vRealize Automation 8.6.2 | 18 JAN 2022

Check for additions and updates to these release notes.

Release Versions

VRealize Automation 8.6.2 | 18 January 2022

  • vRA Easy Installer (ISO) build 19221692

  • vRA Product (appliance) build 19108181

  • SaltStack Config build 19174372

Updates made to this document


Description of update



Initial publishing.


Added link to KB workaround used to resolve upgrade failure related to the log4j vulnerabilities.


Required inputs in property groups

Known Issue


Visibility binding doesn't work in Custom Form Renderer

Known Issue


NSX-v to NSX-T migration does not update any description objects

Known Issue

About vRealize Automation 8.6.2

vRealize Automation 8.6.2 complements vRealize Automation 8.6 capabilities with variety of new features including the expansion of the Resource Center to include resource-specific pages, the introduction of the quick create VM wizard to allow provisioning without a VMware Cloud Template, and additional smaller enhancements to approval policies and onboarding. vRealize Standard+ edition containing SaltStack has now been globalized to support 11 additional languages.


Log4J vulnerabilities

Updated Apache log4j to version 2.17 to resolve CVE-2021-44228 and CVE-2021-45046. For more information on these vulnerabilities and their impact on VMware products please see VMSA-2021-0028.

Upgrade failure after performing steps in KB 87120

Performing the instructions used to address the CVE-2021-44228 and CVE-2021-45046 log4j vulnerabilities described in KB 87120 can cause upgrade failures for vRealize Automation and vRealize Orchestrator 8.6.2 or earlier. For a workaround, see KB 87794.

Before you begin

Familiarize yourself with the supporting documents.

After installing vRealize Automation and setting up your users, you can use the Getting Started and Using and Managing guides for each of the included services. The Getting Started guides include an end-to-end proof of concept. The Using and Managing guides provide more in-depth information that supports your exploration of the available features. Additional information is also available in vRealize Automation 8.6 product documentation.

For information on vRealize Orchestrator 8.6 features and limitations, refer to the vRealize Orchestrator 8.6 Release Notes.

What's New

The many benefits of vRealize Automation 8.6.2 include:

Resources Tab

The "Deployments" tab is now renamed to "Resources" as we continue expand the functionality of the Resource Center and increase visiblity of discovered objects.

Resource Center - Simplified view of discovered resources and day 2 actions

Following the last release of Resource View, vRealize Automation enhanced the Resources tab to help cloud admins and end users manage cloud resources across compute, storage, networking, and security. The new features include:

  • Individual resources page by resource types: virtual machines, networking and security, and volumes

  • All resources page with advanced filter

  • In-context resource details panel: show machine details and associated network/storage

  • Create simple new VM without VMware cloud templates:

    • Quick create VM

    • Quick create VM with existing network

    • Quick create VM with new/existing storage

  • All-in-one Cloud Resource Center has provisioned, onboarded, migrated and discovered (admin only) resources

  • Admin only Day 2 action on discovered resources: power on/off, remote console

  • The same resource center is also live in Service Broker without quick create VM action

  • Note that the resource views under Infrastructure top level tab will be removed in following months: virtual machines, volumes, networks and security

  • Image, boot disk, and inline disks even though they are a part of deployment appear as discovered resource in resource view.

  • Track resource request history through deployment history

  • Resources can map to multiple cloud accounts, displaying or filtering by these multiple cloud accounts will be supported in the following release in resource center.

  • Learn more about working with resources.

vRA Ansible Integration supports 2.11

Inter-op support has been increased to Ansible 2.11.5. Ansible 2.11 is the latest stable Ansible version and customers can now use this version when running playbooks with the vRA Ansible integration.

Approval policy now supports AD groups

Approval policies in Service Broker now support AD groups as approvers, as opposed to only accepting individual users. Learn more about approval policies.

Onboarding support for IPv6

Onboarding plans now support machines which have IPv6 addresses.

vRealize Standard+ now supports 11 additional languages

As part of the on-going integration of the SaltStack products to VMware we have completed the translation and release of vRA STD + in 11 languages making it easier for our users around the world take advantage of the powerful capabilities in the vRA STD + product. vRA STD + is now available in the following languages: German, French, Spanish, Japanese, Korean, Simplified Chinese, Traditional Chinese, Russian, Dutch, Italian, Brazilian Portuguese.

vRealize Log Insight content pack for vRealize Orchestrator v8.3+ now available

The VMware vRealize Orchestrator (vRO) content pack compliments the vSphere content pack and provides a consolidated summary of log events across all vRO components of the environment. The vRealize Orchestrator 8.0+ (vRO 8.0+) content pack for Log Insight provides you with important information across all components of your vRealize Orchestrator 8.3+ environment

The vRO 8.0+ content pack enables:

  • Proactive monitoring of your vRO 8.3+ environment.

  • Server Overview dashboards.

  • Authorization related deatils.

  • Configuration and Content Audit dashboards.

  • Workflow related dashboards includes failure, logs, statitics.

  • Metrics dashboards includes REST Api logs, JVM logs details.

  • Request-based tracing across vRO 8.0+ services using trace id.

  • Troubleshooting and assistance during root-cause analysis.

Content pack can be found here: https://marketplace.cloud.vmware.com/services/details/vrealize-orchestrator-8-0-log-insight-content-pack-dist-1-1?slug=true

Plug-in API compatibility updates for VUM plug-in

The VUM (Update Manager) plug-in now supports vSphere 6.7, 7.0, 7.0 U1, 7.0 U2. This enhances support beyond the original vSphere 6.5 API. With VUM you can perform these actions:

  • Upgrade and patch ESXi hosts.

  • Install and update third-party software on hosts.

  • Upgrade virtual machine hardware and VMware Tools

Learn more about the vRealize Orchestrator plug-in for VMware vSphere Update Manager.

Access all your vRealize Automation Cloud documentation in one place

To simplify your experience in using the vRealize Automation product documentation, we combined the vRealize Automation 8.x and vRealize Automation Cloud product documentation in a single vRealize Automation Documentation Center.

  • Streamlined navigation. Use the left-hand navigation menu to access the documentation for the core vRealize Automation services. By default, these links take you to the cloud documentation, but you can find your 8.x version by using the version selector drop-down menu in each topic. You can find links to other related and supporting documentation on the vRealize Automation landing page.

  • All your documentation in one place. Cloud Assembly, Service Broker, and Code Stream documentation now live in the consolidated vRealize Automation Documentation Center. Your existing cloud bookmarks will be automatically redirected to the new location.

Explore the vRealize Automation Documentation Center.

API Documentation and Versioning

API documentation is available with the product. To access all Swagger documents from a single landing page, go to https://<appliance.domain.com>/automation-ui/api-docs where appliance.domain.com is your vRealize Automation appliance.

Before using the API, consider the latest API updates and changes for this release, and note any changes to the API services that you use. If you have not locked your API using the apiVersion variable before, you might encounter a change in an API response. All API updates and changes for this release are provided in the table below.

For unlocked APIs, the default behavior varies depending upon the API.

  • For Cloud Assembly IaaS APIs, all requests which are executed without the apiVersion parameter will be redirected to the first version which is 2019-01-15. This redirect will allow every user who did not previously specify the apiVersion parameter to transition smoothly to the latest version without experiencing breaking changes.

    NOTE: For the Cloud Assembly IaaS APIs, the latest version is apiVersion=2021-07-15. If left unlocked, IaaS API requests will be redirected to the first version which is 2019-01-15. The first version is deprecated and will be supported for 12 months. To ensure a smooth transition to the new version, lock your IaaS API requests with the apiVersion parameter assigned to 2021-07-15.

  • For other APIs, your API requests will default to the latest version. If you select one of the earlier version dates listed for the Swagger spec, the API behavior will reflect APIs that were in effect as of that date and any date until the next most recent version date. APIs are no versioned for every vRealize Automation release and not all APIs support the apiVersion parameter.

For more information about API versioning, see the vRealize Automation 8.6 API Programming Guide.

Service Name

Service Description

API Updates and Changes


Holds all functionality specific to ABX, including creation and management of actions and their versions and executing actions and flows.

