Muokkaa

Jaa


Known issues: Azure VMware Solution

This article describes the currently known issues with Azure VMware Solution.

Refer to the table to find details about resolution dates or possible workarounds. For more information about the different feature enhancements and bug fixes in Azure VMware Solution, see What's New.

Issue Date discovered Workaround Date resolved
VMSA-2024-0021 VMware HCX addresses an authenticated SQL injection vulnerability (CVE-2024-38814) 2024 None October 2024- Resolved in HCX 4.10.1, HCX 4.9.2 and HCX 4.8.3
VMSA-2021-002 ESXiArgs OpenSLP vulnerability publicized in February 2023 2021 Disable OpenSLP service February 2021 - Resolved in ESXi 7.0 U3c
After my private cloud NSX-T Data Center upgrade to version 3.2.2, the NSX-T Manager DNS - Forwarder Upstream Server Timeout alarm is raised February 2023 Enable private cloud internet Access, alarm is raised because NSX-T Manager can't access the configured CloudFlare DNS server. Otherwise, change the default DNS zone to point to a valid and reachable DNS server. February 2023
When first logging in to the vSphere Client, the Cluster-n: vSAN health alarms are suppressed alert is active in the vSphere Client 2021 The alert should be considered an informational message, since Microsoft manages the service. Select the Reset to Green link to clear it. 2021
When adding a cluster to my private cloud, the Cluster-n: vSAN physical disk alarm 'Operation' and Cluster-n: vSAN cluster alarm 'vSAN Cluster Configuration Consistency' alerts are active in the vSphere Client 2021 This alert should be considered an informational message, since Microsoft manages the service. Select the Reset to Green link to clear it. 2021
After my private cloud NSX-T Data Center upgrade to version 3.2.2, the NSX-T Manager Capacity - Maximum Capacity Threshold alarm is raised 2023 Alarm raised because there are more than four clusters in the private cloud with the medium form factor for the NSX-T Data Center Unified Appliance. The form factor needs to be scaled up to large. This issue should get detected through Microsoft, however you can also open a support request. 2023
When I build a VMware HCX Service Mesh with the Enterprise license, the Replication Assisted vMotion Migration option isn't available. 2023 The default VMware HCX Compute Profile doesn't have the Replication Assisted vMotion Migration option enabled. From the Azure VMware Solution vSphere Client, select the VMware HCX option and edit the default Compute Profile to enable Replication Assisted vMotion Migration. 2023
VMSA-2023-023 VMware vCenter Server Out-of-Bounds Write Vulnerability (CVE-2023-34048) publicized in October 2023 October 2023 A risk assessment of CVE-2023-03048 was conducted and it was determined that sufficient controls are in place within Azure VMware Solution to reduce the risk of CVE-2023-03048 from a CVSS Base Score of 9.8 to an adjusted Environmental Score of 6.8 or lower. Adjustments from the base score were possible due to the network isolation of the Azure VMware Solution vCenter Server (ports 2012, 2014, and 2020 aren't exposed via any interactive network path) and multiple levels of authentication and authorization necessary to gain interactive access to the vCenter Server network segment. Azure VMware Solution is currently rolling out 7.0U3o to address this issue. March 2024 - Resolved in ESXi 7.0U3o
The AV64 SKU currently supports RAID-1 FTT1, RAID-5 FTT1, and RAID-1 FTT2 vSAN storage policies. For more information, see AV64 supported RAID configuration Nov 2023 The AV64 SKU now supports 7 Fault Domains and all vSAN storage policies. For more information, see AV64 supported Azure regions June 2024
VMware HCX version 4.8.0 Network Extension (NE) Appliance VMs running in High Availability (HA) mode may experience intermittent Standby to Active failover. For more information, see HCX - NE appliances in HA mode experience intermittent failover (96352) Jan 2024 Avoid upgrading to VMware HCX 4.8.0 if you're using NE appliances in a HA configuration. Feb 2024 - Resolved in VMware HCX 4.8.2
VMSA-2024-0006 ESXi Use-after-free and Out-of-bounds write vulnerability March 2024 For ESXi 7.0, Microsoft worked with Broadcom on an AVS specific hotfix as part of the ESXi 7.0U3o rollout. For the 8.0 rollout, Azure VMware Solution is deploying vCenter Server 8.0 U2b & ESXi 8.0 U2b which is not vulnerable. August 2024 - Resolved in ESXi 7.0U3o and vCenter Server 8.0 U2b & ESXi 8.0 U2b
When I run the VMware HCX Service Mesh Diagnostic wizard, all diagnostic tests will be passed (green check mark), yet failed probes will be reported. See HCX - Service Mesh diagnostics test returns 2 failed probes 2024 None, this will be fixed in 4.9+. N/A
VMSA-2024-0011 Out-of-bounds read/write vulnerability (CVE-2024-22273) June 2024 Microsoft has confirmed the applicability of the CVE-2024-22273 vulnerability and it will be addressed in the upcoming 8.0u2b Update. July 2024
VMSA-2024-0012 Multiple Vulnerabilities in the DCERPC Protocol and Local Privilege Escalations June 2024 Microsoft, working with Broadcom, adjudicated the risk of these vulnerabilities at an adjusted Environmental Score of 6.8 or lower. Adjustments from the base score were possible due to the network isolation of the Azure VMware Solution vCenter Server (ports 2012, 2014, and 2020 aren't exposed via any interactive network path) and multiple levels of authentication and authorization necessary to gain interactive access to the vCenter Server network segment. A plan is being put in place to address these vulnerabilities at a future date TBD. N/A
Zerto DR isn't currently supported with the AV64 SKU. The AV64 SKU uses ESXi host secure boot and Zerto DR hasn't implemented a signed VIB for the ESXi install. 2024 Continue using the AV36, AV36P, and AV52 SKUs for Zerto DR. N/A
VMSA-2024-0013 (CVE-2024-37085) VMware ESXi Active Directory Integration Authentication Bypass July 2024 Azure VMware Solution does not provide Active Directory integration and isn't vulnerable to this attack. N/A
AV36P SKU new private cloud deploys with vSphere 7, not vSphere 8. September 2024 AV36P SKU Hotfix deployed, issue resolved. September 2024
VMSA-2024-0019 Vulnerability in the DCERPC Protocol and Local Privilege Escalations September 2024 Microsoft, working with Broadcom, adjudicated the risk of CVE-2024-38812 at an adjusted Environmental Score of 6.8 and CVE-2024-38813 with an adjusted Environmental Score of 6.8. Adjustments from the base scores were possible due to the network isolation of the Azure VMware Solution vCenter Server DCERPC protocol access (ports 2012, 2014, and 2020 aren't exposed via any interactive network path) and multiple levels of authentication and authorization necessary to gain interactive access to the Azure VMware Solution vCenter Server. A plan is being put in place to address these vulnerabilities at a future date TBD. N/A
VMSA-2024-0020 VMware NSX command injection, local privilege escalation & content spoofing vulnerability October 2024 The vulnerability mentioned in the Broadcom document is not applicable to Azure VMware Solution, as attack vector mentioned does not apply. N/A
New Stretched Clusters private cloud deploys with vSphere 7, not vSphere 8. September 2024 Stretched Clusters is waiting for a Hotfix to be deployed, which will resolve this issue. Planned November 2024
New Standard private cloud deploys with vSphere 7, not vSphere 8 in Australia East region (Pods 4 and 5). October 2024 Pods 4 and 5 in Australia East are waiting for a Hotfix to be deployed, which will resolve this issue. Planned November 2024

In this article, you learned about the current known issues with the Azure VMware Solution.

For more information, see About Azure VMware Solution.