vCenter issues alarm esx.problem.hyperthreading.unmitigated

After installing VMware patches you might see a warning:

XXX esx.problem.hyperthreading.unmitigated.formatonhost not found XXX

Those patches which are addressed in VMware Security Advisory VMSA-2018-0020 migitate a vulnerability named L1TF. Because the patch will result in a performance impact, it is not activated by default. Administrators need to decide what is their main focus: performance or security.

Suppress warning

If one decides to have more performance and neglects the potential threat, then it is possible to suppress the warning. Just set advanced option UserVars.SuppressHyperthreadWarning from 0 to 1 and the warning will disappear. This should only be done after reviewing KB 55806.

Activate migitation

Connect to the vCenter Server using either the vSphere Web or vSphere Client. Switch to “Hosts and Clusters” view and select an ESXi host in your inventory.
Select an ESXi host in the inventory.

Click the Manage (5.5/6.0) or Configure (6.5/6.7) tab and then switch to “Settings”.
Move to System > Advanced System Settings and enter in the filterbox: VMkernel.Boot.hyperthreadingMitigation.

Select the setting and click the Edit pencil icon. Change the default value (false) to true and click OK.

In order to take effect, the host needs to reboot.

PowerCLI

Using PowerCLI is recommended if you have more than one host.

Connect-VIServer vc.mydomain.com

Check current values.

Get-VMHost | Get-AdvancedSetting -Name VMkernel.Boot.hyperthreadingMitigation | Select Entity, Name, Value

Set values

The next command will activate the migitation on all hosts without confirmation (be careful!).

Get-VMHost | Get-AdvancedSetting -Name VMkernel.Boot.hyperthreadingMitigation | Set-AdvancedSetting -Value 1 -Confirm:$false

In order to take effect, the host needs to reboot.

Links

VMware KB 57374 – L1TF related “esx.problem.hyperthreading.unmitigated” vCenter Server Updates

VMware KB 55806 – L1 Terminal Fault – VMM

27. June 20189. October 2018

Updating vRealize Log Insight

Inplace Update Procedure of a vRealize Log Insight Appliance

VMware vRealize Log Insight is a priceless tool to analyze system logs of a virtual infrastructure. Setup is rather simple and has been covered in a blogpost on this site.

I will show the easy update procedure of an appliane 4.6.0 to version 4.6.1.

Continue reading “Updating vRealize Log Insight”

4. April 20189. October 2018

Increase root partition on VCSA

First aid if VCSA root partition turns out to be too small

I recent times I frequently see vCenter server appliances (VCSA), whose root partitions ran out of free space. As a result services are unable to start after reboot. There are some tricks to free some space on root but on the long run you should increase the partition size.

Sounds simple – but it’s quite tricky and a bit dangerous. Don’t try this at home! 😉

Continue reading “Increase root partition on VCSA”

2. April 20182. April 2018

Update vSphere H5 Fling

New Version 3.36.0

Since vSphere 6.5 the HTML5 client (vSphere-Client) is an integral part of the environment and is geting updated with more and more features with every release of vCenter. It is to get rid of the infamous flash client (web-client) sooner or later.

In distributions below 6.5 there’s no HTML5 client included. But it is possible to get the functionality with a fling.

Continue reading “Update vSphere H5 Fling”