During vSAN cluster shutdown, vSAN disables the cluster in ESX Agent Manager (EAM). When EAM service is restarted, it does not power-on the vCLS VMs.

vSAN Skyline health might randomly report that network configuration is out of sync. This transient issue occurs when the vSAN health service uses an outdated vCenter configuration to perform unicast check.

If the source and target vCenter instances, either on-prem or cloud, in an Advanced Cross-vCenter vMotion operation have matching networks with identical names for some of the network adapters, the operation might fail with an error such as VirtualEthernetCardNetworkBackingInfo required property deviceName not set. The issue does not affect standard cross-vCenter migration of VMs between linked vCenter instances.

In the vSphere Client, when you open Edit Settings > Virtual Hardware for a virtual machine and expand either the Memory or Hard disks sections, you see numbers displayed in black on a dark background and cannot clearly see the values.

In the vSphere Client, when you filter a Virtual Machines list by IP address, virtual machines with two or more IP addresses, in cases such as two NICs attached or using virtualized IPs, might not appear in the filtered results.

In rare cases, when you migrate many VMs between datacenters, an issue with a property computation might result in failure to complete the validation on the Select a compute resource step and you might not be able to perform the migration.

When you schedule a task to migrate VMs and the source and destination hosts are in the same cluster, the VMs might move out of the parent resource pool or vApp after the migration completes.

If a key management server (KMS) cluster that enables virtual machine encryption tasks has connectivity issues, you cannot apply an encryption storage policy to a VM by using Edit VM Storage Policy or Edit VM Settings in the vSphere Client. You also see long loading times, due to the connectivity issue of the KMS cluster.

In the vSphere Client, when you add or modify an entity in a related object list, for example a list of VMs, the task triggers a self-refresh and a consecutive live refresh of the list. As the data grid gets updated twice, the Select all items option might not function properly.

If an ESXi host has encryption mode enabled, you cannot download .vmx files from this host even when individual VMs are not encrypted, unless you have Cryptographer.Access privilege on the vCenter system.

In some cases, you might see vCenter folder names that contain special characters such as ’%’ to display incorrectly in the vSphere Client because the special character is escaped. For example, a folder name My%Folder displays as My%25Folder.

In the vSphere Client, when you navigate to a virtual machine > Edit Settings > Virtual Hardware, you see the names of network adapters with „%2f” instead of „/”. For example, nw10.55.0.0/24 appears as nw10.55.0.0%2f24.

The general alarms Backup job failed or Backup job success in vCenter are default alarms and if you delete them, you cannot add them back, because the backup default alerts are not available in the Add new alarm drop-down menu.

Certain reserved characters in an Internet proxy password, except alphanumeric and dashes, underscores, periods, and tildes, trigger URL encoding, also known as percent-encoding, of the password string, which causes failure of some vSphere Lifecycle Management operations that require access to the Internet through a password-protected proxy. For example, when you click Select Actions > Sync HCL on the vSphere Lifecycle Manager home view in the vSphere Client, you see the error Update HCL data - A general system error occurred even though a correct proxy server username and password are configured.

If you have an invalid Key Management Server (KMS) configuration in your vCenter system, such as a stale testing instance, the vpxd service periodically tries to connect to that KMS to check its status, which leads to wrong file descriptors. As a result, ESXi hosts lose connectivity. Hosts disconnect one at a time but reconnected automatically after 1 second.

Starting from vCenter Server 7.0 Update 3o, if you use the vSphere Automation API, Certificate Manager utility, or Certificate management CLIs as an interface to manage vCenter Server Certificates, you can leave the organizationalUnitName field empty. The change does not affect existing workflows for certificate replacement or Certificate Signing Requests (CSRs). The vSphere Client and PowerCLI 12.4 still require data for the organizationalUnitName field.

Some third-party tools for vulnerability scans might report the HTTP TRACE method on vCenter ports 9084 and 9087 as vulnerable.

• Apache Tomcat is updated to version 8.5.89.

• The Spring Framework is updated to version 5.3.27.

• The Jackson package is updated to version 2.15.2.

• The Commons Lang3 software library is updated to version 3.12.0.

• The Commons-Collections4 software library is updated to version 4.4.

• The Commons-Fileupload software library is updated to version 1.5.

• Velocity-Engine-Core is updated to version 2.3.

• The sqlite-jdbc is updated to version 3.42.0.0.

• Protocol Buffers (Protobuf) is updated to version 3.22.3.

• Jetty is updated to version 9.4.51.v20230217.

• See the PhotonOS release notes for open source changes.

When you perform a vCenter migration by using the GUI installer, if you select only the option Configuration and Inventory, you get data for the full list of options, including Tasks and Events, and Performance Metrics. The issue occurs, because regardless of the selection in the GUI installer, the selection in the backend is for all data.

Due to a possible mismatch between the Common Name, cn, and the sAMAccountName LDAP attribute in a domain controller in your vCenter system, upgrades to vCenter 7.x might fail. In the /var/log/firstboot file, you see messages such as: INFO wcp-firstboot WCP storage user does not exists, create the user and VMware directory error[9127].

In rare cases, a Certificate Signing Request (CSR) might contain duplicate SAN entries. This issue has no functional impact and the CSR succeeds in creating a new certificate.

After a change in the upstream configuration of the syslog service on your ESXi hosts, you might see duplicate stream files in the source system that pile up to consume extra space in vCenter.

