check-circle-line exclamation-circle-line close-line

Updated on: 19 FEB 2019

vRealize Automation | 25 MAY 2017 | Build 5610496 

Check regularly for additions and updates to these release notes. 

What's in the Release Notes

The release notes cover the following topics:

What's New

The vRealize Automation 7.3 release includes resolved issues and the following new capabilities.

Parameterized Blueprints to Enhance Reusability and Reduce Sprawl​

  • Introduced component profiles for defining both size and image attributes, enabling "T-shirt sizing" as a request item
    • Component profiles provided for image and virtual machine size including CPU, memory, and storage size
  • Efficiently manage blueprints by leveraging abstracted component profiles
  • Increase reusability while significantly reducing blueprint sprawl
  • Trigger approval policies on size or image conditions
  • Import or export of component profiles using vRealize CloudClient
  • Automatically substitute component profile values

For information, see Understanding and Using Blueprint Parameterization.

Policy-Based Optimization of Virtual Machine Placement

  • Requires vRealize Operations Manager 6.6, which will be released soon
  • Maximize your infrastructure investment by optimizing placement
  • Combine vRealize Automation governance with performance based insight to optimize placement
  • Place Virtual Machines according to performance goals, using multiple algorithms
    • Balance for maintaining maximum headroom in case of spikes
    • Consolidate to leave space for large workloads

For information, see Workload Placement.

Enhanced Control of NSX-Provisioned Load Balancers

For information, see Applying an NSX App Isolation Security Policy to a Blueprint.

Enhanced NAT Port Forwarding Rules

  • NSX on-demand NAT
  • Port forwarding rules can be configured at design time
  • Rules can be ordered
  • Rules can be added, removed, and reordered after you create them

For information, see Add an On-Demand NAT or On-Demand Routed Network Component.

NSX Security Group and Tag Management

  • Able to add existing NSX security groups or tags to a running application
  • Able to disassociate NSX security groups and tags from applications

For information, see Add or Remove Security Items in a Deployment.

High Availability Automated for NSX Edge Services

  • Edge high-availability mode in the blueprint provides high availability for all edge services to an application when it is deployed
  • Configurable per blueprint based on application availability needs
  • Use custom properties to determine high availability at request time
  • Adds high availability for load balancing, NAT, firewall, and so on

For information, see Custom Properties for Networking.

NSX Edge Size Selection

  • Able to specify deployment size for NSX Edge Services Gateway (ESG)
  • Configurable per-blueprint based on application needs or scale
  • Uses custom properties for size selection at request time

For information, see Custom Properties for Networking.

Configuration Automation Framework - Puppet Integration

  • Configuration management as first-class citizen
    • Make plug-in invisible to customers and enable actions in the blueprint design canvas
    • Ability to drag-and-drop configuration management nodes and dynamically assign roles on the design canvas
  • First implementation with Puppet
    • Register Puppet Master as an endpoint
    • Drag-and-drop Puppet node
    • Dynamically query Puppet Master, environment, and roles
  • Support late binding and early binding options
  • Support post-provisioning actions, such as unregister and delete

For information, see Creating Puppet Enabled vSphere Blueprints.

Improvements to Installation, Upgrade, Migration

  • New installation API extensions
    • Trigger initial content creation
    • Invoke self-signed certificate generation
    • Certificate replacement in vRealize Automation, IaaS web, and IaaS Microsoft SQL
  • New upgrade API extensions
    • List all available versions for upgrade
    • Get download status of upgrade packages
    • Do pre-upgrade check for the selected version
    • Get approximate upgrade time estimation
    • Get status progress of the upgrade
  • Migration
    • Automated migration from vRealize Automation 7.x to 7.3
    • Ability to a generate certificate signing request (CSR) in install wizard

REST API Improvements

Improvements to High Availability

  • Automated failover of PostgreSQL database
  • Automated failover of IaaS Manager Service
  • Enhanced RabbitMQ recovery
  • Support for dual NICs in the vRealize Automation appliance and IaaS virtual machines

Enhanced vRealize Business for Cloud Integration - Cloud Management Platform

  • Consistent terminology across vRealize Automation and vRealize Business for Cloud
  • No derived costing in vRealize Automation - vRealize Business for Cloud is the single source of truth for all pricing information
  • Accurate pricing for fault-tolerant enabled machines and Azure blueprints
  • Pricing updated after these post-provisioning actions:
    • Reconfigure machine
    • Scale-in or scale-out
    • Import machine

For information, see Upgrade and Blueprint Price Information.

Audit Logging

  • Audit logging framework object types:
    • Workflow Subscription
    • Fabric Groups
    • Endpoints (Infrastructure)
  • Send audit logs to vRealize Log Insight or syslog server using Log Insight agent
  • Configurable retention period

For information, see Using vRealize Automation Audit Logging.

Health Service

  • Health Service as a feature in the vRealize Automation console
  • Role-based and tenanted access to health data
  • Configure multiple vRealize Automation instances to monitor
  • Scheduled and on-demand test runs
    • Enables integration with vRealize Operations/SDDC Health Dashboard or third party tools
    • Full REST interface for performing health service system management tasks

For information, see Monitoring vRealize Automation Health.

Destroy Virtual Machine Enhancement - Force Destroy

  • Workload maintainability
    • Safely ignores any failures interrupting the destroy process
    • Efficient clean-up of failed deployments
    • Improved stable management of workloads
    • Applies to entire deployment

For information, see Force Destroy a Deployment After a Failed Destroy Request.

Syntax Highlighting for Software Lifecycle Scripts

  • Enhanced interface
    • Elegant syntax highlighting for software lifecycle scripts (app authoring)
    • Intuitive color-coding standards
    • Improves productivity and reduces scripting errors

New Business Group User Role

  • Allows for shared resource access and management

For information, see Tenant Role Overview.

Enhancements to Custom Properties

  • Software components now able to to consume custom properties
  • Handling of secure custom properties improved

For information, see Using Properties in Machine Provisioning.

Extended External IPAM Vendor Framework

  • Added support for on-demand NAT networks
  • Supports one-to-many and one-to-one static IP addresses

For information, see Add an On-Demand NAT or On-Demand Routed Network Component.

Endpoint Configuration Service - Streamlined Endpoint Management

  • Enhanced to support a schema-driven user interface
  • Provides greater capability, control, and a unified experience when managing endpoints in vRealize Automation
  • Allows configuration of endpoints that require inter-endpoint relationships
  • Enhanced UI controls and customer experience
    • NSX is now a separate endpoint, no longer part of the vSphere endpoint configuration
    • Endpoint configuration validation checks for valid URL, credentials, and certificates
    • Certification trust verification
    • Provides a two-step process for resolving untrusted certificates. When you test an endpoint connection, you must accept the certificate and approve your acceptance of the certificate by clicking OK on the edit endpoint.
    • Ability to accept self-signed certificates

For information, see Configuring Endpoints

Azure Public Cloud Service Design Enhancements

  • Select, drag-and-drop software components on Azure machines in the blueprint designer
  • Specify software properties on the blueprint designer and on the request form
  • Pre-populated forms and dropdowns

For information, see Creating Microsoft Azure Blueprints and Incorporating Resource Actions.

vRealize Orchestrator Control Center Role-Based Access Control (RBAC)

  • All users are able to log in, not just the root user
  • Trace execution and logs for workflow-based vRealize Automation requests, based on user role
  • Troubleshoot requests based on user role
  • Reuse and extend privileges and roles from vRealize Automation

IT Process Automation with Updated Software-Defined Data Center (SDDC) Support

  • All storage policy based objects are now accessible through API in vRealize Orchestrator and vRealize Automation
  • New vCenter Server plug-in provided with vRealize Orchestrator
  • Updated AMQP, REST and PowerShell plug-ins

For information, see Configuring XaaS Resources.

vRealize Automation and ServiceNow Enhancements

  • View and request AWS catalog items from the ServiceNow portal
  • Seamless integration with the ServiceNow governance engine
  • Centralized management database (CMDB) and post-provisioning actions support
  • Supported for vRealize Automation 7.3 and ServiceNow Helsinki and Istanbul

For information, see vRealize Automation Servicenow 2.0 plugin is here.

VMware Admiral Integration

  • Supports collaboration between cloud administrators and development teams for traditional, containerized, and hybrid applications
  • Enables a balance between the operational control of traditional applications and the flexibility that containers offer
  • New capabilities including persistent volume support, improved container networking, and host management

For information, see Admiral.

Enhanced Event Log Functionality

  • System level integration with external SYSLOG compatible log management systems
  • Supports VMware Log Insight server
  • Configurable through VAMI and secured by default
  • Predefined set of auditable objects and an option to turn on auditing for all other IaaS object types included

For information, see Monitoring vRealize Automation.

Audit Logging Enabled by Default for the Following Items

  • Fabric Groups
  • Endpoints
  • Workflow subscriptions
  • Configuration API for the following items:
    • Setting the event logs retention period
    • Filtering certain target types from being processed by the event log
    • Purging old event log messages from local database

For information, see Using vRealize Automation Audit Logging.

Documentation Updated to Support All New Capabilities

System Requirements

For information about supported host operating systems, databases, and Web servers, see the vRealize Automation Support Matrix.


For prerequisites and installation instructions, see Installing vRealize Automation.


For vRealize Automation 7.3 documentation, see VMware vRealize Automation.

vRealize Automation 7.3 documentation revised and republished 15 MAR 2018. Revisions include information about updating or migrating to vRealize Automation 7.3.1.

New Update to Migration Documentation

  • Topic title: Migrate vRealize Automation Source Data to a vRealize Automation 7.3 Minimal Environment

Before You Upgrade

For general guidance, see Upgrading vRealize Automation.

The vRealize Production Test Upgrade Assist Tool analyzes your vRealize Automation 6.2.x environment for any feature configuration that can cause upgrade issues and checks that your environment is ready for upgrade. To download this tool and related documentation, go to the VMware vRealize Production Test Tool Download Product page.

Using Your License to Enable vRealize Code Stream

You can now use your vRealize Automation license to enable vRealize Code Stream for your vRealize Automation environments. The vRealize Automation license allows you to unlock vRealize Code Stream so that you can use it with the vRealize Code Stream Management Pack for IT DevOps.

To enable vRealize Code Stream, you must have either vRealize Suite Enterprise, vRealize Automation Advanced, or vRealize Automation Enterprise, and a new license for vRealize Automation 7.3.

You must install the vRealize Code Stream Management Pack on a separate and dedicated appliance that has vRealize Automation and vRealize Code Stream enabled in a non-HA (High Availability) mode. For more information, see the vRealize Code Stream Reference Architecture Guide. You cannot install the vRealize Code Stream Management Pack on your existing vRealize Automation production instance for the following reasons:

  • The extra load might negatively impact the performance of your vRealize Automation production instance.
  • vRealize Code Stream does not support installation on an appliance that is configured for HA. Do not enable vRealize Code Stream on a vRealize Automation instance that is in HA mode. If you do, your vRealize Automation environment might become unstable.

To install the management pack, see the VMware vRealize Code Stream Management Pack for IT DevOps Installation Guide. You can download this guide when you download the management pack.

To enable vRealize Code Stream in the vRealize Automation Installation Wizard or the vRealize Automation Appliance Management Interface, select the Enable vRealize Code Stream check box.

If you apply your license without enabling vRealize Code Stream, you can enable vRealize Code Stream later. Apply the license again, and select Enable vRealize Code Stream. After you apply the license, you must restart the vRealize Automation appliance.

For more information, see:

Resolved Issues

  • Initial content creation process fails during installation at this step: Execute workflow to create configurationadmin user

    In the /var/log/messages there are two different executions of the create configurationadmin user process (run simultaneously, the number after shows that the processes are different): /usr/lib/vcac/agent/[18405]: info Executing vRO workflow for creating configurationadmin user... ... /usr/lib/vcac/agent/[18683]: info Executing vRO workflow for creating configurationadmin user... The first call creates the configuration admin user, and the second call is causing the failure.

  • IaaS Installer fails to start
    The IaaS Installer fails to start and displays this message: “A newer version of the product is already installed on this machine." This happens when the IaaS installer msi package fails to start after manually updating the IaaS Management Agent to the latest available version.

