vRealize Automation 7.1 Release Notes

Updated on: 21 MAR 2017

vRealize Automation | 23 AUG 2016 | Build 4270058

Check regularly for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New

The vRealize Automation 7.1 release includes resolved issues and the following changes.

  • Streamlined installation process using a silent installer.
  • Agent and prerequisite command line interface.
  • Migration tool to move data from a source vRealize Automation 6.2.x environment to a fresh vRealize Automation 7.1 environment while preserving the source environment.
  • IPAM integration framework with ability to deploy machines and applications with automated assignment of IP addresses from leading IP address management systems, with the first integration with Infoblox.
  • Integrated support for Active Directory policies.
  • Custom property dictionary controls to improve property definitions and vRealize Orchestrator actions.
  • Reconfigure life-cycle events by means of event broker workflow subscriptions.
  • Additional vSphere provisioning options and data collection improvements.
  • Ability to manually conduct horizontal scale in and scale out of application environments deployed by vRealize Automation, including the automatic update of dependent components.
  • Customizable message of the day portlet available on the home page.
  • Additional information and filter options on the Items page.
  • Discontinued support for PostgreSQL external database.

System Requirements

For information about supported host operating systems, databases, and Web servers, see the vRealize Automation Support Matrix.


For prerequisites and installation instructions, see Installing vRealize Automation.

Before You Upgrade

New vRealize Automation features introduce several enhancements, along with the ability to upgrade or migrate to the new version. For recommendations and guidance before you begin the upgrade process, visit vRealize Automation Upgrade Assistance web page.

Resolved Issues

  • In vRealize Automation 7.0, custom property names are case-sensitive

  • IP address for an Amazon Web Services virtual machine is unavailable in the catalog API after you provision a machine

  • When you upgrade a replica server from vRealize Automation 7.0 to 7.0.1, the replica server must be in sync with the master server. If the replica server is not in sync, the PostgreSQL service on the replica cannot start, and the upgrade fails.

  • Edge fails to allocate virtual machine when network custom property is specified at the blueprint level

  • Unable to change disk size while requesting a machine from the catalog

  • Pre-requisite checker now properly checks the Distributed Transaction Coordinator requirement before installation

  • Double quote marks not allowed in the administrator password

  • Adding Active Directory Groups in VMware vRealize Automation 7.x containing the pound (#) symbol fails

  • Access Denied message appears when changing the domain from the drop-down menu on the login page

  • The Prerequisite Checker's validations for IIS Server Windows Authentication work only for the Default Web Site where the Windows Authentication settings are not modified after the installation of IIS components

  • When you save host name and certificate settings in the vRealize Automation appliance management interface, an error message appears

  • If you enter a comma (,), a backslash (\), or a space between two valid characters in the root password while deploying the vRealize Automation appliance for the first time, the setup process fails when you use the wizard to set up a high availability environment.

  • When you delete a tenant that has a large number of groups, the process might time out

  • Required but empty software component property

Known Issues


  • New Security Passphrase Cannot Contain Double Quotes
    Installation fails if you include double quotation marks ( " ) in the security passphrase. You specify the security passphrase on the IaaS Host page of the Installation Wizard.
    Workaround: None

  • New After a fresh installation, the master appliance node does not see the status of the replica appliance node
    Workaround: Perform these steps.

    1. Open the vRealize Appliance management console on the master appliance node.
    2. Select vRA Settings > Database.
    3. Next to the name of the replica node, click Reset.

  • New vRealize Automation 7.1 does not support Microsoft SQL 2016 130 mode
    The Microsoft SQL 2016 database created during the vRealize Automation wizard installation is in 100 mode. If you manually create an SQL 2016 database, it must also be in 100 mode. For related information, see the Microsoft article Prerequisites, Restrictions, and Recommendations for Always On Availability Groups.

