check-circle-line exclamation-circle-line close-line

vCenter Orchestrator Appliance | 02 October 2014 | Build 2179237

Release notes last updated on 24 October 2014.

Check frequently for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New in vCenter Orchestrator Appliance

vCenter Orchestrator Appliance is a patch release that resolves an important issue. See Resolved Issues.

vCenter Orchestrator Feature and Support Notice

The use of OGNL expressions in workflow presentations is supported.

The features listed below are deprecated in vCenter Orchestrator and scheduled for removal in future releases. None of the deprecated features should be used as part of any vCenter Orchestrator based solution.

  • The Orchestrator Web configuration interface does not support Internet Explorer 8 and 9. To use the Orchestrator configuration interface, use Internet Explorer 10 or later.

Installing VMware vCenter Orchestrator

Read Installing and Configuring VMware vCenter Orchestrator for step-by-step guidance on installing and configuring vCenter Orchestrator.

Downloading and Deploying the VMware vCenter Orchestrator Appliance

VMware vCenter Orchestrator is available as a preconfigured virtual appliance. The appliance significantly reduces the time and skills required to deploy vCenter Orchestrator and provides a low-cost alternative to the traditional Windows-based installation. You can download the vCenter Orchestrator Appliance from the Orchestrator Appliance download link .

The Orchestrator Appliance is distributed in OVF (Open Virtual Machine Format), OVA (Open Virtualization Appliance), and VMDK (Virtual Machine Disk) formats. It is pre-built and pre-configured with Novell SUSE Linux Enterprise Server, PostgreSQL, and OpenLDAP.

The Orchestrator Appliance offers great flexibility and uncompromised performance, making it ideal for any use case from lab evaluation to large-scale production use. The appliance offers all of the components included in the regular Windows-based installation, along with the flexibility to use either the pre-built directory services and database, or external ones like Active Directory or Oracle. What's more, the Orchestrator appliance has been certified to run at the same performance level as the Windows-based installation.

The Orchestrator Appliance makes it even faster, easier, and more affordable to integrate the VMware cloud stack, including vCenter Server and vCloud Director, with your IT processes and environment.

Important: You can perform an in-place upgrade to version of Orchestrator Appliance 5.5 or later. To upgrade Orchestrator Appliance 5.1.x and earlier to Orchestrator, you must download and deploy the latest version of the appliance, and migrate the data from a previous appliance version. For instructions about upgrading the Orchestrator Appliance, see Installing and Configuring VMware vCenter Orchestrator.

Important: For security reasons, the password expiry of the root account of the Orchestrator Appliance is set to 365 days. To increase the expiry time for an account, log into the Orchestrator Appliance as root, and run:

passwd -x number_of_days name_of_account

To make your Orchestrator Appliance root password last forever, run:

passwd -x 99999 root

Plug-Ins Installed with vCenter Orchestrator

The following plug-ins are installed by default with vCenter Orchestrator

  • vCenter Orchestrator vCenter Plug-In
  • vCenter Orchestrator Mail Plug-In 5.5.1
  • vCenter Orchestrator SQL Plug-In 1.1.1
  • vCenter Orchestrator SSH Plug-In 2.0.0
  • vCenter Orchestrator SOAP Plug-In 1.0.3
  • vCenter Orchestrator HTTP-REST Plug-In 1.0.3
  • vCenter Orchestrator Plug-In for Microsoft Active Directory 1.0.5
  • vCenter Orchestrator AMQP Plug-In 1.0.3
  • vCenter Orchestrator SNMP Plug-In 1.0.2
  • vCenter Orchestrator PowerShell Plug-In 1.0.4
  • vCenter Orchestrator Multi-Node Plug-In
  • vCenter Orchestrator Dynamic Types 1.0.0

Internationalization Support

vCenter Orchestrator supports internationalization level 1. Although Orchestrator is not localized, it can run on non-English operating systems and handle non-English text.

How to Provide Feedback

Your active feedback over the next few weeks is appreciated. Provide your feedback by:

  • Support Requests (SRs)
  • Orchestrator Discussion Forum

Support Requests

File all issues that you find as Support Requests (SRs), even if you report them to VMware by other means.

You can find the VMware Support's commitment to SRs filed by customers and instructions on how to file an SR at

Include log files in your SRs. To gather log files from Orchestrator:

  1. Go to the Orchestrator configuration interface at https://orchestrator_server_ip_address:8283.
  2. Log in with your username and password.
  3. Click Logs.
  4. Click Generate log report.
  5. Save the generated ZIP file.
  6. Upload the saved ZIP file to VMware Support.

