VMware vRealize Orchestrator 6.0.4 Release Notes

|

vRealize Orchestrator 6.0.4 | 10 Mar 2016 | Build 3619036

vRealize Orchestrator Appliance 6.0.4 | 10 Mar 2016 | Build 3619080

Check frequently for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New in vRealize Orchestrator 6.0.4

vRealize Orchestrator 6.0.4 is a patch release that introduces a number of improvements and bug fixes. See Resolved Issues.

Feature and Support Notice

The features listed below are deprecated in vRealize Orchestrator 6.0.4 and scheduled for removal in future releases. None of the deprecated features should be used as part of any vRealize Orchestrator based solution.

  • LDAP authentication
  • The Orchestrator configuration interface has been deprecated in vCenter Orchestrator 5.5.1 and it is planned to be removed in the next major release of vRealize Orchestrator. Recommended vRealize Orchestrator configuration should happen through vRealize Orchestrator configuration workflows and vRealize Orchestrator configuration API.
  • The Orchestrator standalone Windows installer is deprecated and it is planned to be removed in the next major release of vRealize Orchestrator. It is not recommended to use the standalone Windows installer as a part of a Software-Defined Data Center solution.
    You can use the PowerShell plug-in with the Orchestrator Appliance to run PowerShell scripts on an external Windows host. See Invoke an External Script.

Deploying the VMware vRealize Orchestrator Appliance 6.0.4

VMware vRealize Orchestrator 6.0.4 is available as a preconfigured virtual appliance. The appliance significantly reduces the time and skills required to deploy vRealize Orchestrator and provides a low-cost alternative to the traditional Windows-based installation.

The Orchestrator Appliance is distributed as an OVF file. It is prebuild and preconfigured with Novell SUSE Linux Enterprise Server, PostgreSQL, and OpenLDAP, and it can be used with vCenter Server 4.1 and later.

The Orchestrator Appliance functionality is suitable for any use case from lab evaluation to large-scale production, when an external database is used. The appliance offers all of the components included in the regular Windows-based installation, along with the flexibility to use either the prebuilt directory services and database, or external ones like Active Directory or Oracle. The Orchestrator appliance is certified to run at the same performance level as the Windows-based installation.

The Orchestrator Appliance is a fast, easy to use, and more affordable way to integrate the VMware cloud stack, including vCenter Server and vCloud Director, with your IT processes and environment.

Upgrading to vRealize Orchestrator 6.0.4

For instructions about deploying and using the Orchestrator Appliance, see Installing and Configuring VMware vRealize Orchestrator.

Important: For security reasons, the password expiry of the root account of the Orchestrator Appliance is set to 365 days. To increase the expiry time for an account, log in to the Orchestrator Appliance as root, and run the following command:

passwd -x number_of_days name_of_account

To make your Orchestrator Appliance root password last forever, run the following command:

passwd -x 99999 root

Plug-Ins Installed with vRealize Orchestrator 6.0.4

The following plug-ins are installed by default with vRealize Orchestrator 6.0.4:

  • vRealize Orchestrator vCenter Server Plug-In 6.0.2
  • vRealize Orchestrator Mail Plug-In 7.0.0
  • vRealize Orchestrator SQL Plug-In 1.1.4
  • vRealize Orchestrator SSH Plug-In 7.0.1
  • vRealize Orchestrator SOAP Plug-In 1.0.4
  • vRealize Orchestrator HTTP-REST Plug-In 1.1.0
  • vRealize Orchestrator Plug-In for Microsoft Active Directory 2.0.3
  • vRealize Orchestrator AMQP Plug-In 1.0.4
  • vRealize Orchestrator SNMP Plug-In 1.0.3
  • vRealize Orchestrator PowerShell Plug-In 1.0.7
  • vRealize Orchestrator Multi-Node Plug-In 6.0.4
  • vRealize Orchestrator Dynamic Types 1.0.1

Internationalization Support

vRealize Orchestrator 6.0.4 supports internationalization level 1. Although Orchestrator is not localized, it can run on non-English operating systems and supports non-English text.

