Following on from my previous blog I realised that I didn’t actually put up the KB to explain how to patch ESXi 5.5 to combat the Heartbleed vulnerability.
Detailed instructions on the patches required and how to re-mint the Open SSL certs can be found on the following KB:
Those of you using NFS storage and planning to upgrade to the latest version of vSphere – 5.5 U1 – please hold off your upgrades as there is a bug within the code which is currently causing issues on paths to NFS volumes.
The bug causes the intermittent loss of connectivity, which can lead to an “All Paths Down” error to your NFS storage! During the disconnects VMs will appear frozen and the NFS datastores may be greyed out. This appears to impact all storage vendors and all environments on 5.5. U1 accessing NFS…..!!
Obviously the loss of a path will impact IOs from VMs to datastores…… and this can result in BSODs for Windows VMs and filesystems becoming read only for Linux VMs (or even kernel panics)!
The recommendation at this point is not to upgrade to vSphere 5.5 U1 and stay on vSphere 5.5 GA. If you have upgraded to 5.5 U1 then you may need to downgrade back to 5.5GA.
More information can be found here:
I suggest you subscribe to the KB in order to get an update as to when this bug is resolved.
Have a look at William Lam’s blog regarding setting up alarms within vCenter Server that could help alert when these APD issues occur:
Obviously the main reason for upgrading to 5.5 U1 was to patch the Heartbleed vulnerability within OpenSSL, VMware are informing customers not to upgrade but to install security patches to address the Heartbleed vulnerability…. More info on this process can be found here:
If anyone is concerned about the OpenSSL Vulnerability that was highlighted earlier this month, then pop along to the Security Advisory below:
Updates for the majority of VMware products to combat the “Heartbleed” vulnerability is now available….. Please note that post upgrade of products, you will need to regenerate the OpenSSL certificates!
vCenter Serveer 5.5.1a information can be found here: