vRealize Orchestrator Appliance 8.6 | 12 October 2021 | Build 18743844
vRealize Orchestrator Update Repository 8.6 | 12 October 2021 | Build 18743844
Check frequently for additions and updates to these release notes.
What's in the Release NotesThe release notes cover the following topics:
- What's New in vRealize Orchestrator 8.6
- Deploying the VMware vRealize Orchestrator 8.6 Appliance
- Upgrading and Migrating to vRealize Orchestrator 8.6
- Plug-ins Installed with vRealize Orchestrator 8.6
- Earlier Releases of vRealize Orchestrator
- Resolved Issues
- Known Issues
What's New in vRealize Orchestrator 8.6
The vRealize Orchestrator 8.6 release focuses on maintenance and bug fixes. In addition to other fixes, this release resolves the CVE-2021-22036 security vulnerabilities. For information on these vulnerabilities and their impact on VMware products, see https://www.vmware.com/security/advisories/VMSA-2021-0023.html.
Deploying the VMware vRealize Orchestrator 8.6 Appliance
The vRealize Orchestrator Appliance is a VMware Photon OS-based appliance distributed as an OVA file. It is prebuilt and preconfigured with an internal PostgreSQL database, and it can be deployed with vCenter Server 6.0 or later.
The vRealize Orchestrator Appliance is a fast, easy to use, and more affordable way to integrate the VMware cloud stack, including vRealize Automation and vCenter Server, with your IT processes and environment.
For instructions about deploying the vRealize Orchestrator Appliance, see Download and Deploy the vRealize Orchestrator Appliance.
For information about configuring the vRealize Orchestrator Appliance server, see Configuring a Standalone vRealize Orchestrator Server.
Upgrading and Migrating to vRealize Orchestrator 8.6
You can upgrade a standalone or clustered vRealize Orchestrator 8.x deployment to the latest product version by using a mounted ISO image.
For more information about upgrading the vRealize Orchestrator Appliance, see Upgrading vRealize Orchestrator.
You can migrate a standalone vRealize Orchestrator instance authenticated with vSphere or vRealize Automation to vRealize Orchestrator 8.6. Product versions of vRealize Orchestrator 7.x supported for migration include versions 7.3 to 7.6. The migration of clustered vRealize Orchestrator 7.x deployments is not supported.
For more information about migrating the vRealize Orchestrator Appliance, see Migrating vRealize Orchestrator.
Plug-Ins Installed with vRealize Orchestrator 8.6
The following plug-ins are installed by default with vRealize Orchestrator 8.6
- vRealize Orchestrator vCenter Server Plug-In 7.0.0
- vRealize Orchestrator Mail Plug-In 8.0.0
- vRealize Orchestrator SQL Plug-In 1.1.7
- vRealize Orchestrator SSH Plug-In 7.3.0
- vRealize Orchestrator SOAP Plug-In 2.0.5
- vRealize Orchestrator HTTP-REST Plug-In 2.4.1
- vRealize Orchestrator Plug-In for Microsoft Active Directory 3.0.11
- vRealize Orchestrator AMQP Plug-In 1.0.6
- vRealize Orchestrator SNMP Plug-In 1.0.3
- vRealize Orchestrator PowerShell Plug-In 1.0.19
- vRealize Orchestrator Multi-Node Plug-In 8.6.0
- vRealize Orchestrator Dynamic Types 1.3.6
- vRealize Orchestrator vCloud Suite API (vAPI) Plug-In 7.5.2
Earlier Releases of vRealize Orchestrator
Features and issues from earlier releases of vRealize Orchestrator are described in the release notes for each release. To review release notes for earlier releases of vRealize Orchestrator, click one of the following links:
- vRealize Orchestrator 8.5.1
- vRealize Orchestrator 8.5
- vRealize Orchestrator 8.4.2
- vRealize Orchestrator 8.4.1
- vRealize Orchestrator 8.4
- vRealize Orchestrator 8.3
- vRealize Orchestrator 8.2.1
- vRealize Orchestrator 8.2
- vRealize Orchestrator 8.1
- vRealize Orchestrator 8.0.1
- vRealize Orchestrator 8.0
- vRealize Orchestrator 7.6.0
- vRealize Orchestrator 7.5.0
- vRealize Orchestrator 7.4.0
- In the vRealize Orchestrator Client, you see tags containing underscore characters in the name.
The vRealize Orchestrator Client does not support tag names with less than three characters or names containing white-space characters. All tags that are auto-generated from objects with shorter names are suffixed with underscore characters. All white-space characters will also be replaced with underscores. For example, a workflow located in
/Library/project A/app/DR/backupin the Orchestrator Legacy Client, when migrated, has the following auto-generated tags in the vRealize Orchestrator Client: "Library", "project_A", "app", "DR_".
- Running the Run SSH command workflow in the Multi-node plug-in causes the workflow to fail.
Attaching a remote vRealize Orchestrator instance using the Multi-node plug-in, and running the Run SSH command workflow, which is synchronized from the remote repository, causes the workflow to fail.
- vRealize Orchestrator database size is very large because of the vmo_tokenreplay table.
The vmo_tokenreplay table is very large in size.
- After upgrading to vRealize Orchestrator or vRealize Automation 8.x, some resource elements in the vRealize Orchestrator Client might appear changed or reverted to an older version.
This issue occurs with resource elements that were previously updated in the vRealize Orchestrator Client by using a different source file. After upgrading your vRealize Orchestrator or vRealize Automation deployment, these resource elements can be replaced by an older version. This is an intermittent issue.
- Custom content is not available on the Git History page after migrating vRealize Orchestrator 7.5 to vRealize Orchestrator 8.x.