How to Provide Feedback

Your active feedback over the next few weeks is appreciated. Provide your feedback by:

  • Support Requests (SRs)
  • Orchestrator Discussion Forum

Support Requests

File all issues that you find as Support Requests (SRs), even if you report them to VMware by other means.

You can find the VMware Support's commitment to SRs filed by customers and instructions on how to file an SR at https://www.vmware.com/support/services/beta.

Include log files in your SRs. To gather log files from Orchestrator:

  1. Go to the Orchestrator configuration interface at https://orchestrator_server_ip_address:8283.
  2. Log in with your username and password.
  3. Click Logs.
  4. Click Generate log report.
  5. Save the generated ZIP file.
  6. Upload the saved ZIP file to VMware Support.

For Orchestrator configuration issues, include an exported configuration file in your SRs. To export your configuration from the Orchestrator configuration interface:

  1. Go to the Orchestrator configuration interface at https://orchestrator_server_ip_address:8283.
  2. Log in with your username and password.
  3. Click General.
  4. Click the Export Configuration tab.
  5. Click Export.
  6. Save the *.vmoconfig file.
  7. Upload the saved files to VMware Support.

Important: Do not export your configuration with a password.

Earlier Releases of vRealize Orchestrator

Features and issues from earlier releases of vRealize Orchestrator are described in the release notes for each release. To review release notes for earlier releases of vRealize Orchestrator, click one of the following links:

Resolved Issues

vRealize Orchestrator 6.0.4 resolves the following issues:

  • NEW! Storing more than 1000 objects in Orchestrator cache causes NullPointerException error messages.
    When Orchestrator stores more than 1000 objects in cache, the presentation runs are not serialized correctly and lose some of their properties. As a result NullPointerException error messages are recorded in the catalina.out log file.

    The issue is resolved in this release.

  • You cannot import large Orchestrator packages
    When you import large packages in Orchestrator, you receive the Could not access HTTP invoker remote service at [https://orchestrator_server_ip_address:8281/vco/webremoting/vcofactory.service]; nested exception is java.lang.OutOfMemoryError: Java heap space error from the Orchestrator server.

    The issue is resolved in this release.

  • CVE-2015-7547 glibc getaddrinfo() stack-based buffer overflow

    The issue is resolved in this release.

  • If the Orchestrator server shuts itself down, while running on Windows, the server is restarted by the watchdog service, which might result n a constant loop of server restarts

    The issue is resolved by adjusting the watchdog to automatically restart the server only when needed.

  • The Orchestrator client stops working when you drag to insert a workflow element on Mac OS X
    When you drag to insert a workflow element to a workflow dialog on Mac OS X with Java 8, the Orchestrator client stops working and needs to be restarted.

    The issue is resolved in this release.

  • Deleting a package with Keep shared selected also deletes shared content
    If you have an embedded workflow and another workflow in separate packages and try to delete the package with the embedded workflow by selecting the Keep shared option, the shared content is deleted with the package.

Known Issues

The known issues are grouped as follows:

Installation Issues

  • The Orchestrator server cannot start after upgrading to version 6.0.4
    If you are using embedded LDAP authentication and upgrade the Orchestrator windows installation 5.5.3 to version 6.0.4, you cannot log in to the Orchestrator server.
  • Workaround:

    1. Navigate to orchestrator-installation-directory\app-server\conf.
    2. Copy the content from ldap.properties.6.0.4.BuildNumber to ldap.properties.
    3. Navigate to orchestrator-installation-directory\app-server\conf\ldif.
    4. Copy the content from vco.ldif.default file to vco.ldif.
    5. Restart the VMware Orchestrator service from the Windows services.

  • Orchestrator installer does not complete upgrading.
    If you are upgrading Orchestrator 5.5.1 or earlier to version 6.0.x, without upgrading the Single Sign-On that the Orchestrator server is configured to use, the installer does not complete upgrading. All versions of Single Sign-On that work with vCenter Server 5.5 update 1 and earlier are incompatible with Orchestrator server 5.5.2 and later.
  • Workaround: Stop the Orchestrator server service before proceeding with the upgrade. After the upgrade is complete, open the Orchestrator configuration interface, update your authentication configuration, and start the Orchestrator server service.

