Updated on: 06 JUN 2017
vRealize Automation | 25 MAY 2017 | Build 5610496
Check regularly for additions and updates to these release notes.
What's in the Release NotesThe release notes cover the following topics:
- What's New
- System Requirements
- Before You Upgrade
- Resolved Issues
- Known Issues
- Previous Known Issues
The vRealize Automation 7.3 release includes resolved issues and the following new capabilities.
Parameterized Blueprints to Enhance Reusability and Reduce Sprawl
- Introduced component profiles for defining both size and image attributes, enabling "T-shirt sizing" as a request item
- Component profiles provided for image and virtual machine size including CPU, memory, and storage size
- Efficiently manage blueprints by leveraging abstracted component profiles
- Increase reusability while significantly reducing blueprint sprawl
- Trigger approval policies on size or image conditions
- Import or export of component profiles using vRealize CloudClient
- Automatically substitute component profile values
Policy-Based Optimization of Virtual Machine Placement
- Requires vRealize Operations Manager 6.6, which will be released soon
- Maximize your infrastructure investment by optimizing placement
- Combine vRealize Automation governance with performance based insight to optimize placement
- Place Virtual Machines according to performance goals, using multiple algorithms
- Balance for maintaining maximum headroom in case of spikes
- Consolidate to leave space for large workloads
Enhanced Control of NSX-Provisioned Load Balancers
Enhanced NAT Port Forwarding Rules
- NSX on-demand NAT
- Port forwarding rules can be configured at design time
- Rules can be ordered
- Rules can be added, removed, and reordered after you create them
NSX Security Group and Tag Management
- Able to add existing NSX security groups or tags to a running application
- Able to disassociate NSX security groups and tags from applications
High Availability Automated for NSX Edge Services
- Edge high-availability mode in the blueprint provides high availability for all edge services to an application when it is deployed
- Configurable per blueprint based on application availability needs
- Use custom properties to determine high availability at request time
- Adds high availability for load balancing, NAT, firewall, and so on
NSX Edge Size Selection
- Able to specify deployment size for NSX Edge Services Gateway (ESG)
- Configurable per-blueprint based on application needs or scale
- Uses custom properties for size selection at request time
Configuration Automation Framework - Puppet Integration
- Configuration management as first-class citizen
- Make plug-in invisible to customers and enable actions in the blueprint design canvas
- Ability to drag-and-drop configuration management notes and dynamically assign roles on the design canvas
- First implementation with Puppet
- Register Puppet Master as an endpoint
- Drag-and-drop Puppet node
- Dynamically query Puppet Master, environment, and roles
- Support late binding and early binding options
- Support post-provisioning actions, such as unregister and delete
Improvements to Installation, Upgrade, Migration
- New installation API extensions
- Trigger initial content creation
- Invoke self-signed certificate generation
- Certificate replacement in vRealize Automation, IaaS web, and IaaS Microsoft SQL
- New upgrade API extensions
- List all available versions for upgrade
- Get download status of upgrade packages
- Do pre-upgrade check for the selected version
- Get approximate upgrade time estimation
- Get status progress of the upgrade
- Automated migration from vRealize Automation 7.x to 7.3
- Ability to a generate certificate signing request (CSR) in install wizard
REST API Improvements
- Use case based REST API samples using Postman for many of the commonly used vRealize Automation use cases now available on GitHub
- New and Improved Swagger documentation for all of the vRealize Automation REST APIs available on code.vmware.com
- Enhanced vRealize Automation Programming Guide providing information about the vRealize Automation REST APIs that is easier to use and navigate
Improvements to High Availability
- Automated failover of PostgreSQL database
- Automated failover of IaaS Manager Service
- Enhanced RabbitMQ recovery
- Support for multiple NICs in the vRealize Automation appliance
Enhanced vRealize Business for Cloud Integration - Cloud Management Platform
- Consistent terminology across vRealize Automation and vRealize Business for Cloud
- No derived costing in vRealize Automation - vRealize Business for Cloud is the single source of truth for all pricing information
- Accurate pricing for fault-tolerant enabled machines and Azure blueprints
- Pricing updated after these post-provisioning actions:
- Reconfigure machine
- Scale-in or scale-out
- Import machine
- Audit logging framework object types:
- Workflow Subscription
- Fabric Groups
- Endpoints (Infrastructure)
- Send audit logs to vRealize Log Insight or syslog server using Log Insight agent
- Configurable retention period
- Health Service as a feature in the vRealize Automation console
- Role-based and tenanted access to health data
- Configure multiple vRealize Automation instances to monitor
- Scheduled and on-demand test runs
- REST API
- Enables integration with vRealize Operations/SDDC Health Dashboard or third party tools
- Full REST interface for performing health service system management tasks
Destroy Virtual Machine Enhancement - Force Destroy
- Workload maintainability
- Safely ignores any failures interrupting the destroy process
- Efficient clean-up of failed deployments
- Improved stable management of workloads
- Applies to entire deployment
Syntax Highlighting for Software Lifecycle Scripts
- Enhanced interface
- Elegant syntax highlighting for software lifecycle scripts (app authoring)
- Intuitive color-coding standards
- Improves productivity and reduces scripting errors
New Business Group User Role
Allows for shared resource access and management
Enhancements to Custom Properties
- Software components now able to to consume custom properties
- Handling of secure custom properties improved
Extended External IPAM Vendor Framework
- Added support for on-demand NAT networks
- Supports one-to-many and one-to-one static IP addresses
Endpoint Configuration Service - Streamlined Endpoint Management
- Enhanced to support a schema-driven user interface
- Provides greater capability, control, and a unified experience when managing endpoints in vRealize Automation
- Allows configuration of endpoints that require inter-endpoint relationships
- Enhanced UI controls and customer experience
- NSX is now a separate endpoint, no longer part of the vSphere endpoint configuration
- Endpoint configuration validation checks for valid URL, credentials, and certificates
- Certification trust verification
- Provides a two-step process for resolving untrusted certificates. When you test an endpoint connection, you must accept the certificate and approve your acceptance of the certificate by clicking OK on the edit endpoint.
