I wanted to ping back one of the great article by one of my fellow vExpert Shank Mohan on his website about an unofficial VCF Troubleshooting guide. I have learned from this article and would like to remember this article and hence posting it back on my blog.
I was getting ready to patch our environment from VCF 184.108.40.206 to VCF 3.11 as VMware has officially released a complete Patch for VCF 3.10.x this month, when I was performing the VCF Upgrade Pre-Check for the Management Domain, I came across this issue
Issue is that the pre-check says that the directory “/var/log/vmare/vcf/lcm/upgrades/<long code directory>/lcmAbout” owner is root but the owner needs to be user vcf_lcm
This is how I resolved the issue:
Login into SDDC Manager as user vcf, do su and provide the root password
then go to the following directory “/var/log/vmware/vcf/lcm/upgrades/<long code directory as displayed in the lcm error on sddc manager>
chown vcf_lcm lcmAbout chmod 750 lcmAbout
The above two commands will change the owner from root to vcf_lcm and also provide the required permissions to the folder so the pre-check can complete.
The full screenshot of what I performed is below:
Once you perform the commands above, you can run the pre-check and this time it will proceed successfully as shown below
Hope this article helps if you come across this issue with sddc manager upgrade from VCF 220.127.116.11 to 3.11
VMware has finally realeased an patch version for VCF 3.x and the version is 3.11. You can only download this as a patch form from the SDDC Manager. You can Upgrade to version 3.11 from 18.104.22.168 or VCF 3.5 or later.
This Release VCF 3.11 includes the following:
- Security fixes for Apache Log4j Remote Code Execution Vulnerability: This release fixes CVE-2021-44228 and CVE-2021-45046. See VMSA-2021-0028.
- Security fixes for Apache HTTP Server: This release fixes CVE-2021-40438. See CVE-2021-40438.
- Improvements to upgrade prechecks: Upgrade prechecks have been expanded to verify filesystem capacity, file permissions, and passwords. These improved prechecks help identify issues that you need to resolve to ensure a smooth upgrade.
- This also resolves the following Security Advisory VMSA-2022-0004 which deals with several vulnerabilities in esxi 6.7 hosts
- This also resolves the vulnerability in VCF SDDC Manager 3.x according to the security advisory VMSA-2022-0003
- This version also addresses the heap-overflow vulnerability in esxi hosts according to the security advisory VMSA-2022-0001.2
The Updated product versions according to the BOM for VCF 3.11 are
Hope this post helps for the teams who have VCF 3.10.x and waiting for the long awaited log4j patch instead of an workaround.