vRealize Automation 7.3 Release Notes 


Updated on: 04 DEC 2017

vRealize Automation | 25 MAY 2017 | Build 5610496 

Check regularly for additions and updates to these release notes. 

What's in the Release Notes

The release notes cover the following topics:

What's New

The vRealize Automation 7.3 release includes resolved issues and the following new capabilities.

Parameterized Blueprints to Enhance Reusability and Reduce Sprawl​

  • Introduced component profiles for defining both size and image attributes, enabling "T-shirt sizing" as a request item
    • Component profiles provided for image and virtual machine size including CPU, memory, and storage size
  • Efficiently manage blueprints by leveraging abstracted component profiles
  • Increase reusability while significantly reducing blueprint sprawl
  • Trigger approval policies on size or image conditions
  • Import or export of component profiles using vRealize CloudClient
  • Automatically substitute component profile values

Policy-Based Optimization of Virtual Machine Placement

  • Requires vRealize Operations Manager 6.6, which will be released soon
  • Maximize your infrastructure investment by optimizing placement
  • Combine vRealize Automation governance with performance based insight to optimize placement
  • Place Virtual Machines according to performance goals, using multiple algorithms
    • Balance for maintaining maximum headroom in case of spikes
    • Consolidate to leave space for large workloads

Enhanced Control of NSX-Provisioned Load Balancers

Enhanced NAT Port Forwarding Rules

  • NSX on-demand NAT
  • Port forwarding rules can be configured at design time
  • Rules can be ordered
  • Rules can be added, removed, and reordered after you create them

NSX Security Group and Tag Management

  • Able to add existing NSX security groups or tags to a running application
  • Able to disassociate NSX security groups and tags from applications

High Availability Automated for NSX Edge Services

  • Edge high-availability mode in the blueprint provides high availability for all edge services to an application when it is deployed
  • Configurable per blueprint based on application availability needs
  • Use custom properties to determine high availability at request time
  • Adds high availability for load balancing, NAT, firewall, and so on

NSX Edge Size Selection

  • Able to specify deployment size for NSX Edge Services Gateway (ESG)
  • Configurable per-blueprint based on application needs or scale
  • Uses custom properties for size selection at request time

Configuration Automation Framework - Puppet Integration

  • Configuration management as first-class citizen
    • Make plug-in invisible to customers and enable actions in the blueprint design canvas
    • Ability to drag-and-drop configuration management notes and dynamically assign roles on the design canvas
  • First implementation with Puppet
    • Register Puppet Master as an endpoint
    • Drag-and-drop Puppet node
    • Dynamically query Puppet Master, environment, and roles
  • Support late binding and early binding options
  • Support post-provisioning actions, such as unregister and delete

Improvements to Installation, Upgrade, Migration

  • New installation API extensions
    • Trigger initial content creation
    • Invoke self-signed certificate generation
    • Certificate replacement in vRealize Automation, IaaS web, and IaaS Microsoft SQL
  • New upgrade API extensions
    • List all available versions for upgrade
    • Get download status of upgrade packages
    • Do pre-upgrade check for the selected version
    • Get approximate upgrade time estimation
    • Get status progress of the upgrade
  • Migration
    • Automated migration from vRealize Automation 7.x to 7.3
  • Ability to a generate certificate signing request (CSR) in install wizard

REST API Improvements

  • Use case based REST API samples using Postman for many of the commonly used vRealize Automation use cases now available on GitHub
  • New and Improved Swagger documentation for all of the vRealize Automation REST APIs available on code.vmware.com
  • Enhanced vRealize Automation Programming Guide providing information about the vRealize Automation REST APIs that is easier to use and navigate

Improvements to High Availability

  • Automated failover of PostgreSQL database
  • Automated failover of IaaS Manager Service
  • Enhanced RabbitMQ recovery
  • Support for multiple NICs in the vRealize Automation appliance

Enhanced vRealize Business for Cloud Integration - Cloud Management Platform

  • Consistent terminology across vRealize Automation and vRealize Business for Cloud
  • No derived costing in vRealize Automation - vRealize Business for Cloud is the single source of truth for all pricing information
  • Accurate pricing for fault-tolerant enabled machines and Azure blueprints
  • Pricing updated after these post-provisioning actions:
    • Reconfigure machine
    • Scale-in or scale-out
    • Import machine

Audit Logging

  • Audit logging framework object types:
    • Workflow Subscription
    • Fabric Groups
    • Endpoints (Infrastructure)
  • Send audit logs to vRealize Log Insight or syslog server using Log Insight agent
  • Configurable retention period

Health Service

  • Health Service as a feature in the vRealize Automation console
  • Role-based and tenanted access to health data
  • Configure multiple vRealize Automation instances to monitor
  • Scheduled and on-demand test runs
    • Enables integration with vRealize Operations/SDDC Health Dashboard or third party tools
    • Full REST interface for performing health service system management tasks

Destroy Virtual Machine Enhancement - Force Destroy

  • Workload maintainability
    • Safely ignores any failures interrupting the destroy process
    • Efficient clean-up of failed deployments
    • Improved stable management of workloads
    • Applies to entire deployment

Syntax Highlighting for Software Lifecycle Scripts

  • Enhanced interface
    • Elegant syntax highlighting for software lifecycle scripts (app authoring)
    • Intuitive color-coding standards
    • Improves productivity and reduces scripting errors

New Business Group User Role

  • Allows for shared resource access and management

Enhancements to Custom Properties

  • Software components now able to to consume custom properties
  • Handling of secure custom properties improved

Extended External IPAM Vendor Framework

  • Added support for on-demand NAT networks
  • Supports one-to-many and one-to-one static IP addresses

Endpoint Configuration Service - Streamlined Endpoint Management

  • Enhanced to support a schema-driven user interface
  • Provides greater capability, control, and a unified experience when managing endpoints in vRealize Automation
  • Allows configuration of endpoints that require inter-endpoint relationships
  • Enhanced UI controls and customer experience
    • NSX is now a separate endpoint, no longer part of the vSphere endpoint configuration
    • Endpoint configuration validation checks for valid URL, credentials, and certificates
    • Certification trust verification
    • Provides a two-step process for resolving untrusted certificates. When you test an endpoint connection, you must accept the certificate and approve your acceptance of the certificate by clicking OK on the edit endpoint.
    • Ability to accept self-signed certificates

Azure Public Cloud Service Design Enhancements

  • Select, drag-and-drop software components on Azure machines in the blueprint designer
  • Specify software properties on the blueprint designer and on the request form
  • Pre-populated forms and dropdowns

vRealize Orchestrator Control Center RBAC

  • All users are able to log in, not just the root user
  • Trace execution and logs for workflow-based vRealize Automation requests, based on user role
  • Troubleshoot requests based on user role
  • Reuse and extend privileges and roles from vRealize Automation

IT Process Automation with Updated SDDC Support

  • All storage policy based objects are now accessible through API in vRealize Orchestrator and vRealize Automation
  • New vCenter Server plug-in provided with vRealize Orchestrator
  • Updated AMQP, REST and PowerShell plug-ins

vRealize Automation and ServiceNow Enhancements

  • View and request AWS catalog items from the ServiceNow portal
  • Seamless integration with the ServiceNow governance engine
  • CMDB and post-provisioning actions support
  • Supported for vRealize Automation 7.3 and ServiceNow Helsinki and Istanbul

VMware Admiral Integration

  • Supports collaboration between cloud administrators and development teams for traditional, containerized, and hybrid applications
  • Enables a balance between the operational control of traditional applications and the flexibility that containers offer
  • New capabilities including persistent volume support, improved container networking, and host management

Enhanced Event Log Functionality

  • System level integration with external SYSLOG compatible log management systems
  • Supports VMware Log Insight server
  • Configurable through VAMI and secured by default
  • Predefined set of auditable objects and an option to turn on auditing for all other IaaS object types included

Audit Logging Enabled by Default for the Following Items

  • Fabric Groups
  • Endpoints
  • Workflow subscriptions
  • Configuration API for the following items:
    • Setting the event logs retention period
    • Filtering certain target types from being processed by the event log
    • Purging old event log messages from local database

Documentation Updated to Support All New Capabilities

System Requirements

For information about supported host operating systems, databases, and Web servers, see the vRealize Automation Support Matrix.


For prerequisites and installation instructions, see Installing vRealize Automation.


For vRealize Automation 7.3 documentation, see VMware vRealize Automation 7.3 Information Center.

NEW: vRealize Automation 7.3 documentation revised and republished 04 DEC 2017.

Before You Upgrade

For general guidance, see Upgrading vRealize Automation.

The vRealize Production Test Upgrade Assist Tool analyzes your vRealize Automation 6.2.x environment for any feature configuration that can cause upgrade issues and checks that your environment is ready for upgrade. To download this tool and related documentation, go to the VMware vRealize Production Test Tool Download Product page.

Using Your License to Enable vRealize Code Stream

You can now use your vRealize Automation license to enable vRealize Code Stream for your vRealize Automation environments. The vRealize Automation license allows you to unlock vRealize Code Stream so that you can use it with the vRealize Code Stream Management Pack for IT DevOps.

To enable vRealize Code Stream, you must have either vRealize Suite Enterprise, vRealize Automation Advanced, or vRealize Automation Enterprise, and a new license for vRealize Automation 7.3.

You must install the vRealize Code Stream Management Pack on a separate and dedicated appliance that has vRealize Automation and vRealize Code Stream enabled in a non-HA (High Availability) mode. For more information, see the vRealize Code Stream Reference Architecture Guide. You cannot install the vRealize Code Stream Management Pack on your existing vRealize Automation production instance for the following reasons:

  • The extra load might negatively impact the performance of your vRealize Automation production instance.
  • vRealize Code Stream does not support installation on an appliance that is configured for HA. Do not enable vRealize Code Stream on a vRealize Automation instance that is in HA mode. If you do, your vRealize Automation environment might become unstable.

To install the management pack, see the VMware vRealize Code Stream Management Pack for IT DevOps Installation Guide. You can download this guide when you download the management pack.

To enable vRealize Code Stream in the vRealize Automation Installation Wizard or the vRealize Automation Appliance Management Interface, select the Enable vRealize Code Stream check box.

If you apply your license without enabling vRealize Code Stream, you can enable vRealize Code Stream later. Apply the license again, and select Enable vRealize Code Stream. After you apply the license, you must restart the vRealize Automation appliance.

For more information, see:

Resolved Issues

  • Initial content creation process fails during installation at this step: Execute workflow to create configurationadmin user

    In the /var/log/messages there are two different executions of the create configurationadmin user process (run simultaneously, the number after va-agent.py shows that the processes are different): /usr/lib/vcac/agent/va-agent.py[18405]: info Executing vRO workflow for creating configurationadmin user... ... /usr/lib/vcac/agent/va-agent.py[18683]: info Executing vRO workflow for creating configurationadmin user... The first call creates the configuration admin user, and the second call is causing the failure.

  • IaaS Installer fails to start
    The IaaS Installer fails to start and displays this message: “A newer version of the product is already installed on this machine." This happens when the IaaS installer msi package fails to start after manually updating the IaaS Management Agent to the latest available version.

  • If you use the new Upgrade Shell Script in vRealize Automation 7.2, you must first upgrade to the latest Management Agent

    If you plan to run an automated upgrade of the IaaS components with the new Upgrade Shell Script, you must use the latest Management Agent available for download. Do not use the Management Agent that is included in the vRealize Automation 7.2 Virtual Appliance.


  • Security updates affect prerequisite checker
    In this release, the Installation Wizard prerequisite checker fails when Microsoft security updates 3098779 and 3097997 are present. However, the prerequisite checker can detect the updates and prompt you to remove them using the Fix option. Afterward, you can rerun the prerequisite checker as usual.

    Workaround: Allow the Installation Wizard to remove the security updates so that the prerequisite checker will work. Alternatively, you may manually remove the updates. After finishing the wizard, you may manually reinstall updates 3098779 and 3097997.

  • New After installation of vRealize Automation 7.1 or upgrade from vRealize Automation 7.0 to 7.1, the chosen custom background image on the login page is missing

    Customized branding present in vRealize Automation 7.0 is missing on the tenant login page after upgrade to vRealize Automation 7.1. Specified customized branding does not appear in a new installation of vRealize Automation 7.1.

  • An Active Directory that includes more than 15 user groups fails to list the groups when you sync the Active Directory

    If you have more than 15 groups, and you attempt to synchronize the Active Directory in the vRealize Automation management interface using Administration > Identity Stores Management > Identity Stores, only a few groups appear.

  • New Invalid service name present in Programming Guide example

    The Request an HTTP Bearer Token procedure in the Programming Guide for vRealize Automation 7.2 contains two invalid curl command line examples: https://$vRA/identities/api/tokens and https://vra.mycompany.com/identities/api/tokens. In both examples, "identities" is an invalid service name.