  • Export of Orchestrator configuration might fail when you upgrade vSphere to version 6.0
    If you attempt to upgrade vSphere to version 6.0 after installing it in a custom location, you receive an Export of source Orchestrator configuration failed error message, and your Orchestrator configuration data is not transferred.
  • Workaround: Manually export the Orchestrator configuration. For details about exporting the Orchestrator configuration files, see Create an Archive for Upgrading Orchestrator.

  • Restarting Orchestrator server service after reinstalling plug-ins adds Java exceptions to the logs
    On the Troubleshooting tab of the Orchestrator configuration interface, if you reinstall plug-ins by clicking Reset current version and then restart the Orchestrator server, several Java exceptions are written to the Orchestrator server logs.
  • You might be unable to configure the LDAP settings if your LDAP password contains non-ASCII characters
    While configuring the LDAP settings in the Orchestrator configuration interface, if the LDAP password that you enter contains non-ASCII characters, the attempt might fail with an Unable to connect to LDAP Server error message. This issue occurs under the following conditions:
    • When the LDAP password contains characters such as € and ÿ in German and French locales.
    • When the LDAP password contains any native characters in Japanese, Korean, and Simplified Chinese locales.
  • Problems handling non-ASCII characters in certain contexts
    Using non-ASCII characters in input parameters results in incorrect behavior in the following situations:
    • If you run the SCP put or SCP get workflows from the SSH folder on a file with a name that contains non-ASCII characters, the workflow runs, but name of the resulting file on the destination machine is garbled.
    • If you try to insert non-ASCII characters into attribute names, the characters do not appear. The issue occurs for workflow attributes and action attributes.

Configuration Issues

  • If you experience issues connecting to a SOAP or a REST host, or importing a certificate, you might have to enable certain versions of SSL or TLS explicitly.
    For information about the problem, see https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html.
    Workaround: For information about enabling SSLv3 and TLSv1 for outgoing HTTPS connections explicitly, see Enable TLSv1 for outgoing HTTPS connections in vRealize Orchestrator 6.0.4 and 7.0.x manually (KB 2144318).
  • Exported configuration with a password cannot be reimported
    If you export your Orchestrator configuration with a password, and attempt to reimport it, you receive a Could not import the configuration.: javax.crypto.BadPaddingException: Given final block not properly padded error message and the import of the configuration fails.
  • Changes might not be added when exporting configuration settings from the Orchestrator configuration interface
    If you are exporting Orchestrator configuration data through the Orhestrator configuration interface, changes might not be added to the exported configuration package. This can lead to incorrectly configured nodes when configuring a cluster.

    Workaround: Restart the Orchestrator configuration interface before exporting the configuration data.

  • The Orchestrator configuration interface might display a validation error
    If you have a correctly configured vRealize Orchestrator with Single Sign-On authentication, you might see a validation error on the Authentication tab in the Orchestrator configuration interface.

    Workaround: Restart the Orchestrator configuration server.

  • The Orchestrator configuration interface does not load after a restart
    If you restart the Orchestrator configuration server, the page does not load or loads without an applied style sheet.

    Workaround: Access the Orchestrator Configuration page after a minute.

  • vCenter Server objects not accessible in the vSphere Web Client
    Orchestrator cannot access vCenter Server objects in the vSphere Web Client if the vCenter Server instance that you are attempting to access is registered in Orchestrator by IP address.

    Workaround: Register the vCenter Server instance by host name.

  • The Orchestrator server might become unavailable, after you modify the Single Sign-On settings by running a workflow from the Configuration plug-in
    You must always restart the Orchestrator server right after running a workflow for configuring the Single Sign-On settings, otherwise the Orchestrator server might become unavailable. The new Single Sign-On settings are applied after the server restarts. For this reason, if you are performing an automatic configuration of Orchestrator server through workflows, make sure that the Single Sign-On configuration is the last step of the process and is performed right before you restart the Orchestrator server.

