check-circle-line exclamation-circle-line close-line

VMware Validated Design 5.1 | 18 JUL 2019
VMware Cloud Builder 2.1.0.0 | 18 JUL 2019 | BUILD 14172583

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

About VMware Validated Design 5.1

VMware Validated Design provides a set of prescriptive documents that explain how to plan, deploy, and configure a Software-Defined Data Center (SDDC). The architecture, the detailed design, and the deployment guides provide instructions about configuring a dual-region SDDC.

VMware Validated Design is tested by VMware to ensure that all components and their individual versions work together, scale, and perform as expected. Unlike Reference Architectures which focus on an individual product or purpose, a VMware Validated Design is a holistic approach to design, encompassing many products in a full stack for a broad set of use case scenarios in an SDDC.

This VMware Validated Design supports a number of use cases, and is optimized for integration, expansion, Day-2 operations, as well as future upgrades and updates. As new products are introduced, and new versions of existing products are released, VMware continues to qualify the cross-compatibility and upgrade paths of VMware Validated Design. Designing with a VMware Validated Design ensures that future upgrade and expansion options are available and supported.

VMware Software Components in the Validated Design

VMware Validated Design 5.1 is based on a set of individual VMware products with different versions that are available in a common downloadable package.

The products included in VMware Validated Designs participate in the VMware's Customer Experience Improvement Program ("CEIP"). Join the CEIP because this program provides us with information used to improve VMware products and services, fix problems, and advise you on how best to deploy and use our products.

Details regarding the data collected through CEIP and the purposes for which it is used by VMware are set forth at the Trust & Assurance Center at http://www.vmware.com/trustvmware/ceip.html. To join or leave the CEIP for the products that are part of VMware Validated Design, see the documentation for each product.

Before you deploy or upgrade the SDDC, review the release notes of the software components that are used in this validated design.

VMware Software Components in VMware Validated Design 5.1
Product Group and Edition Product Name Product Version
VMware Validated Design VMware Cloud Builder * 2.1.0.0 **
VMware vSphere Enterprise Plus ESXi * 6.7 ESXi670-201906002
vCenter Server Appliance * *** 6.7 Update 2c
vSphere Update Manager Download Service * 6.7 Update 2
vSphere Replication * 8.2
VMware vSAN Standard or higher vSAN * 6.7 Express Patch 10
vSAN Witness Appliance * 6.7 Update 2

Download the appliance OVA file from its location on my.vmware.com.

VMware NSX Data Center Advanced or higher NSX Data Center for vSphere * 6.4.5
VMware vRealize Suite Lifecycle Manager vRealize Suite Lifecycle Manager * 2.1 Patch 2
VMware vRealize Operations Manager Advanced or higher vRealize Operations Manager * 7.5
vRealize Operations Management Pack for NSX for vSphere 3.5.2
vRealize Operations Management Pack for Storage Devices * 7.5
vRealize Operations Management Pack for Site Recovery Manager * 8.2
VMware vRealize Log Insight vRealize Log Insight **** 4.8
vRealize Log Insight Content Pack for NSX for vSphere 3.8
vRealize Log Insight Content Pack for vRealize Automation 7.3+ 2.1
vRealize Log Insight Content Pack for vRealize Orchestrator 7.0.1+ 2.0
vRealize Log Insight Content Pack for vRealize Business 1.3
vRealize Log Insight Content Pack for Linux 1.0
VMware Skyline Collector Skyline Collector * 2.1
VMware vRealize Automation Advanced or higher vRealize Automation * 7.6
VMware vRealize Business for Cloud Advanced vRealize Business for Cloud * 7.6
VMware Site Recovery Manager Enterprise Site Recovery Manager * 8.2

For certain optional add-on guidance, you can also deploy the following products: 

Add-On VMware Software Components in VMware Validated Design 5.1
Product Group or Edition Product Name Product Version
VMware NSX Data Center Advanced or higher VMware NSX-T Data Center * 2.4.1
VMware vRealize Log Insight vRealize Log Insight Content Pack for NSX-T * 3.2
VMware Enterprise PKS VMware Enterprise PKS 1.4.1
VMware vRealize Operations Manager Advanced or higher vRealize Operations Management Pack for Container Monitoring 1.4

 