- Ability to accept self-signed certificates
Azure Public Cloud Service Design Enhancements
- Select, drag-and-drop software components on Azure machines in the blueprint designer
- Specify software properties on the blueprint designer and on the request form
- Pre-populated forms and dropdowns
vRealize Orchestrator Control Center RBAC
- All users are able to log in, not just the root user
- Trace execution and logs for workflow-based vRealize Automation requests, based on user role
- Troubleshoot requests based on user role
- Reuse and extend privileges and roles from vRealize Automation
IT Process Automation with Updated SDDC Support
- All storage policy based objects are now accessible through API in vRealize Orchestrator and vRealize Automation
- New vCenter Server plug-in provided with vRealize Orchestrator
- Updated AMQP, REST and PowerShell plug-ins
vRealize Automation and ServiceNow Enhancements
- View and request AWS catalog items from the ServiceNow portal
- Seamless integration with the ServiceNow governance engine
- CMDB and post-provisioning actions support
- Supported for vRealize Automation 7.3 and ServiceNow Helsinki and Istanbul
VMware Admiral Integration
- Supports collaboration between cloud administrators and development teams for traditional, containerized, and hybrid applications
- Enables a balance between the operational control of traditional applications and the flexibility that containers offer
- New capabilities including persistent volume support, improved container networking, and host management
Enhanced Event Log Functionality
- System level integration with external SYSLOG compatible log management systems
- Supports VMware Log Insight server
- Configurable through VAMI and secured by default
- Predefined set of auditable objects and an option to turn on auditing for all other IaaS object types included
Audit Logging Enabled by Default for the Following Items
- Fabric Groups
- Workflow subscriptions
- Configuration API for the following items:
- Setting the event logs retention period
- Filtering certain target types from being processed by the event log
- Purging old event log messages from local database
Documentation Updated to Support All New Capabilities
For information about supported host operating systems, databases, and Web servers, see the vRealize Automation Support Matrix.
For prerequisites and installation instructions, see Installing vRealize Automation.
For vRealize Automation 7.3 documentation, see VMware vRealize Automation 7.3 Information Center.
Before You Upgrade
For general guidance, see Upgrading vRealize Automation.
The vRealize Production Test Upgrade Assist Tool analyzes your vRealize Automation 6.2.x environment for any feature configuration that can cause upgrade issues and checks that your environment is ready for upgrade. To download this tool and related documentation, go to the VMware vRealize Production Test Tool Download Product page.
Using Your License to Enable vRealize Code Stream
You can now use your vRealize Automation license to enable vRealize Code Stream for your vRealize Automation environments. The vRealize Automation license allows you to unlock vRealize Code Stream so that you can use it with the vRealize Code Stream Management Pack for IT DevOps.
You must install the vRealize Code Stream Management Pack on a separate and dedicated appliance that has vRealize Automation and vRealize Code Stream enabled in a non-HA (High Availability) mode. For more information, see the vRealize Code Stream Reference Architecture Guide. You cannot install the vRealize Code Stream Management Pack on your existing vRealize Automation production instance for the following reasons:
- The extra load might negatively impact the performance of your vRealize Automation production instance.
- vRealize Code Stream does not support installation on an appliance that is configured for HA. Do not enable vRealize Code Stream on a vRealize Automation instance that is in HA mode. If you do, your vRealize Automation environment might become unstable.
To install the management pack, see the VMware vRealize Code Stream Management Pack for IT DevOps Installation Guide. You can download this guide when you download the management pack.
To enable vRealize Code Stream in the vRealize Automation Installation Wizard or the vRealize Automation Appliance Management Interface, select the Enable vRealize Code Stream check box.
If you apply your license without enabling vRealize Code Stream, you can enable vRealize Code Stream later. Apply the license again, and select Enable vRealize Code Stream. After you apply the license, you must restart the vRealize Automation appliance.
For more information, see:
- vRealize Code Stream Information Center. See vRealize Code Stream Installation and Apply a vRealize Code Stream License to an Appliance.
- vRealize Automation Information Center. See Licensing vRealize Code Stream.
- Initial content creation process fails during installation at this step: Execute workflow to create configurationadmin user
In the /var/log/messages there are two different executions of the create configurationadmin user process (run simultaneously, the number after va-agent.py shows that the processes are different): /usr/lib/vcac/agent/va-agent.py: info Executing vRO workflow for creating configurationadmin user... ... /usr/lib/vcac/agent/va-agent.py: info Executing vRO workflow for creating configurationadmin user... The first call creates the configuration admin user, and the second call is causing the failure.
IaaS Installer fails to start
The IaaS Installer fails to start and displays this message: “A newer version of the product is already installed on this machine." This happens when the IaaS installer msi package fails to start after manually updating the IaaS Management Agent to the latest available version.
- If you use the new Upgrade Shell Script in vRealize Automation 7.2, you must first upgrade to the latest Management Agent
If you plan to run an automated upgrade of the IaaS components with the new Upgrade Shell Script, you must use the latest Management Agent available for download. Do not use the Management Agent that is included in the vRealize Automation 7.2 Virtual Appliance.
Security updates affect prerequisite checker
In this release, the Installation Wizard prerequisite checker fails when Microsoft security updates 3098779 and 3097997 are present. However, the prerequisite checker can detect the updates and prompt you to remove them using the Fix option. Afterward, you can rerun the prerequisite checker as usual.
Workaround: Allow the Installation Wizard to remove the security updates so that the prerequisite checker will work. Alternatively, you may manually remove the updates. After finishing the wizard, you may manually reinstall updates 3098779 and 3097997.
- Linked clone provisioning fails if snapshot is not available
In previous releases, provisioning of a linked clone blueprint with a named snapshot (rather than current snapshot) would fail if the reservation selected was on a different vCenter than the original snapshot, even if the template virtual machine and snapshot were cloned to the target vCenter. The previous workaround was to set reservation policies so that the blueprint could only be provisioned to the original vCenter. The underlying issue is fixed so that linked clone blueprints can be provisioned to any dynamically selected reservation that has access to a snapshot of the same name as the snapshot specified in the blueprint. To apply this fix to existing linked clone blueprints, open the blueprint in the blueprint designer and save. You do not need to make a manual edit of the blueprint .
- Some international keyboard mappings are not supported with remote console
The VMWare HTML Console SDK has been updated to release 2.1 which adds support for additional keyboard mappings that is documented in the HTML Console SDK release notes.
The known issues are grouped as follows.Upgrade
- A migration can fail when syncing reservations from the IaaS database to the PostgreSQL database
Failure generates this error message:Read timed out.
Workaround: See Knowledge Base article 2149882.
- Increased CPU load is present after upgrade from vRealize Automation 7.1 or 7.2 to 7.3
When you upgrade vRealize Automation 7.1 or 7.2 to 7.3, duplicate entries are added to the DynamicOps.Repository.WorkflowSchedules table in the IaaS database. The duplicate schedules are for metrics workflows. After upgrade, multiple metrics workflows running the same calculations at the same time increase the CPU load on the system.
- Adding a new virtual server to an existing on-demand load balancer in a deployment fails
When you add a new virtual server to an existing on-demand load balancer in a deployment upgraded from a previous vRealize Automation 7.x version, the addition fails if this is the first reconfigure action on the load balancer since upgrade. The failure generates Error code: 14623 regarding “duplicate ports.” The failure happens because the system stores a default setting from previous versions. This failure does not affect anything else in the system. For vRealize Automation 7.3 deployments, if you request to add a virtual server to a load balancer and make a change to another virtual server at the same time, the request fails and generates the same error.
Workaround: For upgraded deployments: Perform a reconfigure action on the load balancer and edit a setting on any of the virtual servers. This corrects the problem of the system storing the default setting from previous versions. You can also do this on load balancers upgraded from previous versions or on load balancers that have the same failure.
For upgraded load balancers and load balancers deployed in 7.3, do not edit a virtual server and add a virtual server in the same request. Performing the edit action and the add action in separate requests prevents this failure.
- New Endpoints are missing after upgrading to vRealize Automation 7.3
After a successful upgrade to vRealize Automation 7.3, the Endpoints page in the vRealize Automation console does not display any endpoints.
Workaround: See Knowledge Base article 2150252.
- New Unable to generate CSV file for bulk import due to duplicate entries
After you log in to the vRealize Automation console, select Infrastructure > Administration > Bulk Imports, and click Generate CSV File, you see the following error message: "Error has occurred. For more information, see event logs on the IaaS server or contact your system administrator." In the Windows IaaS machine event logs, you see entries similar to this: "System.ArgumentException: An item with the same key has already been added." This problem occurs when the query used to retrieve blueprints for bulk import returns duplicate entries.
Workaround: Use the cloudutil.exe utility to generate the CSV file by completing these steps.
- Download cloudutil.exe from the Windows installer download page on the vRealize Automation appliance: https://vra-va-hostname.domain.name:5480/installer/. CloudUtil is the command line interface for the vRealize Automation Designer. You run the commands on the Windows machine where you are running the designer. The default installation location on the Windows machine is C:\Program Files (x86)\VMware\vCAC\vRealize Automation Designer.
- Generate the CSV file by running this command: CloudUtil.exe Machine-BulkRegisterExport
- New When you upgrade to vRealize Automation 7.3 from an environment that is integrated with the current version of vRealize Business, the expense information appears as "not available" for all catalog Items in the vRealize Automation console
This is temporary problem which should be resolved when you upgrade to the next release of vRealize Business.
You can still view the expense information for vRealize Automation virtual machines in vRealize Business reports and other sections.
- When a user requests reconfiguration of a machine's network path and the original network path is not selected in the machine's reservation, the request appears to succeed and vRealize Automation silently deletes the machine's network card record from its database. No change is made to the actual machine.
Reconfiguring a machine's network path when the original network path is not selected in the machine's reservation is not supported. Any request to do so is intended to fail with an appropriate error message. Instead, it appears to succeed and silently deletes the machine's network card record from the vRealize Automation database. The actual machine is not affected.
Workaround: None. The vRealize Automation view of the machine with respect to its network card record will be restored to its original state the next time data collection is run for the associated cluster.
- Following a failover of the vRealize appliance, the Health page can be slow to load
If the Health page is open before the vRealize appliances fail over, the page can take up to 15 minutes to load for the first time after the fail over.
Workaround: Restore the functionality of the first appliance or restart the vcac-server service on the running appliance.
- Price for a deployment is not accurate when the blueprint contains an image component profile
When an image component profile is selected at authoring time, the clone disk size is unknown when a user requests a machine. When the user requests the price of a machine, the displayed price is not accurate. The price does not include the clone disk in the template that was selected as part of the image component profile.
Workaround: When a user requests a catalog item, the deployment cost is corrected by vRealize Business after vRealize Business includes the clone disk size that the machine uses.
- A Destroy operation performed on a cluster member prevents scale out or scale in actions from working as expected
When you manually destroy a machine that is part of a multi-machine cluster, you can no longer perform reliable scale in or scale out post-provisioning actions. You introduce a count mismatch when you manually destroy one member of a cluster using the destroy action on the machine. With a count mismatch, a scale out operation assumes that the destroyed machine is still part of the cluster. This prevents a scale out operation from adding some or all of the needed machines. If the count is off by 1 machine and the cluster limit is 5, there can be at most 4 actual virtual machines and 1 phantom machine. For a scale in action, the composition service might attempt to scale in to a single machine, resulting in the destruction of all cluster members.
Workaround: For deployments where scale out or scale in actions are enabled, do not entitle destroy actions. This prevents the creation of a count mismatch. If you think your deployment has a machine in a cluster that was manually destroyed, an administrator can check by counting the number of cluster members that appear on the Deployments page. If there is a cluster that has a destroyed virtual machine, redeploy the deployment and do not entitle destroy actions on the redeployed deployment.
- Deployments with multiple load balancers incorrectly display load balancer virtual servers
In deployments with multiple load balancers deployed in vRealize Automation 7.2 or earlier, each load balancer shows virtual servers from all of the load balancers present in the deployment.
- Unable to add a NAT port forwarding rule to a deployed on-demand NAT network associated with a third-party IPAM provider
When you add a NAT port forwarding rule by using the Change NAT Rules post-provisioning action to a deployed on-demand NAT network associated with a third-party IPAM provider, the drop-down menu for the Component field does not display any data and cannot accept new data. This prevents you from adding a new rule.
- If a bound property is configured to be passed to a Windows CMD software script, the bound property is not received by the script at run time
Passing bound input properties to a Windows CMD software script is not supported. All other software script types, such as bash or Windows PowerShell, support passing properties to software scripts as an array of values, but Windows CMD does not support the argument array (argv) type.
- After you have a successful test connection and you saved the endpoint with a valid thumbprint, the vSphere agent logs or DEM logs contain error messages about a closed connection, the inability to establish a trust relationship, or a remote certificate is invalid
In vRealize Automation 7.3, vSphere and NSX endpoints have certificate validation enabled. You can no longer use an untrusted certificate with these endpoints. Although you can use the Test Connection button to validate the certificate thumbprint on these endpoints, if the certificate is generated so that the root certificate in the certificate chain is not self signed, the certificate validation process for these two endpoints can fail and cause a functional failure in data collection, provisioning, or post-provisioning actions.
Download the root certificate in the endpoint certificate chain.
- For vCenter endpoint 6.0 or later, see http://kb.vmware.com/kb/2108294.
- For vCenter endpoint 5.5 or earlier, download the ROOT certificate from the endpoint certificate's certification path.
Complete these steps.
- First download the endpoint certificate by accessing the endpoint directly in the browser.
- Go to Certification Path to get the root certificate.
- Download the root certificate in the chain.
- Install the certificate in the Trusted root store of the Agent and DEM machines.
For the NSX Endpoint
- Download the endpoint certificate by accessing the endpoint directly in the browser.
- Go to Certification Path to get the root certificate.
- Download the root certificate in the chain.
- Install the certificate in the Trusted root store of the DEM machines.
- New The Reconfigure Load Balancer post-provisioning action fails for a blueprint imported from YAML
Sometimes when you perform the reconfigure load balancer post-provisioning action on a deployment, the action fails. This happens when the blueprint associated with the deployment is imported from a YAML file containing an on-demand load balancer with a value in the name field that is different from the value in the ID field.
Perform the following steps to fix the blueprint to allow post-provisioning actions to run on the load balancer in future deployments.
- In the vRealize Automation consol, select the blueprint that does not have matching values in the name and ID fields.
- Click Edit and re-enter the load balancer component name.
- Save the blueprint. This sets both the name and ID values embedded in the blueprint to the same value.
When you provision a new deployment using the edited blueprint, the reconfigure load balancer action works. You can avoid this problem if you ensure that all YAML files have identical name and ID values in each on-demand load balancer component.
To view a list of previous known issues, click here.
The earlier known issues are grouped as follows.
Database configuration fails during fresh installation of vRealize Automation 7.2 on Windows Turkish language version
If the IaaS Server is the Windows Turkish language version, the vRealize Automation Installation Wizard fails during database configuration and displays this error message: MSB3073.
Workaround: This issue is expected to be resolved in a future release.
vRealize Automation 7.1 does not support Microsoft SQL 2016 130 mode
The Microsoft SQL 2016 database created during the vRealize Automation wizard installation is in 100 mode. If you manually create an SQL 2016 database, it must also be in 100 mode. For related information, see the Microsoft article Prerequisites, Restrictions, and Recommendations for Always On Availability Groups.
The vRealize Automation appliance page does not load correctly
When using Internet Explorer 11 in Windows 2012 R2, the Web interface page for the vRealize Automation appliance does not load correctly.
Workaround: Use an alternate browser to access the vRealize Automation Web interface page.
- vRealize Automation migration from 6.x to 7.2 fails if the 7.2 target environment has a different vRealize Orchestrator admin group set as the default
The default vRealize Orchestrator admin group, vsphere.local/vcoadmin, should not be changed in the vRealize Orchestrator control center prior to migration.
Workaround: See Knowledge Base article 2148669.
STOMP client cannot establish connection after upgrading tcServer to version 3.2
In vRealize Automation 7.2, the IaaS Manager Service only supports REST polling as the connection mechanism when communicating with the event broker service. The Extensibility.Client.RetrievalMethod configuration setting is ignored.
If telemetry is disabled before you upgrade vRealize Automation from 6.2.4 or 6.2.5 to 7.2, the telemetry tab in the vRealize Automation appliance management console might show an error
This message might appear after upgrade: Error: Unable to determine next run time. Please re-enable or disable telemetry. This message appears because no telemetry data is being collected, and so the system cannot determine a proper next running time. When this is the case, no telemetry functions can occur.
Workaround: Choose to enable or disable telemetry using the Join the VMware Customer Experience Improvement Program checkbox and click Save Settings.
After installation of vRealize Automation 7.1 or upgrade from vRealize Automation 7.0 to 7.1, the chosen custom background image on the login page is missing
Customized branding present in vRealize Automation 7.0 is missing on the tenant login page after upgrade to vRealize Automation 7.1. Specified customized branding does not appear in a new installation of vRealize Automation 7.1.
Workaround: There is no workaround.
Migration of native Active Directory fails with errors
At present, the SSO migration utility does not transfer an automated native Active Directory during the vRealize Automation migration process.
Workaround: If you manually configure and launch native Active Directory, you can migrate Active Directory successfully. You must do this after you complete the vRealize Automation migration process.
IaaS node migration from vRealize Automation 6.2.4 to 7.1 fails when PostgreSQL server instance name contains non-ASCII characters
Workaround: Use the Migrate a vRealize Automation Environment with an IaaS Database Backup procedure to migrate your vRealize Automation 6.2.4. environment to 7.1.
IaaS Management Agent configuration is corrupted after upgrade from a vRealize Automation 6.2.3 or earlier high-availability environment to 7.1
After upgrade from vRealize Automation 6.2.2 to 7.1, the IaaS Management Agent cannot be started. An error message reports a missing node ID in the Management Agent configuration file.
Workaround: See Knowledge Base article 2146550.
Scale in or scale out actions fail in an upgraded deployment
Scale in or scale out actions are not supported for bulk-import deployments or deployments upgraded from vRealize Automation 6.x.
Workaround: There is no workaround. New deployments made from blueprints after upgrade support scale in or scale out actions.
When you log in to the vRealize Automation appliance management console, an error message appears
After you log in with the proper credentials, you receive an error message stating "Invalid server response. Please try again." This is caused by a problem with the browser cache.
Workaround: Log out, clear your browser cache, and log in again.
Certain blueprints cannot be fully upgraded due to failures in updating catalog resources
Upgraded multi-machine blueprints that contain on-demand networks or load balancer settings might not be fully functional after you upgrade to vRealize Automation 7.x.
Workaround: After you upgrade, delete and re-create the deployments associated with multi-machine blueprints. All associated NSX Edge cleanup work must be done in NSX.
When you upgrade from vRealize Automation 6.2.0 to 7.0, vPostgres upgrade fails, and an error message appearsWorkaround: For information about how to recover from an RPM database corruption, see the article "RPM Database Recovery" at the RPM Web site RPM. After you fix the problem, run the upgrade again.
If the system has a corrupt RPM database, this error message appears during the upgrade process: Failed to install updates(Error while running pre-install scripts).
When you run the Prerequisite Checker, the checker fails with a warning about RegistryKeyPermissionCheck, but the instructions to correct the error do not work during installation
The Prerequisite Checker fails because it is case-sensitive for the user name.
Workaround: Temporarily change the user you specified to run the Management Agent Service on the Windows machine to another user, and then change back to the original user by using the correct case for the user name.
When you upgrade the Manager Service and DEM Orchestrator system, a name validation error message appears and the Model Manager Web host cannot be validated
The following error appears if the name of the load balancer changes in the
Distributed Execution Manager "NAME" Cannot be upgraded because it points to Management model web host "xxxx.xxxx.xxxx.net:443", which cannot be validated. You must resolve this error before running the upgrade again: Cannot validate Model Manager Web host. The remote certificate is invalid according to the validation procedure.
Workaround: Make the following changes to the ManagerService.exe.config configuration file. The default location is at
C:\Program Files (x86)\VMware\vCAC\Server\ManagerService.exe.config.
Change the registry values for all DEM instances. For example, the DEM instances in the following registry entries should both be updated.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware vCloud Automation Center DEM\DemInstanceId02]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware vCloud Automation Center DEM\DemInstanceId03]
Security updates affect silent installation
In this release, Microsoft security updates 3098779 and 3097997 prevent the new silent installation feature from working properly. The updates are the same ones that affect the Installation Wizard prerequisite checker.
- Azure virtual machine provisioning fails if the resource group name contains non-ascii characters
Workaround: Do not use non-ascii characters in a resource group name.
- State data collection returns only the Primary IP
This behavior can affect your ability to use Connect using RDP, Connect using SSH, or registering a virtual machine as container host in the container service and others that rely on accessing a virtual machine using the virtual machine IP address.
Workaround: This issue is expected to be resolved in a future release.
Internal error message appears when you add an Azure machine to a blueprint in the Design tab
When using an external vRealize Orchestrator server with vRealize Automation, Microsoft Azure integration is not available.
Workaround: Export the Azure plug-in and package from the internal vRealize Orchestrator on your vRealize Automation virtual appliance, and install or import the plug-in and package to your external vRealize Orchestrator. After you install the Azure plug-in or import the Azure package to your external vRealize Orchestrator, Microsoft Azure is supported in your vRealize Automation environment.
- Log in to the vRealize Orchestrator Control Center for the internal vRealize Orchestrator on your vRealize Automation virtual appliance. For instructions, see, Log in to the vRealize Orchestrator Configuration Interface.
- Under Plug-Ins, click Manage Plug-Ins.
- Find the Azure plug-in, and right-click Download plug-in in DAR file. Save the file to your desktop.
- Log in to the vRealize Orchestrator Control Center for your external vRealize Orchestrator. For instructions, see, Log in to the vRealize Orchestrator Configuration Interface.
- Under Plug-Ins, click Manage Plug-Ins.
- Under Install plug-in, click Browse, and locate the Azure DAR file that you downloaded to your desktop.
- Click Install. If prompted to confirm, click Install again.
- In the Control Center under Startup-Options, click Restart to finish installing the new plugin.
- Reboot all your vRealize Automation virtual appliances at the same time.
Microsoft Azure integration functionality should be restored.
If the integration does not function properly after the reboot, verify that the Azure package, com.vmware.vra.endpoint.azure, is present in the external vRealize Orchestrator. If the Azure package is not present, complete these steps.
- Log in to your internal vRealize Orchestrator client on your vRealize Automation virtual appliance.
- Export the Azure package, com.vmware.vra.endpoint.azure. For instructions, see, Export a Package.
- Log in to the vRealize Orchestrator client for your external vRealize Orchestrator.
- Import the Azure package, com.vmware.vra.endpoint.azure, to your external vRealize Orrchestrator. For instructions, see Import a Package.
Concurrent XaaS catalog requests calling Clone virtual machine, no customization workflow with 30 users causes some requests to fail
While requesting XaaS blueprints which invoke vRealize Orchestrator workflows to do some operations on slow endpoints at high concurrency, some of the requests might fail with the error java.net.SocketTimeoutException: Read timed out. vRealize Orchestrator workflows can also be re-triggered multiple times due to the requests timing out.
Workaround: Perform these steps on each vRealize Automation appliance node. The vcac.properties file is not preserved on upgrade. You must repeat these steps after upgrade.
- Open an SSH session on the vRealize Automation appliance.
- Edit /etc/vcac/vcac.properties to increase the client timeout to 10 minutes by adding the following line to the file: vco.socket.timeout.millis=600000
- At the command prompt, run this command to restart the vcac-server service: service vcac-server restart
- Inventory data collection stops during a vCenter Server HA (VCHA) failover
In rare cases, work items can get stuck in progress for a managed vSphere 6.5 endpoint during a VCHA failover.
Workaround: Restart the vRealize Automation vSphere agent. If data collection is still stuck in progress, contact GSS.
vRealize Automation blueprint deployments that include NSX objects fail when provisioning to a cluster where the NSX manager has the secondary role
In a cross-vCenter deployment of NSX, NSX universal objects, such as edge gateways, new virtual-wires, and load balancer must be provisioned utilizing the NSX manager that has the primary role. If you attempt to provision universal objects to a secondary NSX manager the process fails with an error. vRealize Automation does not support provisioning of NSX universal objects to a vSphere endpoint with network and security integration where the specified NSX manager has the secondary role.
Workaround: To be able to use NSX global objects, you must create region specific NSX local transport zone and virtual wires. Follow VMware KB 2147240 for details on this process within a VMware Validated Design..
Machines provisioned to Azure persist after you delete an Azure endpoint
Deleting an Azure endpoint leaves behind orphaned machines, blueprints and reservations. If you want to delete a certain Azure VM before you delete an Azure endpoint, delete it manually using the vRealize Automation console.
On a Mac, when you open a second VMware Remote Console for a single virtual machine, both consoles go blank
Although you can open more than one VMware Remote Console (VMRC) for a single virtual machine on Windows, VMRC does not support multiple sessions. On Windows, each console is a separate process; on a Mac each console attempts to show a single process..
