VMware vRealize Orchestrator 7.0 Release Notes

vRealize Orchestrator Appliance 7.0 | 17 Dec 2015 | Build 3310032

Check frequently for additions and updates to these release notes.

Release Notes last updated on 29 Mar 2017.

What's in the Release Notes

The release notes cover the following topics:

What's New in vRealize Orchestrator 7.0

vRealize Orchestrator 7.0 introduces Control Center which delivers a more flexible configuring, monitoring, and troubleshooting experience. Control Center also introduces new features to the Orchestrator platform:

  • Centralized Server administration.
  • Easy cluster configuration.
  • Easy workflow troubleshooting and runtime metrics.
  • Enhanced log monitoring, log persistency and added ability to export logs for a particular workflow run.
  • Direct correlation of system properties and workflow performance through the embedded JMX console integration.
  • Significant Orchestrator client improvements, including a workflow tagging UI, client reconnect options and enhanced search capabilities.

vRealize Orchestrator 7.0 also introduces a number of plug-in improvements:

  • Cluster aware plug-in configuration.
  • Client-based certificate authentication support for the HTTP-REST plug-in.
  • Dynamic credentials support in the HTTP-REST plug-in.
  • vSphere 6.x vCloud Suite API (vAPI) endpoint support.
  • Dynamic Types plug-in enhancements.

Feature and Support Notice

The features listed below are deprecated in vRealize Orchestrator 7.0 and scheduled for removal in future releases. None of the deprecated features should be used as part of any vRealize Orchestrator based solution.

  • LDAP authentication

The features listed below are removed in vRealize Orchestrator 7.0.

  • Support for MySQL.

Deploying the VMware vRealize Orchestrator Appliance 7.0

VMware vRealize Orchestrator 7.0 is available as a preconfigured virtual appliance. The appliance significantly reduces the time and skills required to deploy vRealize Orchestrator and provides a low-cost alternative to a traditional Windows-based installation.

The Orchestrator Appliance is distributed as an OVF file. It is prebuild and preconfigured with Novell SUSE Linux Enterprise Server, PostgreSQL, and In-Process ApacheDS LDAP, and it can be used with vCenter Server 5.5 and later.

The Orchestrator Appliance functionality is suitable for any use case from lab evaluation to large-scale production, when an external database is used. The appliance offers the flexibility to use either the prebuilt directory services and database, or Single Sign-On based authentication, provided by vRealize Automation and vSphere 6.0, and external database servers like Oracle or Microsoft SQL.

The Orchestrator Appliance is a fast, easy to use, and more affordable way to integrate the VMware cloud stack, including vRealize Automation and vCenter Server, with your IT processes and environment.

Upgrading to vRealize Orchestrator 7.0

For instructions about deploying and using the Orchestrator Appliance, see Installing and Configuring VMware vRealize Orchestrator.

Important: For security reasons, the password expiry of the root account of the Orchestrator Appliance is set to 365 days. To increase the expiry time for an account, log in to the Orchestrator Appliance as root, and run the following command:

passwd -x number_of_days name_of_account

To make your Orchestrator Appliance root password last forever, run the following command:

passwd -x 99999 root

Plug-Ins Installed with vRealize Orchestrator 7.0

The following plug-ins are installed by default with vRealize Orchestrator 7.0:

  • vRealize Orchestrator vCenter Server Plug-In 6.0.2
  • vRealize Orchestrator Mail Plug-In 7.0.0
  • vRealize Orchestrator SQL Plug-In 1.1.4
  • vRealize Orchestrator SSH Plug-In 7.0.1
  • vRealize Orchestrator SOAP Plug-In 2.0.0
  • vRealize Orchestrator HTTP-REST Plug-In 1.0.9
  • vRealize Orchestrator Plug-In for Microsoft Active Directory 2.0.6
  • vRealize Orchestrator AMQP Plug-In 1.0.4
  • vRealize Orchestrator SNMP Plug-In 1.0.3
  • vRealize Orchestrator PowerShell Plug-In 1.0.7
  • vRealize Orchestrator Multi-Node Plug-In 7.0.0
  • vRealize Orchestrator Dynamic Types 1.1.0

Internationalization Support

vRealize Orchestrator 7.0 supports internationalization level 1. Although Orchestrator is not localized, it can run on non-English operating systems and supports non-English text.

How to Provide Feedback

Your active feedback over the next few weeks is appreciated. Provide your feedback by:

  • Support Requests (SRs)
  • Orchestrator Discussion Forum

Support Requests

File all issues that you find as Support Requests (SRs), even if you report them to VMware by other means.

You can find the VMware Support's commitment to SRs filed by customers and instructions on how to file an SR at https://www.vmware.com/support/services/beta.

Include log files in your SRs. To gather log files and configuration from Orchestrator:

  1. Go to Control Center at https://orchestrator_server_ip_address:8283/vco-controlcenter.
  2. Log in as root.
  3. Click Export Logs.
  4. Click Export logs.
  5. Save the generated ZIP file.
  6. Upload the saved ZIP file to VMware Support.

Earlier Releases of vRealize Orchestrator

Features and issues from earlier releases of vRealize Orchestrator are described in the release notes for each release. To review release notes for earlier releases of vRealize Orchestrator, click one of the following links:

Resolved Issues

vRealize Orchestrator 7.0 resolves the following issues:

  • Adding parameters to a composite type might result in a JDBC error.
    If you use the Orchestrator client to define a composite return type and add parameters with long field names, the composite type name might exceed 100 characters, which results in a JDBC error. Consequently, you cannot save the composite type.

    The issue is resolved in this release.

  • Some workflow runs cannot be canceled.
    You cannot cancel a workflow run that makes the Orchestrator not responsive. To cancel the workflow, you must stop the Orchestrator server and cancel all running workflows. This issue is resolved by adding a Cancel workflow runs by ID option in the Troubleshooting page of Control Center.

    The issue is resolved in this release.

  • Running and debugging workflows with an Oracle database might result in data not synced with the Orchestrator client.
    When using an Oracle database and running and debugging workflows, the workflow logs, variables, and other data might not get synced with the Orchestrator client.

    The issue is resolved in this release.

  • Retrieval of workflow inputs information might fail, when you started it through the REST API with a non-administrator user.

    The issue is resolved in this release.

  • You cannot see the run details if an embedded workflow fails.
    If you have a workflow embedded in another workflow, you cannot see details on what went wrong if the embedded workflow fails.

    The issue is resolved in this release.

  • Visual binding does not work, when using the Orchestrator client on Mac OS.
    When editing workflows and using visual binding on Mac OS, you cannot bind parameters or attributes to other parameters of a scriptable task, action, or workflow.

    The issue is resolved in this release.

  • The Orchestrator client does not start on Mac machines running Java 8.
    If you are using the vRealize Orchestrator Java Web start application or the installable client on a Mac machine running Java 8, you are not able to start the Orchestrator client.

    Workaround: Use the Orchestrator client Mac App from vRealize Orchestrator Appliance Home page.

  • The Retrieve messages (via MailClient) workflow does not display the message content.
    If you are using the Retrieve messages (via MailClient) workflow with Office 365 or Microsoft Exchange Server, the received messages are with no content.

    Workaround: Call the enableImapCompatibilityMode() method on a MailClient object before calling the connect() method.

Known Issues

The known issues are grouped as follows:

Installation Issues

  • Upgrading Orchestrator Appliance from version 6.0.4 to 7.0 is not supported.
    The Orchestrator Appliance 6.0.4 cannot be upgraded to 7.0 by following the regular in-place upgrade procedure.

    Workaround: To upgrade to vRealize Orchestrator 7.0, you must export your current Orchestrator configuration settings, deploy a new Orchestrator Appliance 7.0, and import the configuration settings.

  • After upgrading to Orchestrator 7.0, permission sets are lost if you are using local openLDAP authentication.
    After you upgrade or migrate Orchestrator to version 7.0, the default user groups of the local openLDAP authentication provider are with different names. This causes permissions and user interaction answer groups to be lost.

  • Registered hosts in the SOAP plug-in are not visible after migration or an upgrade.
    After you migrate or upgrade Orchestrator to version 7.0, registered hosts in the SOAP plug-in are not shown in the inventory of the Orchestrator Client or the inventory located at https://orchestrator_host:8281/vco/api/inventory/SOAP.

    Workaround: Log out and log back in the Orchestrator client and the inventory is updated. REST API calls with a different user result in an updated inventory and all registered hosts are visible.

Configuration Issues

  • The vRealize Orchestrator SQL plug-in cannot connect to a MySQL database.
    When you run the Add a database workflow fails against a MySQL database, the workflow fails with a The driver 'com.mysql.jdbc.Driver' for 'MySQL' database cannot be found! error message.

    Workaround: To enable support for MySQL database, you must install the JDBC driver for MySQL on the Orchestrator platform.

    1. Download the latest JDBC driver for MySQL from http://dev.mysql.com/downloads/connector/j/.
    2. Extract the downloaded archive.
    3. In the extracted folder, locate the mysql-connector-java-x.x.x.jar file, where x.x.x is the current subminor version.
    4. Copy the mysql-connector-java-x.x.x.jar to the /usr/lib/vco/app-server/lib directory on the Orchestrator server.
    5. Change the ownership of the mysql-connector-java-x.x.x.jar file.
    6. chown vco:vco mysql-connector-java-x.x.x.jar

    7. Change the permissions of the mysql-connector-java-x.x.x.jar.
    8. chmod 644 mysql-connector-java-x.x.x.jar

    9. Restart the Orchestrator server service.
    10. service vco-server restart

  • Orchestrator does not support importing a mail server certificate to Trusted certificates when the used port requires issuing the STARTTLS command.
    When you import a mail server SSL/TLS certificate by using the Import from URL option and the URL contains SMTP port 587, the import fails with an Error! IOException. Message: 'Unrecognized SSL message, plaintext connection?' error message.

    Workaround: Export the certificate to a PEM-encoded file and import it to Orchestrator manually.

    1. Use SSH to access the Orchestrator appliance and log in as root.
    2. Run the command:
    3. openssl s_client -connect smtp.office365.com:587 -debug -starttls smtp

    4. Copy the Server certificate from -----BEGIN CERTIFICATE----- to -----END CERTIFICATE----- and save it in a file.
    5. Import the certificate file to Trusted Certificates in Control Center, by using the Import from a PEM-encoded file option.

  • The SOAP plug-in cannot connect through an authenticated proxy server.
    When you run the Add a SOAP host workflow, use a proxy server that does not require authentication.
  • Updated timeout values of a REST Host take effect only after the Orchestrator server is restarted.
    When you run the Update a REST Host workflow to change the REST Host timeout configuration, you must restart the Orchestrator server for the changes to take effect.

    Workaround: Restart the Orchestrator server.

  • vCenter Server objects not accessible in the vSphere Web Client.
    Orchestrator cannot access vCenter Server objects in the vSphere Web Client if the vCenter Server instance that you are attempting to access is registered in Orchestrator by IP address.

    Workaround: Register the vCenter Server instance by host name.

  • Orchestrator authentication configuration might become invalid, if the authentication provider certificate changes or regenerates.
    When Orchestrator is configured to use vCenter Single Sign-On, if the certificate of the vCenter Single Sign-On server changes or regenerates, the Orchestrator authentication configuration becomes invalid and the Orchestrator server cannot start.

    Workaround: To work around this issue, import the new authentication provider certificate:

    1. Log in to Control Center as root.
    2. Click Certificates.
    3. Click the Import... button in the Trusted Certificates tab.
    4. Load the SSL certificate from a URL or a file.
    5. Click Import.
    6. Restart the Orchestrator server from the Startup Options page in Control Center.

