This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Community Hub.
Monthly security updates (KB 5021249and KB 5021237) for Hyper-V hosts released on Dec 13th, 2022, have known issues that impacts SCVMM managed SDN (Software Defined Networking) deployments and this creates failures with new VM creation and virtual network assignment.
Impacted scenarios:
If your infrastructure meets all the following criteria, then it is impacted; Please apply the fix/workaround shared below after patching.
- SCVMM managed Hyper-V hosts (Azure Stack HCI clusters, Windows Server 2019, Windows Server 2022) patched with KB 5021249 and KB 5021237 update.
- SCVMM version 2019 or SCVMM version 2022 configured with Network Controller.
Impacted environments:
|
S.no. |
VMM version |
Hyper-V patched with KB 5021249 or KB 5021237 |
SDN Enabled |
Impacted |
|
1 |
VMM 2016 |
- |
- |
No |
|
2 |
VMM 2019 |
2012 R2, 2016, 2019, HCI 21H2 |
No |
No |
|
3 |
VMM 2019 |
2012 R2, 2016 |
Yes |
No |
|
4 |
VMM 2019 |
2019, HCI 21H2 |
Yes |
Yes |
|
5 |
VMM 2022 |
2016, 2019, 2022, HCI 22H2 |
No |
No |
|
6 |
VMM 2022 |
2016 |
Yes |
No |
|
7 |
VMM 2022 |
2019, 2022, HCI 22H2 |
Yes |
Yes |
Issues:
If you don’t apply the workaround after patching the Hyper-V hosts with KB 5021249 and KB 5021237, the following could occur:
- New VM creation fails: Creating a new VM with Network adapter fails.
- SLB Load Balancer or SDN RAS Gateway fails with an ‘EthernetConnection’ error
- Attaching vNIC fails: Attaching a Network adapter to an existing VM .
- Warning message during live migration: Live migration of Non-Highly Available VMs completes with ‘EthernetConnection’ warning message.
An error message like the one below is seen in these scenarios:
Workaround:
Option 1: (Commands to be executed, for a small number of hosts)
Execute the following on all Hosts immediately after patching with KB 5021249 and KB 5021237
Option 2: (Script for bulk deployment, for a large number of Hosts)
Execute the following script on the SCVMM Management Server after all Hosts have been patched with KB 5021249 and KB 5021237.
Option 3: (Post-install script for use with Patching tools)
Use the following post-install script with Patching tools when patching with KB 5021249 and KB 5021237
$SCVMMAgentInstalled = Get-WmiObject -Class Win32_Product | where Name -like 'Microsoft System Center Virtual Machine Manager Agent (x64)'
$path = $Env:windir + "\system32\wbem\VfpExt.mof"
$moffileexists = Test-Path -Path $path -PathType Leaf
if($moffileexists -eq $true -and $SCVMMAgentInstalled -ne $null)
{
$windir = $Env:windir
$wbempath = $windir+"\System32\wbem\"
$lang = (Get-WinSystemLocale).Name
$cmd1 = $wbempath + "mofcomp.exe " + $wbempath + $lang + "\VfpExt.mfl"
$cmd2 = $wbempath + "mofcomp.exe " + $wbempath + "\VfpExt.mof"
powershell.exe $cmd1
powershell.exe $cmd2
}
Note:
- A reboot is NOT required after the workaround is applied.
- For SCCM or Cluster Aware Updates, the workaround script needs to be executed immediately as a post-install script.
- The commands/scripts need to be run with administrator privileges.
- Uninstalling the patch is not sufficient to recover from the issue, the workaround needs to be implemented.
- For cluster upgrades, it is recommended to apply the workaround immediately to each Host prior to the host being brought out of ‘Maintenance’ mode.
Validation of workaround:
The fix can be validated by executing the following commands on the Hyper-V hosts. After executing the workaround script, the properties of Msvm_EthernetSwitchPortVfpSettingData class instance gets updated.
Before applying the workaround:
After applying the workaround:
For additional details and Frequently Asked Questions please refer to this KB article. If you need further help with this, please contact the Microsoft Support team by creating a support request.