Hi,
i have created a multi tiered stack that has two 3 web servers at the front end that sits behind a Load balance Edge device. this is done by using the blue print designer.
it works fine, the tiered apps all build along with the LB, what i would like to dns is then have the option to register a name in dns for the VIP.
can this be done or anone done this before?
thanks
Hi Team,
I want to extend my vRA portal access to external network, going to provide access to my customers will directly deploy VM. External network is not allowed to access internal urls.
My vra url: vra01.internal.com
External customer is not able to access <internal.com> domain, they have access my public domain called <global.internal.com>. How can I route my external customers request to my vRA. Is that only firewall rule needs to create or we need any special settings in vRA. ?
Thanks,
Srini
Hi
We are having an issue where i can connect using the Web Remote Console to machines where the Machine Prefixes does not have blank spaces but with machines that has Blank spaces i cannot connect.
We created machine prefixes with blank spaces using the Orchestrator workflow.
Does anybody has the same issue or can test the same?
Thanks in advance.
Hello,
We currently have a multi-tenant vRealize 7.3 installation: 2 tenants with 1 ActiveDirectory for each one, untrusted.
Users from tenant 1 must not see users from tenant 2. And that is the problem we are facing.
We have created Xaas blueprints using the AD search feature to define AD objects inputs, but this feature doesn't separate the ADs.
We always see users from the 2 ADs .
In vRA, just one AD is defined for each tenant in Administration -> Endpoints.
In Orchestrator, It works fine. My AD objects inputs are set with 'Specify a root object to be shown in the chooser' option.
When i run my workflows from vRo console, i only see users from 1 AD.
Upgrading vRo ADplugin with 3.0.6 version does not fix this.
Does anyone know how to achieve this ?
Hi guys - I have a vRA setup using Active Directory with IWA. It's been working 100% fine. My credentials for the sync are fine and working. All of a sudden, it won't sync the directory. I get "Failed to complete dry run". When I go to the sync log for this directory, I see "Could not pull the required object from Identity Manager."
Can anyone point me in the right direction?
I am hoping someone else has run across these issues and can help point me in the right direction. I am running vRA 7.3 w/ vRO embedded. I can run my entire workflow without issue if i run them 1 at a time but If i run multiples I get random failures on my "Run Program in Guest" sections. All of those are just calls to the PowerShell host to launch scripts w/ some parameters passed through. The error is always "The operation is not allowed in the current state." What I have noticed on those failures is that those scripts are never actually run. The first thing my PS1 scripts do is generate a log file and on any of those failures I never see a log file created. I am thinking its something to do with the PowerShell host not handling multiple request well.
The other random issue I am having is that after the Cloning from a Template workflow completes some times I will get VMs w/ NIC disconnected. If i manually reconnect the network adapter everything seems file, no IP conflicts or misconfiguration. I am tempted just to add a script to verify the NIC is connected after the clone process but that feels like a band aid fix at best. Any suggestions would be appreciated. Thanks.
Hello everybody,
I'm asking for a question: if someone used vCloud Suite license key to activate vRealize Automation, should he pay again for using vRealize Automation ?
Thank's a lot.
Hi,
I am getting messages like "Machine XXXXXX: DisposeVM : Cannot complete login due to an incorrect user name or password." in the infrastructure event log in the web client for VRA.
I refreshed the passwords for the IaaS server, still some service does not want to cooperate.
Where can I find more information?
Products - VRA 7.1 with vCenter 6.5 and vSphere 6.0 hosts
Dear Everyone,
Im running into an issue with our vrealize automation install (v7.3).
On a minimum install, we had to replace the certificate on the iaas server.
After registering all the endpoints, everything worked except for the following:
2017-10-05 09:17:00,265 vcac: [component="cafe:event-broker" priority="INFO" thread="ebs-queue-pool-executer-3" tenant="" context="" parent="" token=""] com.vmware.vcac.eventlog.auditing.saveEvent:90 - Exception thrown for IaaS endpoint: https://iaas1/WAPI/ - Error Message: java.security.cert.CertificateException: Untrusted certificate chain.
I tried to register:
c:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Cafe>Vcac-Config.exe RegisterEndpoint --EndpointAddress https://iaas1/WAPI --Endpoint wapi -v
even with a rebuild of the trust:
(Incorrect vRealize Automation Component Service Registrations)
Or add the chain certificates to the java keystore.
But nothing seems to work.
As automation is completely unusable right now, any help would be appreciated.
PS. on the applience, all the services show registered except for:
release-management | com.vmware.csp.component.devops.release.management | 2017 Oct 5 11:15:15 | UNAVAILABLE |
But that was the case from the beginning. Further more, there are no more errors.