After migrating vRealize Orchestrator 7.5 to vRealize Orchestrator 8.x, when you configure your Git integration, custom content is not available on the Git History page.
- You receive an error message when attempting to connect to TLS 1.0 or 1.1 services.
vRealize Orchestrator now uses the TLS 1.2 protocol. Any outgoing connections to external services that use the older TLS 1.0 or 1.1 versions of the protocol can fail with the following error message:
InternalError: The server selected protocol version TLS10/TLS11 is not accepted by client preferences [TLS12].
- Running any action from a vRealize Orchestrator Client embedded in a vRealize Automation in an external vRealize Orchestrator deployment returns the following: Action execution with id: was not found.
This issue occurs when a user wants to run or debug an action in an external vRealize Orchestrator cluster while triggering it from an embedded vRealize Orchestrator Client. The external vRealize Orchestrator cluster must be added as an integration in vRealize Automation.
- The vRealize Orchestrator Control Center password is reset to its initial value after service redeployment.
After the vRealize Orchestrator Appliance is deployed, you can change the Control Center password by running the
vracli vro update-cc-passwordcommand. However, after running the
/opt/scripts/deploy.shscript to redeploy the vRealize Orchestrator services, the Control Center password is reset to its initial value.
- "Add a REST host" workflow fails when trying to add an HTTPS endpoint with a HTTP proxy using basic authentication.
This is intended behavior because of the security vulnerabilities, associated with this type of communication protocol: the possibility of accidentally exposing plain text sensitive data over HTTP.
- Inconsistent coloration of variables bound in scriptable tasks.
Only the first match of a bound variable included in the code of a workflow scriptable task has coloration.
The known issues are grouped as follows.Web client issues
- Local changes are not available after duplicating and deleting a workflow.
You duplicate a workflow and then delete it. In the Git History page, there is no local change for the deleted workflow.
- Pushing commits to a protected Git branch fails.
If the configured Git branch is protected, the push operation fails consistently, but the message that appears indicates that the push is successful.
The decision was taken not to fix this issue in the current or upcoming releases of vRealize Orchestrator. This known issue entry is going to be deleted from the release notes for the next release.
- During the installation of a plug-in in Control Center, an error message appears.
When you install a plug-in from the
Manage Plug-Inspage in Control Center, the error message
Plug-in 'name_of_the_plug-in' (plug-in_file_name) is not compatible with the current platform version. Supported platform versions are ''. Clicking on the 'Install' button will install it anywayappears. You can safely ignore this error and proceed with the installation of the plug-in.
The Orchestrator authentication configuration might become invalid, if the authentication provider certificate changes or regenerates.
When the SSL certificate of the vRealize Automation or vSphere instance that is configured as the authentication provider in Control Center is changed or regenerated, the Orchestrator authentication configuration becomes invalid and the Orchestrator server cannot start.
Workaround: Import the new authentication provider certificate:
- Log in to Control Center as root.
- Click Certificates.
- Click the Import on the Trusted Certificates tab.
- Load the SSL certificate from a URL or a file.
- Click Import.
- The SOAP plug-in cannot connect through an authenticated proxy server.
When you run the
Add a SOAP hostworkflow, use a proxy server that does not require authentication.
If you experience issues connecting to a SOAP or a REST host, or importing a certificate, you might have to explicitly enable certain versions of SSL or TLS.
For information about this issue, see https://docs.oracle.com/javase/8/docs/technotes/guides/security/jsse/JSSERefGuide.html.
Workaround: For information about explicitly enabling SSLv3 and TLSv1 for outgoing HTTPS connections, see Enable TLSv1 for outgoing HTTPS connections in vRealize Orchestrator 6.0.4 and 7.0.x manually (KB 2144318).
- The SSH plug-in cannot connect to a Cisco Adaptive Security Appliance (ASA) firewall.
The SSH plug-in for vRealize Orchestrator 7.1 does not support connectivity to a Cisco Adaptive Security Appliance (ASA) firewall.
- Problems handling non-ASCII characters in certain contexts.
Using non-ASCII characters in input parameters results in incorrect behavior in the following situations:
- If you run the SCP put or SCP get workflows from the SSH folder on a file with a name that contains non-ASCII characters, the workflow runs, but name of the resulting file on the destination machine is unreadable.
- If you try to insert non-ASCII characters into attribute names, the characters do not appear. This issue occurs for workflow attributes and action attributes.
- The Storage VSAN workflows of the vCenter Server plug-in do not support adding Solid-State Drive (SSD) disks to an ESXi host.
Add disks to disk groupand
Remove disks from disk groupsworkflows do not support adding SSD disks as capacity disks to ESXi hosts.
- The RESTOperation ID does not initialize properly if the REST host instance is created by using a Swagger spec.
In the HTTP-REST plug-in, when the REST host instance is created by a Swagger spec, the RESTOperation ID does not initialize properly and the getOperation of the RESTHost object does not work.
- Adding values to vCenter Server data object properties of the Array type is not possible.
For example, the following code does not work:
var spec = new VcVirtualMachineConfigSpec();
spec.deviceChange = ;
spec.deviceChange = new VcVirtualDeviceConfigSpec();
In the above code, Orchestrator converts the empty
VirtualDeviceConfigSpecbefore it calls
setDeviceChange(). When calling
spec.deviceChange = new VcVirtualDeviceConfigSpec(), Orchestrator calls
getDeviceChange()and the array remains a fixed, empty Java array. Calling s
pec.deviceChange.add()results in the same behavior.
Workaround: Declare the array as a local variable:
var spec = new VcVirtualMachineConfigSpec();
var deviceSpec = ;
deviceSpec = new VcVirtualDeviceConfigSpec();
spec.deviceChange = deviceSpec;