vRealize Orchestrator Appliance 8.3 | 4 February 2021 | Build 17535332

vRealize Orchestrator Update Repository 8.3 | 4 February 2021 | Build 17535332

Check frequently for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:


Upgrade failure after performing steps in KB 87120

Performing the instructions used to address the CVE-2021-44228 and CVE-2021-45046 log4j vulnerabilities described in KB 87120 can cause upgrade failures for vRealize Automation and vRealize Orchestrator 8.6.2 or earlier. For a workaround, see KB 87794.

What's New in vRealize Orchestrator 8.3

  • Viewer role. This role includes view-only access to all vRealize Orchestrator objects and pages. Viewers cannot create, edit, or run workflows and other vRealize Orchestrator objects, such as actions, configurations, resources, policies, and scheduled tasks. The Viewer role is supported for vRealize Orchestrator deployments authenticated with vRealize Automation. See vRealize Orchestrator Roles and Groups.
  • References and usage of content items. You can view object references and object usage in the vRealize Orchestrator Client. See Find Object References in Workflows.
  • Usability improvements. You can now filter by Name, Type, and Description in the data grids of the Variables and Input/Output tabs. You can also sort for workflow parameters and variables.

Federal Information Processing Standards (FIPS) Support

vRealize Orchestrator now ships with cryptographic modules that have successfully passed NIST FIPS 140-2 Cryptographic Module Validation Program (CMVP) testing. When these modules are configured to run in 'FIPS-mode', they will cover all cryptographic operations in the product that perform a security function and/or process sensitive data.

NOTE: Users will be able to choose whether to be in FIPS-mode only during installation and before content in vRealize Orchestrator is generated. Also, FIPS mode will be available only for greenfield vRealize Orchestrator environments.

For information on enabling FIPS-mode, see step 13 in Download and Deploy the vRealize Orchestrator Appliance.

For information on upgrade and migration considerations for FIPS-mode, see FIPS compliance considerations in Migrating vRealize Orchestrator.

Deploying the VMware vRealize Orchestrator 8.3 Appliance

The vRealize Orchestrator Appliance is a VMware Photon OS-based appliance distributed as an OVA file. It is prebuilt and preconfigured with an internal PostgreSQL database, and it can be deployed with vCenter Server 6.0 or later.

The vRealize Orchestrator Appliance is a fast, easy to use, and more affordable way to integrate the VMware cloud stack, including vRealize Automation and vCenter Server, with your IT processes and environment.

For instructions about deploying the vRealize Orchestrator Appliance, see Download and Deploy the vRealize Orchestrator Appliance

For information about configuring the vRealize Orchestrator Appliance server, see Configuring a Standalone vRealize Orchestrator Server.

Upgrading and Migrating to vRealize Orchestrator 8.3

You can upgrade a standalone or clustered vRealize Orchestrator 8.x deployment to the latest product version by using a mounted ISO image.

For more information about upgrading the vRealize Orchestrator Appliance, see Upgrading vRealize Orchestrator.

You can migrate a standalone vRealize Orchestrator instance authenticated with vSphere or vRealize Automation to vRealize Orchestrator 8.3. Product versions of vRealize Orchestrator 7.x supported for migration include versions 7.3 to 7.6. The migration of clustered vRealize Orchestrator 7.x deployments is not supported.

For more information about migrating the vRealize Orchestrator Appliance, see Migrating vRealize Orchestrator.

Inclusive Language Notice

At VMware, we value inclusion. To foster this principle within our customer, partner, and internal community, we removed non-inclusive language from documentation.

Plug-Ins Installed with vRealize Orchestrator 8.3

The following plug-ins are installed by default with vRealize Orchestrator 8.3.

