Hi All,

We are using CA signed certificate in VMware Cloud Servers and we already added respective certificate in Trusted root certification Authority but in log file We are getting below error:

Log file :

vcac: [component="iaas:DynamicOps.DEM.exe" priority="Error" thread="5004"] [sub-thread-Id="21" context=""  token=""] <?xml version="1.0" encoding="utf-16"?>

<boolean>false</boolean>

Workflow 'vSphereSnapshotInventory' failed with the following exception:

1. System.Data.Services.Client.DataServiceTransportException: The underlying connection was closed: An unexpected error occurred on a receive. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a receive. ---> DynamicOps.Common.Client.UntrustedCertificateException: Certificate is not trusted (RemoteCertificateChainErrors). Subject: , OU=*, O=, L=, S=, C=IN Thumbprint:

   at DynamicOps.Common.GlobalCertificateValidationManager.ServerCertificateValidation(Object sender, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)

   at System.Net.ServerCertValidationCallback.Callback(Object state)

   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)

   at System.Net.ServerCertValidationCallback.Invoke(Object request, X509Certificate certificate, X509Chain chain, SslPolicyErrors sslPolicyErrors)

   at System.Net.Security.SecureChannel.VerifyRemoteCertificate(RemoteCertValidationCallback remoteCertValidationCallback)

   at System.Net.Security.SslState.CompleteHandshake()

   at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)

   at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)

   at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)

   at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)

   at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)

Please find below details of servers :

• OS version : Windows 2012 R2 Standard – 64 bit
• vRA Version : vra 7.4

Certificate Details :

• Valid from : 7/6/2018 to 7/5/2020
• Signature Algorithm : sha1RSA

Please suggest

Provisioning is remaining progress forever and can see this

Initial pointers:

Manager server was continuously showing the below message:

[UTC:2018-05-16 07:09:50 Local:2018-05-16 07:09:50] [Trace]: [sub-thread-Id="14" context="" token=""] VMO: 00:00:02.0789878 elapsed: requested: 10 machines processing started

[UTC:2018-05-16 07:09:51 Local:2018-05-16 07:09:51] [Info]: [sub-thread-Id="14" context="" token=""] Machine ID 573814b5-271e-49c5-afce-2248a75920d6, Event name Provision: Waiting for workflow event to complete ...

[UTC:2018-05-16 07:09:51 Local:2018-05-16 07:09:51] [Info]: [sub-thread-Id="14" context="" token=""] Machine ID 573814b5-271e-49c5-afce-2248a75920d6, Event name Provision: Workflow event completed

[UTC:2018-05-16 07:09:52 Local:2018-05-16 07:09:52] [Trace]: [sub-thread-Id="14" context="" token=""] VMO: 00:00:03.3446447 elapsed: requested: 10 machines processing ended

Restarting the manager-service didn't help.

And then noticed that there were pile of VMs around (400+) in Requested state under "Infrastructure -> Managed Machines"

Had to remove all these VMs from this queue and then there were around 12 VMs which was not getting deleted from the UI, for this had to remove manually from the DB using https://kb.vmware.com/s/article/2144269  (KB2144269_RemoveVMFromVRA7).

After this provisioning succeeded.

Hello Tech folks,

Is there a way to create custom roles creation using REST api in VRA.

If yes, can someone help me with proper structure .

Hi again,

Following my just-posted previous question, describing our company's new internal cloud by implementing and integrating vSphere 6.7, vRA 7.4, NSX 6.4.3 and vRBC 7.5, we've set up a good pricing policy set for every blueprint or business group that we need to charge based on our company's internal financial procedures. But for provided NSX services, we are at step zero!

Based on vRBC guide documents, after integrating vRBC and NSX, there should be related features in Business Management section of vRA portal. But now we see the same five default options under "Network Services" in "Edit Pricing" of "Consumption > Private Cloud" section, and while "MTD Data" section is also empty!

Is there anything missing in the architecture or implementation? We need the system to find out all NSX network and security features/services for different users/owners dynamically and charge them based on admin-provided pricing scheme.

