tVTAMBgNVHRMEBTADAQH/MAsGA1UdDwQEAwIC

BDANBgkqhkiG9w0BAQsFAAOCAQEAsn/F3Cc7iGLwSLr9EmjzmJtQVzGJBmcMsd/bNailOkzxwH2z

ToPWrMxoh/jgFkV27PPxAg4adsHymDvxY+xcfdmAjU5pDsR9KG4jksTtcasO+fY219gapUbanApG

3weNeH8Nln9T4VBJfBYqxuVepvDoVFkiUD4iBY/caAKYJv84+JfrHQtaPcgCOidmN+iUVGO9XlQq

bImRwXGER2vdOndXo5Ic1dFgzeiSc01jSN9uLYwrsc7n1NWBAkTcKDonQMC3Pgp+et/nR76aZYzd

s30p6NWvXctc2iuv82bRAjX+p+DI1Kji3Ms/qDxn9rf3vDcT5zw+rwjA6qDXs9Lj8w==</ds:X509Certificate></ds:X509Data></ds:KeyInfo> Save the content between the tags <ds:X509Certificate> </ds:X509Certificate> to a file with a .crt extension.

For example, enter 51root.crt as the file name. Append -----BEGIN CERTIFICATE----- at the beginning and -----END CERTIFICATE----- at the end of the file. Add the CA to TRUSTED_ROOTS on the Management Node as shown below:

/usr/lib/vmware-vmafd/bin/vecs-cli entry create --store TRUSTED_ROOTS --alias roo51 --cert 51root.crt Restart all services. For Windows: See workaround (steps 1 to 3) of vCenter Server Appliance. Add the CA to TRUSTED_ROOTS on the Management Node as shown below:

C:\Program Files\VMware\vCenter Server\vmafdd\vecs-cli.exe entry create --store TRUSTED_ROOTS --alias roo51 --cert 51root.crt Restart all services.

When vCenter Server is upgraded to 6.0 Update 2, the Content Library creation might fail with an error.

New Issue After upgrading the N1 and M1 nodes from vCenter Server 5.5 to 6.0 Update 2, vSphere Web Client is unable to see the vCenter Server 5.5 Management node

After upgrading the N1 and M1 nodes from vCenter Server 5.5 to 6.0 Update 2, vSphere Web Client is unable to see the vCenter Server 5.5 Management (M2) node. Workaround: None.

After upgrading the N1 and M1 nodes from vCenter Server 5.5 to 6.0 Update 2, vSphere Web Client is unable to see the vCenter Server 5.5 Management (M2) node. Attempts to upgrade from vCSA 5.5 to 6.0 might fail with an error

When you attempt to upgrade the vCenter Server Appliance from 5.5 to 6.0, the installer fails with the following error message when attempting to apply network configuration to new vCSA 6.0:



"Fatal error during network configuration Migration Failed"



Workaround: Follow these steps to resolve the issue:

Login to the VAMI interface for the 5.5 vCSA. https://<VC_IP>:5480 Click the Network tab and then the Address section. Make sure the settings in here are all correct and then click Save Settings, even if you didn’t change anything. SSH to the appliance and collect the output of the following command

“cat /etc/sysconfig/network/ifcfg-eth0” Make sure the source and destination are in the same subnet. Attempt the upgrade again.

Unable to connect to vCenter Server through vSphere Web Client programs shortcut

After you upgrade from vCenter Server 6.0 GA to later versions of vCenter Server 6.0, attempts to connect to the vCenter Server through the vSphere Web Client shortcut (Start --> Programs) connects to URL https://vsphere-client and displays a blank page with Webpage is not available error.

Workaround: To workaround this issue, create a shortcut using the following steps: Login to vSphere Web Client using Chrome

On the top right corner of the browser, click More Tools

Create a shortcut to connect to vCenter Server



The shortcut will function as expected.