  • vRealize Orchestrator vCenter Server Plug-In 6.5.0
  • vRealize Orchestrator Mail Plug-In 8.0.0
  • vRealize Orchestrator SQL Plug-In 1.1.6
  • vRealize Orchestrator SSH Plug-In 7.2.0
  • vRealize Orchestrator SOAP Plug-In 2.0.2
  • vRealize Orchestrator HTTP-REST Plug-In 2.3.8
  • vRealize Orchestrator Plug-In for Microsoft Active Directory 3.0.11
  • vRealize Orchestrator AMQP Plug-In 1.0.5
  • vRealize Orchestrator SNMP Plug-In 1.0.3
  • vRealize Orchestrator PowerShell Plug-In 1.0.18
  • vRealize Orchestrator Multi-Node Plug-In 8.3.0
  • vRealize Orchestrator Dynamic Types 1.3.6
  • vRealize Orchestrator vCloud Suite API (vAPI) Plug-In  7.5.2

Earlier Releases of vRealize Orchestrator

Features and issues from earlier releases of vRealize Orchestrator are described in the release notes for each release. To review release notes for earlier releases of vRealize Orchestrator, click one of the following links:

Resolved Issues

  • The vRealize Orchestrator Control Center container fails to start and cannot be opened in the browser.

    This issue is caused by an error in the /data/vco/usr/lib/vco/configuration/log/catalina.log file.

  • Workflow validation errors persist for workflows even after resolving the errors.

    Validation errors do not disappear from the workflow schema after resolving the errors and saving the validated workflow.

  • Receiving errors when running custom decision element scripts with the new runtimes.

    Runtimes other than JavaScript do not support custom decision element scripts. 

  • When migrating vRealize Orchestrator 7.4 to vRealize Orchestrator 8.2, the local changes to actions and resources on the Git History page are empty.

    When migrating vRealize Orchestrator 7.4 to vRealize Orchestrator 8.2, the local changes to actions and resources in the Git History page are empty. The content is not available.

  • Kubernetes pods for vco-app- fail with a CrashLoopBackOff status after a vRealize Automation 8.1 patch deployment.

    The vco-app-xxx log includes entries such as the following:

    [ERROR] ERROR: duplicate key value violates unique constraint "uk_vmoreselt"
      Detail: Key (tenantid, categoryid, name)=(__SYSTEM, 8a7482a57310c83401733xxxxxxxxxxxxx, configuration.json) already exists.
      Where: SQL statement "UPDATE vmo_resourceelement
         SET categoryid = '8a7482a57310c83401733xxxxxxxxx'
        WHERE categoryid IN ( SELECT t.id FROM Tree t WHERE t.id != '8a7482a57310c83401733xxxxxxxxxxx' AND t.name = 'SecurityModel' AND t.level = '11' AND t.parentcategoryid = '8a7482a57310c83401733xxxxxxxxxx' AND t.tenantId = '_SYSTEM' ) and tenantid = '_SYSTEM'"

  • Plug-in content might be detected as local changes in Git when using the vRealize Orchestrator Git integration.

    After installing vRealize Automation or vRealize Orchestrator 8.1 Patch 3, workflows and actions from the vCenter Plug-in are detected as local changes in Git, such as Workflows/Library/vCenter/Virtual Machine management/Device Management/Add CD-ROM/workflow.xml.

  • When migrating vRealize Orchestrator 7.4 to version 8.1 patch 3 or version 8.2, system workflows are detected as local changes in Git History.

    The system workflows that are migrated from version 7.4 to version 8.1 patch 3 or version 8.2 are detected as local changes in the Git History page.

  • Switching an active repository to inactive, and then back to active again, causes an error while trying to push local changes.

    Changing the state of the repository might cause an error on the next commit to repository. The error message can be the following: "Error: Push to remote failed with status: REJECTED_NONFASTFORWARD".

  • Resource element details cannot be updated.

    The vRealize Orchestrator Client does not support updating the following resource element properties: name, description, version (not visible in the UI), mime type.

Known Issues

The known issues are grouped as follows.

Migration/Upgrade issues
  • Custom content is not available on the Git History page after migrating vRealize Orchestrator 7.5 to vRealize Orchestrator 8.x.

