check-circle-line exclamation-circle-line close-line

VMware vRealize Orchestrator 7.4 Release Notes

vRealize Orchestrator Appliance 7.4 | 12 April 2018 | Build 8074344

Check frequently for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New in vRealize Orchestrator 7.4

vRealize Orchestrator 7.4 introduces a number of improvements, bug fixes, and extends the automated configuration with new options:

  • Multi-Tenancy in vRealize Orchestrator
    • Fully-isolated content items and execution (Multi-tenancy is disabled by default).
    • Reduce the need to deploy dedicated vRealize Orchestrator instances for tenants.
  • Updated Web-Based Clarity UI
    • A new Monitoring client dashboard with workflow runs and metrics to monitor and troubleshoot workflow runs. Added ability to view run details of the workflow.
    • Roles Management accessible directly in the new Monitoring client.
    • Centralized log views.

Feature and Support Notice

  • Multi-tenancy and Roles Management can only be used when vRealize Authentication is configured.
  • The following feature has reached its End of Life and is no longer available or supported in vRealize Orchestrator.
    • LDAP authentication

  • The following features are deprecated in vRealize Orchestrator and are scheduled for removal in future releases.
    • Support for Microsoft SQL Server and Oracle Database as external database servers.
    • Support for SNMPv3.
  • The vCenter Single Sign-On Legacy authentication mode has been replaced by the vSphere authentication method.
  • The following workflows of the vRealize Automation plug-in are deprecated and will not work with vRealize Automation plug-in 7.4.
    • Create a Management Endpoint
    • Delete a Management Endpoint
    • Delete a Connection Credential
    • Create a Connection Credential

Deploying the VMware vRealize Orchestrator Appliance 7.4

VMware vRealize Orchestrator 7.4 is available as a preconfigured virtual appliance.

The Orchestrator Appliance is distributed as an OVA file. It is prebuilt and preconfigured with Novell SUSE Linux Enterprise Server, PostgreSQL, and it can be deployed with vCenter Server 5.5 and later.

The Orchestrator Appliance is a fast, easy to use, and more affordable way to integrate the VMware cloud stack, including vRealize Automation and vCenter Server, with your IT processes and environment.

Upgrading to vRealize Orchestrator 7.4

For instructions about deploying and using the Orchestrator Appliance, see Upgrading and Migrating VMware vRealize Orchestrator.

NOTE: Upgrading vRealize Orchestrator Appliance from version 5.5.x to 7.4 is not supported. You must upgrade your vRealize Orchestrator Appliance 5.5.x to 6.0.x first.

Important: For security reasons, the password expiry of the root account of the Orchestrator Appliance is set to 365 days. To increase the expiry time for an account, log in to the Orchestrator Appliance as root, and run the following command:

passwd -x number_of_days name_of_account

To make your Orchestrator Appliance root password last forever, run the following command:

passwd -x 99999 root

Plug-Ins Installed with vRealize Orchestrator 7.4

The following plug-ins are installed by default with vRealize Orchestrator 7.4:

  • vRealize Automation Center Infrastructure Administration Plug-In 7.4.0
  • vRealize Automation Plug-In 7.4.0
  • vRealize Orchestrator vCenter Server Plug-In 6.5.0
  • vRealize Orchestrator Mail Plug-In 7.0.1
  • vRealize Orchestrator SQL Plug-In 1.1.4
  • vRealize Orchestrator SSH Plug-In 7.1.0
  • vRealize Orchestrator SOAP Plug-In 2.0.0
  • vRealize Orchestrator HTTP-REST Plug-In 2.2.2
  • vRealize Orchestrator Plug-In for Microsoft Active Directory 3.0.7
  • vRealize Orchestrator AMQP Plug-In 1.0.4
  • vRealize Orchestrator SNMP Plug-In 1.0.3
  • vRealize Orchestrator PowerShell Plug-In 1.0.13
  • vRealize Orchestrator Multi-Node Plug-In 7.4.0
  • vRealize Orchestrator Dynamic Types 1.3.0
  • vRealize Orchestrator vCloud Suite API (vAPI) Plug-In 7.4.0
  • vRealize Orchestrator Plug-In for vRealize Automation 7.4.0

Internationalization Support

vRealize Orchestrator 7.4 provides a multi-language support for Control Center and supports internationalization level 1 for the Orchestrator client.

How to Provide Feedback

Your active feedback is appreciated. Provide your feedback by using one of the following methods:

  • Support Requests (SRs)
  • Orchestrator Discussion Forum

Support Requests

File all issues that you find as Support Requests (SRs), even if you report them to VMware by other means.

You can find the VMware Support's commitment to SRs filed by customers and instructions on how to file an SR at https://www.vmware.com/support/services/beta.

Include log files in your SRs. Follow the steps to gather log files and configuration from Orchestrator:

  1. Go to Control Center at https://orchestrator_server_ip_address:8283/vco-controlcenter.
  2. Log in as an administrator.
  3. Click Export Logs.
  4. Click Export logs.
  5. Save the generated ZIP file.
  6. Upload the saved ZIP file to VMware Support.

Earlier Releases of vRealize Orchestrator

Features and issues from earlier releases of vRealize Orchestrator are described in the release notes for each release. To review release notes for earlier releases of vRealize Orchestrator, click one of the following links:

Resolved Issues

  • Workflows that initiate a SOAP operation fail after an Orchestrator server restart

    If you run a workflow that initiates a SOAP operation and the Orchestrator server restarts, the workflow will fail with an error similar to: Workflow:Invoke a SOAP operation / Prepare Parameters (item0) : ch.dunes.model.type.ConvertorException: Cannot convert to object , reason : Unable to perform operation 'find('Operation', '37c85322-ad52-45eb-84e3-ac91ad155dc3:Feedback')' on plugin 'SOAP' reason : 'Trying to put already available object'

  • You get an Error 400! error while configuring vSphere Authentication in vRealize Orchestrator

    When you configure vSphere authentication in vRealize Orchestrator, you see an error similar to: Error 400!Exception occurred. Details: Could not read document:
    Unexpected token (FIELD_NAME), expected END_OBJECT: expected closing END_OBJECT after type information and deserialized value at [Source: java.io.PushbackInputStream@16ebe97d; line: 1, column: 445]; nested exception is com.fasterxml.jackson.databind.JsonMappingException: Unexpected token (FIELD_NAME), expected END_OBJECT: expected closing END_OBJECT after type information and deserialized value at [Source: java.io.PushbackInputStream@16ebe97d; line: 1, column: 445]

  • Updating a preserved value in a configuration element results in an error

    If you are updating a preserved value in a configuration element in the Java client, you receive the following error: java.lang.IllegalArgumentException: Comparison method violates its general contract!

  • On logging in Control Center, you get a timeout error when vSphere authentication is used

    If Orchestrator is authenticated with vSphere and a user belongs to a lot of user groups, a timeout error occurs when logging in to Control Center.

  • Nested workflows fail with error: java.lang.IllegalArgumentException: [class/interface] is not visible from class loader

    Nested workflows fail with error: java.lang.IllegalArgumentException: [class/interface] is not visible from class loader

  • After defining an attribute composite type in a workflow in the Java client, you are unable to edit that composite type.

    After defining an attribute composite type in a workflow in the Java client, you are unable to edit that composite type.

  • Workflow runs, policies, or tasks fail with error: Unable to authenticate with OAuthToken

    Workflow runs, policies, or tasks fail with error: Unable to authenticate with OAuthToken

  • You might not be able to log in to Control Center if you are using a different letter case when you are authenticating with your user, group, or tenant.

    You might not be able to log in to Control Center if you are using a different letter case when you are authenticating with your user, group, or tenant.

  • A package export does not preserve SecureString values in a Configuration element

    When you import previously exported packages, the SecureString values in the Configuration elements are empty. Workflows that depend on them will fail.

  • User interaction with boolean input parameter cannot be set to No.

    User interaction with boolean input parameter, which is an attribute in the workflow with a default value set to true and without a decorator cannot be set to No.

  • Dynamic types definitions are lost after a cluster synchronization.

    After a cluster synchronization, some of the nodes might have configured types and relations missing.

  • The PowerShell plug-in fails to connect to Windows Server 2012, because of a limitation of a maximum line length when running CMD

    The PowerShell plug-in fails to connect to Windows Server 2012, because of a limitation of a maximum line length when running CMD

  • You receive errors when browsing the vCenter Server plug-in inventory, if you have permissions on a subset of vSphere Inventory folders

    If you have permissions on a subset of vSphere Inventory folders, you are not able to browse the vCenter Server inventory.

  • If you pass the VirtualEthernetCard object between workflow elements, the workflow run might fail.

    This issue is observed when more than one user are running the same workflow simultaneously against a vCenter Server instance, registered in a shared session mode

  • The 'Convert independent disks' workflow in the vCenter Server plug-in does not convert a disk to dependent

    The Convert independent disks workflow in the vCenter Server plug-in does not convert a disk to dependent.

  • There is a monitoring thread leakage, if the vAPI client is not explicitly closed

    There is a monitoring thread leakage if the vAPI client is not explicitly closed. The example workflows are updated to show you the correct way of using the vAPI client.

  • AMQP plug-in fails when a large number of messages must be processed

    The AMQP plug-in cannot process a large number of messages at once and fails. This issue has been fixed by dropping messages when the queue gets too big and the plug-in is about to fail.

  • The cluster view displays 'Server restart is required because of not applied configuration change' for some of the nodes.

    The cluster view displays 'Server restart is required because of not applied configuration change' for some of the nodes.
    Restart of that node does not fix the issue.

  • vRealize Orchestrator is not creating the integration-scripting and integration-server logs for Log Insight

    After upgrade integration-scripting and integration-server logs are not created and as result no logs are sent to the configured Log Insight server.

  • Disable SMBv1 protocol in vRealize Orchestrator appliance

    Due to several wide-spread outbreaks of Malware which utilize the Microsoft/IBM SMBv1 protocol (Wannacry/Petya), supporting the SMBv2 industry standard has become a critical compliance issue for our customers.
    VMware is forcing SMBv1 to be enabled in Microsoft products in order to communicate with our products. SMBv2 is supported so you can disable SMBv1 globally in your Windows environments.

  • Export of a package to folder doesn't exports version history content

    If you export a package to folder using Java client, the version history content is not exported. As a result when you import the package, you are no longer able to revert content to previous version

Known Issues

The known issues are grouped as follows.

Installation Issues
  • The Orchestrator service cannot recover after a back up and restore procedure.
    When you back up and restore Orchestrator, the server is not accessible from vRealize Automation and an Unable to establish a connection to vCenter Orchestrator server error appears. This results in Orchestrator being unable to start, while having a STARTED status, missing tasks and policies, and workflows that must be re-run.

    Workaround: Re-create the missing scheduled tasks and policies, re-run the scheduled workflows that did not start, and restart the Orchestrator service.

  • Upgrade from vRO 6.0.3 does not complete

    After you start upgrade, the upgrade never finishes. In the VAMI you see message:
    Installing VMware vRealize Orchestrator Appliance - 7.3.1.21641 Build 8002898, please wait ...
    the upgrade never continues.

    Upgrade to vRO 6.0.5 and then to vRO 7.3.1 following upgrade guide

Configuration Issues
  • If you click the Save Changes button on the Configure Authentication Provider page without making any changes to the authentication settings, you can no longer access Control Center.
    On the Configure Authentication Provider page in Control Center, if you resave the authentication parameters that are already configured, without having changed them, an An error occurred during OAuth2 operation. Please contact your administrator to resolve the issue. { "error": "invalid_request", "error_description": "Must provide a valid redirect uri." } error message appears, and Control Center is no longer accessible.
  • During the installation of a plug-in in Control Center, an error message appears.
    When you install a plug-in from the Manage Plug-Ins page in Control Center, a Plug-in 'name_of_the_plug-in' (plug-in_file_name) is not compatible with the current platform version. Supported platform versions are ''. Clicking on the 'Install' button will install it anyway error message appears. You can safely disregard this error and proceed with the installation of the plug-in.
  • The vRealize Orchestrator SQL plug-in cannot connect to a MySQL database.
    When you run the Add a database workflow against a MySQL database, the workflow fails with a The driver 'com.mysql.jdbc.Driver' for 'MySQL' database cannot be found! error message.

    NOTE: The support for MySQL databases was removed in vRealize Orchestrator 7.0.

    Workaround: To enable support for MySQL database, you must install the JDBC driver for MySQL on the Orchestrator platform.

    1. Download the latest JDBC driver for MySQL from http://dev.mysql.com/downloads/connector/j/.
    2. Extract the downloaded archive.
    3. In the extracted folder, locate the mysql-connector-java-x.x.x.jar file, where x.x.x is the current subminor version.
    4. Copy the mysql-connector-java-x.x.x.jar to the /usr/lib/vco/app-server/lib directory on the Orchestrator server.
    5. Change the ownership of the mysql-connector-java-x.x.x.jar file.
    6. chown vco:vco mysql-connector-java-x.x.x.jar

    7. Change the permissions of the mysql-connector-java-x.x.x.jar.
    8. chmod 644 mysql-connector-java-x.x.x.jar

    9. Restart the Orchestrator server service.
    10. service vco-server restart

  • Orchestrator authentication configuration might become invalid, if the authentication provider certificate changes or regenerates.
    When the SSL certificate of the vRealize Automation or vSphere instance that is configured as an authentication provider in Control Center is changed or regenerated, the Orchestrator authentication configuration becomes invalid and the Orchestrator server cannot start.

    Workaround: Import the new authentication provider certificate:

    1. Log in to Control Center as an administrator.
    2. Click Certificates.
    3. Click the Import on the Trusted Certificates tab.
    4. Load the SSL certificate from a URL or a file.
    5. Click Import.

  • The SOAP plug-in cannot connect through an authenticated proxy server.
    When you run the Add a SOAP host workflow, use a proxy server that does not require authentication.
  • The Orchestrator client does not run on versions of Java earlier than Java 8.
    You need Java 8 to run the Orchestrator client.
  • If you experience issues connecting to a SOAP or a REST host, or importing a certificate, you might have to explicitly enable certain versions of SSL or TLS.
    For information about this issue, see https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html.

    Workaround: For information about explicitly enabling SSLv3 and TLSv1 for outgoing HTTPS connections, see Enable TLSv1 for outgoing HTTPS connections in vRealize Orchestrator 6.0.4 and 7.0.x manually (KB 2144318).

  • vCenter Server objects not accessible in the vSphere Web Client.
    Orchestrator cannot access vCenter Server objects in the vSphere Web Client if the vCenter Server instance that you are attempting to access is registered in Orchestrator by IP address.

    Workaround: Register the vCenter Server instance by host name.

  • Connecting to an Oracle database by using TNSNames is not supported .
    You cannot use TNSNames to connect to an Oracle database. You can connect to an Oracle database by using an IP address or a DNS name.

    Workaround: See Add support for RAC and TNS configuration for Oracle 11g Database instances to vRealize Orchestrator (KB 1022828).

Client Issues
  • Duplicating a workflow always copies the version history of the original workflow, even through the Copy version history is set to No.
    The Duplicate workflow step transfers the events history from the original workflow to the copied workflow even when you select the No radio button for Copy version history during the duplication.
  • OGNL expressions of an input parameter run with every input parameter update
    When an input parameter includes an OGNL expression, which is bound to more than one input parameter, the OGNL expression runs every time any of the input parameters is updated, instead of running once, when all input parameters are updated. If the OGNL expression invokes a resource-consuming operation, for example data mining, the presentation might run slowly.
  • Problems handling non-ASCII characters in certain contexts.
    Using non-ASCII characters in input parameters results in incorrect behavior in the following situations:
    • If you run the SCP put or SCP get workflows from the SSH folder on a file with a name that contains non-ASCII characters, the workflow runs, but name of the resulting file on the destination machine is unreadable.
    • If you try to insert non-ASCII characters into attribute names, the characters do not appear. This issue occurs for workflow attributes and action attributes.
  • Using the Orchestrator client through Java WebStart if the Orchestrator Appliance is behind Network Address Translation (NAT) is not supported.
  • vRealize Orchestrator actions in action modules that contain space characters in their names are not recognized as custom properties by vRealize Automation