* Updated from the earlier release of VMware Validated Design
** Cloud Builder 2.2.0.0 available for VMware Cloud Foundation 3.9 supports only the bring-up workflow for VMware Cloud Foundation. To deploy VMware Validated Design 5.1, use Cloud Builder 2.1.0.0.
*** If you upgraded to VMware Validated Design 5.1 from VMware Validated Design 4.3, to remediate VMSA-2020-0006 (CVE-2020-3952) in the SDDC, you must update Platform Services Controller and vCenter Server instances to vCenter Server 6.7 Update 3f. The vulnerability in the VMware Directory Service (vmdir) does not affect clean deployments of VMware Validated Design 5.1.

To update the Platform Services Controller and vCenter Server instances to vCenter Server 6.7 Update 3f, use either of these options:

  • To keep full product compatibility, upgrade to VMware Validated Design 5.1.1.
  • If upgrading to VMware Validated Design 5.1.1 is not an option, apply vCenter Server 6.7 Update 3f and plan an upgrade to VMware Validated Design 5.1.1 during a next maintenance window. See VMware Knowledge Base article 78751.
**** New To remediate VMSA-2020-0007 (CVE-2020-3953 and CVE-2020-3954) for vRealize Log Insight 4.8, you must apply vRealize Log Insight 4.8 Security Patch. See VMware Knowledge Base article 79168.

VMware makes available patches and releases to address critical security and functional issues for several products. Verify that you are using the latest security and express patches or hotfixes for a given component after deploying VMware Validated Design. Scalability and functionally tests for individual patches, express patches, or hotfixes are not typically performed against VMware Validated Design. If a patch must be applied to your environment, follow the VMware published practices and VMware Knowledge Base articles for the specific patch. If an issue occurs during or after the process of applying a patch, contact VMware Technical Support. If after applying a patch, the new product version no longer adheres to the bill of materials, or interrupts the upgrade to the next published version of the design, you must continue to follow the upgrade path to a version of the design that includes this product version.

VMware Solution Exchange and in-product marketplace store only the latest versions of the management packs for vRealize Operations Manager and the content packs for vRealize Log Insight. The software components table contains the latest versions of the packs that were available at the time this VMware Validated Design was validated. When you deploy the VMware Validated Design components, it is possible that the version of a management or content pack on VMware Solution Exchange and in-product marketplace is newer than the one used for this release.

For information on the lifecycle of the VMware software components in this VMware Validated Design, see Lifecycle of the VMware Software Components.

What's New

VMware Validated Design 5.1 provides a list of new features:

  • Updated Bill of Materials that incorporates new product versions
  • Integration with VMware Skyline for proactive product diagnostics and technical support as part of the core design and deployment guidance

    You can collect product usage data from your SDDC by deploying Skyline Collector appliances in each region and have it analyzed by the VMware Skyline engine on VMware Cloud Services. VMware can use the analysis to provide proactive, predictive, and prescriptive recommendations for improving the stability and reliability of the environment. You can also review the analysis in the Skyline Advisor Web application.

    You deploy and configure the Skyline Collector appliances manually. Skyline Collector deployment is not integrated in VMware Cloud Builder for this release of the validated design.
  • Design and deployment add-on guidance for VMware Enterprise PKS in a VMware NSX-T workload domain as part of VMware Validated Design

    Use this documentation to implement a virtual infrastructure workload domain by using NSX-T as the network virtualization solution and VMware Enterprise PKS as the platform for deploying Kubernetes clusters and provisioning containers on top of vSphere.
  • VMware Validated Design now supports the virtual appliance version of Site Recovery Manager

    The Site Recovery Manager virtual appliance is deployed automatically by VMware Cloud Builder. Starting from this release, setting up a Windows virtual machine for Site Recovery Manager in advance in each region is not required.

    You upgrade Site Recovery Manager and then migrate from the Windows version to the virtual appliance version manually.

  • New VMware Validated Design now features the Compliance Kit for NIST 800-53 that provides information how to reconfigure and validate the virtual infrastructure towards compliance with the NIST 800-53 Rev.4 standard. The kit consists of the following documents:
    • Introducing Security and Compliance
    • Product Applicability Guide for NIST 800-53
    • Security and Compliance Configuration for NIST 800-53
    • Audit Guide for NIST 800-53
    • Audit Guide Appendix for NIST 800-53
  • New Architecture and design guidance for using an SDDC on VMware Cloud on AWS as an additional region to Standard SDDC or Consolidated SDDC
  • Recommended maximum latency between SDDC regions is 100 ms
  • Consolidated SDDC design and deployment guidance is available at GA, alongside the core set of Standard SDDC documents
  • VMware Cloud Builder
    • Enhancements to the Network Connectivity audit

      The Network Connectivity audit uses the IP addresses from the deployment parameter XLS file or JSON deployment file instead of random IP addresses from the subnet

    • Automatic enablement of the vRealize Orchestrator services in the vRealize Automation appliances

    • Automatic configuration of vRealize Operations Manager to auto-synchronize with Active Directory, reducing manual step guidance post-deployment

    • Added support for 125 characters during audit and deployment for Active Directory service accounts

    • Updated the load balancer configuration of vRealize Operations Manager according to the latest product documentation

    • Updated the virtual machine customization specifications for tenant blueprints to align with the naming standard of VMware Validated Design

    • Added support for newer EVC chip sets

    • Added additional data input messages to various cells within the deployment parameters XLS files

    • General bug fixes

For more information, see the VMware Validated Design Documentation page.

Internationalization

This VMware Validated Design release is available only in English.

Compatibility

This VMware Validated Design guarantees that product versions in the VMware Validated Design 5.1, and the design chosen, are fully compatible. Any minor known issues that exist are described in this release notes document.

Installation

To install and configure an SDDC according to this validated design, follow the guidance in the VMware Validated Design 5.1 documentation. For product download information, and guides access, see the VMware Validated Design Documentation page.

Lifecycle of the VMware Software Components

This VMware Validated Design version is based on one or more VMware products whose versions eventually reach the End of Support Life (EOSL) stage as described by the VMware Lifecycle Policies.Тhose versions are no longer generally supported by VMware. In such a case, upgrade to a later version by using the upgrade procedures in the VMware Validated Design Upgrade documentation.

If you are using an earlier version in your environment, upgrade your environment according to the following scenarios:

Scenarios for Upgrade from a Version that Has Reached EOSL
Scenario Upgrade Approach
The version of VMware Validated Design that you are using has already entered the EOSL stage but the next VMware Validated Design version is still supported. Apply the VMware Validated Design Upgrade documentation to bring the VMware environment to a fully supported state
The version of VMware Validated Design that you are using and the next version have both already entered the EOSL stage Because the VMware Validated Design Upgrade documentation supports upgrade only from one release to the next one, the transition across multiple releases might be complex. Contact a VMware sales representative to plan and perform a custom upgrade procedure with the assistance of VMware Professional Services.

For more information about current and expired product releases, refer to the VMware Lifecycle Product Matrix.

Caveats and Limitations

Documentation Delivery Log

The VMware Validated Design documentation is published in several iterations. On the release date, the core documents that introduce VMware Validated Design and provide guidance on the SDDC design, planning, and deployment are published live. The remaining documents are released in groups until the entire set is compliant with the Bill of Materials of the VMware Validated Design release.

Log of Delivered VMware Validated Design Documentation
Delivery Date Documentation
24 OCT 2019

Technical Notes

  • Scaling Up and Scaling Out VMware Validated Design
03 SEP 2019
  • Standard SDDC
    • Backup and Restore
    • Site Protection and Recovery
    • Operational Verification
    • Certificate Replacement
  • Consolidated SDDC
    • Certificate Replacement
  • Workload Domain
    • Architecture and Design for VMware NSX-T Workload Domains with Multiple Availability Zones
    • Deployment of VMware NSX-T Workload Domains with Multiple Availability Zones
  • VMware Hybrid Cloud
    • Architecture and Design for Extending VMware Validated Design to VMware Cloud on AWS
08 AUG 2019
  • Security and Compliance
    • Introducing Security and Compliance
    • Security and Compliance Configuration Guide for NIST 800-53
    • Compliance Kit for NIST 800-53
18 JUL 2019
  • Introducing VMware Validated Designs
  • Standard SDDC
    • Architecture and Design
    • Planning and Preparation
    • Deployment of Region A
    • Deployment of Region B
    • Deployment of Multiple Availability Zones
    • Upgrade
  • Consolidated SDDC
    • Architecture and Design
    • Planning and Preparation
    • Deployment
  • Workload Domain
    • Architecture and Design for VMware NSX-T Workload Domains
    • Deployment for VMware NSX-T Workload Domains
    • Architecture and Design for VMware Enterprise PKS with VMware NSX-T Workload Domains
    • Deployment of VMware Enterprise PKS for VMware NSX-T Workload Domains

All documentation is available on the VMware Validated Design Documentation page. For details on the latest available guidance, see Documentation Map for VMware Validated Design.