  • Orchestrator authentication configuration might become invalid, if the vCenter Single Sign-On server certificate changes or regenerates
    When Orchestrator is configured to use vCenter Single Sign-On, if the certificate of the vCenter Single Sign-On server changes or regenerates, the Orchestrator authentication configuration becomes invalid and the Orchestrator server cannot start.

    Workaround: To work around this issue, import the new vCenter Single Sign-On certificate:

    1. Log in to the Orchestrator configuration interface as vmware.
    2. Click Network.
    3. In the right pane, click the SSL Trust Manager tab.
    4. Load the vCenter Single Sign-On SSL certificate from a URL or a file.
    5. Click Import.
    6. Click Startup Options.
    7. Click Restart the Orchestrator configuration server to restart the Orchestrator Configuration service after adding the new SSL certificate.
  • Orchestrator does not work with forest and external trusts in Active Directory

    Multiple domains that are not in the same tree but have a two-way trust, are not supported and do not work with Orchestrator. The only configuration supported for multi-domain Active Directory is domain tree. Forest and external trusts are not supported.

  • Support for TNSNames missing when you connect to an Oracle database
    You cannot use TNSNames to connect to an Oracle database. You can connect to an Oracle database using an IP address or a DNS name.

    Workaround: Add support for RAC and TNS configuration for Oracle 11g Database instances to vRealize Orchestrator (KB 1022828).

  • SSL certificate is not loaded when you import configuration from previous installation
    If you import the configuration of a previous installation into the current installation, the SSL certificate from the old installation is not loaded. In the Orchestrator configuration interface, the Server Certificate tab shows a red triangle.

    Workaround: Import the certificate manually.

  • Restricted access to vCenter Server inventory can cause errors if you select Session per user
    If you select the Session per user option on the vCenter Server tab of the configuration interface, attempting to access the vCenter Server inventory might result in some errors for a user with restricted access to inventory objects.
  • Updated timeout values of a REST Host take effect only after the Orchestrator server is restarted.
    When you run the Update a REST Host workflow to change the REST Host timeout configuration, you must restart the Orchestrator server for the changes to take effect.

    Workaround: Restart the Orchestrator server.

  • No error message is displayed on the Network tab of the Orchestrator configuration interface when a network port is already in use
    The network configuration is saved successfully without errors even when the port numbers that you enter are already in use on your host.

    Workaround: Make sure the port numbers you enter on the Network tab are available.

Client Issues

  • The Orchestrator client does not start on Mac machines running Java 8.
    If you are using the vRealize Orchestrator Java Web start application or the installable client on a Mac machine running Java 8, you are not able to start the Orchestrator client.

    Workaround: Use the Orchestrator client Mac App from vRealize Orchestrator Appliance Home page.

  • Adding parameters to a composite type might result in a JDBC error
    If you use the Orchestrator client to define a composite return type and add parameters with long field names, the composite type name might exceed 100 characters, which results in a JDBC error. Consequently, you cannot save the composite type.
  • The Retrieve messages (via MailClient) workflow does not display the message content
    If you are using the Retrieve messages (via MailClient) workflow with Office 365 or Microsoft Exchange Server, the received messages are with no content.

    Workaround: Call the enableImapCompatibilityMode() method on a MailClient object before calling the connect() method.

  • Use of the Orchestrator client through Java WebStart if the Orchestrator Appliance is behind Network Address Translation (NAT) is not supported
  • The Revert option for the parameters table does not revert to the last saved state
    When you add a parameter to an action script, you cannot remove it using the Revert option on the Scripting tab of the Edit Actions view.

    Workaround: Right-click the parameter and click Delete Selected.

  • Invalid input is accepted as the input value for workflow attributes of number type
    Format validation has been disabled on workflow attributes that are of the number type. Invalid input values are accepted without any warning, and workflows are saved successfully, which can lead to unpredictable results.

