VMware Cloud Community
DavidGriswoldeB
Enthusiast
Enthusiast
‎08-09-2021 01:06 PM

vCLS VMs hidden

After upgrading to vCenter 7.0 U2a all cluster VMs (vCLS) are hidden from site using either the web client or PowerCLI, like the vCenter API is obfuscating them on purpose. I see no indication they exist other than in the Files view of the datastores they were deployed on.

So, my questions are: was this on purpose in u2? I suspect there were enough stupid people out there messing with them because they didn't know how to use Google to find out they are needed that VMware made the decision to hide them, but it is a pain in the butt. 

I have a datastore I need to decom and the vCLS VMs were deployed on it and since I can't find them I can't migrate their storage (or know if I should be able to). I turned of cluster DRS hoping that would remove the vCLS VMs, but I still cannot delete the files from the datastore.

Any thoughts or ideas would be appreciated.

0 Kudos
5 Replies
lamw
Community Manager
Community Manager
‎08-09-2021 01:13 PM

They're only hidden in the vSphere UI under the Host/Client view, if you navigate to VM/Templates View, you should find vCLS folder that contains all the VMs. They're also not hidden from vSphere API (which includes PowerCLI, which is just another Client to API)

I've upgraded my env several times and its running latest 7.0 Update 2a and I'm able to see the VMs both from UI/API

Get-vm | where {$_.name -match "vCLS"}

Name PowerState Num CPUs MemoryGB
---- ---------- -------- --------
vCLS (36) PoweredOn 1 0.125
vCLS (39) PoweredOn 1 0.125
vCLS (32) PoweredOn 1 0.125
vCLS (24) PoweredOn 1 0.125

 Are you logging in with administrator@vsphere.local or another account?

0 Kudos
DavidGriswoldeB
Enthusiast
Enthusiast
‎08-09-2021 01:24 PM

I should have mentioned that I looked for the vCLS folder as well. It only exists on one cluster (out of 47). 

Additionally, the powerCLI command only returns those three vCLS.

Again, I can only see the vCLS files on the datastore. They all have .lck files and .log files with current timestamps, and I can't delete the files.

0 Kudos
DavidGriswoldeB
Enthusiast
Enthusiast
‎08-09-2021 01:37 PM

I just saw your question at the end of your reply asking what account I was logging in with. I was using my privileged domain account, but the administrator@vsphere.local. I logged out and back in using the admin account and now I see all the vCLS.

I am not sure why this is happening. We recently changed our vCenters' authentication from Integrated Active Directory (because it kept creating RC4 cipher Kerberos connections to our domain controllers and InfoSec did not like that) to Active Directory over LDAP. 

Our admin team security role still has global admin rights on the vCenter, but now we can't see the vCLS folder or VMs. I wonder what else changed.

This is very strange.

lamw
Community Manager
Community Manager
‎08-09-2021 01:56 PM

Is the account(s) you're logging in with a part of the vSphere SSO "Administrator" group? I know you'll see different behavior if you're not part of that group and its possible you're missing that or another SSO Group (since you're able to see it using administrator@vsphere.local) account, so there's no actual issue with how vCLS VMs are showing up (if you're full admin)

DavidGriswoldeB
Enthusiast
Enthusiast
‎08-09-2021 02:15 PM

After supporting VMware for 12+ years, I never knew there is a difference. I thought if I granted a person or group Administrator permissions Globally it was the same as adding them to the group. 

I just added my AD account to the Administrator group, logged out/in with my AD account and I can see the vCLS folder and VMs.

I KNOW that I could see these on an earlier version of 7.0 (u1 obviously) using my AD account. So that behavior did change with u2.