vRealize Automation 7.0 Release Notes

Updated on:7 MAR 2016

vRealize Automation | 17 DEC 2015 | Build 3311738

Check regularly for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New

This section contains information about what's new in vRealize Automation 7.0.

Streamlined and Automated Wizard-based Installation

  • Introduced using the management agent to automate the installation of Windows components and to collect logs
  • Automates the deployment of all vRealize Automation components
  • Installation wizard based on deployment needs: Minimal (Express) and Enterprise (Distributed and High Availability) Installations

Simplified Deployment Architecture and High Availability Configuration

  • Embedded authentication service by using VMware Identity Manager
  • Converged Application Services in vRealize Automation Appliance
  • Reduced minimal number of appliances for HA configuration
  • Automated embedded PostgreSQL clustering with manual failover
  • Automated embedded vRealize Orchestrator clustering

Enhanced Authentication Service

  • Integrated user interface providing a common look and feel
  • Enabled multiple features by new authentication service:
    • Support native Active Directory for all tenants
    • Multiple domains to single tenant
    • Single domain to multiple tenants
    • Full branding capabilities
    • Third-party SAML token support
    • Smart card support
    • Multi-factor authentication
    • Login auditing
    • Major scalability improvements
    • High availability support

Simplified Blueprint Authoring for Infrastructure and Applications

  • Unified graphical canvas for designing machine and application blueprint with dependencies and network topology
  • Software component (formerly software service in Application Services) authoring on vSphere, vCloud Air, vCloud Director, and Amazon AWS endpoints
  • Extend or define external integrations in the canvas by using XaaS (formerly Advanced Service Design)
  • Enable team collaboration and role segregation by enhancing and introducing fine-grain roles
  • Single unified model for both machine and application blueprints:
    • Blueprint as code and human-readable
    • Create in editor of choice and stored in source control
    • Import and export in the same or multiple vRealize Automation 7.0 instances
  • Customer-requested machine and application blueprints provided
  • Additional blueprints available on the VMware Solutions Exchange

Simplified and Enhanced NSX Support for Blueprint Authoring and Deployment

  • Dynamically configure NSX Network and micro-segmentation unique for each application
  • Automated connectivity to existing or on-demand networks
  • Micro-segmentation for application stack isolation
  • Automated security policy enforcement by using NSX security policies, groups, and tags
  • On-demand dedicated NSX load balancer

Simplified vRealize Automation REST API

  • Simplified schema for API requests by switching to normal JSON model
  • Follow-on request URIs and templates exposed as links in response bodies (HATEOAS)
  • New APIs to support business group and reservation management
  • Improved documentation and samples

Enhanced Cloud Support for vCloud Air and AWS

  • Software component authoring for vCloud Air, vCloud Director, and Amazon AWS
  • Simplified blueprint authoring for vCloud Air and vCloud Director
  • Improved vCloud Air endpoint configuration:
    • First class endpoint with URL: https://vca.vmware.com
    • Single endpoint for all resources under the same account (subscription or on-demand)
    • Optional proxy configuration

Enhanced Management for Tenant, Business Group, Approval, and Entitlements

  • Multi-tenancy support for custom property and property group (formerly build profiles)
  • Business group managers can add managers, support roles, or users to their groups
  • Assign approvals to software and machine components, which will be assessed when the catalog item is requested
  • Dynamically assign approvals to the manager of the user
  • Deletion of inactive approvals
  • Entitlements can be more specific on catalog item and their actions

Event-Based Extensibility Provided by Event Broker

  • Use vRealize Orchestrator workflows to subscribe any events triggered by any of the following events:
    • IaaS life cycle state and entity changes
    • Business groups management operations
    • Approval policy and pre- or post-approval actions
    • Blueprint operations
    • Other system operations
  • Support custom events
  • Support blocking and non-blocking subscriptions
  • Provide administrative user interface for extensibility configurations
  • Obsolete .NET based lifecycle callouts and provide upgrade proof extensibility and configurations

New CloudClient

  • Content management (import and export blueprints between instances or tenants in vRealize Automation 7.0)
  • Existing functionality updated for vRealize Automation 7.0 APIs

Enhanced Integration with vRealize Business

  • Unified location in vRealize Business to define flexible pricing policies for:
    • Infrastructure resource, machine, and application blueprints
    • All type of endpoints in vRealize Automation
    • Any operational cost, one time cost and cost on custom properties
  • Role-based showback reports in vRealize Business
  • Fully leverage new features in vRealize Business

vRealize Orchestrator 7 New Features

  • Introduce vRealize Orchestrator Control Center for easy monitoring and troubleshooting
    • Centralized Server administration and easy cluster setup
    • Workflow troubleshooting and enhanced log monitoring
  • Significant Smart Client improvements including Workflow tagging UI, Client reconnect options and enhanced search capabilities
  • vSphere 6.X vAPI endpoint support providing graphical debugging of plug-ins and embedded Code development support

Other Improvements

  • Customizable columns in the table for a given type of custom resource defined in XaaS
  • Accept a mix of license input, including vRealize Suite, vCloud Suite, and vRealize Automation Standalone
  • Improved stability, quality, and performance

For more information about what's new in vRealize Automation, see the vRealize Automation 7.0 Information Center. For information about what's new in vRealize Orchestrator Plug-In, see the VMware vRealize Orchestrator Plug-In for vRealize Automation 7.0 Release Notes.