  • Security updates affect prerequisite checker
    In this release, the Installation Wizard prerequisite checker fails when Microsoft security updates 3098779 and 3097997 are present. However, the prerequisite checker can detect the updates and prompt you to remove them using the Fix option. Afterward, you can rerun the prerequisite checker as usual.

    Workaround: Allow the Installation Wizard to remove the security updates so that the prerequisite checker will work. Alternatively, you may manually remove the updates. After finishing the wizard, you may manually reinstall updates 3098779 and 3097997.

  • Security updates affect silent installation
    In this release, Microsoft security updates 3098779 and 3097997 prevent the new silent installation feature from working properly. The updates are the same ones that affect the Installation Wizard prerequisite checker.

    Workaround: Before silent installation, you must manually remove the updates from IaaS Windows servers. You may manually reinstall updates 3098779 and 3097997 after silent installation finishes.


  • New Unable to provision XaaS resources defined prior to upgrade from vRealize Automation 6.2.x to 7.1
    Multiple custom resources with the same vRealize Orchestrator type defined prior to upgrade fail after upgrade to vRealize Automation 7.1.

    Workaround: If you have two custom resources in the database, update all references to point to only one of the resources and remove the other. Restart the vcac server. All the XaaS objects should upgrade successfully on start up.

  • New Migration causes mismatch in vRealize Orchestrator plug-in versions
    After migration, you must reinstall the internal VMware vRealize Orchestrator plug-ins to address a mismatch in the plug-in versions.

    Workaround: After a successful migration, perform this procedure.

    1. Log in to the vRealize Orchestrator configuration interface. See Log in to the vRealize Orchestrator Configuration Interface.
    2. On the vRealize Orchestrator Control Center home page, click Startup Options.
    3. Click Stop.
    4. On the Control Center home page, click Troubleshooting.
    5. Click Force Plug-ins Reinstall.
    6. On the Control Center home page, click Startup Options.
    7. Click Start.
  • New After installation of vRealize Automation 7.1 or upgrade from vRealize Automation 7.0 to 7.1, the chosen custom background image on the login page is missing
    Customized branding present in vRealize Automation 7.0 is missing on the tenant login page after upgrade to vRealize Automation 7.1. Specified customized branding does not appear in a new installation of vRealize Automation 7.1.

    Workaround: See Knowledge Base article 2147171.

  • Migration of native Active Directory fails with errors
    At present, the SSO migration utility does not transfer an automated native Active Directory during the vRealize Automation migration process.

    Workaround: If you manually configure and launch native Active Directory, you can migrate Active Directory successfully. You must do this after you complete the vRealize Automation migration process.

  • IaaS node migration from vRealize Automation 6.2.4 to 7.1 fails when PostgreSQL server instance name contains non-ASCII characters

    Workaround: Use the Migrate a vRealize Automation Environment with an IaaS Database Backup procedure to migrate your vRealize Automation 6.2.4. environment to 7.1.

  • IaaS Management Agent configuration is corrupted after upgrade from a vRealize Automation 6.2.3 or earlier high-availability environment to 7.1
    After upgrade from vRealize Automation 6.2.2 to 7.1, the IaaS Management Agent cannot be started. An error message reports a missing node ID in the Management Agent configuration file.

    Workaround: See Knowledge Base article 2146550.

  • Scale in or scale out actions fail in an upgraded deployment
    Scale in or scale out actions are not supported for bulk-import deployments or deployments upgraded from vRealize Automation 6.x.

    Workaround: There is no workaround. New deployments made from blueprints after upgrade support scale in or scale out actions.

  • When you log in to the vRealize Automation appliance management console, an error message appears
    After you log in with the proper credentials, you receive an error message stating "Invalid server response. Please try again." This is caused by a problem with the browser cache.

    Workaround: Log out, clear your browser cache, and log in again.

Documentation and Help

The following items or corrections did not make it into the documentation for this release.

  • New vRealize Automation does not support a deployment environment that uses an SCVMM private cloud configuration.
    vRealize Automation cannot currently collect from, allocate to, or provision based on SCVMM private clouds.

