Summary
Users running virtual machines protected by DSVA experience one of the following symptoms:
- Becomes unresponsive or experiences a blue diagnostic screen (BSOD)
- Performance issues when opening various applications
- Virtual machines become unresponsive with a black screen during login for 40 seconds or more
- Occurs when running on these VMware ESX versions/builds: ESXi 5.5 GA, ESXi 5.5 Update 1, or ESXi 5.1 Patch 03 with VMware Tools versions 9.4.5, 9.4.0, 9.0.5, including the VMCI vShield driver
Details
The issue may be because of the following:
- The vShield Endpoint Thin Agent driver (vsepflt.sys) and the vShield Endpoint TDI Manager driver (vnetflt.sys) cause a non-paged pool memory leak on the Microsoft guest operating system where the endpoint module is installed.
- An issue in the VMware vShield Endpoint Thin Agent driver (
vsepflt.sys) causes it to continually purge the local cache. The Endpoint driver is backward compatible and supports earlier versions of the EPSec Library by doing a version negotiation.
On systems with a heavy load, the version negotiation may establish an unsupported version leading to rejection by the EPSec library. The driver then attempts to send the event multiple times and this may lead to a CPU spike on the affected virtual machine or cause the DSVA to become unresponsive.
To resolve the issues:
- Apply ESXi 5.5 Patch 2 or ESXi Patch 4 to resolve the memory leak as noted in the VMware article: The vShield Endpoint Thin Agent driver (vsepflt.sys) and the vShield Endpoint TDI manager driver (vnetflt.sys) cause a non-paged pool memory leak (2077302).
- Contact VMware to get a copy of the hotpatch needed to resolve the VMware vShield Endpoint Thin Agent driver version negotiation issue that causes DSVA to become unresponsive. Refer to the VMware article: Systems running MOVE Agentless 3.0 on ESXi 5.5 suffer performance issues or become unresponsive (2077305).