Known Issues

The known issues are grouped as follows.

vRealize Operations Manager
  • After you perform a failover operation of the vRealize Operations Manager or Cloud Management Platform virtual machines, the vRealize Automation Adapter might fail to collect statistics

    This issue might occur during both failover to Region B and failback to Region A of the Cloud Management Platform or the vRealize Operations Manager analytics cluster.

    After you perform disaster recovery or planned migration of the Cloud Management Platform or virtual machines of the vRealize Operations Manager analytics cluster, the collection state of the vRealize Automation Adapter cannot collect statistics. When you log in to the operations interface of vRealize Operations Manager at https://vrops01svr01.rainpole.local and navigate to the Solutions page, the collection state of the vRealize Automation Adapter is Failed.

    Workaround: To manually restart data collection in the vRealize Automation Adapter, click the Stop Collecting button and click the Start Collecting button.

  • After you perform a failover operation, the vRealize Operations Manager analytics cluster might fail to start because of an NTP time drift between the nodes
    • The vRealize Operations Manager operations interface might report that some of the analytics nodes are not coming online with the status message Waiting for Analytics.
    • The log information on the vRealize Operations Manager master or master replica node might contain certain NTP-related details.
      • The NTP logs in the /var/log/ folder might report the following messages:
        ntpd[9764]: no reply; clock not set
        ntpd[9798]: ntpd exiting on signal 15
      • The analytics-wrapper.log file in the /storage/log/vcrops/logs/ folder might report the following message:
        INFO | jvm 1 | YYYY/MM/DD | >>> AnalyticsMain.run failed with error: IllegalStateException: time difference between servers is 37110 ms. It is greater than 30000 ms. Unable to operate, terminating...

         

    Workaround: See VMware Knowledge Base article 2151266.

vRealize Automation and Embedded vRealize Orchestrator
  • Unable to log in to the vRealize Automation user interface after configuring a non-existing tenant as the authentication provider for the embedded vRealize Orchestrator.

    The vRealize Automation user interface becomes unavailable after you configure the authentication settings on the Configure Authentication Provider page in the embedded vRealize Orchestrator Control Center with a non-existing tenant. For example, if you enter a tenant name with a typo.

    On the Services tab at https://vra01svr01a.rainpole.local:5480, you see the following services as unavailable:

    Service State
    advanced-designer-service UNAVAILABLE
    o11n-gateway-service UNAVAILABLE
    shell-ui-app UNAVAILABLE
    vco null

    Workaround: Correct the tenant details and verify the service state on the vRealize Automation appliances.

    1. Log in to the vRealize Orchestrator Control Center. 
      1. Open a Web browser and go to https://vra01svr01.rainpole.local:8283/vco-controlcenter.
      2. Log in by using the following credentials. 
        Setting Value
        User name root
        Password deployment_admin_password
    2. On the Configure Authentication Provider page, update the authentication configuration with the correct tenant details. 
      The control center replicates the settings to all vRealize Orchestrator servers in the cluster after several minutes.
    3. Log in to the first vRealize Automation appliance.
      1. Open a Web browser and go to  https://vra01svr01a.rainpole.local:5480.
      2. Log in by using the following credentials. 
        Setting Value
        User name root
        Password deployment_admin_password
    4. On the Services tab, verify that the status of all services is REGISTERED.
    5. Repeat Step 4 and Step 5 on the other vRealize Automation appliances.
  • Converged blueprint provisioning requests in vRealize Automation might fail in environments that have high workload churn rate

    In environments that have a high curn rate for tenant workloads, requests for provisioning converged blueprints in vRealize Automation might fail with one of the following error messages.

    • Timeout Customizing machine

    Workaround: None.