  • If you use the new Upgrade Shell Script in vRealize Automation 7.2, you must first upgrade to the latest Management Agent

    If you plan to run an automated upgrade of the IaaS components with the new Upgrade Shell Script, you must use the latest Management Agent available for download. Do not use the Management Agent that is included in the vRealize Automation 7.2 Virtual Appliance.


  • Security updates affect prerequisite checker
    In this release, the Installation Wizard prerequisite checker fails when Microsoft security updates 3098779 and 3097997 are present. However, the prerequisite checker can detect the updates and prompt you to remove them using the Fix option. Afterward, you can rerun the prerequisite checker as usual.

    Workaround: Allow the Installation Wizard to remove the security updates so that the prerequisite checker will work. Alternatively, you may manually remove the updates. After finishing the wizard, you may manually reinstall updates 3098779 and 3097997.

  • New After installation of vRealize Automation 7.1 or upgrade from vRealize Automation 7.0 to 7.1, the chosen custom background image on the login page is missing

    Customized branding present in vRealize Automation 7.0 is missing on the tenant login page after upgrade to vRealize Automation 7.1. Specified customized branding does not appear in a new installation of vRealize Automation 7.1.

  • An Active Directory that includes more than 15 user groups fails to list the groups when you sync the Active Directory

    If you have more than 15 groups, and you attempt to synchronize the Active Directory in the vRealize Automation management interface using Administration > Identity Stores Management > Identity Stores, only a few groups appear.

  • New Invalid service name present in Programming Guide example

    The Request an HTTP Bearer Token procedure in the Programming Guide for vRealize Automation 7.2 contains two invalid curl command line examples: https://$vRA/identities/api/tokens and In both examples, "identities" is an invalid service name.

  • Linked clone provisioning fails if snapshot is not available

    In previous releases, provisioning of a linked clone blueprint with a named snapshot (rather than current snapshot) would fail if the reservation selected was on a different vCenter than the original snapshot, even if the template virtual machine and snapshot were cloned to the target vCenter. The previous workaround was to set reservation policies so that the blueprint could only be provisioned to the original vCenter. The underlying issue is fixed so that linked clone blueprints can be provisioned to any dynamically selected reservation that has access to a snapshot of the same name as the snapshot specified in the blueprint. To apply this fix to existing linked clone blueprints, open the blueprint in the blueprint designer and save. You do not need to make a manual edit of the blueprint .

  • Some international keyboard mappings are not supported with remote console

    The VMWare HTML Console SDK has been updated to release 2.1 which adds support for additional keyboard mappings that is documented in the HTML Console SDK release notes.

Known Issues

The known issues are grouped as follows.

  • New Java update 1.8, versions u192, u201, and u202, are incompatible with 7.3 installations.

    The latest Java update 1.8, versions u192, u201, and u202, can cause problems with the IaaS Database installation if the automatic prerequisite fixes have not been applied.

    Workaround: Use java version 1.8 u191. Alternatively, you can install 7.3 with the automatic prerequisite fixes enabled to install the older Java version 1.8 u191 on the IaaS machines. After the installation completes, the newer Java version 1.8 u201 or u202 can be installed manually.

  • A migration can fail when syncing reservations from the IaaS database to the PostgreSQL database

    Failure generates this error message:Read timed out.

    Workaround: See Knowledge Base article 2149882.

  • NEW Custom updates in file for vRO are overidden after upgrading.

    Post upgrade, manually update the values as needed post upgrade and restart the VCO server to apply the changes.

  • Increased CPU load is present after upgrade from vRealize Automation 7.1 or 7.2 to 7.3

    When you upgrade  vRealize Automation 7.1 or 7.2 to 7.3, duplicate entries are added to the DynamicOps.Repository.WorkflowSchedules table in the IaaS database. The duplicate schedules are for metrics workflows. After upgrade, multiple metrics workflows running the same calculations at the same time increase the CPU load on the system.

    Workaround: See Knowledge Base article 2150239

  • Adding a new virtual server to an existing on-demand load balancer in a deployment fails  

    When you add a new virtual server to an existing on-demand load balancer in a deployment upgraded from a previous vRealize Automation 7.x version, the addition fails if this is the first reconfigure action on the load balancer since upgrade. The failure generates Error code: 14623 regarding “duplicate ports.” The failure happens because the system stores a default setting from previous versions. This failure does not affect anything else in the system. For  vRealize Automation 7.3 deployments, if you request to add a virtual server to a load balancer and make a change to another virtual server at the same time, the request fails and generates  the same error. 

    Workaround: For upgraded deployments: Perform a reconfigure action on the load balancer and edit a setting on any of the virtual servers. This corrects the problem of the system storing the default setting from previous versions. You can also do this on load balancers upgraded from previous versions or on load balancers that have the same failure.

    For upgraded load balancers and load balancers deployed in 7.3,  do not edit a virtual server and add a virtual server in the same request. Performing the edit action and the add action in separate requests prevents this failure.

  • New Endpoints are missing after upgrading to vRealize Automation 7.3

    After a successful upgrade to vRealize Automation 7.3, the Endpoints page in the vRealize Automation console does not display all the endpoints.

    Workaround: See Knowledge Base article 2150252.

  • New Unable to generate CSV file for bulk import due to duplicate entries

    After you log in to the vRealize Automation console, select Infrastructure > Administration > Bulk Imports, and click Generate CSV File, you see the following error message: "Error has occurred. For more information, see event logs on the IaaS server or contact your system administrator." In the Windows IaaS machine event logs, you see entries similar to this: "System.ArgumentException: An item with the same key has already been added." This problem occurs when the query used to retrieve blueprints for bulk import returns duplicate entries.

    Workaround: Use the cloudutil.exe utility to generate the CSV file by completing these steps.

    1. Download cloudutil.exe from the Windows installer download page on the vRealize Automation appliance: CloudUtil is the command line interface for the vRealize Automation Designer. You run the commands on the Windows machine where you are running the designer. The default installation location on the Windows machine is C:\Program Files (x86)\VMware\vCAC\vRealize Automation Designer.
    2. Generate the CSV file by running this command: CloudUtil.exe Machine-BulkRegisterExport
  • New When you upgrade to vRealize Automation 7.3 from an environment that is integrated with the current version of vRealize Business, the expense information appears as "not available" for all catalog Items in the vRealize Automation console

    This is temporary problem that will be resolved when you upgrade to the latest release of vRealize Business.

    Workaround: Upgrade to vRealize Business for Cloud 7.3.0.

    You can still view the expense information for vRealize Automation virtual machines in vRealize Business reports and other sections.

  • New After uninstalling WEBDAV as one of the prerequisites for upgrading a 2012 R2 IaaS machine, the configuration wizard displays an InternalServerError message.

    This message appears because the Repository App Pool is stopped: "Distributed Execution Manager cannot be upgraded because it points to a Management Model Web host :443 which cannot be validated. You must resolve this error before running the upgrade again: Model Manager Web Service is installed on host :443 but it is not up and running. HTTP Web response status code: InternalServerError."

    Workaround: Go to the Application Pools on the IIS server, start the Repository App Pool, and continue with the upgrade.

  • New After you upgrade a vRealize Automation clustered environment, one of the Xenon nodes is not running

    During upgrade, one of  the vRrealize Automation nodes is not started.

    Workaround: Check the status of each node on the Xenon tab in the management console. If one of the nodes is not running, start the node manually. As an alternative, you can open a SSH connection to each node and run "service xenon-service status." If the node is not running, run "service xenon-service start."

  • New When manually installing an IaaS Website component, the IaaS legacy GUI installer displays a certificate validation error.

    The error message appears when you click Next on the IaaS Server Custom Install page with the Website component selected. This error message is a false negative and appears even when you select the right option. The error prevents the installation of a vRealize Automation 7.3 IaaS Website component.

    Workaround: See Knowledge Base article 2150645.

  • New A Distributed Execution Manager (DEM) or Distributed Execution Manager Orchestrator (DEO) does not update when you upgrade to vRealize Automation 7.3.x. 

    The DEM or DEO IaaS component must be installed in the default location at c:\program files (x86)\vmware\vcac when you upgrade to vRealize Automation 7.3.x. If these components are not installed in the default location, they do not update during upgrade.

    Workaround: See Knowledge Base article 2150517.