    After migrating vRealize Orchestrator 7.5 to vRealize Orchestrator 8.x, when you configure your Git integration, custom content is not available on the Git History page.

    Workaround: To see all migrated content as local changes in Git, manually edit and save custom content to convert it to an 8.x-compatible format before you make an initial push to the repository. After that, you can push all migrated content to your Git repository.

  • After upgrading to vRealize Orchestrator or vRealize Automation 8.x, some resource elements in the vRealize Orchestrator Client might appear changed or reverted to an older version.

    This issue occurs with resource elements that were previously updated in the vRealize Orchestrator Client by using a different source file. After upgrading your vRealize Orchestrator or vRealize Automation deployment, these resource elements can be replaced by an older version. This is an intermittent issue.


    1. Log in to the vRealize Orchestrator Client.
    2. Navigate to Assets>Resources.
    3. Select the resource element affected by the issue.
    4. Select the Version History tab and restore the element to the appropriate version.
    5. Repeat for all affected resource elements.

  • When you create a log bundle after migrating from vRealize Orchestrator 7.x to a vRealize Orchestrator 8.x, the migration logs are not included in the bundle.

    The log bundle created after migration does not contain the migration log file. This issue is encountered in clustered vRealize Orchestrator environments.

    Workaround: The migration logs can be found in the /data/vco/usr/lib/vco directory on the secondary nodes of the clustered environment. If the logs are not there, they can be found in the /var/log/vmware/prelude directory on the node where the migration process is started.

Web client issues
  • Unable to create or edit content in vRealize Orchestrator.

    When trying to create or edit vRealize Orchestrator content, the requests fail. The /services-logs/prelude/vco-app/file-logs/vco-server-app.log file displays the following messages:
    ch.dunes.util.DunesServerException: com.vmware.o11n.service.version.ContentVersionException: java.lang.RuntimeException: java.lang.RuntimeException: org.eclipse.jgit.api.errors.TransportException: /usr/lib/vco/app-server/data/git/__SYSTEM.git: internal server error


    1. Log in to the vRealize Orchestrator/vRealize Automation Appliance command line as root.
    2. Run the following command:
    mv /data/vco/usr/lib/vco/app-server/data/git/__SYSTEM.git/refs/heads/master /tmp/vro_ref_backup{code}

  • User interaction contains an input field for an already deleted variable. When a workflow reaches such a user interaction, it fails when you answer the interaction.

    If a user interaction has a binding to a deleted variable, the user interaction binding is not removed, and this causes the workflow to fail when it reaches the user interaction.

    Workaround: After deleting the variable manually, go to the user interaction element in the workflow schema and delete the binding. You must also delete the binding in the generated input form.

  • Local changes are not available after duplicating and deleting a workflow.

    You duplicate a workflow and then delete it. In the Git History page, there is no local change for the deleted workflow.

    No workaround.

  • Users can discard Git changes to content they do not have access to.

    Users with workflow designer rights can discard Git changes to content that they do not have access to from the Git History page.

    No workaround.

  • Pushing commits to a protected Git branch fails.

    If the configured Git branch is protected, the push operation fails consistently, but the message that appears indicates that the push is successful.

    No workaround.

  • In the vRealize Orchestrator Client, you see tags containing underscore characters in the name.

    The vRealize Orchestrator Client does not support tag names with less than three characters or names containing white-space characters. All tags that are auto-generated from objects with shorter names are suffixed with underscore characters. All white-space characters will also be replaced with underscores. For example, a workflow located in /Library/project A/app/DR/backup in the Orchestrator Legacy Client, when migrated, has the following auto-generated tags in the vRealize Orchestrator Client: "Library", "project_A", "app", "DR_".

    Workaround: Follow the tagging conventions when creating new content in the vRealize Orchestrator Client.

  • Incorrect line of failure is displayed in the scripting error message.