  • New The virtual machine deployment of the Master Windows system for vRealize Automation IaaS nodes in Region B might fail due to duplicate Service Principal Names (SPNs)

    In VMware Validated Design for Standard SDDC, the VM name for the Master Windows system for vRealize Automation IaaS nodes is master-iaas-vm in both Region A and Region B. If your Active Directory runs on Windows Server 2016 with forest functional level 2016, the master-iaas-vm deployment in Region B fails, because this Active Directory version does not support multiple objects with the same name in the same parent domain.

    Workaround:

    1. Deploy the Master Windows systems for vRealize Automation IaaS nodes by using different VM names in Region A and Region B.
      • If you already deployed the SDDC components in Region A, use a different VM name in Region B, for example, master-iaas-vm-b.
      • If you did not begin the SDDC deployment, use different VM names in both Region A and Region B. For example, use the VM name master-iaas-vm-a in Region A, and the VM name master-iaas-vm-b in Region B.
    2. In the Deployment Parameters XLS files for Region A and Region B, in the Management Workloads tabs, edit the IaaS - Windows Master Server (Cloned) values from master-iaas-vm to the corresponding new VM names.
    3. Complete the environment preparation and the SDDC deployment.
  • After you perform disaster recovery of the Cloud Management Platform, the status of the shell-ui-app service might appear as Failed in the appliance management console of the vra01svr01b.rainpole.local node

    This issue might occur during both failover to Region B and failback to Region A of the Cloud Management Platform. After you perform disaster recovery of the Cloud Management Platform, you see the following symptoms when you verify the overall state of the platform:

    • In the appliance management console https://vra01svr01b.rainpole.local:5480, the status of the shell-ui-app service is Failed.
    • The statistics about the vra-svr-443 pool on the NSX load balancer shows that the vra01svr01b node is DOWN.
    • Trying to access the https://vra01svr01b.rainpole.local/vcac/services/api/health URL results with following error message:

      The service shell-ui-app was not able to register the service information with the Component Registry service! This might cause other dependent services to fail. Error Message: I/O error on POST request for "https://vra01svr01.rainpole.local:443/SAAS/t/vsphere.local/auth/oauthtoken?grant_type=client_credentials": Read timed out; nested exception is java.net.SocketTimeoutException: Read timed out"

    You can still log in to the vRealize Automation portal because the other vRealize Automation Appliance vra01svr01a can service your requests.

    Workaround: Restart the vcac-server service on the vra01svr01b.rainpole.local node.

    1. Open an SSH connection to the vra01svr01b.rainpole.local appliance and log in as root.
    2. Restart the vcac-server service by running the following command.
      service vcac-server restart
  • After failover or failback during disaster recovery, the login to the vRealize Automation Rainpole portal takes several minutes or fails with an error message

    This issue occurs during both failover to Region B and failback to Region A of the Cloud Management Platform when the root Active Directory is not available in the protected region. You see the following symptoms:

    • Login takes several minutes.

      When you log in to the vRealize Automation Rainpole portal at https://vra01svr01.rainpole.local/vcac/org/rainpole by using the ITAC-TenantAdmin user, the vRealize Automation portal loads after 2 to 5 minutes.

    • Login fails with an error.

      An attempt to log in to the vRealize Automation Rainpole portal fails with an error about incorrect user name and password.

    Workaround: Perform one of the following workarounds according to the type of the recovery operation.