Full Exception:
2017-10-05 09:17:00,020 vcac: [component="cafe:iaas-proxy" priority="INFO" thread="tomcat-http--31" tenant="vsphere.local" contex
t="FEzbf9fb" parent="FEzbf9fb" token="u9t8HGte"] com.vmware.vcac.platform.security.CafeAbstractTrustManager.checkServerTrusted:51
- Default SSL Certificate: 261966366051175164202210355019191434353
2017-10-05 09:17:00,020 vcac: [component="cafe:iaas-proxy" priority="WARN" thread="tomcat-http--31" tenant="vsphere.local" contex
t="FEzbf9fb" parent="FEzbf9fb" token="u9t8HGte"] com.vmware.vcac.platform.security.CafeAbstractTrustManager.checkServerTrusted:61
- Untrusted certificate chain:
2017-10-05 09:17:00,020 vcac: [component="cafe:iaas-proxy" priority="WARN" thread="tomcat-http--31" tenant="vsphere.local" contex
t="FEzbf9fb" parent="FEzbf9fb" token="u9t8HGte"] com.vmware.vcac.platform.security.CafeAbstractTrustManager.checkServerTrusted:63
- Untrusted certificate with serial number: [275575002430767747207576006487004385936] and thumbprint: [B0:95:0A:40:F6:85:F3:0F:D
B:DD:D8:BE:85:F7:62:10:71:44:60:69]
2017-10-05 09:17:00,021 vcac: [component="cafe:iaas-proxy" priority="WARN" thread="tomcat-http--31" tenant="vsphere.local" contex
t="FEzbf9fb" parent="FEzbf9fb" token="u9t8HGte"] com.vmware.vcac.platform.security.CafeAbstractTrustManager.checkServerTrusted:63
- Untrusted certificate with serial number: [57397899145990363081023081275480378375] and thumbprint: [33:9C:DD:57:CF:D5:B1:41:16
:9B:61:5F:F3:14:28:78:2D:1D:A6:39]
2017-10-05 09:17:00,021 vcac: [component="cafe:iaas-proxy" priority="WARN" thread="tomcat-http--31" tenant="vsphere.local" contex
t="FEzbf9fb" parent="FEzbf9fb" token="u9t8HGte"] com.vmware.vcac.platform.security.CafeAbstractTrustManager.checkServerTrusted:63
- Untrusted certificate with serial number: [52374340215108295845375962883522092578] and thumbprint: [F5:AD:0B:CC:1A:D5:6C:D1:50
:72:5B:1C:86:6C:30:AD:92:EF:21:B0]
2017-10-05 09:17:00,021 vcac: [component="cafe:iaas-proxy" priority="ERROR" thread="tomcat-http--31" tenant="vsphere.local" conte
xt="FEzbf9fb" parent="FEzbf9fb" token="u9t8HGte"] com.vmware.vcac.iaas.gateway.impl.BaseGatewayImpl.mapIaasGatewayException:91 -
Exception thrown for IaaS endpoint: https://iaas1/WAPI/ , message: java.security.cert.CertificateExceptio
n: Untrusted certificate chain.
javax.net.ssl.SSLHandshakeException: java.security.cert.CertificateException: Untrusted certificate chain.
at sun.security.ssl.Alerts.getSSLException(Alerts.java:192) ~[?:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.fatal(SSLSocketImpl.java:1949) ~[?:1.8.0_131]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:302) ~[?:1.8.0_131]
at sun.security.ssl.Handshaker.fatalSE(Handshaker.java:296) ~[?:1.8.0_131]
at sun.security.ssl.ClientHandshaker.serverCertificate(ClientHandshaker.java:1514) ~[?:1.8.0_131]
at sun.security.ssl.ClientHandshaker.processMessage(ClientHandshaker.java:216) ~[?:1.8.0_131]
at sun.security.ssl.Handshaker.processLoop(Handshaker.java:1026) ~[?:1.8.0_131]
at sun.security.ssl.Handshaker.process_record(Handshaker.java:961) ~[?:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.readRecord(SSLSocketImpl.java:1062) ~[?:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.performInitialHandshake(SSLSocketImpl.java:1375) ~[?:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1403) ~[?:1.8.0_131]
at sun.security.ssl.SSLSocketImpl.startHandshake(SSLSocketImpl.java:1387) ~[?:1.8.0_131]
at org.apache.http.conn.ssl.SSLConnectionSocketFactory.createLayeredSocket(SSLConnectionSocketFactory.java:394) ~[httpcli
ent-4.5.2.jar:4.5.2]
We want the requestor to be able to go to the storage page and create an additional disk to add to their VM.
I added VRMGuestAgent to my template and ran "winservice -i -h Manager_Service_Hostname_fdqn:portnumber -p ssl". I updated the command line to point to my IaaS box which has the manager service running. I verified that after building a new VM that the Guest Agent service is running on the VM. I added the custom property I did add the VirtualMachine.Admin.UseGuestAgent custom property and set it to true.
I created a new request with a second disk requested. I can see the disk on the new VM and it is active but there is no partition on it.
Hello,
We have been working on getting vRA 7 deployed. In the process, we have amassed some strange failures and requests that are stuck "In Progress". I am trying to figure out how to clean these up.
In the cases where installing software components hanged and the deployment request is stuck "In Progress" forever, I was able to delete them using this reference http://open902.com/vra7-delete-stuck-in-progress-deployments/.
The last cases are a little harder for me to figure out how to cleanup. They are deployments that have completed, and so the object exists as an item, but the machine object under the deployment no longer exists. This results in multiple expiry and destroy requests that never complete, and stay in progress.
For example:
The deployments exists under items:
But trying to destroy some of them results in an error:
The following component requests failed: Server2012R2Agent. Internal error in processing component request: [Rest Error]: {Status code: 502}, {Error code: 10107} , {Error Source: null}, {Error Msg: You cannot perform that action because the system cannot connect to the provider at https://VRAURLREDACTED/WAPI/.}, {System Msg: Provider service is not available or in error state.}
And some of them do not have an available action to destroy:
I would appreciate any advice and how to go about cleaning these up. I am thinking this may involve the IaaS database...
~ Darrenoid
Hello,
I am working on creating a decommission workflow through a XaaS blueprint, which will automate the decommission process for our environment.
Here is the problem I am facing:
I have two text fields: "Virtual Machine" and "Details". Virtual Machine is a VM name that the user will provide. Details is a text field that I would like to populate with IP address and DNS info (I have an action that will do this, provided a VM name input).
The Virtual Machine fields works, but I cannot get the Details text field to update after the user enters a name. I have the default value set as 'Field > External (My Action) > Input (for My Action) = 'Field > Virtual Machine' which should mean that when the 'Virtual Machine' field is update, the value gets passed to the External action, which will return my extra details. Please see the image to visualize this.
When I open the catalog, the Details field does not even show up. It does not update when I enter a VM name. If I pass a constant (instead of trying to pass the Virtual Machine value), the action works fine and the Details text field gets populated as expected. If I access the blueprint from the blueprint catalog (not the service catalog), and the Details field updates exactly as it should (see the second image).
Does anyone have any idea how I can resolve this?
Thanks,
Tanner
Dear all,
I am trying to execute the following Powershell script in the Configure action of a software component.
This script executes a PS script against a Domain Controller to Remove and Add a DNS record.
$user = "adminuser@ourdomain"
$pass = ConvertTo-SecureString "userpassword" -AsPlainText -Force
$cred = New-Object System.Management.Automation.PSCredential($user,$pass)
Invoke-Command -ComputerName "$domain_DC.$domain_fqdn" -Credential $cred -ScriptBlock { Remove-DnsServerResourceRecord -Name "$app_binding" -ZoneName "$domain_fqdn" -RRType "A" -Force }
Invoke-Command -ComputerName "$domain_DC.$domain_fqdn" -Credential $cred -ScriptBlock { Add-DnsServerResourceRecordA -Name "$app_binding" -ZoneName "$domain_fqdn" -IPv4Address "$app_web_node_ip" }
The following are properties defined in the software component, and they are assigned values in the blueprint.
$domain_DC
$domain_fqdn
$app_binding
$app_web_node_ip
I am using the same software component properties in the Install action of the software component which is a cmd. In the Install action no problem.
The error that I am getting is:
Cannot validate argument on parameter 'Name'. The argument is null or empty.
Supply an argument that is not null or empty and then try the command again.
+ CategoryInfo : InvalidData: (:) [Remove-DnsServerResourceRecord
], ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Remove-DnsServe
rResourceRecord
+ PSComputerName : dc1.ourdomain
Cannot validate argument on parameter 'Name'. The argument is null or empty.
Supply an argument that is not null or empty and then try the command again.
+ CategoryInfo : InvalidData: (:) [Add-DnsServerResourceRecordA],
ParameterBindingValidationException
+ FullyQualifiedErrorId : ParameterArgumentValidationError,Add-DnsServerRe
sourceRecordA
+ PSComputerName : dc1.ourdomain
My feeling is that any software component properties that are inside the { } curly braces script block they do not receive their values. It seams that the curly braces are causing some issue in the parsing of the code.
Does anybody has any idea how to fix this?
Good evening,
For demonstration purposes, I´m documenting the vRA installation procedures.