No change


Enforce policies which control who must agree to a deployment or day 2 action before the request is provisioned

Incompatible change in response attribute

Response attribute has changed from "phase" to "level" in the following API calls:

GET /approval/api/approvals

GET /approval/api/approvals/{id}

Updates to response attributes

Added "total levels" and "current level" as response attributes to the following API calls:

GET /approval/api/approvals

GET /approval/api/approval/{}


Create, validate, and provision VMware Cloud Templates (formerly called Blueprints)

No change


When using Kubernetes with vRealize Automation, deploy and manage Kubernetes clusters and namespaces.

No change

Content Gateway(content service)

Connect to your infrastructure as code content in external content sources such as SCM Providers and VMware Marketplace.

No change

Custom Forms (form-service)

Define dynamic form rendering and customization behavior in Service Broker and Cloud Assembly VMware services.

No change


Access deployment objects and platforms or cloud templates that have been deployed into the system.

New endpoint to create a new resource without using a cloud template:

POST /deployment/api/resources


Perform infrastructure setup tasks, including validation and provisioning of resources in iterative manner.

New endpoint to update Fabric vSphere Datastores:

PATCH /iaas/api/fabric-vsphere-datastores


This service is used to quickly setup a vRA 8 instance based on information in a configuration file a.k.a Zero-Setup

No change


Holds all functionality specific to creation, management and delete of projects

No change


Define policy and plans for bringing existing VMs from any cloud under management.

No change


Access Service Broker catalog items and catalog sources, including content sharing and the request of catalog items.

Added "formId" as a parameter for a custom form ID to the API call:

PATCH /catalog/API/admin/items

Catalog Service (Policies)

Interact with policies created in Service Broker.

No change

Code stream all pipeline-service

These API provide access to Code Stream services.

No Change

Identity Service

A list of identity, account and service management APIs.

No change

Relocation Service

New restrictions added to PATCH action on onboardingBlueprintState

No change

Resolved Issues

The following issues were resolved in this release.

  • Azure, AWS networks are marked missing and re-collected as new networks.

    vRealize Automation Network Profiles created for AWS & Azure cloud accounts and containing discovered Networks and Security Groups start to have missing items (i.e. Networks and/or Security Groups). Missing items start to appear in a couple of days after their creation and on some environments. The cause of missing items appeared to be Enumeration process which cannot find correspondence between the cloud account and the Provisioning entities and because of this the Provisioning entities are deleted.

  • Bracket position error issue occurred on Requests - Confirm Delete Requests page.

    Bracket placement in the pop-up confirmation screen is not as expected when multiple deployment resources are present.

  • Reconfiguring security rules fail after upgrade.

    After upgrading, users cannot reconfigure security groups with new rules that use a protocol and port on NSX-T versions earlier then 3.x.

  • Provisioning a VM from a snapshot does not place the VM in the correct datastore as configured in the storage profile.

    When provisioning a VM by using a snapshot, the VM is not placed in the correct datastore where that snapshot resides irrespective of the datastores configured in the storage profiles.

  • Extensibility actions running on AWS Lambda might fail with an error.

    Because of a minor change in the AWS Lambda service, extensibility actions running on AWS Lambda might fail with the following error:

    'Error com.amazonaws.services.lambda.model.ResourceConflictException: The operation cannot be performed at this time. The function is currently in the following state: Pending'.

  • Administrator role missing permissions.

    When SaltStack Config is integrated with vIDM and has a role of Administrator, you cannot view minions, minion keys or accept minion keys.

  • Exceptions for READ operation are not properly processed.

    If a back-end error happens for deployment iterative updates, only a generic error message is shown. From the server logs, a detailed error message is shown. However, because of the exception not being handled properly, only a generic error message is displayed in the UI.

  • Request tracker is not working for resource views.

    On the All resources page, after selecting a machine and performing any day 2 action, the request tracker does not appear unless a manual refresh is initiated.

Known Issues

The following known issues are present in this release.

  • NSX-v to NSX-T migration does not update any description objects

    NSX-v to NSX-T migration does not update any description objects as the endpoint_links are not expected to be set there. So, after V2T migration the load balancer description records still point to NSX-v and get deleted when the NSX-v cloud account is deleted. This causes problems with Day-2 operations on such deployments

    Workaround: Do not delete the NSX-v cloud account after migration if the vRA 7 to 8 migration was performed.

  • Visibility binding doesn't work in Custom Form Renderer

    Visibility binding option was released in Form Designer from version 8.6.2, but implementation is missing in Form Renderer and hence not working.

  • Required inputs in property groups

    In the property group, for all types except Boolean, omitting a default value makes the property input required.

    Workaround: See KB 87833. Meanwhile, support for optional inputs is planned for inclusion in a future VRA release.

  • When updating a vSphere machine to connect to a different network, an error occurs if the machine type is Windows and the cloud template does not specify a customization spec.

    If a customization spec does not exist in the cloud account, a failure occurs when updating a deployed vSphere machine with a Windows OS to connect to a different network. The error message is: Error from vCenter: A specified parameter was not correct: spec.identity.

    The error occurs because vRealize Automation does not detect the machine type as Windows and creates a customization suitable for a Linux machine.

    You can reconfigure the network on the deployed machine by using the Actions -> Update menu sequence or by performing an iterative deployment update.

    Workaround: Specify a customization spec in the cloud template in the machine component's customizationSpec section.

  • IPv4 and IPv6 addresses are not allocated in the internal IPAM upon VM re-onboarding.

    For a VM that was onboarded and its IP allocated successfully, unregistering the VM and onboarding the VM immediately will still keep its IPs Released instead of being Allocated again. 

    Workaround: Wait for 30 minutes before onboarding the VM again to have the IP allocated.

  • Configuring the IP Address RELEASED period does not work in a multi-tenant environment.

    The task that runs globally to move IP addresses from RELEASED to AVAILABLE is not tenant-aware. In a multi-tenant environment, where one or more tenants has configured an IP address timeout, only one timeout value is applied to all the tenants.

    This issue is being addressed and will be resolved in a future release.

    No workaround.

  • Failed to start upgrade to 8.5.1 and 8.6.0.

    Starting an iterative upgrade trhough vRSLCM to vRealize Automation 8.5.1 or later on a vRealize Automation 8.5.0 system fails at the vRealize Automation Upgrade/Patch/Internal Network step of Stage 1 about a minute or so after launching the upgrade. The previous upgrade, while completed successfully, is unable to delete its runtime data and leaves the upgrade in an "in progress" state. Hence, a new upgrade cannot be launched. This is likely to affect some systems with long host names (FQDNs) that has been upgraded from vRealize Automation 8.4.x to 8.5.0.

    Workaround: In this release, LCM will perform the precheck and notify you of the issue. For information on workaround steps, see KB 85965.

  • Upgrading from vRealize Automation 8.5 and 8.5.1 might fail with an error "Upgrade terminated due to critical error".

    Upgrading from vRealize Automation 8.5 or 8.5.1 might fail with the error "Upgrade terminated due to critical error". Disk space checks show /root at *or near* 100% utilization.

    Workaround: For information on workaround steps, see KB 85864.

  • Incorrectly dropped or placed elements in Cloud Templates break the UI page.

    In Firefox, using drag and drop can sometimes redirect the page. When dragging a resource node, dropping it outside of the canvas could also cause page redirection in Firefox.

    Workaround: Drop the resource in the canvas and delete it instead.

  • Custom resource subscriptions not available for custom resources based on extensibility actions.

    While vRealize Automation 8.5.1 introduced extensibility action based custom resources, there are some limitations to the feature. For example, cloud admins are still unable to include extensibility action based resources in event based subscriptions.

    No workaround.

  • Timeout exception appears during deployment update of an extensibility action based custom resource.

    When you update an extensibility action based custom resource deployment, you might see a ''504 Gateway Time-out issue" error. The error appears in the event of an extensibility action read failure.

    No workaround.

Changed and Deprecated Functionality

Upcoming Migration assistant update

Starting in the February 2022 release, vRealize Automation will support migrations through the Migration Assistant only from vRealize Automation 7.6. Migration Assessment for older versions will continue to work.

check-circle-line exclamation-circle-line close-line
Scroll to top icon