  • Linked clone provisioning fails if snapshot is not available

    In previous releases, provisioning of a linked clone blueprint with a named snapshot (rather than current snapshot) would fail if the reservation selected was on a different vCenter than the original snapshot, even if the template virtual machine and snapshot were cloned to the target vCenter. The previous workaround was to set reservation policies so that the blueprint could only be provisioned to the original vCenter. The underlying issue is fixed so that linked clone blueprints can be provisioned to any dynamically selected reservation that has access to a snapshot of the same name as the snapshot specified in the blueprint. To apply this fix to existing linked clone blueprints, open the blueprint in the blueprint designer and save. You do not need to make a manual edit of the blueprint .

  • Some international keyboard mappings are not supported with remote console

    The VMWare HTML Console SDK has been updated to release 2.1 which adds support for additional keyboard mappings that is documented in the HTML Console SDK release notes.

Known Issues

The known issues are grouped as follows.

  • A migration can fail when syncing reservations from the IaaS database to the PostgreSQL database

    Failure generates this error message:Read timed out.

    Workaround: See Knowledge Base article 2149882.

  • Increased CPU load is present after upgrade from vRealize Automation 7.1 or 7.2 to 7.3

    When you upgrade  vRealize Automation 7.1 or 7.2 to 7.3, duplicate entries are added to the DynamicOps.Repository.WorkflowSchedules table in the IaaS database. The duplicate schedules are for metrics workflows. After upgrade, multiple metrics workflows running the same calculations at the same time increase the CPU load on the system.

    Workaround: See Knowledge Base article 2150239

  • Adding a new virtual server to an existing on-demand load balancer in a deployment fails  

    When you add a new virtual server to an existing on-demand load balancer in a deployment upgraded from a previous vRealize Automation 7.x version, the addition fails if this is the first reconfigure action on the load balancer since upgrade. The failure generates Error code: 14623 regarding “duplicate ports.” The failure happens because the system stores a default setting from previous versions. This failure does not affect anything else in the system. For  vRealize Automation 7.3 deployments, if you request to add a virtual server to a load balancer and make a change to another virtual server at the same time, the request fails and generates  the same error. 

    Workaround: For upgraded deployments: Perform a reconfigure action on the load balancer and edit a setting on any of the virtual servers. This corrects the problem of the system storing the default setting from previous versions. You can also do this on load balancers upgraded from previous versions or on load balancers that have the same failure.

    For upgraded load balancers and load balancers deployed in 7.3,  do not edit a virtual server and add a virtual server in the same request. Performing the edit action and the add action in separate requests prevents this failure.

  • New Endpoints are missing after upgrading to vRealize Automation 7.3

    After a successful upgrade to vRealize Automation 7.3, the Endpoints page in the vRealize Automation console does not display all the endpoints.

    Workaround: See Knowledge Base article 2150252.

  • New Unable to generate CSV file for bulk import due to duplicate entries

    After you log in to the vRealize Automation console, select Infrastructure > Administration > Bulk Imports, and click Generate CSV File, you see the following error message: "Error has occurred. For more information, see event logs on the IaaS server or contact your system administrator." In the Windows IaaS machine event logs, you see entries similar to this: "System.ArgumentException: An item with the same key has already been added." This problem occurs when the query used to retrieve blueprints for bulk import returns duplicate entries.

    Workaround: Use the cloudutil.exe utility to generate the CSV file by completing these steps.

    1. Download cloudutil.exe from the Windows installer download page on the vRealize Automation appliance: https://vra-va-hostname.domain.name:5480/installer/. CloudUtil is the command line interface for the vRealize Automation Designer. You run the commands on the Windows machine where you are running the designer. The default installation location on the Windows machine is C:\Program Files (x86)\VMware\vCAC\vRealize Automation Designer.
    2. Generate the CSV file by running this command: CloudUtil.exe Machine-BulkRegisterExport
  • New When you upgrade to vRealize Automation 7.3 from an environment that is integrated with the current version of vRealize Business, the expense information appears as "not available" for all catalog Items in the vRealize Automation console

    This is temporary problem that will be resolved when you upgrade to the latest release of vRealize Business.

    Workaround: Upgrade to vRealize Business for Cloud 7.3.0.

    You can still view the expense information for vRealize Automation virtual machines in vRealize Business reports and other sections.

  • New After uninstalling WEBDAV as one of the prerequisites for upgrading a 2012 R2 IaaS machine, the configuration wizard displays an InternalServerError message.

    This message appears because the Repository App Pool is stopped: "Distributed Execution Manager cannot be upgraded because it points to a Management Model Web host :443 which cannot be validated. You must resolve this error before running the upgrade again: Model Manager Web Service is installed on host :443 but it is not up and running. HTTP Web response status code: InternalServerError."

    Workaround: Go to the Application Pools on the IIS server, start the Repository App Pool, and continue with the upgrade.

  • New After you upgrade a vRealize Automation clustered environment, one of the Xenon nodes is not running

    During upgrade, one of  the vRrealize Automation nodes is not started.

    Workaround: Check the status of each node on the Xenon tab in the management console. If one of the nodes is not running, start the node manually. As an alternative, you can open a SSH connection to each node and run "service xenon-service status." If the node is not running, run "service xenon-service start."

  • New When manually installing an IaaS Website component, the IaaS legacy GUI installer displays a certificate validation error.

    The error message appears when you click Next on the IaaS Server Custom Install page with the Website component selected. This error message is a false negative and appears even when you select the right option. The error prevents the installation of a vRealize Automation 7.3 IaaS Website component.

    Workaround: See Knowledge Base article 2150645.

  • New A Distributed Execution Manager (DEM) or Distributed Execution Manager Orchestrator (DEO) does not update when you upgrade to vRealize Automation 7.3.x. 

    The DEM or DEO IaaS component must be installed in the default location at c:\program files (x86)\vmware\vcac when you upgrade to vRealize Automation 7.3.x. If these components are not installed in the default location, they do not update during upgrade.

    Workaround: See Knowledge Base article 2150517.

  • New Removing a host with more than 400 containers fails with serialization error

    In vRealize Automation 7.2 and 7.3, trying to remove a container host with more than 400 containers can fail with serialization error.

    Workaround: Remove the containers 400 at a time from the host using the vRealize Automation console, API, or CLI, and then remove the container host.

Configuring and Provisioning
  • When a user requests reconfiguration of a machine's network path and the original network path is not selected in the machine's reservation, the request appears to succeed and vRealize Automation silently deletes the machine's network card record from its database. No change is made to the actual machine.

    Reconfiguring a machine's network path when the original network path is not selected in the machine's reservation is not supported. Any request to do so is intended to fail with an appropriate error message. Instead, it appears to succeed and silently deletes the machine's network card record from the vRealize Automation database. The actual machine is not affected.

    Workaround: None. The vRealize Automation view of the machine with respect to its network card record will be restored to its original state the next time data collection is run for the associated cluster.