    After an upgrade from any version of Orchestrator earlier than 7.0, action modules that contain spaces in their names are no longer visible by any vRealize Automation installation running on version 7.x. As a result, the actions in these modules cannot be associated to property definitions in vRealize Automation.

    Workaround: Verify that action modules do not have space characters in their names. Before upgrading vRealize Orchestrator, replace any space characters from your action module names with an underscore character (_) or a dot (.).

Miscellaneous Issues
  • When running the migration tool to export configuration from a vRealize Orchestrator 6.x Virtual Appliance, you receive an error message.
    During the migration from vRealize Orchestrator 6.x Virtual Appliance to vRealize Orchestrator 7.3, after you copy the migration tool from the target to the source Orchestrator server and run the vro-migrate.sh script to export the configuration, the following error message appears:

    SLF4J: Failed to load class "org.slf4j.impl.StaticLoggerBinder".
    SLF4J: Defaulting to no-operation (NOP) logger implementation
    SLF4J: See http://www.slf4j.org/codes.html#StaticLoggerBinder for further details.

    Workaround: You may safely ignore this message. Make sure that the orchestrator-config-export-orchestrator_ip_address-date_hour.zip archive is created in the /var/lib/vco folder and proceed with the migration.

  • When you have more than one Orchestrator instances in a cluster, the workflow tokens are visible only on the Orchestrator node on which the workflow has run.
  • The Storage VSAN workflows of the vCenter Server plug-in do not support adding Solid-State Drive (SSD) disks to an ESXi host.
    The Add disks to disk group and Remove disks from disk groups workflows do not support adding SSD disks as capacity disks to ESXi hosts.
  • The vCenter Server plug-in does not support policies.
    The vCenter Server plug-in for vRealize Orchestrator does not support using policies to monitor for events that are issued by the managed vCenter Server instance.
  • Compiling a custom model-driven plug-in fails if you use an extension method that contains lambda expressions.
    When you use model-driven to create plug-ins and you add extension methods to a certain extension, the plug-in does not compile if the extension method contains lambda expressions. The plug-in compilation fails with an error message, similar to the following: Caused by: java.lang.ArrayIndexOutOfBoundsException: 52789.

    Workaround: Do not use lambda expressions in the body of the extension methods.

  • The RESTOperation ID does not initialize properly if the REST host instance is created by using a Swagger spec.
    In the HTTP-REST plug-in, when the REST host instance is created by a Swagger spec, the RESTOperation ID does not initialize properly and the getOperation of the RESTHost object does not work.
  • The SOAP plug-in does not support mutual authentication with the SOAP host.
    The available authentication mechanisms support only one-way authentication.
  • The SSH plug-in cannot connect to a Cisco Adaptive Security Appliance (ASA) firewall.
    The SSH plug-in for vRealize Orchestrator 7.1 does not support connectivity to a Cisco Adaptive Security Appliance (ASA) firewall.
  • Restricted access to vCenter Server inventory can cause errors if you select Session per user.
    If you select the Session per user option when adding a vCenter Server instance to Orchestrator, attempting to access the vCenter Server inventory might result in some errors for a user with restricted access to inventory objects.
  • vCenter Server plug-in does not have valid credentials after upgrading from an Orchestrator version 6.0.2 or earlier.
    If you upgrade from an Orchestrator version before 6.0.3, the vCenter Server plug-in does not have valid credentials.

    Workaround: After upgrading Orchestrator, update the vCenter Server instance and configure a password for the user.