    • Failover to Region B
      1. Open an SSH connection to the vra01svr01a.rainpole.local appliance and log in as root.
      2. Open the /usr/local/horizon/conf/domain_krb.properties file in a text editor.
      3. Add the following list of the domain-to-host values and save the domain_krb.properties file.
        Use only lowercase characters when you type the domain name.
        For example, as you have performed failover, you must map the rainpole.local domain to the controller in Region B.
        rainpole.local=dc51rpl.rainpole.local:389
      4. Change the ownership of the domain_krb.properties.
        chown horizon:www /usr/local/horizon/conf/domain_krb.properties
      5. Open the /etc/krb5.conf file in a text editor.
      6. Update the realms section of the krb5.conf file with the same domain-to-host values that you configued in the domain_krb.properties file, but omit the port number as shown in the following example.
        [realms]
        RAINPOLE.LOCAL = {
          auth_to_local = RULE:[1:$0\$1](^RAINPOLE\.LOCAL\\.*)s/^RAINPOLE\.LOCAL/RAINPOLE/
          auth_to_local = RULE:[1:$0\$1](^RAINPOLE\.LOCAL\\.*)s/^RAINPOLE\.LOCAL/RAINPOLE/
          auth_to_local = RULE:[1:$0\$1](^SFO01\.RAINPOLE\.LOCAL\\.*)s/^SFO01\.RAINPOLE\.LOCAL/SFO01/
          auth_to_local = RULE:[1:$0\$1](^LAX01\.RAINPOLE\.LOCAL\\.*)s/^LAX01\.RAINPOLE\.LOCAL/LAX01/
          auth_to_local = DEFAULT
          kdc = dc51rpl.rainpole.local
        }
      7. Restart the workspace service.
        service horizon-workspace restart
      8. Repeat this procedure on the vra01svr01b.rainpole.local and vra01svr01c.rainpole.local vRealize Automation appliances.
    • Failback to Region A
      ​If dc51rpl.rainpole.local becomes unavailable in Region B during failback, perform the steps for the failover case using dc01rpl.rainpole.local as the domain controller instead of dc51rpl.rainpole.local and restart the services.

    This workaround optimizes the synchronization with Active Directory by pointing to a specific domain controller that the vRealize Automation appliance can access if a disaster recovery operation occurs.

VMware Cloud Builder
  • After you refresh the browser on the Validation menu or Deploy menu, the In-Progress status is lost.

    The In-Progress status for validations or deployments is lost when you refresh the browser.

    Workaround: Click the Run Results button to restore the In-Progress status screen.

  • The validation of the environment for the management cluster in Region A fails for Microsoft SQL Server, which results in skipping the audit check for vRealize Automation

    When you use the Cloud Builder administration interface to validate the deployment parameters and target environment prerequisites for the management cluster in Region A, the validation of the vvd-std-rega-mgmt.json file fails with the error: MSDTC security property 'Allow Remote Administrator' is 'Selected'. (Expecting Deselected).

    The /opt/vmware/sddc-support/cloud_admin_tools/logs/PlatformAudit.log file in the Cloud Builder appliance contains the following error stack trace:
    [DEBUG sql_server.py::delete_guest_temp_dir::524::platformaudit-3c952f52-7dab-464a-acdd-6e36d2f7e362] Deleting temp directory which store output: C:\vvdtemp
    [DEBUG vsphere.py::delete_guest_dir::295::platformaudit-3c952f52-7dab-464a-acdd-6e36d2f7e362] Cleanup old directory: C:\vvdtemp
    [INFO sql_server.py::validate_msdtc_configuration::254::platformaudit-3c952f52-7dab-464a-acdd-6e36d2f7e362] MSDTC security property 'Enable XA Transactions' is 'Deselected'
    [ERROR sql_server.py::validate_msdtc_configuration::259::platformaudit-3c952f52-7dab-464a-acdd-6e36d2f7e362] MSDTC security property 'Allow Remote Administrator' is 'Selected'. (Expecting Deselected)
    ...
    [INFO executor.py::run::166::platformaudit-3c952f52-7dab-464a-acdd-6e36d2f7e362] Audit test class AuditSqlServer...FAIL

    This issue occurs because VMware Validated Design 5.1 contains a requirement to select the Allow Remote Administration option for the Network DTC Access setting on the SQL Server virtual machine.

    Workaround:

    1. Ignore the error message about the selected MSDTC security property for allowing remote administrator.
    2. Verify that there are no other error messages for the SQL Server validation.
    3. Manually run the skipped audit check for the vRealize Automation module.
      a. Log in to the Cloud Builder appliance by using a Secure Shell (SSH) client.
      Setting Value
      URL https://sfo01cb01.sfo01.rainpole.local
      User name admin
      Password cloudbuilder_admin_password

      b. Switch to the root user by running the su command and entering the root password.

      c. Run the audit command for the vRealize Automation module and verify that the audit passes successfully.
      /opt/vmware/sddc-support/sos --platformaudit --platformaudit-input /opt/vmware/sddc-support/cloud_admin_tools/Resources/std-rega/vvd-std-rega-mgmt.json --platformaudit-modules AuditVRealizeAutomation --platformaudit-reason
  • The vRealize Automation deployment fails if a failover of the vRealize Automation IaaS Manager Service occurs