  • Following a failover of the vRealize appliance, the Health page can be slow to load

    If the Health page is open before the vRealize appliances  fail over,  the page can take up to 15 minutes to load for the first time after the fail over.

    Workaround: Restore the functionality of the first appliance or restart the vcac-server service on the running appliance.

  • Price for a deployment is not accurate when the blueprint contains an image component profile

    When an image component profile is selected at authoring time, the clone disk size is unknown when a user requests a machine. When the user requests the price of a machine, the displayed price is not accurate. The price does not include the clone disk in the template that was selected as part of the image component profile.

    Workaround: When a user requests a catalog item, the deployment cost is corrected by vRealize Business after vRealize Business includes the clone disk  size that the machine uses.

  • A Destroy operation performed on a cluster member prevents scale out or scale in actions from working as expected

    When you manually destroy a machine that is part of a multi-machine cluster, you can no longer perform reliable scale in or scale out post-provisioning actions. You introduce a count mismatch when you manually destroy one member of a cluster using the destroy action on the machine. With a count mismatch, a scale out operation assumes that the destroyed machine is still part of the cluster. This prevents a scale out operation from adding some or all of the needed machines. If the count is off by 1 machine and the cluster limit is 5, there can be at most 4 actual virtual machines and 1 phantom machine. For a scale in action, the composition service might attempt to scale in to a single machine, resulting in the destruction of all cluster members.

    Workaround: For deployments where scale out or scale in actions are enabled, do not entitle destroy actions. This prevents the creation of a count mismatch. If you think your deployment has a machine in a cluster that was manually destroyed, an administrator can check by counting the number of cluster members that appear on the Deployments page. If there is a cluster that has a destroyed virtual machine, redeploy the deployment and do not entitle destroy actions on the redeployed deployment.

  • Deployments with multiple load balancers incorrectly display load balancer virtual servers

    In deployments with multiple load balancers deployed in vRealize Automation 7.2 or earlier, each load balancer shows virtual servers from all of the load balancers present in the deployment.

    Workaround: None.

  • Unable to add a NAT port forwarding rule to a deployed on-demand NAT network associated with a third-party IPAM provider

    When you add a NAT port forwarding rule by using the Change NAT Rules post-provisioning action to a deployed on-demand NAT network associated with a third-party IPAM provider, the drop-down menu for the Component field does not display any data and cannot accept new data. This prevents you from adding a new rule.

    Workaround: None.

  • If a bound property is configured to be passed to a Windows CMD software script, the bound property is not received by the script at run time

    Passing bound input properties to a Windows CMD software script is not supported. All other software script types, such as bash or Windows PowerShell, support passing properties to software scripts as an array of values, but Windows CMD does not support the argument array (argv) type.

    Workaround: None.

  • After you have a successful test connection and you saved the endpoint with a valid thumbprint, the vSphere agent logs or DEM logs contain error messages about a closed connection, the inability to establish a trust relationship, or a remote certificate is invalid

    In vRealize Automation 7.3,  vSphere and NSX endpoints have certificate validation enabled. You can no longer use an untrusted certificate with these endpoints. Although you can use the Test Connection button  to validate the certificate thumbprint on these endpoints, if the certificate is generated so that the root certificate in the certificate chain is not self signed, the certificate validation process for these two endpoints can fail and cause a functional failure in data collection, provisioning, or post-provisioning actions.


    For vSphere

    Download the root certificate in the endpoint certificate chain.

    • For vCenter endpoint 6.0 or later, see http://kb.vmware.com/kb/2108294.
    • For vCenter endpoint 5.5 or earlier, download the ROOT certificate from the endpoint certificate's certification path.

    Complete these steps.

    1. First download the endpoint certificate by accessing the endpoint directly in the browser.
    2. Go to Certification Path to get the root certificate.
    3. Download the root certificate in the chain.
    4. Install the certificate in the Trusted root store of the Agent and DEM machines.

    For the NSX Endpoint

    1. Download the endpoint certificate by accessing the endpoint directly in the browser.
    2. Go to Certification Path to get the root certificate.
    3. Download the root certificate in the chain.
    4. Install the certificate in the Trusted root store of the DEM machines.
  • New The Reconfigure Load Balancer post-provisioning action fails for a blueprint imported from YAML

    Sometimes when you perform the reconfigure load balancer post-provisioning action on a deployment, the action fails. This happens when the blueprint associated with the deployment is imported from a YAML file containing an on-demand load balancer with a value in the name field that is different from the value in the ID field.

    Workaround: None.

    Perform the following steps to fix the blueprint to allow post-provisioning actions to run on the load balancer in future deployments.

    1. In the vRealize Automation consol, select the blueprint that does not have matching values in the name and ID fields.
    2. Click Edit and re-enter the load balancer component name.
    3. Save the blueprint. This sets both the name and ID values embedded in the blueprint to the same value.

    When you provision a new deployment using the edited blueprint, the reconfigure load balancer action works. You can avoid this problem if you ensure that all YAML files have identical name and ID values in each on-demand load balancer component.

  • New Opening a secure HTTP connection to the vRealize Automation appliance using Tls1.0 protocol is still supported on ports 443 and 8283

    If you open a connection or make an API call to the vRealize Automation appliance on port 443 for the vRealize Automation server, vRealize Orchestrator server or the vIDM server or on port 8283 for the vRealize Orchestrator configurator server, then the TLS1.0 protocol for SSL is still supported.


    Note: The following workaround for disabling TLS1.0 is for temporary use and should not be applied during upgrade. If TLS1.0 is disabled by this workaround, then the upgrade logic for this appliance could be broken. The recommendation for the customer is to wait for an official build with the fix for disabling TLS1.0 protocol.

    1. Open an SSH session on the Master vRealize Automation appliance in your deployment. If your environment has a single vRealize Automation appliance, open an SSH session on this appliance.

    2. Edit the following files:


    frontend https-in


    - bind ssl crt /etc/apache2/server.pem ciphers !aNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:@STRENGTH no-sslv3

    + bind ssl crt /etc/apache2/server.pem ciphers !aNULL:!eNULL:kECDH+AESGCM:ECDH+AESGCM:RSA+AESGCM:kECDH+AES:ECDH+AES:RSA+AES:@STRENGTH no-sslv3 no-tlsv10



    frontend https-in-vro-config


    - bind :::8283 v4v6 ssl crt /opt/vmware/etc/lighttpd/server.pem ciphers TLSv1+HIGH:!aNULL:!eNULL:!3DES:!RC4:!CAMELLIA:!DH:!kECDHE:@STRENGTH no-sslv3

    + bind :::8283 v4v6 ssl crt /opt/vmware/etc/lighttpd/server.pem ciphers TLSv1+HIGH:!aNULL:!eNULL:!3DES:!RC4:!CAMELLIA:!DH:!kECDHE:@STRENGTH no-sslv3 no-tlsv10


    3. Run: service haproxy restart

    4. Run: /usr/sbin/vcac-config cluster-config-ping-nodes --services haproxy

    Now each vRealize Automation appliance in your environment should no longer support TLS1.0 for secure connections on ports 443 and 8283.

