Gotcha: Cannot Reset a vShield Edge in vCloud Director

Well kids, this one came full circle after a week of beating my head to a bloody pulp on the desk.  During some vCloud Director testing with David Hill and Duncan Epping, we ran into a snag whereby we could not seem to reset the vShield Edge Device.  Now, I admit I did read the error which was shown below I just focussed on the wrong part of it:

Deploy OVF template
System vDC (2e56eaa7-7a77-4d94-8743-543bbdc4d73d)
'vse-Management-s1-r-outed-protected (5031e3c2505a-426cb4c9-01e61c1ee908).updated' is invalid or exceeds the maximum number of characters permitted.

The key here is the part about the maximum characters.  What you should understand is that when create a Routed Network in vCloud Director and you name it a few things happen that extend that original name.

  1. The original name in the vCloud Director configuration was “Management-s1-routed-protected
  2. When the OVF is deployed the name was extended to “vse-Management-s1-routed-protected (5031e3c2505a426cb4c901e61c1ee908)
  3. When the network was attempted to be reset the length was changed yet again to “vse-Management-s1-routed-protected (5031e3c2505a426cb4c901e61c1ee908).updated

The last string was the straw that breaks the back.  By adding all the extra strings to the name we end up exceeding the vSphere Virtual Machine object character limit for a name.

The moral of the story?  Use short names in your vCloud configuration because it will get extended in the inventory especially on the vShield Edges.  The “Reset Network” function for a vShield also adds the .UPDATED so if you are on the border of the name length that may put you over.  I am currently looking into what exactly the maximum number of characters is and there is this KB Article on some vCloud lengths.

According to William Lam who also verified for me, the Virtual Machine name character limit in vSphere is in fact 80 characters.  This number seems to be documented in the 4.1 administrator guide but is not included in the vSphere 5.0 guides.  The final name version on reset of the vShield Edge ended up trying to be 87 characters.  Bottom line, don’t hit this issue if you don’t need to.  I lost just about a week in testing due to this little problem.

I did happen to try renaming the network in vCloud DIrector to try and work around it, BUT the actual virtual machine in vSphere is not changed until it is reset.  However if you already cannot reset it, you are stuck in a loop and will need to re-create the network first net new with a shorter name for it to get fixed.

About Chris Colotti

Chris is active on the VMUG and event speaking circuit and is available for many events if you want to reach out and ask. Previously to this he spent close to a decade working for VMware as a Principal Architect. Previous to his nine plus years at VMware, Chris was a System Administrator that evolved his career into a data center architect. Chris spends a lot of time mentoring co-workers and friends on the benefits of personal growth and professional development. Chris is also amongst the first VMware Certified Design Experts (VCDX#37), and author of multiple white papers. In his spare time he helps his wife Julie run her promotional products as the accountant, book keeper, and IT Support. Chris also believes in both a healthy body and healthy mind, and has become heavily involved with fitness as a Diamond Team Beachbody Coach using P90X and other Beachbody Programs. Although Technology is his day job, Chris is passionate about fitness after losing 60 pounds himself in the last few years.


  1. Work around from VMware.

    – Powered off and deleted vse-Management-s1-routed-protected (5031e3c2505a426cb4c901e61c1ee908) from within vCenter
    – Reset org network ‘Management-s1-routed-protected’ in vCloud
    – vApp has connectivity

    Since no vSE is currently out there for this org network, it looks like we don’t try to deploy another one with .updated added to the name and just give it the original name.  The vSE’s config is in the vCloud’s database under the link_pconfig column of the logical_network table.  

    Hope it helps.

    • You will still run into in on every reset with the length. It is best IMHO to reduce your naming. The issue is when the long name gets further extended when the second copy is created. This workaround means you need to remove it each time you want to just reset the network.

Leave a Reply

Your email address will not be published. Required fields are marked *