    Cloud Builder uses vRealize Suite Lifecycle Manager for the vRealize Automation deployment. To deploy vRealize Automation, vRealize Suite Lifecycle Manager relies on the vRealize Automation IaaS Manager Service Node A. If a vRealize Automation failover occurs, in the load balancer pool configuration, the Manager Service Node B becomes active and the Manager Service Node A becomes inactive. After such a failover, the vRealize Automation deployment fails, because vRealize Suite Lifecycle Manager is trying to connect to the inactive Manager Service Node A.

    The Cloud Builder user interface shows the error message: vRA Iaas DEM/DEO Installation Failed.

    Workaround:

    1. Enable both IaaS Manager Service pool members in NSX
    2. Retry the Cloud Builder workflow
  • The vRealize Automation Proxy Agents deployment fails if a failover of the vRealize Automation IaaS Manager Service occurs

    Cloud Builder uses vRealize Suite Lifecycle Manager for the vRealize Automation Proxy Agents deployment. To deploy the proxy agents, vRealize Suite Lifecycle Manager relies on the vRealize Automation IaaS Manager Service Node A. If a vRealize Automation failover occurs, in the load balancer pool configuration, the Manager Service Node B becomes active and the Manager Service Node A becomes inactive. After such a failover, the vRealize Automation Proxy Agents deployment fails, because vRealize Suite Lifecycle Manager is trying to connect to the inactive Manager Service Node A.

    The /opt/vmware/bringup/logs/vcf-bringup.log file in the Cloud Builder appliance contains the following error stack trace:
    [bringup-app-ems,[78c89b24d3736373,b46b]] ERROR [c.v.e.s.o.model.error.ErrorFactory,pool-3-thread-1] [OKACQM] VRA_ADD_PROXY_AGENT_COMPONENTS_FAILED Failed to add proxy agent components to vRA vra01svr01.rainpole.localcom.vmware.evo.sddc.orchestrator.exceptions.OrchTaskException: Failed to add proxy agent components to vRA vra01svr01.rainpole.local
        at com.vmware.evo.sddc.vrealize.vrslcm.AddVraProxyAgentNodes.execute(AddVraProxyAgentNodes.java:106)
        ...
    Caused by: com.vmware.evo.sddc.orchestrator.exceptions.OrchTaskException: Invalid parameter: {0}
        at com.vmware.evo.sddc.vrealize.vrslcm.AddVraProxyAgentNodes.postExecuteOperations(AddVraProxyAgentNodes.java:225)
        at com.vmware.evo.sddc.vrealize.vrslcm.AddVraProxyAgentNodes.postExecuteOperations(AddVraProxyAgentNodes.java:61)
        at com.vmware.evo.sddc.common.vrealize.vrlcm.BaseVrlcmTask.executeOperation(BaseVrlcmTask.java:180)
        at com.vmware.evo.sddc.vrealize.vrslcm.AddVrealizeComponentToVrslcmEnvironment.addNode(AddVrealizeComponentToVrslcmEnvironment.java:96)
        at com.vmware.evo.sddc.vrealize.vrslcm.AddVrealizeComponentToVrslcmEnvironment.addNodes(AddVrealizeComponentToVrslcmEnvironment.java:65)
        at com.vmware.evo.sddc.vrealize.vrslcm.AddVraProxyAgentNodes.execute(AddVraProxyAgentNodes.java:91) ... 20 common frames omitted [bringup-app-ems,[78c89b24d3736373,b46b]] DEBUG [c.v.e.s.o.c.ProcessingTaskSu

    Workaround:

    1. Enable both IaaS Manager Service pool members in NSX.
    2. Retry the Cloud Builder workflow.
  • New During a disaster recovery failover operation with Site Recovery Manager, the cluster of three vRealize Automation appliances remains offline

    Because the recovery plan for vRealize Automation in Site Recovery Manager is configured with the assumption that the first appliance is always the master node, this issue occurs if the first vRealize Automation appliance is started after a disaster recovery failover and it is not running as the master node. Such a cluster configuration might exist after a previous failover in the cluster of vRealize Automation appliances.

    See https://kb.vmware.com/s/article/74879.