Database configuration firstboot fails during upgrade

Upgrade failed when starting ESXi dump collector with an error message: Error in accessing windows registry entry during DSN analysis: Error in accessing registry entry for DSN 'YOUR DSN NAME '. Please make sure the DSN is set up properly." Workaround: Before restarting the upgrade:

Remove the trailing white space from the DSN name. Restore the environment to state prior to the failed upgrade.

Policy tag and category merge during vCenter Server upgrade from 5.5 to 6.0 can cause a Rule-Set1 alert

When you upgrade vCenter Server 5.5 to 6.0, policy tags and categories with case-insensitive names are merged incorrectly. For example, if a vCenter Server database has two tags in two categories with different cases before upgrade, such as "One" and "one," with each tag belonging to a separate storage profile before the upgrade, the upgrade process merges the tags into a single tag and a single category, such as"One." As a result of the case-insensitive tag and category merge, the storage profile which has the tag that was removed, such as "one" in the example above, has a Rule-Set1 alert. Workaround: None.

Internal error during firstboot phase of upgrade to vCenter Server with External Platform Service Controller

When you upgrade a vSphere 5.5.x environment that has been set up for High Availability to vSphere 6.0, an internal error might occur during firstboot phase in rare cases during upgrade of the first management node. Workaround: Retry the management node upgrade.

No support for upgrading vCenter Server replicated configurations in the release

When upgrading a vCenter Server configuration with replication between two Single Sign-On infrastructure nodes, if the primary infrastructure node becomes inaccessible, the replicated infrastructure node does not fail over. Workaround: None. Do not upgrade replicated vCenter Server configurations.

Linked Mode is not supported after upgrade of vCenter Server 5.x with embedded vCenter Single Sign-On if the vCenter Sign-On is not replicated before the upgrade

When upgrading vCenter Server 5.x instances with an embedded vCenter Single Sign-On, the installer automatically upgrades the configuration to the embedded 6.0 deployment model: vCenter Server with an embedded Platform Services Controller. VMware supports linking between vCenter Server 6.0 instances only when using the external Platform Services Controller deployment model. Since the upgrade does not change the Platform Services Controller's replication configuration, it will not preserve the Linked Mode relationship of the vCenter Server instances if their embedded vCenter Single Sign-On is not replicated. Workaround: None.

vCenter Server for Windows installer does not detect products that are past their end of life

During upgrade to vCenter Server for Windows 6.0, the installer does not detect products such as the VMware Converter application if its running on a VM or integrated with legacy vCenter Server. This might prevent a successful upgrade to vCenter Server for Windows 6.0. Workaround: Before starting the vCenter Server upgrade, remove VMware Converter or any other products on the vCenter Server machine that are past their end of life date.

vCenter Server Appliance upgrade fails when using a static IP address which is not DNS resolvable

Upgrading vCenter Server Appliance fails when the static IP address for latest vCenter Server Appliance in the Setup Temporary Network wizard is not DNS resolvable. Workaround: Use a static IP address which is DNS resolvable for vCenter Server Appliance in the Setup temporary Network wizard.

vCenter Server Appliance upgrade fails with an internal error during data export

vCenter Server Appliance upgrade fails at the data export phase with one of the following errors: Internal error occurs during export

Cannot upload UpgradeRunner via ssh tunnel Workaround for Internal error occurs during export : Check whether the static IP address and DNS you entered in the Setup Temporary Network wizard of the vCenter Server Appliance upgrade interface are valid and belong to the same VLAN. Workaround for Cannot upload UpgradeRunner via ssh tunnel : Check whether the static IP address entered in the Setup Temporary Network wizard of the vCenter Server Appliance upgrade interface is the same as the source 5.x vCenter Server IP address.

vCenter Server Appliance upgrade process does not preserve the /etc/hosts file

The vCenter Server Appliance upgrade process does not migrate the source /etc/hosts file to the newly deployed vCenter Server Appliance. Workaround: Make a backup of the /etc/hosts file on another machine before the upgrade process and apply it to the newly deployed vCenter Server Appliance after the upgrade.

