Limitations in 5.2.0-SP17

ORION-187936: Bootup of a first CNode during NDU to version 5.2 of a cluster using Active Directory providers may take longer compared to previous versions.

(RESOLVED IN 5.3.1) ORION-241708: The cluster networking configuration script (configure_network.py) does not support configuring CNode Port Affinity for Supermicro Gen5 Cnodes.

ORION-208004: Enabling VAST OS boot drive encryption requires that the node is inactive. Enabling the encryption on an active node may cause a long reboot sequence.

ORION-208873: Quotas and quota accounting are not supported on subpaths of a replicated protected path on the destination peer. For example, if a protected path is replicated to a destination directory /dest-dir, you cannot set a quota on /dest-dir/mydir.

(RESOLVED IN 5.2.1) ORION-219500: When retrieving quotas through the NFS Remote Quota protocol (rquota), the maximum quota size that can be retrieved is 16TB.

(RESOLVED IN 5.3.0) ORION-179496: NFS aliases are not supported with VAST Cluster's implementation of Remote Quota Protocol (rquota).

ORION-115336: If one creates an NFSv4.1-only view and mounts it, and then creates its parent view with NFSv3 only, IO operations on the NFSv4.1-only view succeed but mounts are not allowed.

In rare cases with large numbers of files and directories, the existence of a view with Global Synchronization enabled under a protected path can block the removal of the protected path.

(RESOLVED IN 5.2.2) ORION-246616: The GENERIC_ALL ACE is not retained during a bulk permission update on a view controlled with the SMB or Mixed Last Wins security flavor.

(RESOLVED IN 5.2.1, 5.3.0) ORION-223116: If the cluster receives an SMB compound request beginning with a CREATE request, and the starting CREATE request gets a STATUS_PENDING response, the cluster will send STATUS_PENDING responses to all remaining requests in the compound, which may not be expected by the client.

ORION-169707: When the Hyper-V management tool tries to list VAST Hyper-V SMB shares on an SMB server, the The RPC server is not available error can occur if the SMB server is specified using its FQDN. To avoid this error, specify the IP address of the SMB server instead of the FQDN.

ORION-160323: After updating permissions for an SMB share in Windows Explorer, a duplicate SMB share can be displayed. The duplicate SMB share disappears upon a refresh (F5).

ORION-134730: An attempt to restore a file can fail if after the restore has started, a quota is set on the path where the file resides.

An object to be uploaded via a S3 presigned POST request must have only ASCII characters in its name.

A POST policy (used for S3 presigned POST requests) can be up to 4800 bytes.

ORION-197281: VAST Cluster disables bucket logging set on a bucket from which data is synchronously replicated to another bucket once you set up bucket logging on the replication destination bucket and configure it to use a different logging destination bucket.

ORION-190674: Once created, an S3 bucket cannot be renamed or moved to a different path. Thus, for example, if you try to change the bucket’s path when modifying a view in VAST Web UI, the change does not take effect and the view will still be listed with the old path.

ORION-143808: S3 versioning is not supported with global snapshot clones. An attempt to put a versioned object to a bucket at the global snapshot's destination path fails with an internal error.

(RESOLVED IN 5.3.3) ORION-211474: The Create permissions for the Logical realm are required to access the VAST Audit Log via VMS (in VAST Web UI: DataBase -> VAST Audit Log).

ABAC is supported on views controlled with SMB, S3 Native and Mixed Last Wins security flavors. ABAC is not supported with NFS flavor.

ABAC is not supported with NFSv3.

ABAC tags cannot be set on the cluster’s root directory (/).

Once assigned, you cannot edit or remove the ABAC tags of a view. Assigning new ABAC tags to an existing view or directory (storage path) is not allowed.

After a child view inherits ABAC tags from the parent view, you cannot update or remove the ABAC tags on the child view.

If you create a view for a directory that already exists, ABAC tags from the existing directory are assigned to the newly created view. In this case, there can be a delay between the view creation time and the time when the view's ABAC tags can be displayed.

If a user does not have any ABAC permissions, the user still can mount an NFSv4 export or map a SMB share to a local drive, but the user is not allowed to perform any operations on the files or directories.

ORION-163697: When an SMB user accesses a file for which the user has ABAC set to read-only, a lock is placed on the file although the user does not have read/write permissions for the file.

If a tenant has ABAC-tagged views, you cannot change or remove the Active Directory provider configured for the tenant.

When using NFSv4, it is not allowed to create hardlinks in views that have ABAC tags.

When using S3:

A directory under which an ABAC-tagged view exists, cannot be moved to the Trash folder.

Bulk permission updates are not available for ABAC-tagged views.

Lifecycle rules cannot be set for files or directories with ABAC tags.

(RESOLVED IN 5.3.0) ORION-204606: VAST Cluster does not support replication or Global Access where the destination directory has ABAC tags.

(RESOLVED IN 5.3.0) ORION-204605: VAST Cluster does not support replication or Global Access on a directory that has ABAC tags where the parent directory also has ABAC tags.

The maximum path length supported by VAST Catalog is 1024 characters.

(RESOLVED IN 5.4.0) When VAST Catalog is enabled, replication is limited to two peers (group replication is not supported with VAST Catalog). 

(RESOLVED IN 5.4.0) VAST Catalog must be disabled before a protected path can be deleted. 