I´m doing a highly available distributed installation composed of:
- 2 Appliances;
- 2 Windows machines for Web Site/Model Manager/Manager Service/DEM Orchestrator;
- 2 Windows machines for DEM Worker/Agents;
- 1 Windows machine for SQL Server.
A Microsoft CA is signing the certificates for vRA.
An NSX Edge is providing load balancing.
I successfully managed a wizard installation with no issues at all.
Snapshots were taken before starting and now, after reverting them, using the same machines and the same certificates:
- I configured both appliances successfully;
- Now, when installing the first IaaS server, after configuring the roles, I receive a message saying that the certificate was not found (see attached image) although I´ve already copied it into all possible certificate stores and the installer itself is able to see it (once again, see attached image). At this point I still don´t have any kind of installation logs (before Pre-requisite Checker) so I´m unable to figure out which certificate and how it is searching for it;
- I´ve already tried installing the appliances certificates, but the problem persisted;
- I tried creating a new machine but the problem persisted;
- IaaS certificate was installed into all mentioned stores for both local machine and user account;
- Once again, these same machines and certificates were used for a wizard installation that completed without issues.
Has anyone seen this sort of issue? I´ve worked with vRA since vCAC 5.2 and never encountered this specific issue.
Thank you very much,
Henrique Cicuto
I'm trying to use a single blueprint that will either:
A. provision a vm with static user-defined network information, including hostname, or
B. provision a vm with DHCP using the business group default name prefix.
I have all the necessary properties for a user to input for static information, and a dropdown list to choose static or DHCP, which will determine which clonespec is used (static or dhcp). The problem is that if Hostname is present as a property, which is required for static, it won't use the automatic naming mechanism required for DHCP, even if Hostname is null.
Is there a way to conditionally add or remove properties from a blueprint? Or, is there some other way to get this to work?
Thanks
I've looked on Amazon for a good book on VRA 7.3 and there isn't one. There aren't any cheap training courses available on Udemy, Lynda, or Pluralsite. Well there's one on Pluralsite but it's not current. Someone would make some money if they'd do a training course. Is there any self training resource out there out side of the the product documentation for VRA that you guys are using?
Thanks,
Pete
So now that we've moved to vRA7 we started to run into some weirdness after we hit 100 or so VMs. I think my problem is with the orchestrator plug-in for vRA. If I go to my Inventory - vRA - Shared Session - Items I'm missing lots of VMs / Deployments. If I refresh the items that are displayed change. It's almost like it's only able to display a certain amount of items and not everything. This is causing a huge problem for us. At build completion (XAAS) I'm doing a lookup by request ID to find the VMs / deployments that were provisioned as part of this request and change the owner. But I'm running into VMs and sometimes deployments that aren't being returned when I run this search and I'm assuming it's because they're not being found in the plug-in.
I've got a case open with Vmware on this as well. Just curious if anyone else has ran into it.
Hi guys
I need to get the custom properties of a machine over the vRA rest api. We currently have vRA 7.3 in place.
The strange thing they seems not to be available on the machine resource itself e.g.
https://{{vra-fqdn}}/catalog-service/api/consumer/resources/{id}
or
https://{{vra-fqdn}}/catalog-service/api/consumer/resourceViews/{id}
I searched now hours to find a way in the REST API doc of vRealize Automation 7.3. But without any success.
Use case I:
I have to get the custom property Snapshot.Policy.Limit value of a machine.
Use case II:
I have to get all the custom properties of a machine.
I hope you can help me with this issue. Thanks a lot in advance.
BR,
Simon
Hi
I'm currently stucked with the issue that I'm not able to check if an user is tenant admin or not over API.
What I have tried:
GET: https://{{vra-fqdn}}/identity/api/authorization/tenants/{{tenantId}}/principals/{{userId}}/permissions
The problem with this request is that if an user has not all business groups assigned you just get an empty permissions list.
So my question is how I'm able to check over the API if an user is tenant admin or not. (VRA 7.2)
Thanks for your help.
BR
Simon
I am following the Prepare a Windows Reference Machine to Support Software vRA 7.3 found here. The server is a Windows 2012 R2 OS. I extracted the JRE files and verified the java version. I extracted the GuestAgent files to c:\VRMGuestAgent.
Downloaded the bootstrap software, extracted to c:\temp. Went to c:\temp and ran the install.bat file, with an elevated command prompt, as the document says:
install.bat password=LOCAL ADMIN PW managerServiceHost=MY IAAS SERVER FQDN ServicePort=443 httpsMode=true cloudProvider=vca (as I am using vRA)
Everything runs without an error. When complete I end up in the c:\opt\vmware\app-director directory. I double check local users and the darwin account is not there.
Anyone else run into this issue?