Deprecated Features

  • vRealize Automation Application Services has been merged into vRealize Automation. The infrastructure and application blueprint authoring experiences are converged into a unified designer canvas.
  • The event broker is a new event-based extensibility feature that replaces vCloud Automation Center Designer (CDK) and life cycle Callouts. The event broker is a message service that disseminates events to subscribers.
  • The workflow stubs are being replaced by the event broker workflow subscriptions. They are still available, supported, and they can be used, but they are planned to be removed in a future version of vRealize Automation. To ensure future product compatibility, you should use the event broker workflow subscriptions to run custom workflows based on state changes.

System Requirements

For information about supported host operating systems, databases, and Web servers, see the vRealize Automation Support Matrix.

Installation

For prerequisites and installation instructions, see Installing vRealize Automation.

Before You Upgrade

New vRealize Automation features and innovations required several platform-level enhancements. As a result, certain upgrade scenarios will require additional assistance. To ensure the best possible upgrade experience, it is recommended that you visit the vRealize Automation Upgrade Assistance webpage before you begin the upgrade process.

Known Issues

The known issues are grouped as follows:

Installation Issues

    • New If you enter a comma (,), a backslash (\), or a space between two valid characters in the root password while deploying the vRealize Automation appliance for the first time, the setup process fails when you use the wizard to set up a high availability environment.
      If you use the wizard to add a second appliance to the first appliance and the root password contains a comma (,), a backslash (\), or a space between two valid characters, the password breaks the install command causing the process to time out.

      Workaround: Do not use a comma (,), a backslash (\), or a space between two valid characters in the root password while deploying the vRealize Automation appliance for the first time.

    • On Windows Server 2012 R2, the Prerequisite Checker incorrectly shows Microsoft Distributed Transaction Coordinator Service as fixed
      A warning appears in the Prerequisite Checker for Microsoft Distributed Transaction Coordinator Service. After clicking Fix, it appears as Fixed. Rerunning the Prerequisite Checker results in a warning reappearing.

      Workaround: You must follow the remediation steps provided in the Prerequisite Checker to resolve the issue with the Microsoft Distributed Transaction Coordinator Service.

    • IaaS installation logs are not collected if an IaaS component is not installed in the default installation location
      The IaaS installation logs are created in the default installation folder, %PROGRAMFILES(x86)%\VMware\vCAC\. If all IaaS components are installed in a nondefault location, the log bundle collected from the vRealize Automation appliance does not include the IaaS installation log files.

    • The vRealize Automation appliance page does not load correctly
      When using Internet Explorer 11 in Windows 2012 R2, the the web interface page for the vRealize Automation appliance does not load correctly.

    • The Prerequisite Checker's validations for IIS Server WindowsAuthentication work only for the Default Web Site for which WindowsAuthentication settings were not modified after the installation of IIS components.
      If the Default Web Site's WindowsAuthentication settings were modified after the installation of IIS components, the installation fails.You must manually verify in the IIS Manager that you have administrative privileges to change IIS settings in the Internet Information Services (IIS) Manager or the Server Manager before you can install vRealize Automation 7.0.

      Workaround: For information on how to resolve this issue, see Knowledge Base 2138781.

    • During installation, the validation message: The Windows log on identity [DOMAIN\USER] could not be verified as having the “Log on as a service” right (Windows Local Policy) falsely appears, and the installation fails
      Validation cannot verify that the service user has the "Log on as a service" right on a Local Security Policy. This right is required for the domain user that you plan to use to start the Manager Service. User Account Control prevents the validation check from verifying that the selected user has the required permission on a given Local Security Policy. Although the user is a member of the local Administrators group, either directly or as member of a domain group, the result is a false negative.

      Workaround: For information on how to resolve this issue, see Knowledge Base 2138782.

    • During the installation of vRealize Automation 7.0, RegistryKeyPermissionCheck warning appears even though the user has rights
      The remediation text for the RegistryKeyPermissionCheck indicates that it is okay to give rights on the user explicitly or on its group. But when you give rights on the group, the check cannot validate it and reports the issue again, which is incorrect. If rights were given on a group that the user belongs to, it is okay to continue with the installation or upgrade.

    Upgrade Issues

    • Upgrading a deployment that contains blueprints that specify a private network, with a private deployment present, causes issues during and after upgrade
      Private networks and private network profiles are not supported in vRealize Automation 7.0.
      If you have private networks specified in 6.2.x blueprints, you can remove the private network specifications from the blueprints pre-upgrade but you must also remove all dependent deployments. If you do not remove the private network specifications from the blueprints, the upgrade tool removes them and leaves the impacted blueprints in a draft state. You must then correct and republish those blueprints after upgrade.