  • Orchestrator does not work with forest and external trusts in Active Directory Multiple domains that are not in the same tree but have a two-way trust, are not supported and do not work with Orchestrator. The only configuration supported for multi-domain Active Directory is domain tree. Forest and external trusts are not supported.

  • Support for TNSNames missing when you connect to an Oracle database.
    You cannot use TNSNames to connect to an Oracle database. You can connect to an Oracle database using an IP address or a DNS name.

    Workaround: Add support for RAC and TNS configuration for Oracle 11g Database instances to vRealize Orchestrator (KB 1022828).

  • After migration to Orchestrator 7.0.0 some plug-ins might be downgraded.
    When you migrate to Orchestrator 7.0.0, some of the default plug-ins might be downgraded to the plug-ins in the source Orchestrator version that you migrate from. This only occurs to plug-ins that have the same version in the source Orchestrator and Orchestrator 7.0.0 but a higher build number in Orchestrator 7.0.0.

    For example, suppose you migrate from Orchestrator 6.0.3 to Orchestrator 7.0.0. Some of the default plug-ins in Orchestrator 6.0.3 have the same versions as the plug-ins in Orchestrator 7.0.0. The build numbers of the 7.0.0 plug-ins are higher than the build numbers of the 6.0.3 plug-ins. However, during the migration, the plug-ins in Orchestrator 6.0.3 override the plug-ins of Orchestrator 7.0.0 and as a result they are downgraded.

    Workaround: Do not select the Migrate Plug-ins option from Control Center->Import/Export Configuration->Migrate Configuration. Manually install any additional plug-ins that are different than the default Orchestrator 7.0.0 plug-ins. If you have already migrated the default plug-ins to Orchestrator 7.0.0 and the plug-ins are downgraded, see KB 2141660 for details on how to recover your plug-ins.

Client Issues

  • Problems handling non-ASCII characters in certain contexts.
    Using non-ASCII characters in input parameters results in incorrect behavior in the following situations:
    • If you run the SCP put or SCP get workflows from the SSH folder on a file with a name that contains non-ASCII characters, the workflow runs, but name of the resulting file on the destination machine is garbled.
    • If you try to insert non-ASCII characters into attribute names, the characters do not appear. The issue occurs for workflow attributes and action attributes.

  • Visual binding does not work, when using the Orchestrator client in Mac OS.
    When editing workflows and using visual binding on Mac OS, you cannot bind parameters or attributes to other parameters of a scriptable task, action, or workflow.

  • Use of the Orchestrator client through Java WebStart if the Orchestrator Appliance is behind Network Address Translation (NAT) is not supported.

  • The task scheduler does not run when the Orchestrator server and the Orchestrator client use different time zones.
    If your Orchestrator client uses a time zone that is different from UTC, the Orchestrator server always interprets the scheduled time in UTC for any scheduled task and the task does not run at the designated time.
  • Workaround: Always enter the time for the scheduled tasks in UTC.

Miscellaneous Issues

  • Compiling a custom model-driven plug-in fails if you use an extension method that contains lambda expressions.
    When you use model-driven to create plug-ins and you add extension methods to a certain extension, the plug-in does not compile if the extension method contains lambda expressions. The plug-in compilation fails with an error message, similar to the following: Caused by: java.lang.ArrayIndexOutOfBoundsException: 52789

    Workaround: Do not use lambda expressions in the body of the extension methods.

  • Custom event schema elements do not work in an Orchestrator cluster.
    Resuming a workflow run based on a Wait for custom event schema element does not work when the Orchestrator server is configured in a cluster. The custom event schema elements work only on single Orchestrator nodes.

