vCloud Networking & Security 5.1.1 create dvPort Groups, but fails to create vmknic interfaces

While installing vCloud Director 5.1 in my home lab, I have faced an odd problem while configuring vCloud Networking and Security 5.1.1 for VXLANs. If you follow VMware Configuration guides for VXLAN or any of the many articles on configuring vCloud Director/vCloud Networking & Security 5.1.1 for VXLAN, it will always mention that as soon you complete the configuration vCloud Networking & Security 5.1.1 will automatically create a dvPort Group that has a name of the format  vxw-vmknicPg-dvs-xx-xx-xx-xx, as well a vmknic interface. Few samples of such instructions can be found at:

In my lab I was facing the odd case of the dvPort Group being created, but no vmknic interface what so ever being created. After investigating the situation & a bit of internal research I have discovered that this is due to vCloud Networking and Security 5.1.1 depending on VMware Update Manager to push the VIB to each host to configure it for VXLAN, where in some cases VUM has proved problematic pushing these or a flaky VUM installation could cause such a problem. The good news is that vCloud Networking & Security 5.1.2a has just been released and handle pushing these VIBs differently and does not depend on VUM to do it eliminating all the trouble You can get the new vCloud Networking & Security 5.1.2a at:

If you have upgraded your vCloud Networking & Security to 5.1.2a and that did not fix the problem, then try to follow the below steps which seems to fix the problem in most scenarios:

– Remove the original VXLAN configuration from vCNS.

– Restart the vCNS web service

manager> enable
manager# configure terminal
manager(config)# no web-manager
manager(config)# web-manager

– Re-Add vCenter to vCNS

– Add the VXLAN Configuration again.

This should hopefully get you up and running and now your VXLAN should be green in your vCloud Networking & Security Manager as per the below screenshot from my lab:

Network Connectivity for VXLAN Traffic

If you have upgraded to 5.1.2a  and followed the above steps, & got to face a problem with pushing the VXLAN agent to the your ESXi hosts then my following post should be of great help to you: VIB module for agent is not installed on host (vShield-VXLAN-service)

For those who want to find out more about what other bugs have been fixed with vCloud Networking & Security 5.1.2a, you can check vCNS 5.1.2a release notes at:  , where I have include a copy of the release note below for your convenience.


What’s in the Release Notes

The release notes cover the following topics:

What’s New

The vCloud Networking and Security 5.1.2a patch release fixes an issue where vShield Manager needs to be restarted frequently.

System Requirements and Installation

For information about system requirements and installation instructions, see the vShield Installation and Upgrade Guide.

Known Issues

The following known issues have been discovered through rigorous testing and will help you understand some behavior you might encounter in this release.

The known issues are grouped as follows:


vShield Manager Issues

vShield Manager upgrade fails with an error
When vShield Manager has been upgraded from 4.1 to 5.0 to 5.1, vShield Manager fails to connect to the vCenter Server and the UI displays an Internal Server Error.
Workaround: Re-enter the vCenter Server credentials. If connectivity is not restored, reboot the vShield Manager.

vShield Manager fills the /common directory very fast
vShield Manager filled 20% of the /common directory in 30 minutes.
Workaround: If DRS is enabled, you must add at least two hosts from the same cluster in a dvSwitch.


vShield App Issues

If the vCenter Server becomes unavailable during the vShield App upgrade process, the upgrade fails and the Update link is not available
See Update link not available during vShield App upgrade.


vShield Edge Issues

Additional steps to install SSL VPN client on Mountain Lion
Cannot install the SSL VPN client on the Mountain Lion operating system.
Workaround: Mountain Lion does not allow you to install the SSL VPN client since it is unsigned. CONTROL-click on the installer to proceed.

Cannot configure different certificates for two different features
Cannot configure different certificates for two different features. For example, you cannot use certificate a for IPsec and certificate b for SSL VPN.
Workaround: Use the same certificate for both features and then change the certificate for one of the features.

Resolved Issues

The following issue has been resolved in the 5.1.2a patch release.

    • vShield Manager needs to be restarted
    • vShield Manager becomes unresponsive and needs to be restarted.


  1. Carlos Fraga says

    Hi… I purchased a trial version of vShield Manager 5.1.2-943471 from VMWare site, and I am experiencing this same issue: the port group is created, but the vmknic is not.
    Checking your suggestion, I am trying to get the 5.1.2a patch kit, but VMWare site returns “We are activating your licensing key entitlement, re-try your download soon”.
    Do you know if there is an easier way to get the patch kit?

  2. Carlos, Unfortunately not sure of a way to do it online. You might be served best by contacting your sales rep or partner relation rep.


  3. Hi… I was able to install the patch but I am still seeing this problem. This is the error message that I get on my hosts.

    Invalid format for VIB module at (vShield-VXLAN

    I have tried numerous workarounds from several blogs including loading the VIB manually. Is there something I am missing?



  1. […] Another thing to keep in mind & that I highly recommend to make sure that you are using the latest version of vCloud Director (5.1.2) & vCloud Networking & Security Manager (5.1.2a) when planning to use VXLANs, as I have faced few other problems with earlier versions that I have documented in one of my earlier blog post, which can be found at: vCloud Networking & Security 5.1.1 create dvPort Groups, but fails to create vmknic interfaces […]

Speak Your Mind