  • New  A colon (:) used as a separator is not recognized correctly in a YAML file when you create a Windows container blueprint

    This problem happens when you create a blueprint with a container volume where the container path and the host path both include a Windows drive letter with a colon, for example D:/DBFILES/:c:/temp/. After you save and open the blueprint, the container path and host path value is not recognized correctly because the first colon from the drive letter is misinterpreted as a separator..

    Workaround: None.

  • New The Change NAT Rules post-provisioning action fails for a blueprint imported from YAML

    When invoked on a deployment, the Change NAT Rules post-provisioning action fails with the following error: Failed to invoke deployment update request [{Could not determine current component state for nat1}]. This happens when the blueprint associated with the deployment is imported from a YAML file containing an on-demand NAT network that has non-identical values in its name and ID fields.

    Workaround: None. Perform these steps to fix the blueprint.

    1. Edit the associated blueprint in the vRealize Automation console and re-select the desired parent network profile for the on-demand NAT network.
    2. Save the blueprint.

    This sets both the name and ID values embedded in the blueprint to the same value. When you provision a new deployment using the blueprint, the Change NAT Rules action works. You can avoid this problem if you ensure that all YAML files specify identical name and ID values in each on-demand NAT network component.

  • New The download links on the Guest and Software Agent Installers page for the Java Runtime Environment for Linux are incorrect

    These links appear in the Linux Software Installers section.

    • vmware-jre-1.8.0_121-fcs.i586.rpm
    • vmware-jre-1.8.0_121-fcs.x86_64.rpm

    When you click one of these links, a new page opens and displays an HTTP Status 404 – Not Found error. 


    To download these RPM files;

    1. Replace the file name in the URL that appears in the browser address field after you click the link.

    • Replace vmware-jre-1.8.0_121-fcs.i586.rpm with vmware-jre-1.8.0_121-fcs_b31.i586.rpm.
    • Replace vmware-jre-1.8.0_121-fcs.x86_64.rpm with vmware-jre-1.8.0_121-fcs_b31.x86_64.rpm.

    For example:

    • https://va-hostname.domain.name​ /software/download/vmware-jre-1.8.0_121-fcs_b31.x86_64.rpm
    • https://va-hostname.domain.name /software/download/vmware-jre-1.8.0_121-fcs_b31.i586.rpm

    2. Press Enter.

    Even though the error message remains in the browser, the file downloads successfully.

  • New Editing a Connector Auth Adapter can require login

    Administrators can use the vRealize Automation console to configure Auth Adapters for Connectors corresponding to a directory within 30 minutes of logging in to the console. I f an administrator attempts to perform this configuration after 30 minutes, a login page is displayed and authentication is required.

    Workaround: Log in to the console again with administrator credentials.

  • NEW The root partition runs out of storage space

    Improper log rotation in /var/lib/vrhb can lead to high utilization on the root partition which eventually fills the / partition.

    Workaround: See Knowledge Base article 2151693.

  • NEW Cannot reprovision a virtual machine that was provisioned with System Center Virtual Machine Manager (SCVMM)

    Before vRealize Automation 7.3, when you reprovisioned a virtual machine that was provisioned with SCVMM, reprovisioning failed with this error message: "Workflow 'ScvmmCreateVM' failed with the following exception:DynamicOps.Repository.Activities.PowerShellException: You cannot call a method on a null-valued expression."

    This problem was fixed in 7.3. However, if you upgraded your system to 7.3 from a previous version, any machine provisioned with SCVMM before the upgrade still fails reprovisioning.


    Complete these steps.

    1. Log in to the SCVMM Virtual Machine Manager Console.
    2. In the left menu, click Click Library > Templates.
    3. In the right pane table, sort the templates by name.
    4. Delete all templates that have the prefix TemporaryTemplate, followed by a GUID containing a string of letters and numbers.
    5. After you delete the templates, reprovision your virtual machines.
  • New Define Virtual Server Distribution Settings procedure contains unsupported HTTPS traffic pattern

    The Define Virtual Server Distribution Settings procedure contains the following substep.

    Select SSL Session ID to support one of the following supported HTTPS traffic patterns:

    • SSL Passthrough - Client -> HTTPS-> LB (SSL passthrough) -> HTTPS -> server
    • Client - HTTP-> LB -> HTTP -> servers

    If you select the Client - HTTP pattern, the system uses the SSL Passtrough - Client traffic pattern instead. vRealize Automation does not support the Client - HTTP traffic pattern.

    Workaround. Do not select the Client - HTTP traffic pattern.

Previous Known Issues

To view a list of previous known issues, click here.

The earlier known issues are grouped as follows.

    • Database configuration fails during fresh installation of vRealize Automation 7.2 on Windows Turkish language version
      If the IaaS Server is the Windows Turkish language version, the vRealize Automation Installation Wizard fails during database configuration and displays this error message: MSB3073.

      Workaround: This issue is expected to be resolved in a future release.

    • vRealize Automation 7.1 does not support Microsoft SQL 2016 130 mode
      The Microsoft SQL 2016 database created during the vRealize Automation wizard installation is in 100 mode. If you manually create an SQL 2016 database, it must also be in 100 mode. For related information, see the Microsoft article Prerequisites, Restrictions, and Recommendations for Always On Availability Groups.

    • The vRealize Automation appliance page does not load correctly
      When using Internet Explorer 11 in Windows 2012 R2, the Web interface page for the vRealize Automation appliance does not load correctly.

      Workaround: Use an alternate browser to access the vRealize Automation Web interface page.

    • vRealize Automation migration from 6.x to 7.2 fails if the 7.2 target environment has a different vRealize Orchestrator admin group set as the default

      The default vRealize Orchestrator admin group, vsphere.local/vcoadmin, should not be changed in the vRealize Orchestrator control center prior to migration.

      Workaround: See Knowledge Base article 2148669.

    • STOMP client cannot establish connection after upgrading tcServer to version 3.2
      In vRealize Automation 7.2, the IaaS Manager Service only supports REST polling as the connection mechanism when communicating with the event broker service. The Extensibility.Client.RetrievalMethod configuration setting is ignored.

