VMware's Updates Cause Problems, CEO Apologizes
Aug. 12 was a blow-out day for some users of VMware's ESX 3.5 and ESXi 3.5 virtualization products, especially if they had applied the latest product updates called "Update 2."
The company issued an initial knowledge base article (KB 1006716) yesterday about the problem, which causes licenses to expire on the patched machines, along with other associated difficulties. VMware plans to provide additional information on the matter by revising its KB 1006716 bulletin in the future, according to the company's VMTN blog.
VMware's CEO, Paul Maritz, released a letter yesterday, apologizing to customers and explaining the problem.
"When the time clock in a server running ESX 3.5 or ESXi 3.5 Update 2 hits 12:00AM on August 12th, 2008, the released code causes the product license to expire," Maritz wrote. "The problem has also occurred with a recent patch to ESX 3.5 or ESXi 3.5 Update 2."
Users of those products that applied Update 2 will see a number of problems with their virtual machines, including power off/on problems, machines stuck in suspend mode and an inability to migrate using VMotion.
VMotion is the function that lets users move their virtual machines from one physical server to another.
VMware has issued two express patches (one for ESX 3.5 and the other for ESXi 3.5) for those who applied the updates. Those who haven't applied the ESX 3.5 Update 2 patch should refrain from doing so if they downloaded it before Aug. 12, 2008, according to KB 1006716.
(Added note: VMware reissued its ESX/ESXi 3.5 Update 2 releases on Aug. 14. They can be downloaded at http://www.vmware.com/download/. However, only those who didn't apply the affected Update 2 releases should use them, a spokesperson stated in an e-mail.)
The company plans to issue a full replacement for Update 2 in the next day or so, according to Maritz. He added that this Update 2 replacement "should be used by customers who want to perform fresh installs of ESX or ESXi."
Maritz explained the VMware failed to disable some code in the final release of Update 2 for both products and that the company's quality assurance process failed to catch it. He said that the company is engaged in a "self-examination" process to avoid such problems in the future.
A VMware security blog said that the update problem is not related to an ESX security exploit issue. It's a license time out problem, so it doesn't mean that systems running ESX were compromised by an attack.
It's not clear how extensive the damage has been, although VMware in Australia, which reported first on the problem because of time zone progression, apparently knew of few incidents, according to one report.