6.0.1
Table Of Contents
- vSphere Troubleshooting
- Contents
- About vSphere Troubleshooting
- Updated Information
- Troubleshooting Overview
- Troubleshooting Virtual Machines
- Troubleshooting Fault Tolerant Virtual Machines
- Hardware Virtualization Not Enabled
- Compatible Hosts Not Available for Secondary VM
- Secondary VM on Overcommitted Host Degrades Performance of Primary VM
- Increased Network Latency Observed in FT Virtual Machines
- Some Hosts Are Overloaded with FT Virtual Machines
- Losing Access to FT Metadata Datastore
- Turning On vSphere FT for Powered-On VM Fails
- FT Virtual Machines not Placed or Evacuated by vSphere DRS
- Fault Tolerant Virtual Machine Failovers
- Troubleshooting USB Passthrough Devices
- Recover Orphaned Virtual Machines
- Virtual Machine Does Not Power On After Cloning or Deploying from Template
- Troubleshooting Fault Tolerant Virtual Machines
- Troubleshooting Hosts
- Troubleshooting vSphere HA Host States
- vSphere HA Agent Is in the Agent Unreachable State
- vSphere HA Agent is in the Uninitialized State
- vSphere HA Agent is in the Initialization Error State
- vSphere HA Agent is in the Uninitialization Error State
- vSphere HA Agent is in the Host Failed State
- vSphere HA Agent is in the Network Partitioned State
- vSphere HA Agent is in the Network Isolated State
- Configuration of vSphere HA on Hosts Times Out
- Troubleshooting Auto Deploy
- Auto Deploy TFTP Timeout Error at Boot Time
- Auto Deploy Host Boots with Wrong Configuration
- Host Is Not Redirected to Auto Deploy Server
- Package Warning Message When You Assign an Image Profile to Auto Deploy Host
- Auto Deploy Host with a Built-In USB Flash Drive Does Not Send Coredumps to Local Disk
- Auto Deploy Host Reboots After Five Minutes
- Auto Deploy Host Cannot Contact TFTP Server
- Auto Deploy Host Cannot Retrieve ESXi Image from Auto Deploy Server
- Auto Deploy Host Does Not Get a DHCP Assigned Address
- Auto Deploy Host Does Not Network Boot
- Authentication Token Manipulation Error
- Active Directory Rule Set Error Causes Host Profile Compliance Failure
- Unable to Download VIBs When Using vCenter Server Reverse Proxy
- Troubleshooting vSphere HA Host States
- Troubleshooting vCenter Server and the vSphere Web Client
- Troubleshooting Availability
- Troubleshooting Resource Management
- Troubleshooting Storage DRS
- Storage DRS is Disabled on a Virtual Disk
- Datastore Cannot Enter Maintenance Mode
- Storage DRS Cannot Operate on a Datastore
- Moving Multiple Virtual Machines into a Datastore Cluster Fails
- Storage DRS Generates Fault During Virtual Machine Creation
- Storage DRS is Enabled on a Virtual Machine Deployed from an OVF Template
- Storage DRS Rule Violation Fault Is Displayed Multiple Times
- Storage DRS Rules Not Deleted from Datastore Cluster
- Alternative Storage DRS Placement Recommendations Are Not Generated
- Applying Storage DRS Recommendations Fails
- Troubleshooting Storage I/O Control
- Troubleshooting Storage DRS
- Troubleshooting Storage
- Resolving SAN Storage Display Problems
- Resolving SAN Performance Problems
- Virtual Machines with RDMs Need to Ignore SCSI INQUIRY Cache
- Software iSCSI Adapter Is Enabled When Not Needed
- Failure to Mount NFS Datastores
- VMkernel Log Files Contain SCSI Sense Codes
- Troubleshooting Storage Adapters
- Checking Metadata Consistency with VOMA
- Troubleshooting Flash Devices
- Troubleshooting Virtual Volumes
- Troubleshooting VAIO Filters
- Troubleshooting Networking
- Troubleshooting MAC Address Allocation
- The Conversion to the Enhanced LACP Support Fails
- Unable to Remove a Host from a vSphere Distributed Switch
- Hosts on a vSphere Distributed Switch 5.1 and Later Lose Connectivity to vCenter Server
- Hosts on vSphere Distributed Switch 5.0 and Earlier Lose Connectivity to vCenter Server
- Alarm for Loss of Network Redundancy on a Host
- Virtual Machines Lose Connectivity After Changing the Uplink Failover Order of a Distributed Port Group
- Unable to Add a Physical Adapter to a vSphere Distributed Switch
- Troubleshooting SR-IOV Enabled Workloads
- A Virtual Machine that Runs a VPN Client Causes Denial of Service for Virtual Machines on the Host or Across a vSphere HA Cluster
- Low Throughput for UDP Workloads on Windows Virtual Machines
- Virtual Machines on the Same Distributed Port Group and on Different Hosts Cannot Communicate with Each Other
- Attempt to Power On a Migrated vApp Fails Because the Associated Protocol Profile Is Missing
- Networking Configuration Operation Is Rolled Back and a Host Is Disconnected from vCenter Server
- Troubleshooting Licensing
- Index
Solution
u
In the guest operating system, reset the interface to cause the passthrough network adapter to regain its
valid MAC address. If the interface is configured to use DHCP for address assignment, the interface
acquires an IP address automatically.
For example, on a Linux virtual machine run the ifconfig console command.
ifconfig ethX down
ifconfig ethX up
where X in ethX represents the sequence number of the virtual machine network adapter in the guest
operating system.
A Virtual Machine that Runs a VPN Client Causes Denial of Service for
Virtual Machines on the Host or Across a vSphere HA Cluster
A virtual machine sending Bridge Protocol Data Unit (BPDU) frames, for example, a VPN client, causes
some virtual machines connected to the same port group to lose connectivity. The transmission of BPDU
frames might also break the connection of the host or of the parent vSphere HA cluster.
Problem
A virtual machine that is expected to send BPDU frames causes the traffic to the external network of the
virtual machines in the same port group to be blocked.
If the virtual machine runs on a host that is a part of a vSphere HA cluster, and the host becomes network-
isolated under certain conditions, you observe Denial of Service (DoS) on the hosts in the cluster.
Cause
As a best practice, a physical switch port that is connected to an ESXi host has the Port Fast and BPDU guard
enabled to enforce the boundary of the Spanning Tree Protocol (STP). A standard or distributed switch does
not support STP, and it does not send any BPDU frames to the switch port. However, if any BPDU frame
from a compromised virtual machine arrives at a physical switch port facing an ESXi host , the BPDU guard
feature disables the port to stop the frames from affecting the Spanning Tree Topology of the network.
In certain cases a virtual machine is expected to send BPDU frames, for example, when deploying VPN that
is connected through a Windows bridge device or through a bridge function. If the physical switch port
paired with the physical adapter that handles the traffic from this virtual machine has the BPDU guard on,
the port is error-disabled, and the virtual machines and VMkernel adapters using the host physical adapter
cannot communicate with the external network anymore.
If the teaming and failover policy of the port group contains more active uplinks, the BPDU traffic is moved
to the adapter for the next active uplink. The new physical switch port becomes disabled, and more
workloads become unable to exchange packets with the network. Eventually, almost all entities on the ESXi
host might become unreachable.
If the virtual machine runs on a host that is a part of a vSphere HA cluster, and the host becomes network-
isolated because most of the physical switch ports connected to it are disabled, the active master host in the
cluster moves the BPDU sender virtual machine to another host. The virtual machine starts disabling the
physical switch ports connected to the new host. The migration across the vSphere HA cluster eventually
leads to accumulated DoS across the entire cluster.
Chapter 8 Troubleshooting Networking
VMware, Inc. 89