  • The Send notification and Send notification to mailing list workflows fail when the configured SMTP port is 587.
    When you use the Send notification or the Send notification to mailing list workflows from the Mail Plug-in, the workflow run fails with an error Cannot send mail: 'Could not convert socket to TLS' Cause: 'unable to find valid certification path to requested target', even though the SSL/TLS certificate of the remote mail server is imported to Trusted Certificates.
  • Workaround: After you import the mail server SSL/TLS certificate, restart the Orchestrator server and run the workflow.

  • The SOAP plug-in does not support mutual authentication with the SOAP host.
    The available authentication mechanisms support only one-way authentication.

  • The SSH plug-in cannot connect to a Cisco Adaptive Security Appliance (ASA) firewall.
    The SSH plug-in for vRealize Orchestrator 7.0 does not support connectivity to a Cisco Adaptive Security Appliance (ASA) firewall.

  • Restricted access to vCenter Server inventory can cause errors if you select Session per user.
    If you select the Session per user option when adding a vCenter Server instance to Orchestrator, attempting to access the vCenter Server inventory might result in some errors for a user with restricted access to inventory objects.

  • vCenter Server plug-in does not have valid credentials after upgrading to Orchestrator 6.0.x or later.
    If you upgrade Orchestrator to 6.0.x or later, the vCenter Server plug-in does not have valid credentials.

    Workaround: After upgrading Orchestrator, update the vCenter Server instance and configure a password for the user.

  • vRealize Orchestrator displays the vCenter Server plug-in as unusable.
    After you upgrade vRealize Orchestrator to version 6.0.x or later, if you have not upgraded the Site Recovery Manager plug-in to version 6.0.0, the vCenter Server plug-in becomes unusable.

    Workaround: Upgrade the Site Recovery Manager plug-in to version 6.0.0 or disable the Site Recovery Manager 5.8.0 plug-in.

  • The Orchestrator configuration interface might not be accessible with Internet Explorer 11.
    If you are using Internet Explorer 11, you might be unable to log in to the Orchestrator configuration interface.

    Workaround: Install Internet Explorer version 11.0.11 or a recent version of Google Chrome or Mozilla Firefox.

  • The workflow token remains uncompleted, if a workflow has a slash in its name.
    If you have a workflow with a slash in its name, when you run the workflow, the workflow token might never change to completed, although the workflow itself has completed running.

    Workaround: Remove the slash from the name of the workflow.

  • The Convert disks to thin provisioning workflow does not handle virtual machines with snapshots correctly and does not convert the thick-provisioned disks.
    On completion, the Convert disks to thin provisioning workflow reports that the thick-provisioned disks of virtual machines with snapshots are successfully converted to thin-provisioned, when they are actually not.

    Workaround: Do not include virtual machines with snapshots in the workflow.

  • Adding values to vCenter Server data object properties of type Array is impossible.
    When Orchestrator runs scripts, the vCenter Server plug-in converts JavaScript arrays to Java arrays of a fixed size. As a result, you cannot add new values to vCenter Server data objects that take arrays as property values. You can create an object that takes an array as a property if you instantiate that object by passing it a prefilled array. However, after you have instantiated the object, you cannot add values to the array.

    For example, the following code does not work:

    var spec = new VcVirtualMachineConfigSpec();
    spec.deviceChange = [];
    spec.deviceChange[0] = new VcVirtualDeviceConfigSpec();
    System.log(spec.deviceChange[0]);

    In the above code, Orchestrator converts the empty spec.deviceChange JavaScript array into the fixed-size Java array VirtualDeviceConfigSpec[] before it calls setDeviceChange(). When calling spec.deviceChange[0] = new VcVirtualDeviceConfigSpec(), Orchestrator calls getDeviceChange() and the array remains a fixed, empty Java array. Calling spec.deviceChange.add() results in the same behavior.

    Workaround: Declare the array as a local variable, as follows:

    var spec = new VcVirtualMachineConfigSpec();
    var deviceSpec = [];
    deviceSpec[0] = new VcVirtualDeviceConfigSpec();
    spec.deviceChange = deviceSpec;
    System.log(spec.deviceChange[0]);