      Workaround:
      Before you start the upgrade, perform steps 1 through 4:

      1. Record all blueprints and machines that are configured with private networks.
      2. Record all entitlements that contain these blueprints.
      3. Destroy all deployments that are configured with private networks and remove all blueprints on which those deployments are based or remove the private networks from those blueprints.
        Note: If you do not destroy the deployments and do not remove or edit the associated blueprints, you can perform cleanup tasks as specified in steps 5 through 11 after you upgrade.
      4. Run the upgrade.
        If there were private network configurations and private deployment-related deployments detected in the source deployment, proceed to step 5.
      5. Review the information in the VCACSuiteInstaller.log file to see which networks, machines and blueprints are flagged as not upgradeable and why.
        The VCACSuiteInstaller.log file is located on the system on which the upgrade was performed.
        Note: The following messages appear in the log and are notifications only. You must review VCACSuiteInstaller.txt to find needed information. Exception thrown while upgrading machine blueprint. [ID : dbffb7ea-bdce-4530-bb92-293012532a4d] [Name : IO-LB15-MMS-res1-copy] [12/8/2015 6:34:16 PM] Bad Request (400) [12/8/2015 6:34:17 PM] Request: [12/8/2015 6:34:17 PM] POST https://load-balancer15.abc.local/iaas-proxy-provider/api/upgrade/blueprint/dbffb7ea-bdce-4530-bb92-293012532a4d [12/8/2015 6:34:17 PM] Response: [12/8/2015 6:34:17 PM] {"errors":[{"code":900057,"message":"The specified operation can only be performed for blueprints in state [PUBLISHED]. The current state on blueprint [IO- LB15-MMS-res1-copy] is [DRAFT].","systemMessage":"The specified operation can only be performed for blueprints in state [PUBLISHED]. The current state on blueprint [IO-LB15-MMS-res1- copy] is [DRAFT].","moreInfoUrl":null}]}
      6. Verify that the impacted blueprints were upgraded and are in the Draft state.
      7. Reconfigure the impacted blueprints to use another network option such as App isolation or external networks.
      8. Publish the impacted blueprints and then entitle the impacted blueprints.
      9. Provision new deployments to test.

    • During the upgrade to vRealize Automation 7.0, RegistryKeyPermissionCheck warning appears even though the user has rights

      Workaround: The remediation text for the RegistryKeyPermissionCheck indicates that it is okay to give rights on the user explicitly or on its group. But when you give rights on the group, the check cannot validate it and reports the issue again, which is incorrect. If rights were given on a group that the user belongs to, it is okay to continue with the installation or upgrade.

    • During the upgrade from vRealize Automation 6.2.0 to 7.0, vPostgres upgrade fails and the "Failed to install updates(Error while running pre-install scripts)" error appears

      Workaround: Follow the instructions about how to recover from an RPM database corruption at RPM Recovery, and rerun the upgarde procedure.

    • The prereq checker fails with a warning about RegistryKeyPermissionCheck, but the instructions to correct the error do not work during installation
      The check is case-sensitive for the user name

      Workaround: Temporarily change the user you used to run the Management Agent Service on the Windoows machine to another user, and then change back to the original user by using the correct case for the user name.

    • Catalog items that use certain property definitions from prior versions appear in the service catalog but are not available to request after upgrading to vRealize Automation 7.0
      If you upgraded from a prior version to 7.0 and you had property definitions with the following control types or attributes, the attributes are missing from the property definitions and any catalog items that use the definitions do not function the way that they did before upgrading.

      • Control types. Check box or link.
      • Attributes. Relationship, regular expressions, or property layouts.

      In vRealize Automation 7.0, the property definitions no longer use the attributes. You must recreate the property definition or configure the property definition to use a vRealize Orchestrator script action rather than the embedded control types or attributes.

      Workaround: Migrate the control type or attributes to vRealize Automation 7.0 using a script action.

      1. In vRealize Orchestrator, create a script action that returns the property values. The action must return a simple type. For example, return strings, integers, or other supported types. The action can take the other properties on which it depends as an input parameter. For information about creating script actions, see the vRealize Orchestrator documentation.
      2. In vRealize Automation, configure the product definition.
        1. a. Select Administration > Property Dictionary > Property Definitions.
          b. Select the property definition and click Edit.
          c. From the the Display advice drop-down menu, select Dropdown.
          d. From the Values drop-down menu, select External Values.
          e. Select the script action.
          f. Click OK.
          g. Configure the Input Parameters that are included in the script action. To preserve the existing relationship, bind the parameter to the other property.
          h. Click OK.
    • After upgrading to vRealize Automation 7.0, the vRealize Orchestrator service is unavailable
      After you upgrade, the vRealize Orchestrator might not find the configured Administrator group. To verify if this is the case, perform the following steps:

      1. Start the vRealize Orchestrator Control Center.
      2. Log in to the vRealize Orchestrator Control Center.
      3. Click Validate Configuration.
        If the Authentication section does not have a green check mark, you need to provide the proper authentication settings.
      4. Return to the vRealize Orchestrator Control Center.
      5. Click Configure Authentication Provider.
      6. Select a new Administrator group that can be properly resolved.
        Note: The vcoadmins group is available only at the default vsphere.local tenant. If you are using another tenant for vRealize Orchestrator, then you must choose another group.
      7. Click Save and repeat step 3 to validate the configuration.
    • If embedded vRealize Orchestrator was added as an endpoint in vRealize Automation 6.x, the endpoint stops working after upgrading to 7.0
      In 6.x, the embedded vRealize Orchestrator was accessible on https://hostname:8281/vco. After the upgrade, the embedded vRealize Orchestrator is available on https://hostname/vco and embedded vRealize Orchestrator endpoints stop working.

      Workaround: Reconfigure the vRealize Orchestrator endpoint in the Infrastructure tab and exclude port 8281. Manually start a data collection for vRealize Orchestrator and verify that the collection is successful.

    • Changing the hostname after the Active Directory connection is initialized results in an unusable connector and Active Directory failures
      You should not change the vRealize Automation host name after the Active Directory connection is initialized. You can change the load balancer name in the vRealize Automation appliance management console by selecting vRA Settings > Host Settings.

    • During upgrade, the validation message: The Windows log on identity [DOMAIN\USER] could not be verified as having the “Log on as a service” right (Windows Local Policy) falsely appears, and the installation fails
      Validation cannot verify that the service user has the "Log on as a service" right on a Local Security Policy. This right is required for the domain user that you plan to use to start the Manager Service.

      User Account Control prevents the validation check from verifying that the selected user has the required permission on a given Local Security Policy. Although the user is a member of the local Administrators group, either directly or as member of a domain group, the result is a false negative.

      Workaround: For information on how to resolve this issue, see Knowledge Base 2138782.

    • When upgrading the Manager Service and DEM Orchestrator system, an error message appears and the Model Manager Web host cannot be validated
      The following error appears if the name of the load balancer is change in the ManagerService.exe.config file:
      Distributed Execution Manager "NAME" Cannot be upgraded because it points to Management model web host "xxxx.xxxx.xxxx.net:443", which cannot be validated. You must resolve this error before running the upgrade again: Cannot validate Model Manager Web host. The remote certificate is invalid according to the validation procedure.

      Workaround: Make the following updates to the C:\Program Files (x86)\VMware\vCAC\Server\ManagerService.exe.config configuration file:
      For DEM Agents, the registry values for all DEM instances need to be updated. The following example has two DEM instances, and both should be updated:

      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware vCloud Automation Center DEM\DemInstanceId02]
      "Name"="DEM"
      "Role"="Worker"
      "RepositoryAddress"="https://vcac152-009-005.eng.vmware.com:443/repository/"

      [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware vCloud Automation Center DEM\DemInstanceId03]
      "Name"="DEO"
      "Role"="Orchestrator"
      "RepositoryAddress"="https://vcac152-009-005.eng.vmware.com:443/repository/"

    • vRealize Automation 7.0 does not contain vRealize Code Stream. Upgrading might result in vRealize Code Stream pipelines with configurations, endpoints, and plug-ins failing to migrate when you upgrade vRealize Automation 6.2.x to vRealize Automation 7.0
      CAUTION: It is recommended that you not upgrade to vRealize Automation to 7.0 until a compatible version of vRealize Code Stream is available. For more information, see Knowledge Base 2137215

    • After upgrading to vRealize Automation 7.0, duplicate catalog items for the same business group appear in the catalog
      This issue occurs when the list of catalog items is filtered on All business groups.

      Workaround: Filter on individual business groups.The check is case-sensitive for the user name.

    Configuring and Provisioning Issues

    • New When you use Bulk Import to import a unmanaged virtual machines into vRealize Automation, a failure during the import process can delete the machines from vCenter Server
      Workaround: To prevent this, install the patch described in Knowledge Base 2144526.

    • Services are marked as unavailable after the vRealize Automation appliance's hostname is changed
      Workaround: A second restart of the vRealize Automation server is required if any services are unavailable after the hostname is changed.

    • A Management Agent domain account on a cloned Windows Server 2012 that is joined to a domain loses its rights on the agent certificate's private key
      After cloning a machine that is part of a domain with a customization wizard in vSphere, the machine is no longer part of the domain. After rejoining the domain, the following error message appears in the Management Agent log: CryptographicException - Keyset does not exist.

      To resolve this issue, you must open and close the security settings for the private key of the certificate without making any changes.

      1. Locate the certificate by using the Microsoft Management Console Certificates snap-in. It has the agent id in its Friendly name field.
      2. Select All Tasks > Manage Private Keys.
      3. Click Advanced.
      4. Click OK.
    • Unable to provision a vSphere machine by using NAT 1-to-1 when the number of machine instances specified in the nested blueprint is not overridden in the outer blueprint
      If you add a nested blueprint that contains a vSphere machine component with minimum instance set to 2 or higher and maximum instance blank, add a NAT 1-1 network component, and add a NIC on the vSphere machine component in the nested blueprint using the NAT 1-1 settings, provisioning from the published outer blueprint fails with the following error:
      Request [9d7b7c07-3e04-4d5b-8ae6-be4eef4d2eca]: Index: 1, Size: 1 (stacktrace attached)

      Workaround: Override the number of specified instances in the nested blueprint in the outer blueprint. For example, if the nested blueprint specifies a minimum instance of 1 and a maximum instance of 5 for the vSphere machine component, then override this range by specifying a minimum instance of 2 and a maximum instance of 5 in the outer blueprint. Note that if the maximum number of instances is not specified in the blueprint, then the instances cannot be overridden. To avoid this issue, set a maximum number of instances.