  • New Cannot downgrade vRealize Automation licenses
    You see the following message when using the vRealize Automation administration interface Licensing page to submit a key to a lower edition license. For example, you start with an enterprise license and try to enter an advanced license.

    Unable to downgrade existing license edition

    This vRealize Automation release does not support the downgrading of licenses. You can only add licenses of an equal or higher edition. To change to a lower edition, you must reinstall vRealize Automation.

  • New Missing custom property definition for Vrm.DataCenter.Location
    See the vRealize Automation 7.2 documentation for a description of this custom property.

  • New vCloud Air endpoints require matching Organization and vDC name
    For vCloud Air endpoints, the Organization name and the vDC name must be identical for a vCloud Air subscription instance.

Previous Known Issues


Previous known issues are grouped as follows:


  • The vRealize Automation appliance page does not load correctly
    When using Internet Explorer 11 in Windows 2012 R2, the Web interface page for the vRealize Automation appliance does not load correctly.


  • Certain blueprints cannot be fully upgraded due to failures in updating catalog resources
    Upgraded multi-machine blueprints that contain on-demand networks or load balancer settings might not be fully functional after you upgrade to vRealize Automation 7.x.

    Workaround: After you upgrade, delete and re-create the deployments associated with multi-machine blueprints. All associated NSX Edge cleanup work must be done in NSX.

  • When you upgrade from vRealize Automation 6.2.0 to 7.0, vPostgres upgrade fails, and an error message appears
    If the system has a corrupt RPM database, this error message appears during the upgrade process: Failed to install updates(Error while running pre-install scripts).

    Workaround: For information about how to recover from an RPM database corruption, see the article "RPM Database Recovery" at the RPM Web site RPM. After you fix the problem, run the upgrade again.

  • When you run the Prerequisite Checker, the checker fails with a warning about RegistryKeyPermissionCheck, but the instructions to correct the error do not work during installation
    The Prerequisite Checker fails because it is case-sensitive for the user name.

    Workaround: Temporarily change the user you specified to run the Management Agent Service on the Windows machine to another user, and then change back to the original user by using the correct case for the user name.

  • When you change the host name to a different name after the Active Directory connection is initialized, the Active Directory connector is unusable and Active Directory fails
    You should not change the virtual appliance host name after the Active Directory connection is initialized. You can change the load balancer name in the vRealize Automation appliance management console by selecting vRA Settings > Host Settings.

  • When you upgrade the Manager Service and DEM Orchestrator system, a name validation error message appears and the Model Manager Web host cannot be validated
    The following error appears if the name of the load balancer changes in the ManagerService.exe.config file:
    Distributed Execution Manager "NAME" Cannot be upgraded because it points to Management model web host "xxxx.xxxx.xxxx.net:443", which cannot be validated. You must resolve this error before running the upgrade again: Cannot validate Model Manager Web host. The remote certificate is invalid according to the validation procedure.

    Workaround: Make the following changes to the ManagerService.exe.config configuration file. The default location is at C:\Program Files (x86)\VMware\vCAC\Server\ManagerService.exe.config.
    Change the registry values for all DEM instances. For example, the DEM instances in the following registry entries should both be updated.

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware vCloud Automation Center DEM\DemInstanceId02]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\VMware, Inc.\VMware vCloud Automation Center DEM\DemInstanceId03]

Configuring and Provisioning

  • In a high availability environment, Horizon fails to perform authentication after failover

    Workaround: After failover, restart the vRealize Automation appliance to restore authentication.

  • Some components might not function as expected after you drag an existing inner blueprint into a current outer blueprint
    Component settings can change depending on which blueprint the component is on. For example, if you include security groups, security tags, or on-demand networks at both the inner and outer blueprint levels, the settings in the outer blueprint override those in the inner blueprint. Network and security components are supported only at the outer blueprint level except for existing networks that work at the inner blueprint level.

    Workaround: Add all your security groups, security tags, and on-demand networks only to the outer blueprint.

  • If you create a property group with a period in the group name, you cannot use the vRealize Automation user interface to edit the group
    This issue occurs when you create a property group with a period in the group name, for example, property.group. If you use the vRealize Automation user interface to edit this property group, a blank page appears. You can use the REST API to edit this property group.

    Workaround: Avoid using a property group name that contains a period. If that is unavoidable, use the REST API to edit the group.

  • Loss of communication between IaaS and the common service catalog during destroy process leaves virtual machine in a disposing state
    If communication is lost between IaaS and the common service catalog while the destroy request is in progress but before vRealize Automation removes the virtual machine record from the database, the machine remains in a disposing state. After communication is restored, the destroy request is updated to either successful or failed, but the machine is still visible. Although the machine is deleted from the endpoint, the name remains visible in vRealize Automation management interface.

  • The Destroy VMware NSX load balancer option appears as an entitled action or as an approval policy option
    Permission to destroy the VMware NSX load balancer incorrectly appears as an entitled action and as an approval policy option on the Administration tab. The option to destroy the load balancer is correctly hidden from the list of actions on the provisioned load balancer resource, but remains visible on the Administration tab. Although the options are present, they are nonfunctional.

  • When you change the vRealize Automation appliance host name, services are marked as unavailable

  • When you join a Management Agent domain account on a cloned Windows Server 2012 to a domain, the Management Agent domain account loses its rights on the agent certificate private key
    When you use a customization wizard to clone a machine in vSphere that is part of a domain, the machine is no longer part of that domain. When you rejoin the cloned machine to the domain, the following error message appears in the Management Agent log: CryptographicException - Keyset does not exist.

    Workaround: Resolve this issue use the following procedure to open and close the security settings for the private key of the certificate without making any changes.

    1. Locate the certificate by using the Microsoft Management Console Certificates snap-in. The snap-in displays the agent ID in its Friendly name text box.
    2. Select All Tasks > Manage Private Keys.
    3. Click Advanced.
    4. Click OK.

  • Dragging an existing inner blueprint into a current outer blueprint is restricted
    When you drag an existing inner blueprint into a current outer blueprint, the following restrictions apply if the inner blueprint has machines joined to security groups, security tags, or on-demand networks. This issue might also occur on imported blueprints.
    • The outer blueprint cannot contain an inner blueprint that contains on-demand network settings or on-demand load balancer settings. Using an inner blueprint that contains an NSX on-demand network component or on-demand load balancer component is unavailable..
    • When you add new or additional security groups to machines in the inner blueprint, the machines are joined only to new security groups that are added as part of an outer blueprint, even though the Blueprint Authoring page shows security groups from the inner and outer blueprint.
    • When you add new security tags to inner machines from an outer blueprint, security tags originally associated in the inner blueprint are no longer available.
    • When you add new on-demand networks to inner machines from an outer blueprint, on-demand networks originally associated in the inner blueprint are no longer available. Existing networks originally associated in inner blueprint remain available.

    Workaround: You can resolve this issue by performing one of the following tasks:

    • Add security groups, tags, or on-demand networks to the outer blueprint but not to the inner blueprint.
    • Add security groups, tags, or existing networks to the inner blueprint but not in the outer blueprint.

  • Directory Search Attribute menu on the Add Directory page contains inaccurate information
    Some code strings that first appear in the Directory Search Attribute menu are inaccurate.

    Workaround: Click the Directory Search Attribute drop-down menu to view accurate code strings.

  • Resource not found error occurs when requesting a catalog item
    When vRealize Automation is in High Availability mode, if the master database node fails and a new master node is not promoted, all of the services that require write access to the database fail or become temporarily corrupted until a new master database is promoted.

    Workaround: You cannot avoid this error when the master database is unavailable. You can promote a new master database so that this error disappears and you are able to request resources.

  • Changes are not saved on the Blueprint Form page of an XaaS blueprint
    If you do not click Apply after you update each field on the Blueprint Form page of an XaaS blueprint, your changes are not saved.

  • Items tab does not display information about the services that are enabled for a load balancer
    For machines provisioned by using a load balancer that is associated with vCloud Networking and Security, the Items tab does not display information about the services that are enabled for that load balancer.

  • If a machine is destroyed while vSphere clone operation is in progress, the in-progress machine clone task is not canceled
    This issue might cause the machine to be cloned. The cloned virtual machine might be managed in vCenter and no longer be under vRealize Automation management.

  • When you request a composite blueprint, the request fails immediately and the request details form fails to load
    When the maximum lease days for a component blueprint are less than the number of lease days in the outer blueprint, requests fail immediately and the request details form fails to load.

  • You cannot have deployments with bindings to DHCP IP addresses in software deployments
    If you attempt to do this, the ip_address is not available if no network profile exists. The following error message appears: System error: Internal error in processing component request: com.vmware.vcac.platform.content.exceptions.EvaluationException: No data for field: ip_address.

    Workaround: If a binding is required, use static IP addresses or IP addresses managed by vRealize Automation in the network profile, or use an IPAM integration. If you use DHCP, you should bind to the host name and not to the IP address.

    You can use the following script to get the IP address of a Cent OS machine:
    IPv4_Address = $(hostname -I | sed -e 's/[[:space:]]$//')
    echo $IPv4_Address

    Bind to the value this scrip provides when the IP address is needed for DHCP use cases.

  • Domain is added to a user UPN when you create a directory that includes the UserPrincipalName directory search attribute
    When you create a new directory and you select UserPrincipalName for the Directory Search Attribute, a domain is added to a user UPN. For example, the vRealize Automation user name of a user with user.domain@domain.local UPN appears as user.domain@domain.local@domain.local. This happens if the UPN suffix is configured at AD site to be domain. If the UPN suffix is customized, for example to "example.com,"then the vRealize Automation user name of a user with user.domain@example.com UPN appears as user.domain@example.com@domain.local.
    If UserPrincipalName directory search attribute is used, users must enter their user name exactly as it appears (user.domain@domain.local@domain.local), including the domain, to log in to use the REST API or Cloud Client.

    Workaround: Use sAMAccountName instead of UserPrincipalName to use the user name domain uniqueness functionality of Directories Management.

  • A 404 Not Found error appears when requesting a machine on behalf of another user
    If a blueprint includes an on-demand NAT network or an on-demand load-balancer component, a 404 Not Found error appears when a deployment requested on behalf of another user is made.

  • Machines imported with Bulk Import are not mapped to the correct converged blueprint and component blueprint

    Workaround: Add the VMware.VirtualCenter.OperatingSystem custom property to each machine in the import CSV file.

    For example:

  • Catalog Management Actions are missing in vRealize Automation

    Workaround: For information on how to resolve this issue, see Knowledge Base 2113027.

  • An Active Directory that includes more than 15 user groups fails to list the groups when you sync the Active Directory
    If you have more than 15 groups, and you attempt to synchronize the Active Directory in the vRealize Automation management interface using Administration > Identity Stores Management > Identity Stores, only a few groups appear.

    Workaround: Click Select to view the full list.

  • After you promote a replica instance to the master instance, wrong information appears on the Database tab in the vRealize Automation master node management interface
    When the master node in the vRealize Automation appliance fails, you should use the vRealize Automation appliance management interface of a healthy node for cluster management operations.

  • Moving a datastore from one vSphere Storage DRS to another causes the system to delete instead of create a virtual machine
    If you move a datastore from one vSphere Storage DRS cluster to another vSphere Storage DRS cluster and the target cluster's automation level is not automatic, re-provisioning a created machine causes the system to delete the machine with the following error: StoragePlacement: datastore unspecified for disk in sdrs-disabled VM. This issue does not occur if the virtual machine is cloned.

    Workaround: Verify that the target cluster's automation level is set to automatic before you move a datastore from one vSphere Storage DRS cluster to another.