I think the recent release of the vSphere (Version7.0 Update3) is one of the VMware Products that have many patch releases in a short duration. (8 versions from Oct 2021 until now) Regardless of the reasons that were usually based on the security weakness of each release, it brings us a clear conclusion: Every new product although passed many complex security tests and considerations, can include recent zero days and deep breaches inside their architecture. Log4j vulnerability proved this fact that an old behavior of a service or solution can be a perfect target for Hackers because most of the time an unknown reaction or response to a complex request maybe leads the whole system to an unstable status.
In recent years, most Unix/Linux Based OS and services are the targets of new attacks and other types of threats like ransomware. So the VMware products are not excluded from these critical risks. It's natural to see many new patches in a short time. However, it's not a reason to avoid providing a well-done designed plan that is nicely scheduled for protecting against new disasters like announcing a new vulnerability. I think if we are forced to check the new build numbers of ESXi or vCenter server weekly, it should be part of our IT staff's primary tasks.
Some releases include of many security fixes, like the vCenter Server 7.0U3f:
In this post, I want to mention to some of the known issues in the recent releases of vSphere 7.0 U3 Patches:
- Security: Encrypted VM fails to power on Trusted Cluster containing an unattested host in migrating/cloning states, or in the HA/DRS-enabled cluster.
- Networking: VM might lose Ethernet traffic after hot-add, hot-remove or storage vMotion.
- Networking: IPv6 traffic fails to pass through VMkernel ports using IPsec.
- Networking: When upgrading from vSphere6.7 to vSphere7.0 high throughput virtual machines may experience degradation in network performance while NIOC is enabled.
- Storage: VOMA check is not supported for NVMe-based VMFS datastores and will fail with an error.
- Storage: After recovering from APD/PDL conditions, the VMFS datastore with
enabled support for clustered virtual disks might remain inaccessible. The VMkernel log might show multiple
"SCSI3 reservation conflict"messages. - VSAN: VMs lose connectivity due to a network outage in the preferred site of a vSAN stretched cluster and still stay inaccessible state, while they should failover to the secondary site.
- vCLS: System VMs that are added for ensuring healthy operations of the vSphere Cluster Services, might impact cluster and datastore maintenance workflows in vCenter 7.0 U1.
- vSphere client: Cross vCenter migration of a VM fails with an error:
"The operation is not allowed in the current state". - VM MGMT: The post customization section of the script runs before the guest customization, if you enable Cloud-Init in a Linux Guest OS.
- VM MGMT: Deploying an OVF or OVA template from a URL fails with a 403 Forbidden error and also maybe a local OVF deployment containing files with non-ASCII characters in their name might fail with an error.
- VM MGMT: You cannot add or modify an existing network adapter on a virtual machine:
Although it's just a part of the whole story and you should read the full document of VMware vCenter Server 7.0 U3g Release Notes, about the known issues to truly understand what actions and workarounds are required to do, or which update you should run to fix them. I always prefer to execute the CLI way instead of GUI methods:
