Install & Upgrade
ORION-280966: Having imported a JSON configuration file in VAST Cluster Install, you need to manually verify that all the populated fields have expected values. Sometimes, depending on the cluster configuration and environment, some of the fields are not populated as expected during the import.
ORION-242658: BMC firmware upgrades are not supported for Supermicro Genoa CNodes.
ORION-242331: VAST Web UI lets you set the BMC Firmware and Force options for an upgrade at the same time, although forced BMC upgrades are not allowed. If the Force flag is set, BMC upgrade is not performed.
ORION-222648: NDU that includes automatic adjustment of CNode CPU isolation settings (
isolcpus) is not supported for EBoxes.ORION-214559: A BMC upgrade cannot be performed with an inactive CNode that has been powered off.
Networking
(RESOLVED IN 5.3.1) ORION-242967: The cluster networking configuration script (
configure_network.py) does not support configuring CNode Port Affinity for HPE Genoa CNodes.(RESOLVED IN 5.3.1) ORION-241708: The cluster networking configuration script (
configure_network.py) does not support configuring CNode Port Affinity for Supermicro Gen5 CNodes.(RESOLVED IN 5.4.0) ORION-244837: The cluster networking configuration script (
configure_network.py) does not support configuring CNode Port Affinity for Dell EBoxes.
Encryption of Data at Rest
ORION-208004: Enabling VAST OS boot drive encryption requires that the node is inactive. Enabling the encryption on an active node may cause a long reboot sequence.
Quotas
ORION-208873: Quotas and quota accounting are not supported on subpaths of a replicated protected path on the destination peer. For example, if a protected path is replicated to a destination directory
/dest-dir, you cannot set a quota on/dest-dir/mydir.
NFS
ORION-115336: If one creates an NFSv4.1-only view and mounts it, and then creates its parent view with NFSv3 only, IO operations on the NFSv4.1-only view succeed but mounts are not allowed.
NFSv3
In rare cases with large numbers of files and directories, the existence of a view with Global Synchronization enabled under a protected path can block the removal of the protected path.
SMB
ORION-169707: When the Hyper-V management tool tries to list VAST Hyper-V SMB shares on an SMB server, the
The RPC server is not availableerror can occur if the SMB server is specified using its FQDN. To avoid this error, specify the IP address of the SMB server instead of the FQDN.ORION-160323: After updating permissions for an SMB share in Windows Explorer, a duplicate SMB share can be displayed. The duplicate SMB share disappears upon a refresh (F5).
ORION-134730: An attempt to restore a file can fail if after the restore has started, a quota is set on the path where the file resides.
S3
An object to be uploaded via a S3 presigned POST request must have only ASCII characters in its name.
A POST policy (used for S3 presigned POST requests) can be up to 4800 bytes.
S3 with proxy clients is not supported.
(RESOLVED IN 5.3.2) ORION-272562: By default, a newly installed cluster is configured to fail S3 requests that contain unsupported headers. If you want to alter this behavior and configure the cluster to ignore unsupported headers instead of failing the request, contact VAST Support.
ORION-197281: VAST Cluster disables bucket logging set on a bucket from which data is synchronously replicated to another bucket once you set up bucket logging on the replication destination bucket and configure it to use a different logging destination bucket.
ORION-190674: Once created, an S3 bucket cannot be renamed or moved to a different path. Thus, for example, if you try to change the bucket’s path when modifying a view in VAST Web UI, the change does not take effect and the view will still be listed with the old path.
ORION-143808: S3 versioning is not supported with global snapshot clones. An attempt to put a versioned object to a bucket at the global snapshot's destination path fails with an internal error.
Protocol Auditing
(RESOLVED IN 5.3.3) ORION-211474: The Create permissions for the Logical realm are required to access the VAST Audit Log via VMS (in VAST Web UI: DataBase -> VAST Audit Log).
Attribute-Based Access Control (ABAC)
ABAC is supported on views controlled with SMB, S3 Native and Mixed Last Wins security flavors. ABAC is not supported with NFS flavor.
ABAC is not supported with NFSv3.
ABAC tags cannot be set on the cluster’s root directory (/).
