6.5.1
Table Of Contents
- vSphere Troubleshooting
- Contents
- About vSphere Troubleshooting
- Updated Information
- Troubleshooting Overview
- Troubleshooting Virtual Machines
- Troubleshooting Fault Tolerant Virtual Machines
- Hardware Virtualization Not Enabled
- Compatible Hosts Not Available for Secondary VM
- Secondary VM on Overcommitted Host Degrades Performance of Primary VM
- Increased Network Latency Observed in FT Virtual Machines
- Some Hosts Are Overloaded with FT Virtual Machines
- Losing Access to FT Metadata Datastore
- Turning On vSphere FT for Powered-On VM Fails
- FT Virtual Machines not Placed or Evacuated by vSphere DRS
- Fault Tolerant Virtual Machine Failovers
- Troubleshooting USB Passthrough Devices
- Recover Orphaned Virtual Machines
- Virtual Machine Does Not Power On After Cloning or Deploying from Template
- Troubleshooting Fault Tolerant Virtual Machines
- Troubleshooting Hosts
- Troubleshooting vSphere HA Host States
- vSphere HA Agent Is in the Agent Unreachable State
- vSphere HA Agent is in the Uninitialized State
- vSphere HA Agent is in the Initialization Error State
- vSphere HA Agent is in the Uninitialization Error State
- vSphere HA Agent is in the Host Failed State
- vSphere HA Agent is in the Network Partitioned State
- vSphere HA Agent is in the Network Isolated State
- Configuration of vSphere HA on Hosts Times Out
- Troubleshooting vSphere Auto Deploy
- vSphere Auto Deploy TFTP Timeout Error at Boot Time
- vSphere Auto Deploy Host Boots with Wrong Configuration
- Host Is Not Redirected to vSphere Auto Deploy Server
- Package Warning Message When You Assign an Image Profile to a vSphere Auto Deploy Host
- vSphere Auto Deploy Host with a Built-In USB Flash Drive Does Not Send Coredumps to Local Disk
- vSphere Auto Deploy Host Reboots After Five Minutes
- vSphere Auto Deploy Host Cannot Contact TFTP Server
- vSphere Auto Deploy Host Cannot Retrieve ESXi Image from vSphere Auto Deploy Server
- vSphere Auto Deploy Host Does Not Get a DHCP Assigned Address
- vSphere Auto Deploy Host Does Not Network Boot
- Recovering from Database Corruption on the vSphere Auto Deploy Server
- Authentication Token Manipulation Error
- Active Directory Rule Set Error Causes Host Profile Compliance Failure
- Unable to Download VIBs When Using vCenter Server Reverse Proxy
- Troubleshooting vSphere HA Host States
- Troubleshooting vCenter Server and the vSphere Web Client
- Troubleshooting Availability
- Troubleshooting Resource Management
- Troubleshooting Storage DRS
- Storage DRS is Disabled on a Virtual Disk
- Datastore Cannot Enter Maintenance Mode
- Storage DRS Cannot Operate on a Datastore
- Moving Multiple Virtual Machines into a Datastore Cluster Fails
- Storage DRS Generates Fault During Virtual Machine Creation
- Storage DRS is Enabled on a Virtual Machine Deployed from an OVF Template
- Storage DRS Rule Violation Fault Is Displayed Multiple Times
- Storage DRS Rules Not Deleted from Datastore Cluster
- Alternative Storage DRS Placement Recommendations Are Not Generated
- Applying Storage DRS Recommendations Fails
- Troubleshooting Storage I/O Control
- Troubleshooting Storage DRS
- Troubleshooting Storage
- Resolving SAN Storage Display Problems
- Resolving SAN Performance Problems
- Virtual Machines with RDMs Need to Ignore SCSI INQUIRY Cache
- Software iSCSI Adapter Is Enabled When Not Needed
- Failure to Mount NFS Datastores
- Troubleshooting Storage Adapters
- Checking Metadata Consistency with VOMA
- No Failover for Storage Path When TUR Command Is Unsuccessful
- Troubleshooting Flash Devices
- Troubleshooting Virtual Volumes
- Troubleshooting VAIO Filters
- Troubleshooting Networking
- Troubleshooting MAC Address Allocation
- The Conversion to the Enhanced LACP Support Fails
- Unable to Remove a Host from a vSphere Distributed Switch
- Hosts on a vSphere Distributed Switch 5.1 and Later Lose Connectivity to vCenter Server
- Hosts on vSphere Distributed Switch 5.0 and Earlier Lose Connectivity to vCenter Server
- Alarm for Loss of Network Redundancy on a Host
- Virtual Machines Lose Connectivity After Changing the Uplink Failover Order of a Distributed Port Group
- Unable to Add a Physical Adapter to a vSphere Distributed Switch
- Troubleshooting SR-IOV Enabled Workloads
- A Virtual Machine that Runs a VPN Client Causes Denial of Service for Virtual Machines on the Host or Across a vSphere HA Cluster
- Low Throughput for UDP Workloads on Windows Virtual Machines
- Virtual Machines on the Same Distributed Port Group and on Different Hosts Cannot Communicate with Each Other
- Attempt to Power On a Migrated vApp Fails Because the Associated Protocol Profile Is Missing
- Networking Configuration Operation Is Rolled Back and a Host Is Disconnected from vCenter Server
- Troubleshooting Licensing
If the teaming and failover policy of the port group contains more active uplinks, the BPDU traffic is moved
to the adapter for the next active uplink. The new physical switch port becomes disabled, and more
workloads become unable to exchange packets with the network. Eventually, almost all entities on the
ESXi host might become unreachable.
If the virtual machine runs on a host that is a part of a vSphere HA cluster, and the host becomes
network-isolated because most of the physical switch ports connected to it are disabled, the active master
host in the cluster moves the BPDU sender virtual machine to another host. The virtual machine starts
disabling the physical switch ports connected to the new host. The migration across the vSphere HA
cluster eventually leads to accumulated DoS across the entire cluster.
Solution
n
If the VPN software must continue its work on the virtual machine, allow the traffic out of the virtual
machine and configure the physical switch port individually to pass the BPDU frames.
Network
Device Configuration
Distributed or
standard switch
Set the Forged Transmit security property on the port group to Accept to allow BPDU frames to leave the
host and reach the physical switch port.
You can isolate the settings and the physical adapter for the VPN traffic by placing the virtual machine in a
separate port group and assigning the physical adapter to the group.
Caution Setting the Forged Transmit security property to Accept to enable a host to send BPDU frames
carries a security risk because a compromised virtual machine can perform spoofing attacks.
Physical switch
n
Keep the Port Fast enabled.
n
Enable the BPDU filter on the individual port. When a BPDU frame arrives at the port, it is filtered out.
Note Do not enable the BPDU filter globally. If the BPDU filter is enabled globally, the Port Fast mode
becomes disabled and all physical switch ports perform the full set of STP functions.
n
To deploy a bridge device between two virtual machine NICs connected to the same Layer 2 network,
allow the BPDU traffic out of the virtual machines and deactivate Port Fast and BPDU loop prevention
features.
Network Device Configuration
Distributed or
standard switch
Set the Forged Transmit property of the security policy on the port groups to Accept to allow BPDU
frames to leave the host and reach the physical switch port.
You can isolate the settings and one or more physical adapters for the bridge traffic by placing the virtual
machine in a separate port group and assigning the physical adapters to the group.
Caution Setting the Forged Transmit security property to Accept to enable bridge deployment carries a
security risk because a compromised virtual machine can perform spoofing attacks.
Physical switch
n
Disable Port Fast on the ports to the virtual bridge device to run STP on them.
n
Disable BPDU guard and filter on the ports facing the bridge device.
vSphere Troubleshooting
VMware, Inc. 96