  • The Convert disks to thin provisioning workflow does not handle virtual machines with snapshots correctly and does not convert the thick-provisioned disks.
    On completion, the Convert disks to thin provisioning workflow reports that the thick-provisioned disks of virtual machines with snapshots are successfully converted to thin-provisioned, but they are not.

    Workaround: Do not include virtual machines with snapshots in the workflow.

  • Adding values to vCenter Server data object properties of the Array type is impossible.
    When Orchestrator runs scripts, the vCenter Server plug-in converts JavaScript arrays to Java arrays of a fixed size. As a result, you cannot add new values to vCenter Server data objects that take arrays as property values. You can create an object that takes an array as a property if you instantiate that object by passing it a prefilled array. However, after you instantiate the object, you cannot add values to the array.

    For example, the following code does not work:

    var spec = new VcVirtualMachineConfigSpec();
    spec.deviceChange = [];
    spec.deviceChange[0] = new VcVirtualDeviceConfigSpec();
    System.log(spec.deviceChange[0]);

    In the above code, Orchestrator converts the empty spec.deviceChange JavaScript array into the fixed-size Java array VirtualDeviceConfigSpec[] before it calls setDeviceChange(). When calling spec.deviceChange[0] = new VcVirtualDeviceConfigSpec(), Orchestrator calls getDeviceChange() and the array remains a fixed, empty Java array. Calling spec.deviceChange.add() results in the same behavior.

    Workaround: Declare the array as a local variable:

    var spec = new VcVirtualMachineConfigSpec();
    var deviceSpec = [];
    deviceSpec[0] = new VcVirtualDeviceConfigSpec();
    spec.deviceChange = deviceSpec;
    System.log(spec.deviceChange[0]);

  • Passing a VcSnapshotInfo object as an attribute of type Any between two workflow elements causes an exception during serialization

    In the vCenter Server plug-in, passing a VcSnapshotInfo object or an array of VcSnapshotInfo objects as an attribute of type Any between thi workflow elements triggers a serialization that fails with a Can not set long field com.codahale.metrics. error message.

    Workaround: Change the workflow to omit passing a VcSnapshotInfo object or an array of VcSnapshotInfo objects between the workflow elements.

Documentation and Help

    The following items or corrections did not make it into the documentation for this release.

    • When you migrate an external Orchestrator server to the Orchestrator instance that is embedded in vRealize Automation, if the vRealize Automation has been migrated from an earlier version, before you start the Orchestrator server service and the Control Center service on the vRealize Automation Appliance, you must delete the trusted certificates from the database of the embedded Orchestrator instance.
      In documentation topic Migrate an External vRealize Orchestrator 7.x to vRealize Automation 7.3, after you migrate as described in Step 4, you must delete the trusted certificates from the database of the embedded Orchestrator.

      sudo -u postgres -i -- /opt/vmware/vpostgres/current/bin/psql vcac -c "DELETE FROM vmo_keystore WHERE id='cakeystore-id';"

    • Uninstalling a plug-in in vRealize Orchestrator does not work as described in documentation topic Uninstall a Plug-in.

      Workaround: Run the steps below to uninstall the plug-in. If you have more than one Orchestrator node in a cluster, run the steps on all nodes.

      1. Log in to the Orchestrator Appliance over SSH as root.
      2. Stop the Orchestrator server service and the Control Center service.

        service vco-server stop && service vco-configurator stop

      3. Open the /etc/vco/app-server/plugins/_VSOPluginInstallationVersion.xml file with a text editor and delete the line of code that corresponds to the plug-in that you want to remove.
      4. Under the /var/lib/vco/app-server/plugins directory, delete the .dar archives that contain the plug-in that you want to remove.
      5. Delete all records under from the VMO_VroConfiguration table in the Orchestrator database.

        For example, if you use Microsoft SQL Server, the delete statement is DELETE FROM [database_name].[dbo].[VMO_VroConfiguration].

      6. Start the Orchestrator server service and the Control Center service.

        service vco-server start && service vco-configurator start

      7. Delete the packages and folders that are related to the plug-in as described in Step 5 of documentation topic Uninstall a Plug-in.