    • Changing the name of the nested blueprint breaks NIC associations to it and causees provisioning to fail
      When working in a blueprint that contains a nested blueprint and where a network profile and specified NIC are associated to a vSphere machine component, changing the name of the nested blueprint breaks NIC associations to it and causees provisioning to fail.

      Workaround: Reopen the blueprint and re-create the NIC associations but do not change the name of the nested blueprint.

    • When using bulk import, "Unable to load provisioning workflow" error appears
      When importing a machine, if the final catalog registration step fails, IaaS attempts to destroy the machine when the registration retry limit is reached.

      Workaround: Make sure that you do not import a machine into an existing deployment or to a nonexistent blueprint.

    • Dragging an existing inner blueprint into a current outer blueprint has restrictions
      When you drag an existing inner blueprint into a current outer blueprint, the following restrictions apply if the inner blueprint has machines joined to security groups, security tags, or on-demand networks. This issue can also appear on imported blueprints.

      • When you add new or additional security groups to machines in the inner blueprint, the machines are joined only to new security groups that are added as part of an outer blueprint, even though the Blueprint Authoring UI shows security groups from the inner and outer blueprint.
      • Similarly, when you add new security tags to inner machines from an outer blueprint, security tags originally associated in the inner blueprint are lost.
      • Similarly, when you add new on-demand networks to inner machines from an outer blueprint, on-demand networks originally associated in the inner blueprint are lost. Existing networks originally associated in inner blueprint will still work.

      Workaround: You can resolve this issue by either of the following methods:

      • Add security groups, tags, or ondemand networks in the outer blueprint level and not in the inner level blueprint.
      • Add security groups, tags, or ondemand networks in the inner blueprint level and not in the outer level blueprint.
    • Incorrect currency symbol might appear when vRealize Business Standard Edition is integrated with vRealize Automation
      If the vRealize Business Standard appliance was configured to use currencies that are different from what is configured in the Windows Regional Settings of the operating system where the IaaS server is installed in vRealize Automation, the incorrect currency symbol appears in the reclamation request and in the body of the email.

    • Directory Search Attribute field on the Add Directory page contains inaccurate information
      Some code strings in the Directory Search Attribute field are inaccurate.

      Workaround: Click the Directory Search Attribute drop-down menu to view accurate code strings.

    • The status of a machine on the Managed Machines page might erroneously appear as Missing for a period of time after provisioning
      The correct machine status appears after a subsequent data collection on the compute resource that hosts the machine in question.

    • Resource not found error occurs when requesting a catalog item
      When vRealize Automation is in high-availabity mode and the master database node fails and a new master node is not promoted, all of the services that require write access to the database do not operate normally or become temporary corrupted until a new master database is promoted.

      Workaround: You cannot avoid this error when the Master database is unavailable. You can promote a new Master database and then this error should disappear and you should be able to request resources.

    • Changes are not saved on the Blueprint Form page of an XaaS blueprint
      If you do not click Apply after you update each field on the Blueprint Form page of an XaaS blueprint, your changes are not saved.

    • Machine is deleted during reprovisionng when a datastore is moved from one SDRS cluster to another
      When a datastore is moved from one SDRS cluster to another, inventory data collection updates the storage paths of the disks. The custom property, VirtualMachine.Storage.Cluster.Name, of the virtual machine is not updated to the new cluster and the machine is deleted when it is reprovisioned.

    • Software provisioning in Windows 8, Windows 2000 R2, and Windows 10 requires that .NET 3.5 be installed on the template machine prior to installing the software bootstrap agent
      .NET 3.5 is required only when users are preparing the templates for software provisioning. The .NET 3.5 requirement does not apply to machine-only provisioning.

    • In vRealize Automation 7.0, custom property names are case-sensitive
      In previous versions, custom property names are case-insensitive. In 7.0, custom property names must be an exact match, including the case. This change ensures that property values override one another and match property dictionary definitions. For example, two properties "hostname" and "HOSTNAME" are considered different properties by vRealize Automation 7.0 and would not override one another.

    • Items tab does not display information about the services that are enabled for a load balancer
      For machines provisioned by using a load balancer that is associated to vCloud Networking and Security, the Items tab does not display information about the services that are enabled for that load balancer.

    • Internal error appears in the Workflow subscriptions wizard when Run based on conditions is selected
      If you select Run based on conditions in the Workflow subscriptions wizard for a new or edited workflow subscription, and select either All of the following or Any of the following, but you add only one condition, no validation error appears and you are able to continue. When you click Finish, an internal error appears and the subscription is not saved.

      Workaround: If you select All of the following or Any of the following, you must provide at least two conditions, or the Workflow Subscription fails.
      If you selected All of the following or Any of the following and you want to go back to select only one, click the x icon to remove the clause that appears under the selection and make another selection.

    • RabbitMQ failed after /dev/sda1 drives on clustered VAs ran out of space

      Workaround: Free up disk space and restart RabbitMQ on all VAs by clicking the Reset RabbitMQ button found in vRA Settings > Messaging.

    • If a machine is destroyed while the vSphere clone operation is in progress, the in-progress machine clone task is not canceled
      This issue might result in the machine continuing and completing the cloning operation in vCenter and will no longer be under vRealize Automation management.

    • Clone from snapshot field is blank when you create a blueprint with a cloned machine by using the REST API
      On the Build Information tab, the Clone from snapshot field is blank and you cannot make a selection from the drop-down menu.

      Workaround:

      1. In Clone from, reselect a machine template to clone from.
      2. Click Save.

      Clone from snapshot is set to Use Current Snapshot and you can change the value.

    • Internal error appears when clicking in the goal navigator
      If you click too quickly in the goal navigator, an internal error appears.

      Workaround: Allow the menu in the goal navigator to appear between clicks.

    • Requesting a composite blueprint fails immediately and trying to load the request details form also fails
      When the maximum lease days for a component blueprint is less than that of the outer blueprint, requests fail immediately and the request details form fails to load.

    • Subscriptions for the EventLog Default Event topic do not receive any events and will not trigger a vRealize Orchestrator workflow

      Workaround: Do not use the EventLog Default Event topic for your workflow subscriptions.

    • Duplicate domain is added to a user name when you create a directory that includes the UserPrincipalName directory search attribute
      When you create a new directory and you select UserPrincipalName for the Directory Search Attribute, a duplicate domain is added to a user name. For example, user.domain@domain.local appears as user.domain@domain.local@domain.local. Users must enter their user name exactly as it appears, including the duplicate domain, to log in when using the REST API or vRealize CloudClient.

      Workaround: You must use sAMAccountName instead of UserPrincipalName because Directories Management supports user name and domain uniqueness.

    • Installation fails with an error about there being a wrong certificate after the Join Cluster step when the case of the host name of a deployed vRealize Automation appliance does not match the case entered in the Installation Wizard for vRealize Automation
      When using the Installation Wizard for vRealize Automation, if the case of the name you enter when prompted to provide additional vRealize Automation appliances does not match the case of the name that was used when the vRealize Automation appliance was deployed, an error message about the wrong credentials appears.

      Workaround: Make sure that when you enter the host name in the Installation Wizard for vRealize Automation that you match the case used when the vRealize Automation appliance was deployed. To find the exact host name, perform the following steps:

      1. In vCenter client, right-click on the VM.
      2. Select Edit Settings.
      3. Click the Options tab, and select Properties.
      4. Locate the Hostname section to see the exact host name of the VM and copy and paste the host name into the wizard.

    • Requesting blueprints on a heavily loaded server can sometimes fail with PROVIDER_FAILED status
      During times of heavy provisioning, some requests remain in the "Machine Activated" state and eventually the PROVIDER_FAILED message appears. This occurs because of SocketTimeoutExceptions when the connections between the Java services and Windows services are deadlocked.

      Workaround:

      1. Add the following code to the section inside the <configuration> tag in C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Web\Web.config:
      2. <system.net>
          <connectionManagement>
          <add address = "*" maxconnection = "100">
          <connectionManagement>
        </system.net>

        Restart the IIS service on the nodes.

    • Requesting blueprints that contain NSX security components on a heavily loaded server can sometimes fail with PROVIDER_FAILED status
      During times of heavy provisioning, some requests fail to provision VM components. The following message appears in request details: Failed to configure one or more network and security settings. Error: One or more errors occurred.
      The IaaS Monitoring Log displays the follwoing related error message that has more detail:
      Workflow 'VCNSAssignVirtualMachineNetworkSettings' failed with the following exception:
      One or more errors occurred.
      Inner Exception: Bad Request (400)
      Request:
      POST https://scale70-vra-va.sqa.local/network-service/api/security-groups/126/machines
      Response:
      {"errors":[{"code":10104,"message":"Data serialization error.","systemMessage":"Could not read message [acceptableTypes: [application/*+json;charset=UTF-8, application/json;charset=UTF-8]]","moreInfoUrl":null}]}

      This issue occurs because of SocketTimeoutExceptions when the connections between the Java services and Windows services are deadlocked.

      Workaround:

      1. Add the following code to the section inside the <configuration> tag of the DEM worker config file in C:\Program Files (x86)\VMware\vCAC\Distributed Execution Manager\DEM\DynamicOps.DEM.exe.config:
      2. <system.net>
          <connectionManagement>
          <add address = "*" maxconnection = "100">
          </connectionManagement>
        </system.net>
        Restart the DEM worker service on the nodes.

    • The change certificates command does not deploy the new certificate on a standalone agent server
      A new certificate is not deployed when the change IaaS Web Server or Manager Service certificate command is executed on an environment where there is at least one IaaS Server that has only agents installed. When the certificate is self-signed or not trusted by default on the IaaS Web Servers, the trust needs to be established manually.

      Workaround: To resolve this issue, perform the following steps:

      1. Log in to the agent servers.
      2. Obtain the certificate from one of the following locations:
        • IaaS web: https://iaas-address/wapi/api/status
        • Manager service: https://manager-service-address/vmpsprovision
      3. Import the certificate you obtained in step 2 to the \trusted people store.
        1. a.&nbsp;&nbsp;Run mmc.exe.
          b.&nbsp;&nbsp;Select File > Add/Remove Snap-in.
          c.&nbsp;&nbsp;Select Certificates and click Add.
          d.&nbsp;&nbsp;Select Computer Account and click Next.
          e.&nbsp;&nbsp;Select Local computer and click Finish.
          f.&nbsp;&nbsp;Select Certificates > Trusted People > All Tasks > Import.
      4. Validate that the certificate is trusted by opening a new Internet Explorer window and navigating to https://iaas-address/wapi/api/status.

