Shared VMDK profile compliance issue in vSAN cross VC HCIMesh
search cancel

Shared VMDK profile compliance issue in vSAN cross VC HCIMesh


Article ID: 312046


Updated On:


VMware vCenter Server


In Cross vCenter HCIMesh feature, user can mount vSAN datastore from a remote vCenter. If a VMDK is shared between multiple vCenter instances and different profiles are applied to the VMDK, user will encounter a compliance issue.
Such sharing of VMDK use cases is not encouraged, and user should avoid such usage.

Currently, we don't have a guardrail to prevent users from sharing VMDK among vCenter instances. To help users identify if a VM compliance issue is related to unintended VMDK sharing, we provide a python tool

For using this script, there is a readme document, The script and readme are attached to the KB.

On vSphere UI page, when you check compliance of a virtual machine that has shared VMDK across VMware vCenters, it might show either of them.
1. Compliance status shows Out of Date.
2. Pop up error message of "Profile not found."


VMware vCenter Server 8.0.1
VMware vCenter Server 8.0.x


SPBM design is vCenter-based, which means storage profiles created in each vCenter are not visible to other vCenter instances. When a VMDK is shared between vCenter instances and the user modifies the storage profile that was applied to the VMDK on one vCenter, the compliance issue will occur on the other vCenter instances.


To resolve this issue, follow the below steps:

1. Run script tool on vCenter to identify the compliance issue.

For vCenter version 8.0U2 and above:
The tool is packaged in vCenter under path /usr/lib/vmware-vpx/vsan-health/bin/XvcAuditVmpolicy.pyc.

For vCenter 8.0U1 user:
The tool needs to be downloaded from KB attachment. Refer to the example shown below:

root@vc1 [ ~ ]# python --vmName vm1

Input username for [email protected]
Input password for xxxxxx
Entity vm-29:2000(virtualDiskId) of vm vm1 is outOfDate.
Input username for [email protected]
Input password for xxxxxx
The profile with unique Id aaaaaaaa-bbbb-cccc-aaaa-bbbbbbbbbbbb applied on virtual disk vm-29:2000 is named [policy2] on vCenter

2. Once the compliance issue is identified, detach the shared VMDK from all client vCenter virtual machines.

3. Reapply the proper profile to the issue-related VM, and then the compliance issue should be resolved.



For vCenter 8.0U1 user, download the from KB attachment then follow the steps in Resolution part.

Attachments get_app get_app