Search the VMware Knowledge Base (KB)
View by Article ID
Migration of Service VM (SVM) may cause ESXi host issues in VMware NSX for vSphere 6.x (2141410)
- There is interruption in the service (workload VM) for which the Service VM (SVM) is providing data.
- The ESXi host fails with a purple diagnostic screen.
- The purple diagnostic screen contains backtraces similar to:
@BlueScreen: #PF Exception 14 in world wwww:WorldName IP 0xnnnnnnnn addr 0x0
Examples of such workload VMs are:
- NSX Guest Introspection VM
- McAfee IDS/IPS/Firewall
- Palo Alto Networks Firewall
- Symantec IDS/IPS/Firewall
- Trend Micro Deep Security
The specialized plumbing effectively pins the virtual machine to the ESXi host. Therefore, the virtual machine is deployed in a 1:1 relationship to the ESXi hosts in the cluster. When the SVM be migrated, the plumbing cleanup is not handled correctly which causes the issue to occur.
- VMware NSX for vSphere 6.2.5, available at VMware Downloads.
- VMware NSX for vSphere 6.3.0, available at VMware Downloads.
If Distributed Resource Scheduling (DRS) is required, disable vMotion for a specific virtual machine through the vCenter Server Managed Object Browser (MOB).
- Open a web browser and type in the address https://<vcenter_ip>/mob/?moid.
- Under Methods > ServiceContent, click RetrieveServiceContent.
- Click InvokeMethod on the top right hand corner.
- Click the link to rootFolder.
- Click the link labeled DataCenters.
- Follow the link to the datacenter that contains the virtual machine in question.
- Follow the next link into the vmFolder which holds information on all the virtual machines.
- Under the childEntity section, the name of the virtual machine should be displayed here.
Note: Take a note of the vm-### of the VM you would like to limit.
- Open another browser window and type in address: https://<vcenter-ip>/mob/?moid=AuthorizationManager&method=disableMethods.
- Fill out the form with MOID changed to the id of the virtual machine you have chosen. The method is MigrateVM_Task, as well as filling out the sourceId with VCMob and sessionScope with false.
- Once everything is filled out, click Invoke Method. You should get Method Invocation Result: void.
To disable the ability to manually do a storage vMotion:
In order to disable storage vMotion, you have to go through the same process as above, only changing the last method to RelocateVM_Task instead of MigrateVM_Task.
At this point the Migrate VM option is no longer be available in the vCenter Web User Interface (UI) or Client UI. DRS relies on these settings in the backend, so is no longer be able to migrate the service VM.
If an ESXi host is manually entered into maintenance mode, it will power off but not move any service VM. A normal VM that has gone through this process will not power off, and instead the ESXi host hangs awaiting manual power off of the VM.
Even if the host does not crash, the specialized application which is accessing the IO provided through the Service VM will no longer function correctly, causing an outage.
Request a Product Feature
To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.