VMware Cloud Community
BruceHB
Contributor
Contributor
‎08-01-2018 07:53 PM
Jump to solution

host 6.5 P2 7388607 can not join vcenter with EVC enabled vCenter cluster 6.5 U2 8294253

Hi vSphere Gurus,

In vsphere support matrix, it only says U1 host can join U2 vcenter.

However 6.5P02 7388607 host, which is a patch of U1 version, cannot join EVC enabled vCenter cluster 6.5 U2 8294253.

BUT 6.5 EP06 7967591 can join the U2 vCenter 8294253.

https://my.vmware.com/group/vmware/patch#search

I double check its information that EP06 only update the CPU CVE issue patch. link->  VMware Knowledge Base

Is any official  limitation description document for the support list with these special patch?

0 Kudos
1 Solution

Accepted Solutions
tanwk
Enthusiast
Enthusiast
‎08-03-2018 02:18 AM
Jump to solution

Are there still host in the EVC cluster not updated?

The reason for this is that there are some changes been masked out with the patch and in such, the old EVC will still expose those feature in old EVC. The new EVC will then block out this feature and will not allow patched server to join this cluster.

You need to make sure all the host in the EVC Cluster is patched. If one is not patched, the EVC will not expose the new characteristic.

pyVmomi script: How to confirm whether EVC cluster is patched or not ? Spectre vulnerability | vThin...

Blog: http://plain-virt.blogspot.com
Twitter: @tanwk3
LinkedIn: http://sg.linkedin.com/in/weekiongtan

View solution in original post

0 Kudos
9 Replies
Devi94
Hot Shot
Hot Shot
‎08-01-2018 10:47 PM
Jump to solution

what is the error you are getting when adding host ? can you please post error message ?

0 Kudos
vmrale
Expert
Expert
‎08-02-2018 02:31 AM
Jump to solution

BruceHB,

I didn't found any official limitation description document for the support of those patches, but the problem You described is a repetitive one. Make sure that all hosts in EVC cluster have the same Spectre/Meltdown patches installed and then add them to the EVC enabled cluster.

Regards
Radek

If you think your question have been answered correctly, please consider marking it as a solution or rewarding me with kudos.
0 Kudos
BruceHB
Contributor
Contributor
‎08-02-2018 04:28 AM
Jump to solution

Hi Vmrale,

Thanks for your response.

I just follow the interoperability matrix. Choose esxi and vcenter server.

https://www.vmware.com/resources/compatibility/sim/interop_matrix.php#interop&1=&2=

It says U1 esxi can join U2.  VMware allows user to do this operation and it is official support in my opinion.

In my testing, 6.5EP06 can join 6.5U2. That means same patch is not a Must rule. At least, the join cluster operation should be workable.

We just need to find some document to support our testing result of the limitation.

Imaging that customer has a new 6.5U2 vcenter and a bunch of pre-installed ESXi 6.5P02. The mixed esxi node joining operation is reasonable.

We can solve the patch problem after the esxi node join into the cluster.

0 Kudos
a_p_
Leadership
Leadership
‎08-02-2018 04:57 AM
Jump to solution

Are all hosts running the latest BIOS (Microcode)? Support for the the additional CPU instructions was introduced with build 7967591 (see e.g. https://esxi-patches.v-front.de/vm-6.5.0.html).

I ran into this same issue some time ago, and solved it by upgrading all the host's BIOS (Microcode), as well as ESXi to Update 1g (Build 7967591). After this I was able to add the hosts to the EVC enabled cluster.


André

0 Kudos
BruceHB
Contributor
Contributor
‎08-02-2018 08:27 PM
Jump to solution

Here is the attachment of error

P02joinU2.png

I think cpu related patch is the root cause of the issue.

However, VMware doesn't provide document for the limitation about 6.5P2 cannot join U2 vcenter.

If the test result is ture. That means only U1G(EP06) can join U2 cluster.

0 Kudos
BruceHB
Contributor
Contributor
‎08-02-2018 08:29 PM
Jump to solution

a.p.

It may not be the root cause of the issue.

U1G can join U2 cluster but P02 cannot.  Technically speaking, they are all belong to U1 series.

0 Kudos
a_p_
Leadership
Leadership
‎08-03-2018 01:29 AM
Jump to solution

Technically speaking, they are all belong to U1 series.

That's correct, but the microcode update which added the new CPU instructions came with U1g.

André

0 Kudos
tanwk
Enthusiast
Enthusiast
‎08-03-2018 02:18 AM
Jump to solution

Are there still host in the EVC cluster not updated?

The reason for this is that there are some changes been masked out with the patch and in such, the old EVC will still expose those feature in old EVC. The new EVC will then block out this feature and will not allow patched server to join this cluster.

You need to make sure all the host in the EVC Cluster is patched. If one is not patched, the EVC will not expose the new characteristic.

pyVmomi script: How to confirm whether EVC cluster is patched or not ? Spectre vulnerability | vThin...

Blog: http://plain-virt.blogspot.com
Twitter: @tanwk3
LinkedIn: http://sg.linkedin.com/in/weekiongtan
0 Kudos
BruceHB
Contributor
Contributor
‎08-05-2018 08:27 PM
Jump to solution

Hi tanwk,

Thanks for your reply.

Go through the link you provide, I visit the KB VMware Knowledge Base 52085.

and find the description:

In order to maintain this compatibility the new features are hidden from guests within the cluster until all hosts in the cluster are properly updated.  At that time, the cluster will automatically upgrade its capabilities to expose the new features. Unpatched ESXi hosts will no longer be admitted into the EVC cluster.

Then we can regard it as an official description of limitation.

0 Kudos