  • New Removing a host with more than 400 containers fails with serialization error

    In vRealize Automation 7.2 and 7.3, trying to remove a container host with more than 400 containers can fail with serialization error.

    Workaround: Remove the containers 400 at a time from the host using the vRealize Automation console, API, or CLI, and then remove the container host.

Configuring and Provisioning
  • When a user requests reconfiguration of a machine's network path and the original network path is not selected in the machine's reservation, the request appears to succeed and vRealize Automation silently deletes the machine's network card record from its database. No change is made to the actual machine.

    Reconfiguring a machine's network path when the original network path is not selected in the machine's reservation is not supported. Any request to do so is intended to fail with an appropriate error message. Instead, it appears to succeed and silently deletes the machine's network card record from the vRealize Automation database. The actual machine is not affected.

    Workaround: None. The vRealize Automation view of the machine with respect to its network card record will be restored to its original state the next time data collection is run for the associated cluster.

  • Following a failover of the vRealize appliance, the Health page can be slow to load

    If the Health page is open before the vRealize appliances  fail over,  the page can take up to 15 minutes to load for the first time after the fail over.

    Workaround: Restore the functionality of the first appliance or restart the vcac-server service on the running appliance.

  • Price for a deployment is not accurate when the blueprint contains an image component profile

    When an image component profile is selected at authoring time, the clone disk size is unknown when a user requests a machine. When the user requests the price of a machine, the displayed price is not accurate. The price does not include the clone disk in the template that was selected as part of the image component profile.

    Workaround: When a user requests a catalog item, the deployment cost is corrected by vRealize Business after vRealize Business includes the clone disk  size that the machine uses.

  • A Destroy operation performed on a cluster member prevents scale out or scale in actions from working as expected

    When you manually destroy a machine that is part of a multi-machine cluster, you can no longer perform reliable scale in or scale out post-provisioning actions. You introduce a count mismatch when you manually destroy one member of a cluster using the destroy action on the machine. With a count mismatch, a scale out operation assumes that the destroyed machine is still part of the cluster. This prevents a scale out operation from adding some or all of the needed machines. If the count is off by 1 machine and the cluster limit is 5, there can be at most 4 actual virtual machines and 1 phantom machine. For a scale in action, the composition service might attempt to scale in to a single machine, resulting in the destruction of all cluster members.

    Workaround: For deployments where scale out or scale in actions are enabled, do not entitle destroy actions. This prevents the creation of a count mismatch. If you think your deployment has a machine in a cluster that was manually destroyed, an administrator can check by counting the number of cluster members that appear on the Deployments page. If there is a cluster that has a destroyed virtual machine, redeploy the deployment and do not entitle destroy actions on the redeployed deployment.

  • Deployments with multiple load balancers incorrectly display load balancer virtual servers

    In deployments with multiple load balancers deployed in vRealize Automation 7.2 or earlier, each load balancer shows virtual servers from all of the load balancers present in the deployment.

    Workaround: None.

  • Unable to add a NAT port forwarding rule to a deployed on-demand NAT network associated with a third-party IPAM provider

    When you add a NAT port forwarding rule by using the Change NAT Rules post-provisioning action to a deployed on-demand NAT network associated with a third-party IPAM provider, the drop-down menu for the Component field does not display any data and cannot accept new data. This prevents you from adding a new rule.

    Workaround: None.

  • If a bound property is configured to be passed to a Windows CMD software script, the bound property is not received by the script at run time

    Passing bound input properties to a Windows CMD software script is not supported. All other software script types, such as bash or Windows PowerShell, support passing properties to software scripts as an array of values, but Windows CMD does not support the argument array (argv) type.

    Workaround: None.

  • After you have a successful test connection and you saved the endpoint with a valid thumbprint, the vSphere agent logs or DEM logs contain error messages about a closed connection, the inability to establish a trust relationship, or a remote certificate is invalid

    In vRealize Automation 7.3,  vSphere and NSX endpoints have certificate validation enabled. You can no longer use an untrusted certificate with these endpoints. Although you can use the Test Connection button  to validate the certificate thumbprint on these endpoints, if the certificate is generated so that the root certificate in the certificate chain is not self signed, the certificate validation process for these two endpoints can fail and cause a functional failure in data collection, provisioning, or post-provisioning actions.