    • If telemetry is disabled before you upgrade vRealize Automation from 6.2.4 or 6.2.5 to 7.2, the telemetry tab in the vRealize Automation appliance management console might show an error
      This message might appear after upgrade: Error: Unable to determine next run time. Please re-enable or disable telemetry. This message appears because no telemetry data is being collected, and so the system cannot determine a proper next running time. When this is the case, no telemetry functions can occur.

      Workaround: Choose to enable or disable telemetry using the Join the VMware Customer Experience Improvement Program checkbox and click Save Settings.

    • Migration of native Active Directory fails with errors
      At present, the SSO migration utility does not transfer an automated native Active Directory during the vRealize Automation migration process.

      Workaround: If you manually configure and launch native Active Directory, you can migrate Active Directory successfully. You must do this after you complete the vRealize Automation migration process.

    • IaaS node migration from vRealize Automation 6.2.4 to 7.1 fails when PostgreSQL server instance name contains non-ASCII characters

      Workaround: Use the Migrate a vRealize Automation Environment with an IaaS Database Backup procedure to migrate your vRealize Automation 6.2.4. environment to 7.1.

    • IaaS Management Agent configuration is corrupted after upgrade from a vRealize Automation 6.2.3 or earlier high-availability environment to 7.1
      After upgrade from vRealize Automation 6.2.2 to 7.1, the IaaS Management Agent cannot be started. An error message reports a missing node ID in the Management Agent configuration file.

      Workaround: See Knowledge Base article 2146550.

    • Scale in or scale out actions fail in an upgraded deployment
      Scale in or scale out actions are not supported for bulk-import deployments or deployments upgraded from vRealize Automation 6.x.

      Workaround: There is no workaround. New deployments made from blueprints after upgrade support scale in or scale out actions.

    • When you log in to the vRealize Automation appliance management console, an error message appears
      After you log in with the proper credentials, you receive an error message stating "Invalid server response. Please try again." This is caused by a problem with the browser cache.

      Workaround: Log out, clear your browser cache, and log in again.

    • Certain blueprints cannot be fully upgraded due to failures in updating catalog resources
      Upgraded multi-machine blueprints that contain on-demand networks or load balancer settings might not be fully functional after you upgrade to vRealize Automation 7.x.

      Workaround: After you upgrade, delete and re-create the deployments associated with multi-machine blueprints. All associated NSX Edge cleanup work must be done in NSX.

    • When you upgrade from vRealize Automation 6.2.0 to 7.0, vPostgres upgrade fails, and an error message appears
      If the system has a corrupt RPM database, this error message appears during the upgrade process: Failed to install updates(Error while running pre-install scripts).

      Workaround: For information about how to recover from an RPM database corruption, see the article "RPM Database Recovery" at the RPM Web site RPM. After you fix the problem, run the upgrade again.

    • When you run the Prerequisite Checker, the checker fails with a warning about RegistryKeyPermissionCheck, but the instructions to correct the error do not work during installation
      The Prerequisite Checker fails because it is case-sensitive for the user name.

      Workaround: Temporarily change the user you specified to run the Management Agent Service on the Windows machine to another user, and then change back to the original user by using the correct case for the user name.

    • When you upgrade the Manager Service and DEM Orchestrator system, a name validation error message appears and the Model Manager Web host cannot be validated
      The following error appears if the name of the load balancer changes in the ManagerService.exe.config file:
      Distributed Execution Manager "NAME" Cannot be upgraded because it points to Management model web host "xxxx.xxxx.xxxx.net:443", which cannot be validated. You must resolve this error before running the upgrade again: Cannot validate Model Manager Web host. The remote certificate is invalid according to the validation procedure.

      Workaround: Make the following changes to the ManagerService.exe.config configuration file. The default location is at C:\Program Files (x86)\VMware\vCAC\Server\ManagerService.exe.config.
      Change the registry values for all DEM instances. For example, the DEM instances in the following registry entries should both be updated.

      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware vCloud Automation Center DEM\DemInstanceId02]

      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware vCloud Automation Center DEM\DemInstanceId03]

    • Security updates affect silent installation
      In this release, Microsoft security updates 3098779 and 3097997 prevent the new silent installation feature from working properly. The updates are the same ones that affect the Installation Wizard prerequisite checker.

      Workaround: Before silent installation, you must manually remove the updates from IaaS Windows servers. You may manually reinstall updates 3098779 and 3097997 after silent installation finishes.

    Configuring and Provisioning
    • Azure virtual machine provisioning fails if the resource group name contains non-ascii characters


      Workaround: Do not use non-ascii characters in a resource group name.

    • State data collection returns only the Primary IP

      This behavior can affect your ability to use Connect using RDP, Connect using SSH, or registering a virtual machine as container host in the container service and others that rely on accessing a virtual machine using the virtual machine IP address.

      Workaround: This issue is expected to be resolved in a future release.

    • Internal error message appears when you add an Azure machine to a blueprint in the Design tab
      When using an external vRealize Orchestrator server with vRealize Automation, Microsoft Azure integration is not available.

      Workaround: Export the Azure plug-in and package from the internal vRealize Orchestrator on your vRealize Automation virtual appliance, and install or import the plug-in and package to your external vRealize Orchestrator. After you install the Azure plug-in or import the Azure package to your external vRealize Orchestrator, Microsoft Azure is supported in your vRealize Automation environment.

      1. Log in to the vRealize Orchestrator Control Center for the internal vRealize Orchestrator on your vRealize Automation virtual appliance. For instructions, see, Log in to the vRealize Orchestrator Configuration Interface.
      2. Under Plug-Ins, click Manage Plug-Ins.
      3. Find the Azure plug-in, and right-click Download plug-in in DAR file. Save the file to your desktop.
      4. Log in to the vRealize Orchestrator Control Center for your external vRealize Orchestrator. For instructions, see, Log in to the vRealize Orchestrator Configuration Interface.
      5. Under Plug-Ins, click Manage Plug-Ins.
      6. Under Install plug-in, click Browse, and locate the Azure DAR file that you downloaded to your desktop.
      7. Click Install. If prompted to confirm, click Install again.
      8. In the Control Center under Startup-Options, click Restart to finish installing the new plugin.
      9. Reboot all your vRealize Automation virtual appliances at the same time.
        Microsoft Azure integration functionality should be restored.

      If the integration does not function properly after the reboot, verify that the Azure package, com.vmware.vra.endpoint.azure, is present in the external vRealize Orchestrator. If the Azure package is not present, complete these steps.