    The vRealize Orchestrator scripting log displays an incorrect line of failure in the error stack trace.

    No workaround.

  • Scheduled workflow runs are triggered at a different than the expected time with the time offset to UTC time.

    When you schedule workflow runs through scripting by using the *workflow.scheduleRecurrently()* function, scheduled workflows are always triggered in UTC time. There is a discrepancy between the vRealize Orchestrator Client UI and the function behavior, because the UI adds the time zone of your browser to the recurrence pattern. However, the time zone is not included in the recurrence pattern when using the function and the calculations of the time to the trigger the workflow runs are done on the server side in UTC time.

    Workaround: When you schedule workflow runs in scripting, use time values in UTC time.

  • Unable to properly save variables of the Regexp type in the Variables editor. Incorrect values are displayed in the editor.

    This issue is caused by the Regexp type variables being misinterpreted as special objects instead of strings.

    Workaround: Switch to using string type variables as they are an equivalent of Regexp variables.

  • Duplicated workflows created in Orchestrator Legacy Client might display a constant instead of an external action in their value options.

    When editing the input parameters of a workflow that is designed in the Orchestrator Legacy Client, and duplicated in the vRealize Orchestrator Client, the value options might be set as a constant instead of an external action.

    Workaround: Navigate to the Input Form tab and edit the input parameter presentation to include the required external action.

  • Unable to select an action as an external source in input forms because of a return type issue.

    In the vRealize Orchestrator Client Input Form tab, you are unable to select an action that has a return type of either Any or Array/Any for a default value or value option.


    1. Log in to the vRealize Orchestrator Client.
    2. Select your workflow and navigate to the Input Form tab.
    3. Set the action with the return type expected from the widget default value or value option and save the changes.
    4. Select the default value or value option action, save the workflow, and revert the action to previous version or change the return type back to the Any type.

Miscellaneous Issues
  • Using the vRealize Orchestrator scripting to create and update configurations or resources can lead to incorrect or missing version history.

    When you update configurations and resources through the vRealize Orchestrator scripting API without explicitly calling the saveToVersionRepository method, version history is not generated for that content. This can cause issues if an external Git integration is added after upgrading.

    Workaround: Before upgrading to vRealize Orchestrator 8.3, make sure that you save any changes you made through the scripting API. See KB 81575.

  • Running the Run SSH command workflow in the Multi-node plug-in causes the workflow to fail.

    Attaching a remote vRealize Orchestrator instance using the Multi-node plug-in, and running the Run SSH command workflow, which is synchronized from the remote repository, causes the workflow to fail.

    Workaround: To make the workflow pass successfully, rename the local variable in the generated workflow for the Run SSH Command final scripting element. The following script is an example fix:

    var r = remoteToken.getOutputParameters(); 
    result = r.get("result"); 
    errorText = r.get("errorText"); 
    outputText = r.get("outputText");
  • vRealize Orchestrator database size is very large because of the vmo_tokenreplay table.

    The vmo_tokenreplay table is very large in size.

    Workaround: Log in to Control Center as root. Under Extension Properties, select the token replay extension and disable the Record replay for all workflow runs property.

  • Importing a package created in a newer vRealize Orchestrator version into an earlier version of vRealize Orchestrator can cause an error.

    Compatibility issues between vRealize Orchestrator versions lead to the inability to import packages created in newer product versions into earlier vRealize Orchestrator deployments.

    No workaround.

  • Unable to log in to the vRealize Orchestrator Control Center or the vRealize Orchestrator Appliance.

    Using backslash ("\") characters in the root password of your deployment can cause issues when trying to log in to the vRealize Orchestrator Control Center or the vRealize Orchestrator Appliance over a SSH session.

    Workaround: Do not use backslash ("\") characters in the root password of your vRealize Orchestrator deployment.

Previously known issues

To view a list of previous known issues, click here.

check-circle-line exclamation-circle-line close-line
Scroll to top icon