For Orchestrator configuration issues, include an exported configuration file in your SRs. To export your configuration from the Orchestrator configuration interface:

  1. Go to the Orchestrator configuration interface at https://orchestrator_server_ip_address:8283.
  2. Log in with your username and password.
  3. Click General.
  4. Click the Export Configuration tab.
  5. Type your password and press Enter.
  6. Save the *.vmoconfig file.
  7. Upload the saved files to VMware Support.

Orchestrator Discussion Forum

View the Orchestrator forum at

Prior Releases of vCenter Orchestrator

Features and issues from earlier releases of vCenter Orchestrator are described in the release notes for each release. To review release notes for earlier releases of vCenter Orchestrator, click one of the following links:

Resolved Issues

vCenter Orchestrator Appliance contains fixes that address CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187. For details, see VMware vCenter Orchestrator Appliance, 5.1.2, and 4.2.3 Express Patch Releases (KB 2091036).

Known Issues

The known issues are grouped as follows:

Installation and Upgrade Issues

  • After upgrading vCenter Orchestrator to, you might not be able to log in to the Orchestrator client
    When you attempt to log in to the Orchestrator client after upgrading to vCenter Orchestrator, you might get an error message Invalid username/password.

    Workaround: Back up the %INSTALL_DIR%/apps/lib/bcprov-jdk15.jar file and delete it manually.

  • New log event purging strategy is not applied after upgrade
    After you deploy the Orchestrator Appliance or upgrade an existing Orchestrator installation, the new log event purging strategy is not applied and the last 5,000 log events per workflow are kept.

    Workaround: To apply the new purging strategy and configure the number of days to keep log events:

    1. Log in to the Orchestrator configuration interface.
    2. From the General tab, select Advanced Configuration.
    3. In the Expiration days of log events text box, type the number of days to keep log events and click Apply changes.
    4. Click the Startup Options tab and click Restart service.
  • Upgrading the Single Sign-On version might cause issues
    If you register Orchestrator to use Single Sign-On and subsequently upgrade the Single Sign-On version, you receive an invalid credentials error message when you try to log in to Orchestrator.

    Workaround: Perform the Single Sign-On registration again.

  • Trying to log in to the Orchestrator client during upgrade results in an error
    If you try to log in to the Orchestrator client during upgrade, you receive an Invalid username/password error message.

    Workaround: To be able to log in to the Orchestrator client:

    1. Log in to the vSphere Web Client as a user with administrative privileges for Single Sign-On.
    2. Navigate to Administration > Single Sign-On > Users and Groups and select the Groups tab.
    3. Create the ActAsUsers group if it does not exist.
    4. Add the Orchestrator application user that is a member of the vsphere.local domain and has user name vCO-<hash_code>, as a member of the ActAsUsers group.
  • If you upgrade vCenter Orchestrator 5.1.x or 5.5 with an Oracle database to Orchestrator, the database schema might not be updated
    When configuring the database through the Orchestrator web configuration interface, the following error is reported: Mismatch database version (found version '1.60', was expecting version '1.63'). In the Orchestrator log, you can see the following message: ORA-01450: maximum key length (6398) exceeded.

    Workaround: To prevent the error related to the Oracle database when upgrading to vCenter Orchestrator

    1. Stop the Orchestrator Server service and the Orchestrator Configuration service.
    2. Upgrade vCenter Orchestrator to version
    3. Run the following script against Oracle database:
      UPDATE VMO_ConfigItem set itemValue = '1.61' where id = 'item_db_version'
    4. Start the Orchestrator Configuration service and log in to Orchestrator configuration interface.
    5. Navigate to Database configuration and click Update link.
  • Restarting Orchestrator server service after reinstalling plug-ins adds Java exceptions to the logs
    In the Troubleshooting tab of the Orchestrator configuration interface, if you reinstall plug-ins by clicking Reset current version and then restart the Orchestrator server, several Java exceptions are written to the Orchestrator server logs.
  • After upgrading to Orchestrator 5.5, scheduled tasks might not run.
    After upgrading to Orchestrator 5.5 and starting the Orchestrator server, scheduled tasks might not run because Orchestrator cannot retrieve tokens from Single Sign-On for the users who scheduled the tasks.