Once assigned, you cannot edit or remove the ABAC tags of a view. Assigning new ABAC tags to an existing view or directory (storage path) is not allowed.
After a child view inherits ABAC tags from the parent view, you cannot update or remove the ABAC tags on the child view.
If you create a view for a directory that already exists, ABAC tags from the existing directory are assigned to the newly created view. In this case, there can be a delay between the view creation time and the time when the view's ABAC tags can be displayed.
If a user does not have any ABAC permissions, the user still can mount an NFSv4 export or map a SMB share to a local drive, but the user is not allowed to perform any operations on the files or directories.
ORION-163697: When an SMB user accesses a file for which the user has ABAC set to read-only, a lock is placed on the file although the user does not have read/write permissions for the file.
The following features and capabilities cannot be used together with ABAC-tagged views:
If a tenant has ABAC-tagged views, you cannot change or remove the Active Directory provider configured for the tenant.
When using NFSv4, it is not allowed to create hardlinks in views that have ABAC tags.
When using S3:
ABAC cannot be used with anonymous S3 access. You cannot set ABAC tags for views that have anonymous S3 access enabled.
It is not allowed to set ABAC tags on a view that is a target for S3 bucket logging.
Requests from S3 superusers are handled in the same way as for regular users. This means that an S3 superuser is not granted access if the ABAC access check denies access for this user.
A directory under which an ABAC-tagged view exists, cannot be moved to the Trash folder.
Bulk permission updates are not available for ABAC-tagged views.
Lifecycle rules cannot be set for files or directories with ABAC tags.
VAST Catalog
The maximum path length supported by VAST Catalog is 1024 characters.
(RESOLVED IN 5.4.0) When VAST Catalog is enabled, replication is limited to two peers (group replication is not supported with VAST Catalog).
(RESOLVED IN 5.4.0) VAST Catalog must be disabled before a protected path can be deleted.
ORION-197741: VAST Catalog cannot be enabled on a cluster that uses encryption keys managed through EKM, including per-tenant and per-path encryption keys.
Replication
ORION-208123: Local user accounts are not subject to replication.
The following limitation applies to VAST Database asynchronous replication:
(RESOLVED IN 5.4.0) ORION-179909: VAST Database asynchronous replication cannot be used together with Global Access or synchronous replication on the same path.
The following limitations apply to synchronous replication for S3:
Synchronous replication is supported for S3 buckets only.
It is not allowed to configure local snapshots, asynchronous replication or Global Access on the protected path for which synchronous replication is configured.
Up to 250 replication streams are supported.
S3 lifecycle rules are not replicated.
S3 keys are replicated asynchronously.
Synchronously replicated directories are not subject to bulk permission updates.
Global Access
NFSv3, SMB and S3 access protocols are supported. NFSv4 is not supported.
If a view is configured with both NFSv4 and SMB, it must be controlled with the NFS security flavor.
VAST Database is not supported.
Lease expiration time can only be set when creating a global access protected path. You cannot change lease expiration time when you modify a global access path.
VAST Catalog does not provide information on the cached data on the remote cluster.
ORION-194805: Applications that use SMB2 Byte Range Locks are not supported when the SMB client is connected via a remote Global Access protected path. Examples of such applications are Microsoft Office suite on macOS, Microsoft Hyper-V, AutoDesk 3ds Max and some Adobe Premiere plugins.
ORION-194613: If some files have additional hardlinks, the amount of bytes reported as prefetched can be higher than the actual amount prefetched.
VAST on Cloud
ORION-145141: Creating a tenant with EKM encryption is not supported on VoC clusters.
ORION-113036: After you reregister the same VoC cluster in Uplink, information about the previously registered instance of this cluster is no longer available in Uplink.
VAST DataSpace
VAST DataSpace requires that each cluster participating in the inter-connection is running VAST Cluster 5.0 or later.
ORION-135966: The inter-connecting clusters must have connectivity to each other through the clusters' management networks.
