It seems there is a bug in vCenter 6.7 which caused the update check of VCSA is not working.
So to upgrade VCSA from 6.7 to 6.7u1, you need to
1. In the vCenter Server Appliance Management Interface, go to Update > Settings and configure the custom URL to https://vapp-updates.vmware.com/vai-catalog/valm/vmw/8d167796-34d5-4899-be0a-6daade4005a3/126.96.36.19900.latest/.
2.Re-try the upgrade.
Then you should be able to see all the patches.
Run this command to see the VMware online depot and list all profiles
[root@m900:~] esxcli software sources profile list -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml | grep -i ESXi-6.7
ESXi-6.7.0-8169922-no-tools VMware, Inc. PartnerSupported
ESXi-6.7.0-8169922-standard VMware, Inc. PartnerSupporte
Run the upgrade with this command:
esxcli software profile update -p ESXi-6.7.0-8169922-standard -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
Then reboot server
After manually modified the MAC address of a VM, got below error when try to power on the VM:
Ethernet address: ‘*’. It conflicts with VMware reserved MACs.
The solution is to modify the VMX file manually, and add below line:
ethernetN.checkMACAddress = “false”
ethernetN.addressType = “static”
esxcli network firewall get Returns the enabled or disabled status of the firewall and lists default actions.
esxcli network firewall set –default-action Update default actions.
esxcli network firewall set –enabled Set to true to enable the firewall, set to false to disable the firewall.
esxcli network firewall load Load the firewall module and rule set configuration files.
esxcli network firewall refresh Refresh the firewall configuration by reading the rule set files if the firewall module is loaded.
esxcli network firewall unload Destroy filters and unload the firewall module.
esxcli network firewall ruleset list List rule sets information.
esxcli network firewall ruleset set –allowedall Set the allowedall flag.
esxcli network firewall ruleset set –enabled Enable or disable the specified rule set.
esxcli network firewall ruleset allowedip list List the allowed IP addresses of the specified rule set.
esxcli network firewall ruleset allowedip add Allow access to the rule set from the specified IP address or range of IP addresses.
esxcli network firewall ruleset allowedip remove Remove access to the rule set from the specified IP address or range of IP addresses
Put the host into maintenance mode, ssh to the host, and then run below command:
esxcli network firewall ruleset set -e true -r httpClient
esxcli software profile install -p ESXi-6.5.0-20170404001-standard -d https://hostupdate.vmware.com/software/VUM/PRODUCTION/main/vmw-depot-index.xml
Then reboot the host after installation finished:)
We are using VMware NSX in our production environment for a long time.
And recently we got some problem with NSX, the symptoms is
Some VMs will lose network connection after migrated to another VM;
New firewall rules are not able to apply on some of the VMs.
After engaged VMware, VMware confirmed that it’s a bug in NSX.
VMware assigned about 1.6G heap memory for NSX firewall on each of the ESX hosts. If you applied too much rules or you have too many VMs and you’ll reach the memory limit. Then you’ll get this issue…
Current fix is to upgrade to 6.2.3…