      1. Log in to your internal vRealize Orchestrator client on your vRealize Automation virtual appliance.
      2. Export the Azure package, com.vmware.vra.endpoint.azure. For instructions, see, Export a Package.
      3. Log in to the vRealize Orchestrator client for your external vRealize Orchestrator.
      4. Import the Azure package, com.vmware.vra.endpoint.azure, to your external vRealize Orrchestrator. For instructions, see Import a Package.


    • Concurrent XaaS catalog requests calling Clone virtual machine, no customization workflow with 30 users causes some requests to fail
      While requesting XaaS blueprints which invoke vRealize Orchestrator workflows to do some operations on slow endpoints at high concurrency, some of the requests might fail with the error java.net.SocketTimeoutException: Read timed out. vRealize Orchestrator workflows can also be re-triggered multiple times due to the requests timing out.

      Workaround: Perform these steps on each vRealize Automation appliance node. The vcac.properties file is not preserved on upgrade. You must repeat these steps after upgrade.

      1. Open an SSH session on the vRealize Automation appliance.
      2. Edit /etc/vcac/vcac.properties to increase the client timeout to 10 minutes by adding the following line to the file: vco.socket.timeout.millis=600000
      3. At the command prompt, run this command to restart the vcac-server service: service vcac-server restart


    • Inventory data collection stops during a vCenter Server HA (VCHA) failover

      In rare cases, work items can get stuck in progress for a managed vSphere 6.5 endpoint during a VCHA failover.

      Workaround: Restart the vRealize Automation vSphere agent. If data collection is still stuck in progress, contact GSS.

    • vRealize Automation blueprint deployments that include NSX objects fail when provisioning to a cluster where the NSX manager has the secondary role
      In a cross-vCenter deployment of NSX, NSX universal objects, such as edge gateways, new virtual-wires, and load balancer must be provisioned utilizing the NSX manager that has the primary role. If you attempt to provision universal objects to a secondary NSX manager the process fails with an error. vRealize Automation does not support provisioning of NSX universal objects to a vSphere endpoint with network and security integration where the specified NSX manager has the secondary role.

      Workaround: To be able to use NSX global objects, you must create region specific NSX local transport zone and virtual wires. Follow VMware KB 2147240 for details on this process within a VMware Validated Design..

    • Machines provisioned to Azure persist after you delete an Azure endpoint
      Deleting an Azure endpoint leaves behind orphaned machines, blueprints and reservations. If you want to delete a certain Azure VM before you delete an Azure endpoint, delete it manually using the vRealize Automation console.

    • On a Mac, when you open a second VMware Remote Console for a single virtual machine, both consoles go blank
      Although you can open more than one VMware Remote Console (VMRC) for a single virtual machine on Windows, VMRC does not support multiple sessions. On Windows, each console is a separate process; on a Mac each console attempts to show a single process..

      Workaround: Close all VMRC instances and only open one VMRC for a given machine.

    • Reprovision of a managed virtual machine on vSphere 6.5 during a vCenter High Availability (VCHA) failover permanently deletes the virtual machine
      During a VCHA failover with vSphere 6.5, if you have a reprovision in progress with a virtual machine on the same vSphere endpoint, the virtual machine can be destroyed. This is a rare event..

      Workaround: Request the original blueprint for the destroyed virtual machine./p>

    • vRealize Automation invalid credentials error appears after a vCenter High Availability (VCHA) failover
      After a VCHA failover on a managed vSphere 6.5 endpoint, the vRealize Automation logs might contain this error message for the endpoint: Cannot complete login due to an incorrect user name or password.

      Workaround: Restart the vRealize Automation vCenter agent.

    • Changing a virtual machine reservation does not work when the owner is different
      When the register operation is invoked on a managed IaaS virtual machine, the reservation used must belong to the current virtual machine owner. Only the current owner can be specified for the user parameter. If a user who is not the current owner is specified, the system records the virtual machine as belonging to one owner in IaaS and to a different owner in the catalog.

      Workaround: Only use the Change reservation to an IaaS Virtual Machine workflow for reservations that belong to the current virtual machine owner.

    • Unable to select blueprints for bulk import of unmanaged machine on vRealize Automation 7.1 upgraded to 7.2
      IaaS passes a lower-cased tenant ID to the API that retrieves blueprints for bulk import and not the case presented by the authorization service. If the user creates a tenant ID that uses mixed-case characters, for example Rainpole rather than rainpole, the lookup fails.

      Workaround: Generate the CSV file without a blueprint name or component and then manually edit the CSV file with the desired values for those fields.

    • Nested containers do not support networks
      You cannot add a network to a nested container.

      Workaround: This issue is expected to be resolved in a future release.

    • Contents of window do not display properly after connecting to a virtual machine on vSphere 6.5 using remote console
      When connecting to a machine hosted on a vSphere 6.5 endpoint using the remote console, the connection can fail or otherwise be unusable.

      Workaround: Connect to the affected machine using the VMRC client application. Select Connect using VMRC.

    • Some components might not function as expected after you drag an existing inner blueprint into a current outer blueprint
      Component settings can change depending on which blueprint the component is on. For example, if you include security groups, security tags, or on-demand networks at both the inner and outer blueprint levels, the settings in the outer blueprint override those in the inner blueprint. Network and security components are supported only at the outer blueprint level except for existing networks that work at the inner blueprint level.

      Workaround: Add all your security groups, security tags, and on-demand networks only to the outer blueprint.

    • In a high availability environment, Horizon fails to perform authentication after failover

      Workaround: After failover, restart the vRealize Automation appliance to restore authentication.

    • If you create a property group with a period in the group name, you cannot use the vRealize Automation user interface to edit the group
      This issue occurs when you create a property group with a period in the group name, for example, property.group. If you use the vRealize Automation user interface to edit this property group, a blank page appears. You can use the REST API to edit this property group.

      Workaround: Avoid using a property group name that contains a period. If that is unavoidable, use the REST API to edit the group.

    • Loss of communication between IaaS and the common service catalog during destroy process leaves virtual machine in a disposing state
      If communication is lost between IaaS and the common service catalog while the destroy request is in progress but before vRealize Automation removes the virtual machine record from the database, the machine remains in a disposing state. After communication is restored, the destroy request is updated to either successful or failed, but the machine is still visible. Although the machine is deleted from the endpoint, the name remains visible in vRealize Automation management interface.

    • When you change the vRealize Automation appliance host name, services are marked as unavailable

      Workaround: If any services are unavailable after you change the host name, restart the vRealize Automation server.

    • When you join a Management Agent domain account on a cloned Windows Server 2012 to a domain, the Management Agent domain account loses its rights on the agent certificate private key
      When you use a customization wizard to clone a machine in vSphere that is part of a domain, the machine is no longer part of that domain. When you rejoin the cloned machine to the domain, the following error message appears in the Management Agent log: CryptographicException - Keyset does not exist.