    Workaround: Edit the tasks and re-enter the user credentials.

  • After upgrading to Orchestrator 5.5 and if Single Sign-On authentication is used, running workflows might not complete successfully.
    After upgrading to Orchestrator 5.5 and starting the Orchestrator server, workflows that were in running state or waiting on user interactions before the upgrade might not complete successfully if Single Sign-On authentication is used.

    Workaround: Restart the workflows.

Internationalization Issues

  • You might not be able to configure the LDAP settings if your LDAP password contains non-ASCII characters
    When you try to configure the LDAP settings in the Orchestrator configuration interface and the LDAP password that you enter contains non-ASCII characters, the process of configuring might fail with an error message of the type Unable to connect to LDAP Server. This issue appears under the following conditions:
    • When the LDAP password contains characters such as € and ÿ in German and French locales.
    • When the LDAP password contains any native characters in Japanese, Korean, and Simplified Chinese locales.
  • Problems handling non-ASCII characters in certain contexts
    Using non-ASCII characters in input parameters results in incorrect behavior in the following contexts:
    • If you run the SCP put or SCP get workflows from the SSH folder on a file with a name that contains non-ASCII characters, the workflow runs, but name of the resulting file on the destination machine is garbled.
    • If you try to insert non-ASCII characters into attribute names, the characters do not appear. The issue occurs for Web view attributes, workflow attributes and action attributes.

Configuration Issues

  • Orchestrator Appliance DNS configuration resets after restart
    If you set the networking configuration when deploying the Orchestrator Appliance OVF, you cannot change the DNS for the Orchestrator Appliance by using the administrator interface (https://orchestrator_appliance_ip:5480). If you change the DNS value, the new DNS value is accepted, but after restarting the Orchestrator Appliance, the DNS value reverts to the value set during the OVF deployment.

    Workaround 1: If you have not deployed the OVF yet, set the network configuration after the completing the deployment.

    Workaround 2: If you have set the networking configuration during the OVF deployment, edit the OVF settings of the Orchestrator Appliance and change the DNS value. You should repeat this for every change of DNS.

  • Unable to start the Orchestrator server when Oracle Database 12c is used
    The Orchestrator server cannot start when it is configured to use Oracle Database 12c.

    Workaround: To be able to use Oracle Database 12c:

    1. Navigate to the Orchestrator server installation folder and open the file for editing.
      • If you have installed Orchestrator on a Microsoft Windows machine, navigate to:
      • If you use the Orchestrator Appliance, in the Linux console, navigate to:
    2. Set the value of the database.hibernate.dialect property to:
    3. If you use the Orchestrator Appliance, verify that the owner of the file is vco.
      To set vco as the owner of the file, run the following command:
      chown vco:vco /etc/vco/app-server/
    4. Restart the Orchestrator server:
      1. In the Orchestrator configuration interface, click the Startup Options tab.
      2. Click Restart service.
  • After you modify the Single Sign-On settings by running a workflow from the Configuration plug-in, you must immediately restart the Orchestrator server
    You must always restart the Orchestrator server right after running a workflow for configuring the Single Sign-On settings, otherwise the Orchestrator server might become unavailable. The new Single Sign-On settings will be applied after the server restart. For this reason, if you are performing an automatic configuration of Orchestrator server through workflows, make sure that the Single Sign-On configuration is the last step of the process and is performed right before the Orchestrator server restart.

  • The Orchestrator authentication configuration might become invalid
    When Orchestrator is configured to use vCenter Single Sign-On, if the certificate of the vCenter Single Sign-On server changes or regenerates, the Orchestrator authentication configuration becomes invalid and the Orchestrator server cannot start.

    Workaround: To fix this issue, import the new vCenter Single Sign-On certificate:

    1. Log in to the Orchestrator configuration interface as vmware.
    2. Click Network.
    3. In the right pane, click the SSL Trust Manager tab.
    4. Load the vCenter Single Sign-On SSL certificate from a URL or a file.
    5. Click Import.
    6. Click Startup Options.
    7. Click Restart the Orchestrator configuration server to restart the Orchestrator Configuration service after adding the new SSL certificate.

  • Orchestrator does not work with forest and external trusts in Active Directory

    Multiple domains that are not in the same tree but have a two-way trust, are not supported and do not work with Orchestrator. The only configuration supported for multi-domain Active Directory is domain tree. Forest and external trusts are unsupported.