vCenter Server authentication error during upgrade

If your legacy vCenter Server SSL certificates are expired, the installer provides a general error message instead of a specific one: There is a problem authenticating in to the legacy vCenter Server using the credentials provided by the user. Resolution: Check if vCenter server is up and running. Double check provided vCenter Server credentials. Workaround: If you encounter an authentication error, you can check the vpxd.log at C:\ProgramData\VMware\VMware VirtualCenter\Logs to discover the exact reason for the upgrade error message. Before upgrading, check for SSL certificate validity. Replace any expired SSL certificates for vCenter Single Sign-On, vCenter Inventory Services, vCenter Server, vSphere Web Client, or any other solution.

vSphere Web Client does not display Single Sign-On group members from trusted domains after install or upgrade of vCenter Server

During deployment, if you add a domain to vCenter Single Sign-On as an identity source, you can then add users from the domain and the users from the trusted domains to groups in vCenter Single Sign-On. For example, you add the domain myDomain1.com as an identity source and it has a forest level trust with myDomain2.com, then you add the users from the trusted domain user1@myDomain2.com. After a user from myDomain2.com becomes a member of the Single Sign-On group, that user has the corresponding privileges. However, that user is not displayed in vSphere Web Client. Workaround: Use tools for managing standard Directory Services (OpenLDAP or Active Directory) to examine the Single Sign-On domain and verify users are in the appropriate groups.

Unable to open vSphere Web Client from a server outside the domain of vCenter Server using the IP address

After upgrading vCenter Server, vSphere Web Client does not open from a server outside the domain of vCenter Server. Workaround: Make the hostname (fully qualified domain name) resolvable from outside network. Add the fully qualified domain name ipaddress mapping in %WINDIR%\System32\drivers\etc\hosts file.

vCenter Server Inventory 5.1.x appears empty after upgrading vCenter Single Sign-On to 6.0 and before upgrading vCenter Server

When logging in to the vSphere 5.1.x Web Client using Administrator@vsphere.local or admin@System-Domain after upgrading only the Single Sign-On service to 6.0, the vCenter Server count and inventory display appear empty if you have a 5.1.x environment with vCenter Server 5.1.x installed on one system and a 5.1.x Single Sign-On service installed on another system, and you upgrade only the Single Sign-On service. Using a 6.0 Single Sign-On service with 5.1.x vCenter Server, vSphere Web Client, and Inventory Services is not supported. Workaround: Before logging in to the Administrator@vsphere.local account or admin@System-Domain account, upgrade vCenter Server to 6.0. The vSphere Web Client and Inventory Services are upgraded to version 6.0 during the vCenter Server upgrade.

vSphere Web Client displays an empty inventory after upgrade

The vSphere Web Client sometimes shows the inventory as empty when you log in using the domain user account after upgrade. This can happen when you re-install vCenter Server on the same machine with the same IP address or fully qualified domain name. Workaround: Unregister the service using the Invoke Method link. Access the CM Managed Object Browser using the following URL: https://VC_HOSTNAME/cm/mob. In the Methods table, select Search. In the CmSearchCriteria text box, enter the information for your vCenter Server to list the vCenter Server 5.5 instances.