      Workaround: Resolve this issue use the following procedure to open and close the security settings for the private key of the certificate without making any changes.

      1. Locate the certificate by using the Microsoft Management Console Certificates snap-in. The snap-in displays the agent ID in its Friendly name text box.
      2. Select All Tasks > Manage Private Keys.
      3. Click Advanced.
      4. Click OK.

    • Dragging an existing inner blueprint into a current outer blueprint is restricted
      When you drag an existing inner blueprint into a current outer blueprint, the following restrictions apply if the inner blueprint has machines joined to security groups, security tags, or on-demand networks. This issue might also occur on imported blueprints.
      • The outer blueprint cannot contain an inner blueprint that contains on-demand network settings or on-demand load balancer settings. Using an inner blueprint that contains an NSX on-demand network component or on-demand load balancer component is unavailable..
      • When you add new or additional security groups to machines in the inner blueprint, the machines are joined only to new security groups that are added as part of an outer blueprint, even though the Blueprint Authoring page shows security groups from the inner and outer blueprint.
      • When you add new security tags to inner machines from an outer blueprint, security tags originally associated in the inner blueprint are no longer available.
      • When you add new on-demand networks to inner machines from an outer blueprint, on-demand networks originally associated in the inner blueprint are no longer available. Existing networks originally associated in inner blueprint remain available.

      Workaround: You can resolve this issue by performing one of the following tasks:

      • Add security groups, tags, or on-demand networks to the outer blueprint but not to the inner blueprint.
      • Add security groups, tags, or existing networks to the inner blueprint but not in the outer blueprint.

    • Directory Search Attribute menu on the Add Directory page contains inaccurate information
      Some code strings that first appear in the Directory Search Attribute menu are inaccurate.

      Workaround: Click the Directory Search Attribute drop-down menu to view accurate code strings.

    • Resource not found error occurs when requesting a catalog item
      When vRealize Automation is in High Availability mode, if the master database node fails and a new master node is not promoted, all of the services that require write access to the database fail or become temporarily corrupted until a new master database is promoted.

      Workaround: You cannot avoid this error when the master database is unavailable. You can promote a new master database so that this error disappears and you are able to request resources.

    • Changes are not saved on the Blueprint Form page of an XaaS blueprint
      If you do not click Apply after you update each field on the Blueprint Form page of an XaaS blueprint, your changes are not saved.

    • Items tab does not display information about the services that are enabled for a load balancer
      For machines provisioned by using a load balancer that is associated with vCloud Networking and Security, the Items tab does not display information about the services that are enabled for that load balancer.

    • If a machine is destroyed while vSphere clone operation is in progress, the in-progress machine clone task is not canceled
      This issue might cause the machine to be cloned. The cloned virtual machine might be managed in vCenter and no longer be under vRealize Automation management.

    • When you request a composite blueprint, the request fails immediately and the request details form fails to load
      When the maximum lease days for a component blueprint are less than the number of lease days in the outer blueprint, requests fail immediately and the request details form fails to load.

    • You cannot have deployments with bindings to DHCP IP addresses in software deployments
      If you attempt to do this, the ip_address is not available if no network profile exists. The following error message appears: System error: Internal error in processing component request: com.vmware.vcac.platform.content.exceptions.EvaluationException: No data for field: ip_address.

      Workaround: If a binding is required, use static IP addresses or IP addresses managed by vRealize Automation in the network profile, or use an IPAM integration. If you use DHCP, you should bind to the host name and not to the IP address.

      You can use the following script to get the IP address of a Cent OS machine:
      IPv4_Address = $(hostname -I | sed -e 's/[[:space:]]$//')
      echo $IPv4_Address

      Bind to the value this scrip provides when the IP address is needed for DHCP use cases.

    • Directory is created even after an error message is received
      When you create a directory from Administration > Identity Stores Management > Identity Stores, and click Save, the error message, Connector communication failed because of invalid data. Problem promoting bind DN user to administrator: the user already exists and is associated with different sync client, might appear. The new Identity Store is saved with and incorrect configuration and cannot be used.
      This error occurs if you attempt to save a new Active Directory with same values for the Base DN and the Bind DN that are already used in previously successfully created and existing Active directory.

      Workaround: You must manually delete the new Active Directory because the configuration is incorrect and you must use a different Bind DN and Base DN for new Active Directory.

    • Domain is added to a user UPN when you create a directory that includes the UserPrincipalName directory search attribute
      When you create a new directory and you select UserPrincipalName for the Directory Search Attribute, a domain is added to a user UPN. For example, the vRealize Automation user name of a user with user.domain@domain.local UPN appears as user.domain@domain.local@domain.local. This happens if the UPN suffix is configured at AD site to be domain. If the UPN suffix is customized, for example to "example.com,"then the vRealize Automation user name of a user with user.domain@example.com UPN appears as user.domain@example.com@domain.local.
      If UserPrincipalName directory search attribute is used, users must enter their user name exactly as it appears (user.domain@domain.local@domain.local), including the domain, to log in to use the REST API or Cloud Client.

      Workaround: Use sAMAccountName instead of UserPrincipalName to use the user name domain uniqueness functionality of Directories Management.

    • A 404 Not Found error appears when requesting a machine on behalf of another user
      If a blueprint includes an on-demand NAT network or an on-demand load-balancer component, a 404 Not Found error appears when a deployment requested on behalf of another user is made.

    • Machines imported with Bulk Import are not mapped to the correct converged blueprint and component blueprint

      Workaround: Add the VMware.VirtualCenter.OperatingSystem custom property to each machine in the import CSV file.

      For example:

    • Catalog Management Actions are missing in vRealize Automation

      Workaround: See Knowledge Base article 2113027.

    • After you promote a replica instance to the master instance, wrong information appears on the Database tab in the vRealize Automation master node management interface
      When the master node in the vRealize Automation appliance fails, you should use the vRealize Automation appliance management interface of a healthy node for cluster management operations.

    • Moving a datastore from one vSphere Storage DRS to another causes the system to delete instead of create a virtual machine
      If you move a datastore from one vSphere Storage DRS cluster to another vSphere Storage DRS cluster and the target cluster's automation level is not automatic, re-provisioning a created machine causes the system to delete the machine with the following error: StoragePlacement: datastore unspecified for disk in sdrs-disabled VM. This issue does not occur if the virtual machine is cloned.

      Workaround: Verify that the target cluster's automation level is set to automatic before you move a datastore from one vSphere Storage DRS cluster to another. Only single machine deployments are supported.

    To collapse the list of previous known issues, click here.