      If deployed successfully, no certificate errors appear.

    • After you change the SSO administrator password, the vco-server service does not start
      When the SSO administrator password is changed, all services are restarted, but vRealize Orchestrator cannot get a license because the request is made before the license-service is started. Exception messages from the vco-server service appear and vRealize Orchestrator is not started.

      Workaround: Wait until the license-service starts and manually restart the the vco-server.

    • Internal Error appears when you create a new XaaS blueprint and add a Required, Read only, or Visible constraint
      When you specify a constant value for one of the boolean constraints of Required, Read only, or Visible, and click Apply, an Internal Error appears. This issue applies to the XaaS components that support multiple values such as Checkbox list, Dual list, Search, and so on.

      Workaround: For boolean constraints such as Required, Read only, or Visible, perform the following steps:

      1. Add a Yes/No field.
      2. Set its Visibility constraint to No.
      3. Set its Default value to Yes/No, depending on the use case.
      4. Bind the dedicated constraint of the multiple value field to the value of the Yes/No field.
    • Deployments with bindings to DHCP IP addresses in software deployments is not supported
      The following error message appears and the ip_address is not populated if no network profile exists: System error: Internal error in processing component request: com.vmware.vcac.platform.content.exceptions.EvaluationException: No data for field: ip_address.

      Workaround: If a binding is required, use static IPs or IPs managed by vRealize Automation (network profile), or use an IPAM integration. If using DHCP, you should bind to the hostname and not to the IP.

      Example script to get the IP address of a machine for Cent OS:
      IPv4_Address = $(hostname -I | sed -e 's/[[:space:]]*$//')
      echo $IPv4_Address

      Bind to this computed value when the IP address is needed for DHCP use cases.

    • Domain is added to a user UPN when you create a directory that includes the UserPrincipalName directory search attribute
      When you create a new directory and you select UserPrincipalName for the Directory Search Attribute, a domain is added to a user UPN. For example, the vRealize Automation user name of a user with user.domain@domain.local UPN appears as user.domain@domain.local@domain.local. This happens if the UPN suffix is configured at AD site to be domain. If the UPN suffix is customized, for example to "tralala.com", then the vRealize Automation user name of a user with user.domain@tralala.com UPN appears as user.domain@tralala.com@domain.local.
      If UserPrincipalName directory search attribute is used, users must enter their user name exactly as it appears (user.domain@domain.local@domain.local), including the domain, to log in when using the REST API or Cloud Client.

      Workaround: Use sAMAccountName instead of UserPrincipalName since Directories Management supports user name domain uniqueness.

    • Cannot add or delete property groups after a blueprint component is added
      When you create or edit a blueprint in the design canvas, after you add a blueprint component and click Finish, you can no longer save any modification to the property groups of the outer blueprint.

      Workaround: After adding a blueprint component onto a main blueprint, click Save and then click Finish.

    • Requesting a catalog item that contains an on-demand One-to-One NAT network and increasing the number of default VM instances results in the NAT rules not being created for the additional VMs
      If a blueprint includes a certain number of VM instances and an NSX on-demand NAT One-to-One network component, when a user requests that catalog item and increases the number of VM instances from the one specified in the blueprint, then the 1-to-1 NAT rules are not created for the additional VMs. If the user does not change the number of VM instances, the deployment with 1-to-1 NAT configuration is correct for all VMs.

      Workaround: Choose from the following workarounds:

      • At blueprint authoring time, specify the correct number of VM instances in the blueprint.
      • After deployment, manually add the One-to-One NAT rules for the additional machines using the vSphere Web Client.

    • A 404 Not Found error appears when requesting a machine on behalf of another user
      If a blueprint includes an on-demand NAT network or an on-demand load-balancer component, a 404 Not Found error appears when a deployment requested on behalf of another user is made.

    • Load balancer settings revert to default values when a blueprint is updated
      When you change a load balancer value in a blueprint and navigate off the page, the values revert to the default values.

      Workaround: If you override the default values, make sure that you make the change as the last change before you save the blueprint.

    • Machines imported by using Bulk Import are not mapped to the correct converged blueprint and component blueprint

      Workaround: Add the VMware.VirtualCenter.OperatingSystem custom property to each machine in the import CSV file.
      For example: Yes,NNNNP2-0105,8ba90c35-9e03-4ac4-8a5d-2e6d76f37b81,development-res,ce-san-1:custom-nfs-2,UNNAMED_DEPLOYMENT-0105,BulkImport,Imported_Machine,system_blueprint_vsphere,user.admin@sqa.local,VMWare.VirtualCenter.OperatingSystem,sles11_64Guest,NOP

    • Network component names do not display properly in the Catalog Items page
      Code appears in place of the name of the network type on the Catalog Items page in a localized UI.

    • Quota setting is removed from a published blueprint
      If you open a blueprint that has a quota setting already assigned and you save the blueprint, the quota is reset to unlimited.

      Workaround:

      1. Select Administration > Catalog Management > Catalog Items, and select the catalog item.
      2. Make note of the current quota in the catalog item.
      3. Edit and save the blueprint.
      4. Select Administration > Catalog Management > Catalog Items, and select the catalog item.
      5. Set the quota back to the value you noted in step 2.