    For vSphere

    Download the root certificate in the endpoint certificate chain.

    • For vCenter endpoint 6.0 or later, see
    • For vCenter endpoint 5.5 or earlier, download the ROOT certificate from the endpoint certificate's certification path.

    Complete these steps.

    1. First download the endpoint certificate by accessing the endpoint directly in the browser.
    2. Go to Certification Path to get the root certificate.
    3. Download the root certificate in the chain.
    4. Install the certificate in the Trusted root store of the Agent and DEM machines.

    For the NSX Endpoint

    1. Download the endpoint certificate by accessing the endpoint directly in the browser.
    2. Go to Certification Path to get the root certificate.
    3. Download the root certificate in the chain.
    4. Install the certificate in the Trusted root store of the DEM machines.
  • New The Reconfigure Load Balancer post-provisioning action fails for a blueprint imported from YAML

    Sometimes when you perform the reconfigure load balancer post-provisioning action on a deployment, the action fails. This happens when the blueprint associated with the deployment is imported from a YAML file containing an on-demand load balancer with a value in the name field that is different from the value in the ID field.

    Workaround: None.

    Perform the following steps to fix the blueprint to allow post-provisioning actions to run on the load balancer in future deployments.

    1. In the vRealize Automation consol, select the blueprint that does not have matching values in the name and ID fields.
    2. Click Edit and re-enter the load balancer component name.
    3. Save the blueprint. This sets both the name and ID values embedded in the blueprint to the same value.

    When you provision a new deployment using the edited blueprint, the reconfigure load balancer action works. You can avoid this problem if you ensure that all YAML files have identical name and ID values in each on-demand load balancer component.

  • New Opening a secure HTTP connection to the vRealize Automation appliance using Tls1.0 protocol is still supported on ports 443 and 8283

    If you open a connection or make an API call to the vRealize Automation appliance on port 443 for the vRealize Automation server, vRealize Orchestrator server or the vIDM server or on port 8283 for the vRealize Orchestrator configurator server, then the TLS1.0 protocol for SSL is still supported.


    Note: The following workaround for disabling TLS1.0 is for temporary use and should not be applied during upgrade. If TLS1.0 is disabled by this workaround, then the upgrade logic for this appliance could be broken. The recommendation for the customer is to wait for an official build with the fix for disabling TLS1.0 protocol.

    1. Open an SSH session on the Master vRealize Automation appliance in your deployment. If your environment has a single vRealize Automation appliance, open an SSH session on this appliance.

    2. Edit the following files:


    frontend https-in


    - bind ssl crt /etc/apache2/server.pem ciphers !aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:@STRENGTH no-sslv3

    + bind ssl crt /etc/apache2/server.pem ciphers !aNULL:!eNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:@STRENGTH no-sslv3 no-tlsv10



    frontend https-in-vro-config


    - bind :::8283 v4v6 ssl crt /opt/vmware/etc/lighttpd/server.pem ciphers TLSv1+HIGH:!aNULL:!eNULL:!3DES:!RC4:!CAMELLIA:!DH:!kECDHE:@STRENGTH no-sslv3

    + bind :::8283 v4v6 ssl crt /opt/vmware/etc/lighttpd/server.pem ciphers TLSv1+HIGH:!aNULL:!eNULL:!3DES:!RC4:!CAMELLIA:!DH:!kECDHE:@STRENGTH no-sslv3 no-tlsv10


    3. Run: service haproxy restart

    4. Run: /usr/sbin/vcac-config cluster-config-ping-nodes --services haproxy

    Now each vRealize Automation appliance in your environment should no longer support TLS1.0 for secure connections on ports 443 and 8283.

  • New  A colon (:) used as a separator is not recognized correctly in a YAML file when you create a Windows container blueprint

    This problem happens when you create a blueprint with a container volume where the container path and the host path both include a Windows drive letter with a colon, for example D:/DBFILES/:c:/temp/. After you save and open the blueprint, the container path and host path value is not recognized correctly because the first colon from the drive letter is misinterpreted as a separator..

    Workaround: None.