  • Support for TNSNames missing when you connect to an Oracle database
    You cannot use TNSNames to connect to an Oracle database. You can connect to an Oracle database using an IP address or a DNS name.

    Workaround: Add support for RAC and TNS configuration for Oracle 11g Database instances to vCenter Orchestrator (KB 1022828).

  • SSL certificate is lost when you import configuration from previous installation
    If you import the configuration of a previous installation into the current installation, the SSL certificate from the old installation is not loaded. In the Orchestrator configuration interface the Server Certificate tab shows a red triangle.

    Workaround: You must import the certificate manually.

  • Restricted access to vCenter Server inventory can cause errors if you set Session per user
    If you select the Session per user option in the vCenter Server tab of the configuration interface, accessing the vCenter Server inventory can result in some errors if the connected user has restricted access to inventory objects.

  • No error message is displayed on the Network tab of the Orchestrator configuration interface when a network port is already in use
    The Network configuration is saved successfully without errors even when the port numbers that you enter are already taken on your host.

    Workaround: Make sure the port numbers you enter on the Network tab are free.

Networking Issues

  • Loss of network connection to vCenter Server can cause workflows to stop
    If Orchestrator loses the network connection to vCenter Server while a workflow is running, and if the workflow attempts to access vCenter Server, that workflow stops and does not attempt to restart. Furthermore, the vCenter Server plug-in flushes its cache if it loses the connection to vCenter Server. Consequently, when the Orchestrator server restarts, it fetches all running objects again from the vCenter Server rather than reloading them from the cache. Fetching the objects again can cause peaks in CPU usage, and increases the load on vCenter Server. An intermittent connection to vCenter Server causes frequent workflow failures. If the network connection to vCenter Server is intermittent, then constantly fetching the objects can consume vCenter Server memory, leading to drops in performance.

    Workaround: Ensure that the network connection to vCenter Server is stable.

Client Issues

  • Incorrect number of elements might appear in the workflow editor presentation
    When you are editing a workflow which has an array of inputs or attributes and you view details about its elements from the Attributes pane on the General tab, an incorrect total number of items might be displayed. If the array has more than six elements, the number of displayed elements is one less than the actual number of elements.
  • Using special characters in the workflow presentation might cause issues
    If you use special characters when you define the workflow presentation, the output text might not appear correctly. For example, if you use the & character followed by a string of characters that do not conform to HTML format standards, the & character and all following characters do not appear in the workflow presentation.

  • Usage of the Orchestrator client through Java WebStart if the Orchestrator Appliance is behind Network Address Translation (NAT) is not supported
  • The Revert option for the parameters table on the Scripting tab of the Edit Actions view does not revert to the last saved state
    When you add a parameter to an action script, you cannot remove it using the Revert option.

    Workaround: Right-click the parameter and click Delete Selected.

  • Characters are accepted as the input value for workflow attributes of number type
    Format validation has been disabled on workflow attributes that are of the number type. Invalid input values are accepted without any warning, and workflows are saved successfully, which can lead to unpredictable results.

  • Changes to input parameter descriptions are not propagated to the presentation
    If you change the description of an input parameter for a workflow, the change is not propagated to the description in the presentation.

    Workaround: Copy the description to the presentation manually.

Miscellaneous Issues

  • Issues with REST API enumerated types
    If you send a GET request to https://orchestrator_host:8281/vco/api/catalog/Enums/enum_type/, you receive an error message of the type HTTP Status 404 - ch.dunes.model.sdk.SDKFinderException: Unable to execute 'fetchAll' for type : enum_type. This prevents searching for enumerated types by using the Orchestrator REST API. However, running and validation of the presentation instance or workflow run is not affected if you provide a valid SDK object type, for example:
    <parameter type="Enums:MSTimeZone" name="inEnum" scope="local">
    <sdk-object type="Enums:MSTimeZone" href="https://orchestrator_host:8281/vco/api/catalog/Enums/MSTimeZone/125/" id="125"/>
  • A generated URL might lead to an error of the type: Page not found
    When you run a workflow that sends an email with a URL requiring a user interaction, after you click the URL, it opens the weboperator Web view page with an error of the type: Page not found. This issue occurs when Orchestrator is configured to use as an IP address.
  • Workaround: Configure Orchestrator to use another IP address:

  1. Log in to the Orchestrator configuration interface as vmware.
  2. On the Network tab configure the Orchestrator IP address.
  3. Click Apply changes.

  • Orchestrator does not support slashes in workflow names
    If you have a workflow with a slash in its name, when you run the workflow, the workflow token might never change to completed, although the workflow itself has completed running.

    Workaround: Remove the slash from the name of the workflow.

  • Web views does not support multiple level of presentation field binding
    Web views does not support multiple levels of presentation field binding. For example, suppose the presentation consists of the following fields and bindings:
    • sourceField
    • aField bound to sourceField by using a DefaultValue attribute
    • bField bound to aField by using a DefaultValue attribute
    When you change the value of sourceField, the value of aField is also updated, but the value of bField remains the same.
  • You cannot collect Orchestrator log bundle together with the vCenter Server log bundle
    When Orchestrator and vCenter Server are installed on the same machine, and you collect the vCenter Server log bundle, the Orchestrator log files are not included in the bundle ZIP file. You can collect the Orchestrator log files only from the Orchestrator configuration interface. To gather log files from Orchestrator:
    1. Go to the Orchestrator configuration interface at https://orchestrator_server_ip_address:8283.
    2. Log in with your username and password.
    3. Click Logs.
    4. Click Generate log report.
    5. Save the generated ZIP file.

  • The Convert disks to thin provisioning workflow does not handle virtual machines with snapshots correctly and does not convert the thick-provisioned disks
    On completion, the Convert disks to thin provisioning workflow reports that the thick-provisioned disks of virtual machines with snapshots are successfully converted to thin-provisioned, when they are actually not.

    Workaround: Do not include virtual machines with snapshots in the workflow.

  • Windows Server 2008 automatically renames VMOAPP and DAR files to ZIP causing the application installation and plug-in upload in the Orchestrator configuration interface to fail
    If you are running Orchestrator on Windows Server 2008, the extension of the archives you download is automatically changed to ZIP. When you are installing an application or uploading a plug-in by using the Orchestrator configuration interface, you must use a VMOAPP or DAR file.

    Workaround: Change the ZIP extension back to either VMOAPP or DAR to use the downloaded archive in the Orchestrator configuration interface.

  • Repeatedly publishing and unpublishing Web views can cause memory issues
    Publishing and unpublishing of Web views restarts the Tapestry framework, which regenerates new meta-class information without cleaning up the previous meta-class information. Publishing and unpublishing a Web view by repeatedly calling the methods Webview.enable() and Webview.disable() in a loop in scripts can consume large quantities of memory and eventually leads to performance issues.

  • Adding values to vCenter Server data object properties of type Array is impossible
    When Orchestrator runs scripts, the vCenter Server plug-in converts JavaScript arrays to Java arrays of a fixed size. As a consequence, you cannot add new values to vCenter Server data objects that take arrays as property values. You can create an object that takes an array as a property if you instantiate that object by passing it a pre-filled array. However, after you have instantiated the object, you cannot add values to the array.

    For example, the following code does not work:

    var spec = new VcVirtualMachineConfigSpec();
    spec.deviceChange = [];
    spec.deviceChange[0] = new VcVirtualDeviceConfigSpec();

    In the above code, Orchestrator converts the empty spec.deviceChange JavaScript array into the fixed-size Java array VirtualDeviceConfigSpec[] before it calls setDeviceChange(). When calling spec.deviceChange[0] = new VcVirtualDeviceConfigSpec(), Orchestrator calls getDeviceChange() and the array remains a fixed, empty Java array. Calling spec.deviceChange.add() results in the same behavior.

    Workaround: Declare the array as a local variable, as follows:

    var spec = new VcVirtualMachineConfigSpec();
    var deviceSpec = [];
    deviceSpec[0] = new VcVirtualDeviceConfigSpec();
    spec.deviceChange = deviceSpec;

  • Workflow input parameters of type SecureString cannot take a null value
    You cannot start a workflow with a null value if that workflow takes a SecureString as an input parameter, unless you start the workflow from within another workflow. If you start a workflow with a null value when that workflow takes a SecureString as an input parameter, the server loads attributes from the cache rather than from the Orchestrator database, resulting in a null input parameter. If you then change the workflow state to passive by implementing a long-running workflow element, the attributes are reloaded from the database, converting the null value into an empty string. This is the only way you can use a null value to start a workflow that requires a SecureString input parameter.