Workaround: Close all VMRC instances and only open one VMRC for a given machine.
Reprovision of a managed virtual machine on vSphere 6.5 during a vCenter High Availability (VCHA) failover permanently deletes the virtual machine
During a VCHA failover with vSphere 6.5, if you have a reprovision in progress with a virtual machine on the same vSphere endpoint, the virtual machine can be destroyed. This is a rare event..
Workaround: Request the original blueprint for the destroyed virtual machine./p>
vRealize Automation invalid credentials error appears after a vCenter High Availability (VCHA) failover
After a VCHA failover on a managed vSphere 6.5 endpoint, the vRealize Automation logs might contain this error message for the endpoint: Cannot complete login due to an incorrect user name or password.
Workaround: Restart the vRealize Automation vCenter agent.
Changing a virtual machine reservation does not work when the owner is different
When the register operation is invoked on a managed IaaS virtual machine, the reservation used must belong to the current virtual machine owner. Only the current owner can be specified for the user parameter. If a user who is not the current owner is specified, the system records the virtual machine as belonging to one owner in IaaS and to a different owner in the catalog.
Workaround: Only use the Change reservation to an IaaS Virtual Machine workflow for reservations that belong to the current virtual machine owner.
Unable to select blueprints for bulk import of unmanaged machine on vRealize Automation 7.1 upgraded to 7.2
IaaS passes a lower-cased tenant ID to the API that retrieves blueprints for bulk import and not the case presented by the authorization service. If the user creates a tenant ID that uses mixed-case characters, for example Rainpole rather than rainpole, the lookup fails.
Workaround: Generate the CSV file without a blueprint name or component and then manually edit the CSV file with the desired values for those fields.
Nested containers do not support networks
You cannot add a network to a nested container.
Workaround: This issue is expected to be resolved in a future release.
Contents of window do not display properly after connecting to a virtual machine on vSphere 6.5 using remote console
When connecting to a machine hosted on a vSphere 6.5 endpoint using the remote console, the connection can fail or otherwise be unusable.
Workaround: Connect to the affected machine using the VMRC client application. Select Connect using VMRC.
Some components might not function as expected after you drag an existing inner blueprint into a current outer blueprint
Component settings can change depending on which blueprint the component is on. For example, if you include security groups, security tags, or on-demand networks at both the inner and outer blueprint levels, the settings in the outer blueprint override those in the inner blueprint. Network and security components are supported only at the outer blueprint level except for existing networks that work at the inner blueprint level.
Workaround: Add all your security groups, security tags, and on-demand networks only to the outer blueprint.
In a high availability environment, Horizon fails to perform authentication after failover
Workaround: After failover, restart the vRealize Automation appliance to restore authentication.
If you create a property group with a period in the group name, you cannot use the vRealize Automation user interface to edit the group
This issue occurs when you create a property group with a period in the group name, for example,
property.group. If you use the vRealize Automation user interface to edit this property group, a blank page appears. You can use the REST API to edit this property group.
Workaround: Avoid using a property group name that contains a period. If that is unavoidable, use the REST API to edit the group.
Loss of communication between IaaS and the common service catalog during destroy process leaves virtual machine in a disposing state
If communication is lost between IaaS and the common service catalog while the destroy request is in progress but before vRealize Automation removes the virtual machine record from the database, the machine remains in a disposing state. After communication is restored, the destroy request is updated to either successful or failed, but the machine is still visible. Although the machine is deleted from the endpoint, the name remains visible in vRealize Automation management interface.
When you change the vRealize Automation appliance host name, services are marked as unavailable
Workaround: If any services are unavailable after you change the host name, restart the vRealize Automation server.
When you join a Management Agent domain account on a cloned Windows Server 2012 to a domain, the Management Agent domain account loses its rights on the agent certificate private key
When you use a customization wizard to clone a machine in vSphere that is part of a domain, the machine is no longer part of that domain. When you rejoin the cloned machine to the domain, the following error message appears in the Management Agent log:
CryptographicException - Keyset does not exist.
Workaround: Resolve this issue use the following procedure to open and close the security settings for the private key of the certificate without making any changes.
- Locate the certificate by using the Microsoft Management Console Certificates snap-in. The snap-in displays the agent ID in its Friendly name text box.
- Select All Tasks > Manage Private Keys.
- Click Advanced.
- Click OK.
- Dragging an existing inner blueprint into a current outer blueprint is restricted
When you drag an existing inner blueprint into a current outer blueprint, the following restrictions apply if the inner blueprint has machines joined to security groups, security tags, or on-demand networks. This issue might also occur on imported blueprints.
- The outer blueprint cannot contain an inner blueprint that contains on-demand network settings or on-demand load balancer settings. Using an inner blueprint that contains an NSX on-demand network component or on-demand load balancer component is unavailable..
- When you add new or additional security groups to machines in the inner blueprint, the machines are joined only to new security groups that are added as part of an outer blueprint, even though the Blueprint Authoring page shows security groups from the inner and outer blueprint.
- When you add new security tags to inner machines from an outer blueprint, security tags originally associated in the inner blueprint are no longer available.
- When you add new on-demand networks to inner machines from an outer blueprint, on-demand networks originally associated in the inner blueprint are no longer available. Existing networks originally associated in inner blueprint remain available.