Miscellaneous Issues

  • vCenter Server plug-in does not have valid credentials after upgrading to Orchestrator 6.0.x
    If you upgrade Orchestrator to 6.0.x, the vCenter Server plug-in does not have valid credentials.

    Workaround: After upgrading Orchestrator, update the vCenter Server instance and configure a password for the user.

  • vRealize Orchestrator displays the vCenter Server plug-in as unusable
    After you upgrade vRealize Orchestrator to version 6.0.x, if you have not upgraded the Site Recovery Manager plug-in to version 6.0.0, the vCenter Server plug-in becomes unusable.

    Workaround: Upgrade the Site Recovery Manager plug-in to version 6.0.0 or disable the Site Recovery Manager 5.8.0 plug-in.

  • The Orchestrator configuration interface might not be accessible with Internet Explorer 11
    If you are using Internet Explorer 11, you might be unable to log in to the Orchestrator configuration interface.

    Workaround: Install Internet Explorer version 11.0.11 or a recent version of Google Chrome or Mozilla Firefox.

  • The workflow token remains uncompleted, if a workflow has a slash in its name
    If you have a workflow with a slash in its name, when you run the workflow, the workflow token might never change to completed, although the workflow itself has completed running.

    Workaround: Remove the slash from the name of the workflow.

  • The Convert disks to thin provisioning workflow does not handle virtual machines with snapshots correctly and does not convert the thick-provisioned disks
    On completion, the Convert disks to thin provisioning workflow reports that the thick-provisioned disks of virtual machines with snapshots are successfully converted to thin-provisioned, when they are actually not.

    Workaround: Do not include virtual machines with snapshots in the workflow.

  • Windows Server 2008 automatically renames VMOAPP and DAR files to ZIP causing the application installation and plug-in upload in the Orchestrator configuration interface to fail
    If you are running Orchestrator on Windows Server 2008, the extension of the archives you download is automatically changed to ZIP. When you are installing an application or uploading a plug-in by using the Orchestrator configuration interface, you must use a VMOAPP or DAR file.

    Workaround: Change the ZIP extension back to either VMOAPP or DAR to use the downloaded archive in the Orchestrator configuration interface.

  • Adding values to vCenter Server data object properties of type Array is impossible
    When Orchestrator runs scripts, the vCenter Server plug-in converts JavaScript arrays to Java arrays of a fixed size. As a result, you cannot add new values to vCenter Server data objects that take arrays as property values. You can create an object that takes an array as a property if you instantiate that object by passing it a prefilled array. However, after you have instantiated the object, you cannot add values to the array.

    For example, the following code does not work:

    var spec = new VcVirtualMachineConfigSpec();
    spec.deviceChange = [];
    spec.deviceChange[0] = new VcVirtualDeviceConfigSpec();
    System.log(spec.deviceChange[0]);

    In the above code, Orchestrator converts the empty spec.deviceChange JavaScript array into the fixed-size Java array VirtualDeviceConfigSpec[] before it calls setDeviceChange(). When calling spec.deviceChange[0] = new VcVirtualDeviceConfigSpec(), Orchestrator calls getDeviceChange() and the array remains a fixed, empty Java array. Calling spec.deviceChange.add() results in the same behavior.

    Workaround: Declare the array as a local variable, as follows:

    var spec = new VcVirtualMachineConfigSpec();
    var deviceSpec = [];
    deviceSpec[0] = new VcVirtualDeviceConfigSpec();
    spec.deviceChange = deviceSpec;
    System.log(spec.deviceChange[0]);

  • Workflows cannot start with input parameters of type SecureString, that take a null value
    You cannot start a workflow with a null value if that workflow takes a SecureString as an input parameter, unless you start the workflow from within another workflow. If you start a workflow with a null value when that workflow takes a SecureString as an input parameter, the server loads attributes from the cache rather than from the Orchestrator database, resulting in a null input parameter. If you then change the workflow state to passive by implementing a long-running workflow element, the attributes are reloaded from the database, converting the null value into an empty string. This is the only way you can use a null value to start a workflow that requires a SecureString input parameter.