ORION-197741: VAST Catalog cannot be enabled on a cluster that uses encryption keys managed through EKM, including per-tenant and per-path encryption keys.

ORION-206485: User-defined row IDs can be set through the VAST Connector only. Setting row IDs in VAST Web UI or VAST CLI is not supported.

ORION-208123: Local user accounts are not subject to replication.

The following limitation applies to VAST Database asynchronous replication:

The following limitations apply to synchronous replication for S3:

(RESOLVED IN 5.3.0) S3 is not supported.

NFSv4 is not supported.

If a view is configured with both NFSv4 and SMB, it must be controlled with the NFS security flavor.

VAST Database is not supported.

Having Global Access and replication on the same path is not supported.

Lease expiration time can only be set when creating a global access protected path. You cannot change lease expiration time when you modify a global access path.

VAST Catalog does not provide information on the cached data on the remote cluster.

ORION-194805: Applications that use SMB2 Byte Range Locks are not supported when the SMB client is connected via a remote Global Access protected path. Examples of such applications are Microsoft Office suite on macOS, Microsoft Hyper-V, Autodesk 3ds Max and some Adobe Premiere plugins.

ORION-194613: If some files have additional hardlinks, the amount of bytes reported as prefetched can be higher than the actual amount prefetched.

(RESOLVED IN 5.3.0) ORION-164710: When making capacity estimations for a directory, remote files and subdirectories are not taken into account. This means that in some cases, e.g. if local and remote capacity figures differ significantly and the remote capacity amounts to a significant portion of the overall capacity, the reported capacity and data reduction estimations can be skewed and would not reflect the real data reduction.

For example, if a parent directory contains one subdirectory with file1 and file2, each of 2GB in logical capacity and 1GB in physical capacity, and another subdirectory with remote files file3 and file4, each of 100GB logical capacity and 100GB physical capacity, VAST Cluster would show the parent directory's data reduction ratio of 2:1, while the real ratio would be closer to 1:1.

(RESOLVED IN 5.3.0) ORION-205091: When destroying a VoC on GCP cluster, the terraform destroy operation does not clean up all the static routes created by the cluster. These static routes need to be deleted manually.

ORION-145141: Creating a tenant with EKM encryption is not supported on VoC clusters.

ORION-113036: After you reregister the same VoC cluster in Uplink, information about the previously registered instance of this cluster is no longer available in Uplink.

VAST DataSpace requires that each cluster participating in the inter-connection is running VAST Cluster 5.0 or later.

ORION-146276: The ability to select multiple rows and perform bulk actions on them is disabled in VAST DataSpace grids in VAST Web UI.

ORION-135966: The inter-connecting clusters must have connectivity to each other through the clusters' management networks.  

ORION-132073: When you remove a VoC cluster from a Multi-Cluster Manager cloud service instance (using the removal button on the cluster's card ()), the VoC cluster is terminated. There is no option to remove a VoC cluster from Multi-Cluster Manager without also terminating it. (In the VAST DataSpace page in the VAST Web UI, the button removes the VoC cluster from VAST DataSpace and does not terminate it.)

ORION-202335: If the cluster has Active Directory domain auto-discovery enabled, the discovered domains are kept in cache for quite a long time. If you modify an existing provider's configuration while auto-discovery is on, VMS may still report the old cached entries. To avoid this, rerun auto-discovery or remove and re-add the provider.

ORION-195524: Following a cluster recovery and while the Active Directory provider is still inaccessible, VAST Cluster can resume IO of provider users if they use NFSv3 or NFSv.4.1 with NTLM authentication. IO of provider users accessing through SMB or NFSv4.1 with Kerberos authentication is not resumed during this period.

ORION-187136: Identity policies are replicated as disabled to the destination peer, where if needed, they can be enabled manually.

ORION-187936: Joining/leaving an Active Directory domain may take longer compared to previous versions.

ORION-152475: An access denied error is returned for NFSv3 or NFSv4 requests if they are checked against an identity or bucket policy with an s3:ExistingObjectTag condition statement in it.

ORION-143944: When using Kerberos/NTLM Authentication to authorize SMB users from non-trusting domains, the DOMAIN\username format cannot be used to specify users of remote domains. The username@domain format must be used instead.

ORION-134299: When the tenant is set to use Kerberos/NTLM authentication to authorize SMB users from non-trusting domains, both NFS and SMB must use the native SMB authentication (Kerberos), and not Unix-style UID/GIDs.

ORION-141763: Before enabling or disabling NTLM authentication, you need to leave the cluster's joined Active Directory domain. After NTLM authentication is enabled or disabled, rejoin the domain.

The following limitations apply to Multi-Forest Authentication:

(RESOLVED IN 5.2.1) ORION-232589: The webhook payload definition (in VAST Web UI: Settings -> Notifications -> Webhook Setup -> Webhook Data field) is limited to 256 characters.

ORION-187584: An empty realm (which does not contain any objects) cannot be assigned to a role.

The DBox HA feature cannot be enabled on new installations of VAST Cluster 5.2.

ORION-201807: P5316 QLC SSDs running a firmware version of ACV10200 may cause performance degradation if used together with the Flash Write Buffers functionality. To avoid performance impact, upgrade the firmware to version ACV10203.

ORION-169078: VMS does not provide an indication of the link state of the external management port on a CERES Dtray.

The following limitations apply to EBoxes: