Issue

More Information on CVE-2015-5177 (ESXi OpenSLP Remote Code Execution)

You might be aware of the 3 critical security issues that VMware has published and fixed a couple of days ago in VMSA-2015-0007. The information provided in the security advisory regarding the first issue, CVE-2015-5177 (ESXi OpenSLP Remote Code Execution), are:

VMware ESXi contains a double free flaw in OpenSLP's SLPDProcessMessage() function. Exploitation of this issue may allow an unauthenticated attacker to remotely execute code on the ESXi host.

Relevant Releases
VMware ESXi 5.5 without patch ESXi550-201509101
VMware ESXi 5.1 without patch ESXi510-201510101
VMware ESXi 5.0 without patch ESXi500-201510101

In this post I am trying to give a better understanding of the vulnerability and its consequences. Please note that the information in this post are my personal opinions. I cannot guarantee that these information are accurate. The main fact is that VMware has published a fix and you should install the patch to be on the safe side. In the real world, you might have something like a "change process" where you can't rollout the patch for hundreds of systems immediately. Or you have a single ESXi that you don't want to reboot at the moment. In this situation, this post tries to help...

Read More »More Information on CVE-2015-5177 (ESXi OpenSLP Remote Code Execution)

"Unsupported SVGA driver" during Windows 10 upgrade in VMware Workstation

windows-10-upgradeUpgrading Windows 7, 8 or 8.1 to Windows 10 in VMware Workstation fails with the following error message:

Unsupported SVGA driver

The issue only applies to the Microsoft Update Validation Tool which has problems with the VMware SVGA driver. To resolve this issue, use the Windows 10 ISO to upgrade your Virtual Machine.

Read More »"Unsupported SVGA driver" during Windows 10 upgrade in VMware Workstation

How to fix ESXi on Intel NUC malformed Manufacturer and Model

VMware ESXi 5.x and 6.0 installed on a 5th gen Intel NUC (NUC5i7RYH, NUC5i5RYH, NUC5i5MYHE, NUC5i5RYK, NUC5i3RYH, NUC5i3MYHE and NUC5i3RYK) has a problem with SMBios system information.

  • Manufacturer and Model in the vSphere Client is displayed with replacement characters (� black diamond with a white question mark).
    5th-gen-nuc-manufacturer
  • Adding host to a vCenter Server fails with the following error message

    A general system error occurred: at line number 7, not well-formed (invalid token)

To solve this problem you have to replace the BIOS. This post explains how to create a customized BIOS with changed SMBios variables and install it on your NUC.

Read More »How to fix ESXi on Intel NUC malformed Manufacturer and Model

VMware ESXi 5.x E1000 PSOD Issue

Even though the bug has been fixed I still see it to come up. ESXi 5.x has two issues that might cause the ESXi host to fail with a purple diagnostic screen. Both PSOD look very similiar:

KB2059053:

#PF Exception 14 in world wwww:WorldName IP 0xnnnnnnnn addr 0x0
PTEs:0xnnnnnnnn;0xnnnnnnnn;0x0;
0xnnnnnnnn:[0xnnnnnnnn]E1000PollRxRing@vmkernel#nover+ 0xdb9
0xnnnnnnnn:[0xnnnnnnnn]E1000DevRx@vmkernel#nover+0x18a

KB2079094:

#PF Exception 14 in world wwww:WorldName IP 0xnnnnnnnn addr 0x0
PTEs:0xnnnnnnnn;0xnnnnnnnn;0x0;
0xnnnnnnnn:[0xnnnnnnnn]E1000PollRxRing@vmkernel#nover+0xeb7
0xnnnnnnnn:[0xnnnnnnnn]E1000DevRx@vmkernel#nover+0x18a
[...]
0xnnnnnnnn:[0xnnnnnnnn]Net_AcceptRxList@vmkernel#nover+0x157

Read More »VMware ESXi 5.x E1000 PSOD Issue

ESXi Issues caused by hp-ams module

I recently had strange issues with Hewlett-Packard servers. ESXi hosts randomly have shown a couple of different symptoms:

  • ESXi host unmanageable
  • ESXi host grayed out in vCenter
  • Starting host services fails with an error message:

    Call "HostServiceSystem.Restart" for object "serviceSystem-[*]" on vCenter Server * failed.

  • Cannot perform vMotion to or from the host
  • Starting virtual machine fails with an error message:

    Power On virtual machine *
    A general system error occurred: The virtual machine could not start
    VMK_NO_MEMORY

  • Restarting services in DCUI fails

    A general system error occurred: Command /bin/sh failed

  • SSH connection to the host possible, but no response after login requests
  • Local console displays an error message:

    /bin/sh cannot fork

  • Error Message received at syslog server

    sfcb-HTTPS-Daemon[*]: handleHttpRequest fork failed: Cannot allocate memory
    crond[*]: can't vfork
    cpu*:*)WARNING: Heap: *: Heap_Align(globalCartel-1, 136/136 bytes, 8 align) failed.
    cpu*:*)WARNING: Heap: *: Heap globalCartel-1 already at its maximum size. Cannot expand)

  • DCUI message log (ALT+F12) displays an error message

    WARNING: Heap: *: Heap globalCartel-1 already at its maximum size. Cannot expand.

Read More »ESXi Issues caused by hp-ams module

Identify Virtual Machine Locks & Find ESXi Hosts by its MAC Address

I recently had an issues where a virtual machine crashed. VM Monitoring (VM HA) tried to restart it, but did not succeed. The virtual machine was greyed out in the inventory and could not be started because it was locked. Unfortunately, it was not possible to identify which ESXi host holds the lock. This post explains how to quickly identify which server is blocking the Virtual Machine.

Read More »Identify Virtual Machine Locks & Find ESXi Hosts by its MAC Address

Reuse VSAN Claimed Disks as VMFS Datastore

During a test I used an old disk that has been previously used by Virtual SAN. The disk did not appear during the datastore creation process. I miss a flash drive here:

datastore-creationThe problem is that the disk has not been cleared from it's VSAN configuration. It has still valid VSAN partitions, so the ESXi "claims it for VSAN" what makes it impossible to create a VMFS filesystem.

Read More »Reuse VSAN Claimed Disks as VMFS Datastore

ESXi 5.5 affected by OpenSSL CVE-2014-0160 aka Heartbleed

[Last Update April 19, 2014 - Patches available]

There are a lot of news according to the recently published OpenSSL vulnerability. The bug, also known as "Heartbleed", allows attackers to steal informations that are protected by the SSL/TLS encryption.

Is VMware ESXi and the vCenter affected?
There is currently no official statement from VMware regarding this issue. After some research I found affected versions im VMware products. Here are my findings:

The affected versions are OpenSSL 1.0.1 through 1.0.1f.

Read More »ESXi 5.5 affected by OpenSSL CVE-2014-0160 aka Heartbleed