When you use the vSphere Client to configure an advanced option for vSphere HA, if the entry contains a space, for example <unknownStateMonitorPeriod >, you might see a duplicate entry for the configured property after a restart of vSphere HA. In thefdm.log file on the host, you see an error such as:

2022-12-05T20:55:58.592Z fdm[2104214]: Upgrade FDM configuration failed with error:Duplicate child: unknownStateMonitorPeriod.

Migrating a 6.x virtual machine to an ESXi host of version 7.0 Update 2 or later by using vSphere vMotion might fail because the destination host requires larger VM overhead memory than the source host. In the backtrace, you see an error such as Module 'MonitorLoop' power on failed..

Several vsphere-ui logs, such as catalina.log, localhost.log, manager.log, and host-manager.log, are not compressed after rotation and you might see lengthy lists of rotated files, if rotation is more frequent, for example daily.

This issue occurs in very rare cases, when for some reason the date on your vCenter system is set to a distant future date, relative to which date vCenter certificates display as expired. As a result, you see certificate expiry alarms as expected, because alarms are not designed to consider cases when the vCenter system is set to a future date. vCenter alarms with negative expiry dates continue even after you change the system time to the correct date.

In rare cases, when a core dump operation takes long, the vmware-vmon service that monitors the health of vCenter services might close threads of the vpxd service before it succeeds to produce a core dump in case of failure. As a result, you cannot investigate the root cause of the vpxd failure.

In rare cases, when the hostd service returns an empty virtual machine layout during a migration operation, the vpxd service might fail with a dump due to a missing null check for virtual machine layouts.

After a vCenter upgrade, when you run a snmpwalk command to get the vCenter version information, the command might return the base version instead of the upgraded version information.

The internal buffer that holds the CPU information of a virtual file system in the file/proc/cpuinfo might not be correctly calculated and cause many core files of the SNMP service to generate and fill up the /storage/core directory.

Memory leaks in Active Directory operations and related libraries, or when smart card authentication is enabled on an ESXi host, might lead to Likewise memory exhaustion.

In the vSphere Client, when you try to filter distributed port groups on the NSX Port Group ID column, you might see an error such as Cannot filter by non-filterable property: DistributedVirtualPortgroup/dvpgNsxId error or you continuously see the ports datagrid display as loading.

If some VMs in a storage cluster have storage I/O reservations, vSphere Storage DRS might fail to balance the I/O reservations in the cluster and throw and error such as The available storage IOPs capacity is not sufficient for the operation.

In case of shared datastores, timestamp in the DatastoreInfo object can vary from host to host. Timestamps indicate the time at which an ESXi host pulls data such as free space and capacity from the storage stack and different hosts can trigger refresh at different time. During host sync to update the DatastoreInfo object, vCenter might get an older timestamp that the one that another host has just sent, and you see a fluctuation in the timestamps.

Some API commands that you use in the Appliance Shell in vCenter Server to perform various administrative tasks might return unexpected results. For example, the command com.vmware.appliance.version1.resources.cpu.stats.get might return:

Error in method: Operation Failed. (code com.vmware.applmgmt.err_operation_failed)or

Error in executing command: 8002.

Some health-related commands, such as:

• com.vmware.appliance.version1.resources.load.health.get

• com.vmware.appliance.version1.resources.mem.health.get

• com.vmware.appliance.version1.resources.storage.health.get

• com.vmware.appliance.version1.resources.swap.health.get

• com.vmware.appliance.version1.resources.system.health.get

• com.vmware.appliance.version1.resources.softwarepackages.health.get

might return only gray health status.

When you run the vc-support command to collect the log support bundle of a vCenter, you might see a non-fatal error such as: cmd "/usr/lib/vmware-vmdir/vmdir-tool/integrity_check_machine_account_executor.py" timed out after 1200 seconds due to lack of progress in last 600 seconds (0 bytes read). In such cases, you only need to run that script separately to collect the complete output by using the [--integrityCheck] option of the /usr/lib/vmware-vmdir/vmdir-tool/vmdir_tool.py tool.

Stateless ESXi hosts that you deploy by using vSphere Auto Deploy might not exit Maintenance Mode after a reboot and you need to set manually the root password to reconnect the hosts to a vCenter. The issue occurs only when you use a Host Profile with a Fixed password configuration that does not correctly apply after a reboot of stateless hosts.

When you deploy stateless ESXi hosts by using Auto Deploy in an environment with a vSphere+ license, the verification of the license might fail during the host boot. As a result, the host cannot join the designated cluster and get the proper license.

vSphere vMotion operations by using either the vSphere Client or VMware Hybrid Cloud Extension (HCX) from an Intel Ice Lake CPU host running ESXi 6.7.x fails with an error such as msg.checkpoint.cpucheck.fail. In the vSphere Client, you see a message that cpuid.PSFD is not supported on the target host. In HCX, you see a report such as A general system error occurred: vMotion failed:.

When you use the vCenter Server Appliance Management Interface (VAMI) to run a file-based backup, you might see an error such as:

Invalid vCenter Server Status: All required services are not up! Stopped services:'vmcam'

The issue occurs when the vmcam occasionally fails to start due to a possible change in the ownership of the vmcam log file from /vmcam to /root after a vCenter update.

When you create a custom datastore configuration of vCLS VMs by using VMware Aria Automation Orchestrator, former VMware vRealize Orchestrator, or PowerCLI, for example set a list of allowed datastores for such VMS, you might see redeployment of such VMs on regular intervals, for example each 15 minutes.