    • When submitting a request for a catalog item, the request fails and the submit button disappears

      Workaround: Save the request and reopen it. When the request is reopened, the submit button is enabled and you can try again.

    • Internal Server Error appears while configuring Directories Management
      When you select individual groups or Active Directory containers (domain, organizational unit) that contain groups on the Select the groups (users) you want to sync page, an the error, Internal Server Error, appears if you have the same group resolved by more than one Group DNs entry on that page.

      Workaround: Make sure that you do not have the same group resolved by more than one Group DNs entry on the Select the groups (users) you want to sync page.

    • Catalog Management Actions are missing in VMware vRealize Automation

      Workaround: For information on how to resolve this issue, see Knowledge Base 2113027.

    • "CloneVM : Specified snapshot does not exist. Clone operation cancelled.." error message appears when you deploy a linked clone VM after changing the snapshot target
      For example, if you add a linked clone from a snapshot of VM1 to a blueprint and save it, and then change the snapshot to VM2, the change from VM1 to VM2 does not take effect and the error message appears.

      Workaround: In this example, you would delete VM1 from the blueprint and re-create it to include the snapshot for VM2.

    • An Active Directory that includes more than 15 user groups fails to list the groups when you sync the Active Directory
      If you have a lot of groups, greater than 15, and you attempt to sync the Active Directory from Administration > Identity Stores Management > Identity Stores, only a few groups appear.

      Workaround: Click Select to view the full list.

    • Java exception error occurs when attempting to reassign tenant administrator when using the Identity Stores Migration Tool
      This issue occurs because a synchronized user administrator is in the setup directory, and during login, Directories Management does not know which administrator user to use.

      Workaround:

      1. Log in on the SSO VM.
      2. Navigate to the bin\ directory of Identity Stores Migration Tool.
      3. Open the migration.properties file.
      4. Change the value of the property vra.system.admin.username to administrator@vsphere.local.
      5. Rerun the Identity Stores Migration Tool.

    • Error appears when running the Identity Stores Migration Tool
      When running the Identity Stores Migration Tool, the following error might appear:
      ERROR: MigrateIdentityStores: Tenant 'vsphere.local': Can not create directory ' ': Could not join domain Error occurred while joining domain. Verify Domain Admin user name and password are correct, and the user name is the sAMAccountName.

      Workaround:

      1. Verify the credentials of the join domain user and bind the user.
      2. Run the Identity Stores Migration Tool again.

      If the problem persist use the following workaround to join the Directories Management connector to the domain.

      1. Manually join the vIDM connector.
        1. a.  Log in to the default tenant as a system administrator.
          b.  Open the vsphere.local tenant for editing, create a local user in the tenant, and add the tenant administrator role to this user.
          c.  Log in to the default tenant by using the local user you just created.
          d.  Select Administration > Directories Management > Connectors.
          e.  Click Join Domain for each connector.
          f.  Select Custom Domain in the drop-down and enter your domain.
          g.  Enter the user name and password of the domain user who has join domain permissions.
          h.  Click Join Domain.
      2. After the connectors are joined, rerun the Identity Stores Migration Tool and do not join the domain.
        • Enter no in response to the prompt: Do you want to join the domain?[yes/no](Default is 'yes')

    • Wrong information appears on the Database tab after the promotion from replica to master
      When the master node in the vRealize Automation appliance fails, you should use the vRealize Automation appliance management console UI of the other healthy nodes for cluster management operations.

    • Errors related to workflow subscriptions and the event broker service for some machine provisioning workflows
      If you have workflow subscriptions configured and active in your environment, you might see errors in the manager service log related to provisioning states. The following is an example of a manager service log error:
      General error occurred while attempting to execute workflow with id 'com.vmware.csp.iaas.blueprint.service.machine.lifecycle.provision'. It is part of subscription for topicId '716a4f46-7849-4d67-b793-a4c9db4b11ea'. Error: 'Object of class [com.vmware.vcac.designer.service.domain.CsWorkflowRunRequest] with identifier [09b78f61-4706-41fe-856d-21065c02cecc]: optimistic locking failed; nested exception is org.hibernate.StaleObjectStateException: Row was updated or deleted by another transaction (or unsaved-value mapping was incorrect): [com.vmware.vcac.designer.service.domain.CsWorkflowRunRequest#09b78f61-4706-41fe-856d-21065c02cecc]

      This problem does not occur for a particular state or workflow. For example, If you see optimistic locking failed; nested exception is org.hibernate.StaleObjectStateException: Row was updated or deleted by another transaction in the logs, a possible cause for the error might be that two cluster nodes tried to update the same entry in the database. When the problem occures, the provisioning operation fails and the workflow state is disposing.

      Workaround: Retry the failed operations.

    • Proxy settings do not work correctly for vCloud Director or vCloud Air endpoints
      During data collection, when connecting to the endpoint, the proxy settings used when creating vCD/vCA endpoints are ignored. This can result in data collection failures, if proxy is required to connect to the endpoint address.

      Workaround: the machine that has the DEM used for running vCloud Director or vCloud Air workflows should be configured to allow direct access to the vCloud Director or vCloud Air endpoint, without having to use the proxy.