  • New The Change NAT Rules post-provisioning action fails for a blueprint imported from YAML

    When invoked on a deployment, the Change NAT Rules post-provisioning action fails with the following error: Failed to invoke deployment update request [{Could not determine current component state for nat1}]. This happens when the blueprint associated with the deployment is imported from a YAML file containing an on-demand NAT network that has non-identical values in its name and ID fields.

    Workaround: None. Perform these steps to fix the blueprint.

    1. Edit the associated blueprint in the vRealize Automation console and re-select the desired parent network profile for the on-demand NAT network.
    2. Save the blueprint.

    This sets both the name and ID values embedded in the blueprint to the same value. When you provision a new deployment using the blueprint, the Change NAT Rules action works. You can avoid this problem if you ensure that all YAML files specify identical name and ID values in each on-demand NAT network component.

  • New The download links on the Guest and Software Agent Installers page for the Java Runtime Environment for Linux are incorrect

    These links appear in the Linux Software Installers section.

    • vmware-jre-1.8.0_121-fcs.i586.rpm
    • vmware-jre-1.8.0_121-fcs.x86_64.rpm

    When you click one of these links, a new page opens and displays an HTTP Status 404 – Not Found error. 


    To download these RPM files;

    1. Replace the file name in the URL that appears in the browser address field after you click the link.

    • Replace vmware-jre-1.8.0_121-fcs.i586.rpm with vmware-jre-1.8.0_121-fcs_b31.i586.rpm.
    • Replace vmware-jre-1.8.0_121-fcs.x86_64.rpm with vmware-jre-1.8.0_121-fcs_b31.x86_64.rpm.

    For example:

    •​ /software/download/vmware-jre-1.8.0_121-fcs_b31.x86_64.rpm
    • /software/download/vmware-jre-1.8.0_121-fcs_b31.i586.rpm

    2. Press Enter.

    Even though the error message remains in the browser, the file downloads successfully.

  • New Editing a Connector Auth Adapter can require login

    Administrators can use the vRealize Automation console to configure Auth Adapters for Connectors corresponding to a directory within 30 minutes of logging in to the console. I f an administrator attempts to perform this configuration after 30 minutes, a login page is displayed and authentication is required.

    Workaround: Log in to the console again with administrator credentials.

  • NEW The root partition runs out of storage space

    Improper log rotation in /var/lib/vrhb can lead to high utilization on the root partition which eventually fills the / partition.

    Workaround: See Knowledge Base article 2151693.

  • NEW Cannot reprovision a virtual machine that was provisioned with System Center Virtual Machine Manager (SCVMM)

    Before vRealize Automation 7.3, when you reprovisioned a virtual machine that was provisioned with SCVMM, reprovisioning failed with this error message: "Workflow 'ScvmmCreateVM' failed with the following exception:DynamicOps.Repository.Activities.PowerShellException: You cannot call a method on a null-valued expression."

    This problem was fixed in 7.3. However, if you upgraded your system to 7.3 from a previous version, any machine provisioned with SCVMM before the upgrade still fails reprovisioning.


    Complete these steps.

    1. Log in to the SCVMM Virtual Machine Manager Console.
    2. In the left menu, click Click Library > Templates.
    3. In the right pane table, sort the templates by name.
    4. Delete all templates that have the prefix TemporaryTemplate, followed by a GUID containing a string of letters and numbers.
    5. After you delete the templates, reprovision your virtual machines.
  • New Recalculating binding settings in Form Designer

    After constraints are calculated for a field in the Form Designer, the minimum and maximum bindings are only recalculated when a blueprint is requested.

    Workaround: None

  • New Define Virtual Server Distribution Settings procedure contains unsupported HTTPS traffic pattern

    Define Virtual Server Distribution Settings procedure contains the following substep.

    Select SSL Session ID to support one of the following supported HTTPS traffic patterns:

    • SSL Passthrough - Client -> HTTPS-> LB (SSL passthrough) -> HTTPS -> server
    • Client - HTTP-> LB -> HTTP -> servers

    If you select the Client - HTTP pattern, the system uses the SSL Passtrough - Client traffic pattern instead. vRealize Automation does not support the Client - HTTP traffic pattern.

    Workaround. Do not select the Client - HTTP traffic pattern.

Previous Known Issues

To view a list of previous known issues, click here.