Knowledge Base

Summaries and Symptoms

This patch fixes the following issues or adds the following enhancements for ESX 3.5 Update 5:

• Fixes an issue where custom modifications made to the /etc/yum.conf file are overwritten when a patch or update release is installed and the modifications are lost.

• In ESX 3.5 Update 5, the memory reserved for the Console OS (COS) is increased, thereby reducing the possibility of a server failure due to lack of memory. This increased memory reservation is available only if you perform a fresh installation of ESX 3.5 Update 5. If you upgrade to ESX 3.5 Update 5 from an earlier version of ESX, the memory settings from the earlier version are retained. In this case, you might want to manually increase the reserved memory and swap depending on your COS memory requirements. For instructions to increase the reserved memory and swap, see Increasing the amount of RAM assigned to the ESX Server service console (1003501).

• ESX machines hosting passive MSCS nodes report reservation conflicts during storage operations. For more information, see ESX machines hosting passive MSCS nodes report reservation conflicts during storage operations (1009287).

• When the system is in the single user mode, all the network-related services, including the firewall services, are stopped. When the system is switched back to multi-user mode, firewall service and all other network-related services are restarted automatically.

• If you install ESX using a kickstart file, which specifies authentication servers such as NIS and Active Directory, the firewall rules for these servers are not saved. The firewall rules are reset to default rules after reboot. To workaround this issue, see Error Messages In /var/log/vmware/esxcfg-firewall.log During Installation of ESX Server (1001154).

• When performing certain operations such as vMotion, cloning, configuring HA, or patching in ESX host, the ESX console operating system firewall might revert to a previously stored configuration.
  This reversion occurs if you have changed the firewall configuration with tools other than the supported esxcfg-firewall command.
  Do not disable the firewall by running chkconfig firewall off command or by blocking the firewall startup script. To disable the firewall, configure it to pass all traffic by running esxcfg-firewall --allowIncoming --allowOutgoing command.
  Do not change the active firewall configuration by using the iptables command or any other Linux firewall management commands. Manage the console operating system firewall configuration only with esxcfg-firewall command, vSphere, or VI Client.
  To manage the console operating system firewall configuration using the vSphere Client:
  
  
  1. Select the host in the Inventory panel.
  2. Select the Configuration tab
  3. Click Security Profile.
  4. Click the Properties link.
  5. Edit the configuration details in the Properties window.
     
     
  If you want to add a new firewall service definition, create an additional XML file in the /etc/vmware/firewall directory. You can then enable the new service using the esxcfg-firewall -e <newservicename> command.
  
  If you want to enhance an existing ESX-provided service, copy its XML definition from the original file in the /etc/vmware/firewall directory (services.xml or one of the other files). Provide a name to the new service to distinguish it from the original service (which will still be available under the old name). You should then disable the old service and enable the new one. For example, run esxcfg-firewall -d ftpClient -e myFtpClient.
  
  Do not modify the original ESX-provided firewall XML files. These files might be replaced by a patch or upgraded later and might remove your changes.