Incompatible plugin com.vmware.h4.vsphere.client
search cancel

Incompatible plugin com.vmware.h4.vsphere.client

book

Article ID: 380699

calendar_today

Updated On:

Products

VMware vCenter Server

Issue/Introduction

Plugin "com.vmware.h4.vsphere.client" shows as incompatible in vSphere UI



Environment

vCenter Server 7.x
vCenter Server 8.x

Cause

CVE-2021-21986 - VMSA-2021-0010 (Virtual SAN Health Check, Site Recovery, vSphere Lifecycle Manager, and VMware Cloud Director Availability Plugins)

How to Disable VMware Plugins in vCenter Server per VMSA-2021-0002, VMSA-2021-0010, VMSA-2021-0010 

The plugin "com.vmware.h4.vsphere.client" is the Default vCloud Availability plugin for vCloud Director that ships with a vCenter Server deployment and it uses the deprecated local plugin architecture, and this particular version of plugin is no longer applicable or compatible with vSphere 8.



Resolution

To remove this plugin, confirm the plugin is not being used for ELM or Cloud director before implementing the steps.

  • Take snapshot of the vCenter server before removing the plugin, if vCenter is in linked mode then take offline snapshot of all linked vCenters. 
    VMware vCenter in Enhanced Linked Mode pre-changes snapshot
  • SSH to the VCSA as root
  • Use the Lookup Service utility (lstools.py) to find the service ID for the plugin you which to unregister by running the following command:

    /usr/lib/vmware-lookupsvc/tools/lstool.py list --url https://localhost/lookupservice/sdk --no-check-cert --product com.vmware.h4

  • You should get back only 1 single response and make a note of the Service ID which is required in the next step.

Service Product: com.vmware.h4
        Service Type: vsphere.client
        Service ID: <service_id>
        Site ID: default-first-site
        Node ID: <node_id>
        Owner ID: [email protected]
        Version: 0.4.3.0
        Endpoints:
                Type: com.vmware.cis.vsphereclient.plugin
                Protocol: http
                URL: [...]
                SSL trust:[...]

  •  Unregister the plugin by providing the Service ID along with the administrator credentials by running the following command:

/usr/lib/vmware-lookupsvc/tools/lstool.py unregister --url https://localhost/lookupservice/sdk --no-check-cert --id <Service ID> --user [email protected] --password 'SSOAdminPassword'

Note: Update the vSphere domain name based on the environment, in above command 'vsphere.local' is used as domain name.

  •  Restart the vSphere UI Client service with one of the following commands

service-control --restart vsphere-ui

or

vmon-cli -r vsphere-ui

Powered by Wolken Software