XXX esx.problem.hyperthreading.unmitigated.formatonhost not found XXX Warning on ESXi 6.x

Posted By Rajesh Radhakrishnan August 17 2018

I have recently applied the latest patches on vSphere 6.0 version and after applying patches hosts was showing  with warning message

” XXX esx.problem.hyperthreading.unmitigated.formatonhost not found XXX “  . This messages come after applying latest patches available in VMSA-2018-0020 to mitigate CVE-2018-3646 introduced a new notification to indicate the remediation status of the ‘L1 Terminal Fault’ (L1TF – VMM) vulnerability.

Note :- If you perform this you will loose the HT functionality , and suppress the warning is not recommended since your environment will vulnerable  , VMware team is working on a solution to solve this issue . So before proceeding this update , please check your resources , security,requirement.

There are multiple option to resolve this using CLI ,  if you are not experienced with CLI part no worries it is very easy to perform form vSphere or WebClinet , using below steps

  1. Connect to the vCenter Server using either the vSphere Web or vSphere Client.
  2. Select an ESXi host in the inventory.
  3. Click the Manage Tab from vSphere 6.x Host
  4. Click the Settings sub-tab.
  5. Under the System heading, click Advanced System Settings.
  6. Click in the Filter box and search VMkernel.Boot.hyperthreadingMitigation
  7. Select the setting by name and click the Edit pencil icon.
  8. Change the configuration option to true (default: false).
  9. Click OK.
  10. Reboot the ESXi host for the configuration change to go into effect.

Using ESXCLI to Perform this Operation

  1. SSH to an ESXi host or open a console where the remote ESXCLI is installed.
  2. Check the current runtime value of the HTAware Mitigation Setting by running below comand

#esxcli system settings kernel list -o hyperthreadingMitigation

  1. Enable HT Aware Mitigation by running below command
          #esxcli system settings kernel set -s hyperthreadingMitigation -v TRUE
  1. Reboot the ESXi host for the configuration change to go into effect.

This is Applicable for Below vSphere versions

  • VMware vSphere ESXi 5.5
  • VMware vSphere ESXi 6.0
  • VMware vSphere ESXi 6.5
  • VMware ESXi 6.7

Important Notes 

Following list summarizes potential problem areas after enabling the ESXi Side-Channel-Aware Scheduler:

  • VMs configured with vCPUs greater than the physical cores available on the ESXi host
  • VMs configured with custom affinity or NUMA settings
  • VMs with latency-sensitive configuration
  • ESXi hosts with Average CPU Usage greater than 70%
  • Hosts with custom CPU resource management options enabled
  • HA Clusters where a rolling upgrade will increase Average CPU Usage above 100%

And this issue is still currently under investigation by VMware Engineers  and Intel , and to fully utilize hypertrophying you will have to roll back at this moment  .

Not advised to suppress the Warning since suppressing will make your environment vulnerable .

Reference – VMware KB

Reference – VMware KB

Reference – VMware Security Advisory

Reference – VMware KB