ORION-132073: When you remove a VoC cluster from a Multi-Cluster Manager cloud service instance (using the removal button on the cluster's card (
.png?sv=2022-11-02&spr=https&st=2026-02-09T13%3A41%3A51Z&se=2026-02-09T14%3A01%3A51Z&sr=c&sp=r&sig=867229r65RBKIERfbb90ytxU116BVXlgSzNBanwW158%3D)
)), the VoC cluster is terminated. There is no option to remove a VoC cluster from Multi-Cluster Manager without also terminating it. (In the VAST DataSpace page in the VAST Web UI, the button removes the VoC cluster from VAST DataSpace and does not terminate it.)
Authentication & Authorization
ORION-202335: If the cluster has Active Directory domain auto-discovery enabled, the discovered domains are kept in cache for quite a long time. If you modify an existing provider's configuration while auto-discovery is on, VMS may still report the old cached entries. To avoid this, rerun auto-discovery or remove and re-add the provider.
ORION-195524: Following a cluster recovery and while the Active Directory provider is still inaccessible, VAST Cluster can resume IO of provider users if they use NFSv3 or NFSv.4.1 with NTLM authentication. IO of provider users accessing through SMB or NFSv4.1 with Kerberos authentication is not resumed during this period.
ORION-187136: Identity policies are replicated as disabled to the destination peer, where if needed, they can be enabled manually.
ORION-187936: Joining/leaving an Active Directory domain may take longer compared to previous versions.
ORION-152475: An access denied error is returned for NFSv3 or NFSv4 requests if they are checked against an identity or bucket policy with an
s3:ExistingObjectTagcondition statement in it.ORION-143944: When using Kerberos/NTLM Authentication to authorize SMB users from non-trusting domains, the DOMAIN\username format cannot be used to specify users of remote domains. The username@domain format must be used instead.
ORION-134299: When the tenant is set to use Kerberos/NTLM authentication to authorize SMB users from non-trusting domains, both NFS and SMB must use the native SMB authentication (Kerberos), and not Unix-style UID/GIDs.
ORION-141763: Before enabling or disabling NTLM authentication, you need to leave the cluster's joined Active Directory domain. After NTLM authentication is enabled or disabled, rejoin the domain.
The following limitations apply to Multi-Forest Authentication:
VAST Cluster does not allow adding two different Active Directory configuration records with the same domain name but different settings for multi-forest authentication and/or auto-discovery.
Names of users' domains are not displayed in data flow analytics.
If a trusted domain becomes unavailable and then recovers, SMB clients can use it to connect to the VAST cluster only after a period of time, but not immediately upon domain recovery.
Clients cannot establish SMB sessions immediately after a trusted domain recovers from a domain failure.
If a group exists on an Active Directory domain in a trusted forest and the group scope is defined as DomainLocal, VAST Cluster does not retrieve such a group when querying Active Directory, so members of such a group are denied access despite any share-level ACLs that can rule otherwise.
If TLS is enabled, the SSL certificate has to be a CA-signed certificate that is valid for all of the domain controllers in all trusted forests. If the certificate is not valid for a domain controller, this domain controller is not recognized.
ORION-156168: In a multi-forest environment, after migrating a group account from the forest of the cluster’s joined domain to another forest, information about historical group membership is not kept, so users in the migrated group might not be able to access resources to which they used to have access prior to the migration.
VMS
ORION-187584: An empty realm (which does not contain any objects) cannot be assigned to a role.
ORION-131386: When there is a parent directory that has a very large number of child directories, a total of children’s capacity values displayed in the Capacity page can exceed the capacity value shown for the parent directory.
Platform & Control
The DBox HA feature cannot be enabled on new installations of VAST Cluster 5.3.
ORION-201807: P5316 QLC SSDs running a firmware version of ACV10200 may cause performance degradation if used together with the Flash Write Buffers functionality. To avoid performance impact, upgrade the firmware to version ACV10203.
ORION-169078: VMS does not provide an indication of the link state of the external management port on a CERES DTray.
The following limitations apply to EBoxes:
ORION-193794: Power cycling of an EBox where the leader was running may result in significant IOPS degradation until the EBox is up again. Contact VAST Support for a workaround.
DBox migration is not available for EBoxes.