<searchCriteria>

<serviceType>

<productId>com.vmware.cis</productId>

<typeId>urn:vc</typeId>

</serviceType>

</searchCriteria> Record each vCenter Server serviceId . Select UnregisterService. To delete the services, enter the corresponding serviceIDs from step 4 and click the Invoke Method link.

vSphere Web Client displays an empty inventory after upgrade of vCenter Single Sign-On and vCenter Server 5.1.x in Multisite mode

The vSphere Web Client sometimes shows the Inventory as empty when logging in to vSphere Web Client after a sequential upgrade of vCenter Single Sign-On and vCenter Server in Multisite mode from 5.1.x to 6.0. You might receive the error: No matching LinkedVcGroup found This issue occurs if there are duplicate vCenter Server registration entries in the lookup service prior to upgrading to 6.0, and if Component Manager does not remove the stalled 5.1 vCenter Server end points during the upgrade. Workaround: You can remove the duplicate entries by connecting to the Managed Object Browser. Log in into CM MOB: https://ip_addr/cm/mob using the Administrator@vsphere.local. In the Methods table, use Search. Find all service end points by entering empty searchCriteria as follows:

<searchCriteria>

</searchCriteria> Record each serviceId for the 5.1 instance. Select UnregisterService. Unregister the 5.1.x instance by the serviceid .

UpgradeRunner fails to launch

When a 5.x vCenter Server uses an unsupported database and you attempt to upgrade it to vCenter Server 6.0, the Upgrade Wizard fails with an error: Failed to launch UpgradeRunner. Please check the vminst.log and vcsUpgrade\UpgradeRunner.log files in the temp folder for more details. Workaround: Upgrade the database to a supported database version. If you are using Microsoft SQL, upgrade to Microsoft SQL Server 2012 or Microsoft SQL Server 2008 R2 SP2. If you are using Oracle, upgrade to Oracle12g.

Virtual SAN host alarm after vCenter Server 5.5 to vCenter Server Upgrade 6.0

A virtual SAN host vendor provider registration alarm appears after upgrading a vCenter Server 5.5 instance with vSAN clusters: Default alarm that is triggered when Virtual SAN host vendor provider registration or deregistration is unsuccessful Virtual SAN host vendor registration is successful by this time and the alarm is not meaningful. Workaround: Ignore the alarm message.

Relocation of hardware 3 VM from legacy ESX hosts to ESXi 6.0 fails

Registering and upgrading a virtual hardware version 3 VM is supported on the ESXi 6.0 release. Migrating a hardware version 3 VM from or to ESXi 6.0 is not supported. Attempts to migrate a hardware version 3 VM fail with an error message: The virtual machine version is not compatible with the version of the host x Workaround: Upgrade the hardware 3 VM to virtual hardware version 4 or later before performing a migration. Log in to vCenter Server through the vSphere Web Client. Register the hardware version 3 VM on the legacy ESXi server or ESXi 6.0 server. Right-click the VM and select All vCenter Actions. Select Compatibility. Select Upgrade VM Compatibility. Click Yes. Select Compatible with ESX 3.5 and later and click OK. After upgrading the VM, you can perform power operations and VM migrations.

You might view licensing related alarms that are not relevant to vSphere 6.0

In the Alarm Definitions list for a vCenter Server system, you might view the following licensing alarms that are not applicable for the vSphere 6.0 release. License error License user threshold monitoring License capacity monitoring Host flash capacity exceeds the licensed limit for Virtual SAN Workaround: Ignore the licensing alarms that are not applicable for vSphere 6.0.



New Issue Firefox does not support the new SmartCard authentication feature for user login

Firefox browser does not support vSphere Web Client user login using the new SmartCard authentication feature.

Firefox browser does not support vSphere Web Client user login using the new SmartCard authentication feature. Workaround: Use Internet Explorer or Google Chrome as your browser. New Issue Attempts to log in to Platform Services Controller using RSA SecurID authentication fails if the user name contains high-ASCII or non-ASCII characters

Platform Services Controller login using RSA SecurID authentication fails if the user name contains high-ASCII or non-ASCII characters. The RSA authentication manager requires a User ID, which must be a unique identifier. The length of the User ID must be 1 to 255 ASCII characters. Characters such as ampersand (&), percent (%), greater than (>), less than (<), and single quote (`) are not allowed. Workaround: Use a User ID that meets the requirements of the RSA authentication manager.

Platform Services Controller login using RSA SecurID authentication fails if the user name contains high-ASCII or non-ASCII characters. The RSA authentication manager requires a User ID, which must be a unique identifier. The length of the User ID must be 1 to 255 ASCII characters. Characters such as ampersand (&), percent (%), greater than (>), less than (<), and single quote (`) are not allowed. New Issue vSphere 5.5 legacy SSO port 7444 performs the vSphere Web Client authentication when SmartCard authentication is enabled

When SmartCard authentication is enabled, the vSphere 5.5 legacy SSO service port 7444 is used to perform the vSphere Web Client authentication to allow SmartCard authentication. As a result, the legacy port 7444 support to other vSphere Web Clients is lost. By default, SmartCard authentication is disabled. Workaround: To turn on and configure SmartCard authentication, upgrade all vCenter Servers to 6.0 Update 2, which connect to an upgraded PSC 6.0 Update 2.

When SmartCard authentication is enabled, the vSphere 5.5 legacy SSO service port 7444 is used to perform the vSphere Web Client authentication to allow SmartCard authentication. As a result, the legacy port 7444 support to other vSphere Web Clients is lost. New Issue After you upgrade the vSphere version to 6.0 Update 2 using load balanced HA, the option to configure SmartCard authentication in the load balanced configuration is not available

After you upgrade vSphere version to 6.0 Update 2 using load balanced HA, you cannot configure SmartCard authentication in the load balanced configuration. SmartCard configuration for non-load balanced upgrades is available. A fix will be provided in the near future. Workaround: None.

After you upgrade vSphere version to 6.0 Update 2 using load balanced HA, you cannot configure SmartCard authentication in the load balanced configuration. SmartCard configuration for non-load balanced upgrades is available. After upgrading to vSphere 6.0 Update 1b, importing the vIDM's Service Provider Metadata into vSphere SSO fails

VMware Identity Manager (vIDM) uses different endpoints for its LogoutRequest and LogoutResponse. vSphere SSO handles this by introducing a new attribute to record the LogoutResponse endpoint. This data is stored in the Directory Service and requires a schema update. The existing Directory Service schemas are not automatically updated during an upgrade from a previous vSphere 6.0 version to vSphere 6.0 Update 1b. Workaround: To manually update the Directory Service schema, perform the following steps: Stop the Directory Service. This also stops any dependent services. On Windows, use the Services MMC snap-in to stop VMware Directory Service. On a vCenter Server Appliance, open a shell session and execute the following: /opt/likewise/bin/lwsm stop vmdir Patch the Directory Service with the vSphere 6.0 Update 1b schema: On Windows, execute the following as an Administrator in the command prompt:

C:\Program Files\VMware\vCenter Server\vmdird\vmdird.exe -c -u -f C:\ProgramData\VMware\vCenterServer\cfg\vmdird\vmdirschema.ldif On vCenter Server Appliance, execute the following under a root shell session: /usr/lib/vmware-vmdir/sbin/vmdird -c -u -f /usr/lib/vmware-vmdir/share/config/vmdirschema.ldif Start the Directory Service and all dependent services that were automatically brought down, or reboot the system.

VMware Identity Manager (vIDM) uses different endpoints for its LogoutRequest and LogoutResponse. vSphere SSO handles this by introducing a new attribute to record the LogoutResponse endpoint. This data is stored in the Directory Service and requires a schema update. The existing Directory Service schemas are not automatically updated during an upgrade from a previous vSphere 6.0 version to vSphere 6.0 Update 1b. Unable to add third party CA cert into TRUSTED_ROOTS store through Platform Services Controller UI

The Platform Services Controller (PSC) UI does not provide an option to add third-party CA certificates into TRUSTED_ROOTS store and replace the machine SSL and solution user certificates signed with this third-party CA.

The Platform Services Controller (PSC) UI does not provide an option to add third-party CA certificates into store and replace the machine SSL and solution user certificates signed with this third-party CA.

Workaround: To resolve this issue, you will need to use certificate-manager CLI to import the third-party root CA before proceeding with replacing the certificates through the PSC UI.



SSLv3 protocol disabled by default on port 7444 in vCenter Server 6.0 Update 1

When you install vCenter Server 6.0 Update 1, the SSLv3 protocol is disabled on port 7444 by default. When you upgrade from an earlier release of vCenter Server to vCenter Server 6.0 Update 1, the SSLv3 protocol remains enabled on port 7444.

When you install vCenter Server 6.0 Update 1, the SSLv3 protocol is disabled on port 7444 by default. When you upgrade from an earlier release of vCenter Server to vCenter Server 6.0 Update 1, the SSLv3 protocol remains enabled on port 7444. Workaround: To disable SSLv3 on port 7444 see KB 2131310 Multiple roles for a user with Global Permissions on permissions page

An administrator gives Global Permissions to a user, and assigns a specific role to that user. If the administrator assigns another role on a specific object, both roles are shown in the vSphere Web Client if you select the object, click Manage , and click Permissions . The user has the correct set of privileges on the object, but both the inherited and the local privileges are shown, which is confusing. Workaround: None

An administrator gives Global Permissions to a user, and assigns a specific role to that user. If the administrator assigns another role on a specific object, both roles are shown in the vSphere Web Client if you select the object, click , and click . The user has the correct set of privileges on the object, but both the inherited and the local privileges are shown, which is confusing. Cannot connect to VM console after SSL certificate upgrade of ESXi host

A certificate validation error might result if you upgrade the SSL certificate that is used by an ESXi host, and you then attempt to connect to the VM console of any VM running when the certificate was replaced. This is because the old certificate is cached, and any new console connection is rejected due to the mismatch.

The console connection might still succeed, for example, if the old certificate can be validated through other means, but is not guaranteed to succeed. Existing virtual machine console connections are not affected, but you might see the problem if the console was running during the certificate replacement, was stopped, and was restarted. Workaround: Place the host in maintenance mode or suspend or power off all VMs. Only running VMs are affected. As a best practice, perform all SSL certificate upgrades after placing the host in maintenance mode.

Networking Issues

The VM MAC address conflict alarm remains triggered even when the MAC address conflict issue is resolved

The VM MAC address conflict alarm remains triggered or the alarm status is red, even when the MAC address conflict issue that triggers the alarm is resolved. Workaround: Manually acknowledge or clear the alarm after the MAC address conflict issue is rectified.

Disable the alarm if you do not wish to trigger the alarm.

Certain vSphere functionality does not support IPv6

You can enable IPv6 for all nodes and components except for the following features: IPv6 addresses for ESXi hosts and vCenter Server that are not mapped to fully qualified domain names (FQDNs) on the DNS server.

Workaround: Use FQDNs or make sure the IPv6 addresses are mapped to FQDNs on the DNS servers for reverse name lookup. Virtual volumes PXE booting as a part of Auto Deploy and Host Profiles

Workaround: PXE boot an ESXi host over IPv4 and configure the host for IPv6 by using Host Profiles. Connection of ESXi hosts and the vCenter Server Appliance to Active Directory

Workaround: Use Active Directory over LDAP as an identity source in vCenter Single Sign-On. NFS 4.1 storage with Kerberos

Workaround: Use NFS 4.1 with AUTH_SYS. Authentication Proxy Connection of the vSphere Management Assistant and vSphere Command-Line Interface to Active Directory.

Workaround: Connect to Active Directory over LDAP. Use of the vSphere Client to enable IPv6 on vSphere features

Workaround: Use the vSphere Web Client to enable IPv6 for vSphere features.

You can enable IPv6 for all nodes and components except for the following features: In the vSphere Web Client, the direction of the traffic filtering and marking rules is inverted compared with vSphere Web Client 5.5

The direction of a traffic rule appears inverted in the vSphere Web Client in the following cases: After you upgrade vSphere Web Client 5.5 to vSphere Web Client 6.0, the direction of existing traffic rules on a distributed switch is inverted. If you manually redefine traffic rules from a vSphere 5.5 environment into a vSphere 6.0 environment, the traffic rules are applied to traffic in the opposite direction. In vSphere Web Client 5.5, the meaning of "ingress" and "egress" in traffic marking rules is reversed compared with "ingress" and "egress" in the other features of distributed switches, such as traffic shaping, where the direction is determined with regard to the switch. For example, "ingress" in traffic rules stands for traffic leaving the switch while for the other features it stands for traffic entering the switch. The vSphere Web Client 6.0 inverts ingress and egress directions so that they match the meaning in the other distributed switch features. Workaround: If you manually redefine traffic rules from a vSphere 5.5 environment in a vSphere 6.0 environment, reverse the traffic direction of the rules.

The direction of a traffic rule appears inverted in the vSphere Web Client in the following cases:

Virtual Volumes Issues

Attempts to upload files directly to a virtual datastore fail

When you use the Upload the File to the Datastore option of the vSphere Web Client, the upload operation fails for a virtual datastore. Workaround: Virtual Volumes do not support uploading files directly to the virtual datastores. You must first create a folder on the virtual datastore, and then upload the files into the folder.

If you use VIM APIs to create a virtual disk on Virtual Volumes storage and do not to specify a value for the VirtualDisk.FlatVer2BackingInfo.thinProvisoned parameter, a thick provisioned disk is created

The default value for the VirtualDisk.FlatVer2BackingInfo.thinProvisoned parameter is false . If you leave this parameter unspecified, a thick provisioned virtual disk is created.

However, certain Virtual Volumes arrays might support only the thin provisioned disk type. On these arrays, virtual disk creation through VIM APIs might fail if you do not set the parameter to true . Workaround: Perform the applicable workaround: If you use VIM APIs to create virtual disks on Virtual Volumes storage, make sure to explicitly set the VirtualDisk.FlatVer2BackingInfo.thinProvisoned parameter to true . Use the vSphere Web Client to create virtual machines on virtual datastores. By default, the vSphere Web Client creates thin provisioned virtual disks.

Attempts to create a virtual machine might fail if you place a VM configuration file and virtual disk on different datastores, Virtual SAN and Virtual Volumes, and attach different storage policies

This problem might occur if you use the following datastore combinations for your VM configuration file and virtual disk placement at the VM creation time: Virtual SAN and Virtual Volumes, Virtual Volumes and Virtual SAN, Virtual Volumes and Virtual Volumes (with different storage policy support).

You might also experience problems when migrating a single virtual disk out of Virtual SAN VM onto Virtual Volumes datastore. Workaround: Create a virtual machine on one datastore, for example, Virtual SAN. Use the Edit Settings wizard of the vSphere Web Client to add a new virtual disk and place it to another datastore, for example, Virtual Volumes.

This problem might occur if you use the following datastore combinations for your VM configuration file and virtual disk placement at the VM creation time: Virtual SAN and Virtual Volumes, Virtual Volumes and Virtual SAN, Virtual Volumes and Virtual Volumes (with different storage policy support). You might also experience problems when migrating a single virtual disk out of Virtual SAN VM onto Virtual Volumes datastore. Virtual Volumes do not support Storage DRS

In this vSphere 6.0 release, Storage DRS ignores virtual datastores. Workaround: None.

General Storage Issues

Renamed tags appear as missing in the Edit VM Storage Policy wizard

A storage policy can include rules based on datastore tags. If you rename a tag, the storage policy that references this tag does not update the tag automatically, and shows it as missing. Workaround: Remove the tag marked as missing from the storage policy and then add the renamed tag. Reapply the storage policy to all out of date entities.

When a virtual disk is shared across different virtual machines, changes to the disk's storage poli