Workaround: You can resolve this issue by performing one of the following tasks:
- Add security groups, tags, or on-demand networks to the outer blueprint but not to the inner blueprint.
- Add security groups, tags, or existing networks to the inner blueprint but not in the outer blueprint.
- Directory Search Attribute menu on the Add Directory page contains inaccurate information
Some code strings that first appear in the Directory Search Attribute menu are inaccurate.
Workaround: Click the Directory Search Attribute drop-down menu to view accurate code strings.
Resource not found error occurs when requesting a catalog item
When vRealize Automation is in High Availability mode, if the master database node fails and a new master node is not promoted, all of the services that require write access to the database fail or become temporarily corrupted until a new master database is promoted.
Workaround: You cannot avoid this error when the master database is unavailable. You can promote a new master database so that this error disappears and you are able to request resources.
Changes are not saved on the Blueprint Form page of an XaaS blueprint
If you do not click Apply after you update each field on the Blueprint Form page of an XaaS blueprint, your changes are not saved.
Items tab does not display information about the services that are enabled for a load balancer
For machines provisioned by using a load balancer that is associated with vCloud Networking and Security, the Items tab does not display information about the services that are enabled for that load balancer.
If a machine is destroyed while vSphere clone operation is in progress, the in-progress machine clone task is not canceled
This issue might cause the machine to be cloned. The cloned virtual machine might be managed in vCenter and no longer be under vRealize Automation management.
When you request a composite blueprint, the request fails immediately and the request details form fails to load
When the maximum lease days for a component blueprint are less than the number of lease days in the outer blueprint, requests fail immediately and the request details form fails to load.
You cannot have deployments with bindings to DHCP IP addresses in software deployments
If you attempt to do this, the ip_address is not available if no network profile exists. The following error message appears:
System error: Internal error in processing component request: com.vmware.vcac.platform.content.exceptions.EvaluationException: No data for field: ip_address.
Workaround: If a binding is required, use static IP addresses or IP addresses managed by vRealize Automation in the network profile, or use an IPAM integration. If you use DHCP, you should bind to the host name and not to the IP address.You can use the following script to get the IP address of a Cent OS machine:
IPv4_Address = $(hostname -I | sed -e 's/[[:space:]]$//')
Bind to the value this scrip provides when the IP address is needed for DHCP use cases.
Directory is created even after an error message is received
When you create a directory from Administration > Identity Stores Management > Identity Stores, and click Save, the error message, Connector communication failed because of invalid data. Problem promoting bind DN user to administrator: the user already exists and is associated with different sync client, might appear. The new Identity Store is saved with and incorrect configuration and cannot be used.
This error occurs if you attempt to save a new Active Directory with same values for the Base DN and the Bind DN that are already used in previously successfully created and existing Active directory.
Workaround: You must manually delete the new Active Directory because the configuration is incorrect and you must use a different Bind DN and Base DN for new Active Directory.
Domain is added to a user UPN when you create a directory that includes the UserPrincipalName directory search attribute
When you create a new directory and you select UserPrincipalName for the Directory Search Attribute, a domain is added to a user UPN. For example, the vRealize Automation user name of a user with firstname.lastname@example.org UPN appears as email@example.com@domain.local. This happens if the UPN suffix is configured at AD site to be domain. If the UPN suffix is customized, for example to "example.com,"then the vRealize Automation user name of a user with firstname.lastname@example.org UPN appears as email@example.com@domain.local.
If UserPrincipalName directory search attribute is used, users must enter their user name exactly as it appears (firstname.lastname@example.org@domain.local), including the domain, to log in to use the REST API or Cloud Client.
Workaround: Use sAMAccountName instead of UserPrincipalName to use the user name domain uniqueness functionality of Directories Management.
A 404 Not Found error appears when requesting a machine on behalf of another user
If a blueprint includes an on-demand NAT network or an on-demand load-balancer component, a 404 Not Found error appears when a deployment requested on behalf of another user is made.
Machines imported with Bulk Import are not mapped to the correct converged blueprint and component blueprint
Workaround: Add the VMware.VirtualCenter.OperatingSystem custom property to each machine in the import CSV file.
Catalog Management Actions are missing in vRealize Automation
Workaround: See Knowledge Base article 2113027.
An Active Directory that includes more than 15 user groups fails to list the groups when you sync the Active Directory
If you have more than 15 groups, and you attempt to synchronize the Active Directory in the vRealize Automation management interface using Administration > Identity Stores Management > Identity Stores, only a few groups appear.
Workaround: Click Select to view the full list.
After you promote a replica instance to the master instance, wrong information appears on the Database tab in the vRealize Automation master node management interface
When the master node in the vRealize Automation appliance fails, you should use the vRealize Automation appliance management interface of a healthy node for cluster management operations.
Moving a datastore from one vSphere Storage DRS to another causes the system to delete instead of create a virtual machine
If you move a datastore from one vSphere Storage DRS cluster to another vSphere Storage DRS cluster and the target cluster's automation level is not automatic, re-provisioning a created machine causes the system to delete the machine with the following error: StoragePlacement: datastore unspecified for disk in sdrs-disabled VM. This issue does not occur if the virtual machine is cloned.
Workaround: Verify that the target cluster's automation level is set to automatic before you move a datastore from one vSphere Storage DRS cluster to another. Only single machine deployments are supported.
To collapse the list of previous known issues, click here.