I appreciate all your helpful answers in advance.

Thanks,

-Ali

Ciao,

We've implemented and integrated vSphere 6.7, vRA 7.4 and NSX 6.4.3 in our company's internal cloud, and it's about to get operational. Surely there is lack of enough knowledge and experience with this new platform and products with us!

Well, we need to give access to our internal users to define and manage firewall rules for their VMs, but how? We've practiced security group and security policy works in infrastructure level along with buleprint works in vRA.

At current, the user as items owner can change the security group assignment of its VMs, which will be served by security groups/policies defined by NSX admin. But we really need to make it possible for the user to define its own desired firewall rules!

Please show me a clue!

Thanks,

-Ali

In VRA6.2 I have used below module to update Archive Days. But in 7.2 the same is not working. Any idea on how to do it?

ironPropretiesValue = new Properties();

ironPropretiesValue.put("ExpireDays", a_IronArchivedays);

actionResult = System.getModule("com.vmware.library.vcac").updateVCACEntity(hostId,modelName,entitySetName,entityIdString,ironPropretiesValue,links,headers) ;

All I need is a solution to set "Destroy On" date to user requested date and get the VM deleted on that day.

Hi,

I'm struggling with changing the default embedded vRO 7.5 authentication provider.

Configure the Authentication Provider for vRealize Orchestrator in Region A

Completely new deployment of vRA 7.5, following the VMware Validated Design 4.3 documentation as per the link above. My vRO instance does not enumerate the directory source configured in my rainpole tenant and hence I cannot change the authentication. Same thing is happening on 2 separate instances of vRA I have deployed. One was a three node cluster deployed with vRLCM. Another a single vRA node and single IaaS node deployed manually.

The only groups selectable are

vsphere.local\ALL USERS

vsphere.local\vcoadmins

Has anyone seen this? Appliance are joined to the domain.

Cheers

Has anyone done migrations FROM Azure to VMware?  I need to move 30-ish servers from Azure to VMware and it needs to be as smooth as possible with little to no downtime. 

We recently upgraded to vRA 7.5. Of course there have been a couple of strange things but this is the first time that destroying a VM has gotten stuck. Does anyone have an idea on where to look?

Hey Guys,

i have Problems with my vRO policies and do not know how to solve that Problem. Daily my policies are stopping due to an unkonw reason. what i found is the following:

Connection error: org.postgresql.util.PSQLException: FATAL: remaining Connection Slots are reserved for non-replication superuser Connection

Is it possible to see if the policies are running like:

systemctl  <Status> <servicename>

I would like to create a script in the appliance which checks if the policies are running and if not to send an email.

Where can i find the policies which are running on vRO in my console?

Hi,

We have been experiencing inconsistent behavior with vRealize Automation 7.5 Authentication provider configuration which, when we do get configured, leads to even more inconsistent workflow execution. I now have 4 vRealize Automation environments configured in an attempt to determine the cause of our issues. As per my previous post a deployment of the vRA 7.5 Appliance and specifically the configuration of an Authentication Provider in vCO control center is a hit or miss affair for reasons I have not been able to identify. When I do manage to get a domain authentication source and admin group configured several workflows which we use in our vRA environment fail at the very first scriptable task with a java.lang.NullPointerException. When changing the Authentication source back to the default tenant (vsphere.local) with the admin group vsphere.local\vcoadmins my issues with workflows are gone and the workflows I am using proceed and function as expected.

In the vRO logs am event showing the following is logged...

VRAAuthorizationQueryService Failed while finding roles for principalId: "{Name: service-vra, domain: corp.local}", tenant" "corp". Granting an Operator role.

Suffice to say the Directory for our tenant corp was added without issues in vRA and the connector is joined to the domain. This issue is now occurring in all 4 environments I have deployed to isolate the issue and occur whether we are using a full enterprise deployment of 3 vRA nodes and 8 Windows VMs or a single vRA node and single IaaS VM.

I am unsure what I can next try to get a domain authentication source configured in vRO. Keeping the source as local is less than ideal and not in line with the VMware Validated Design architecture for 4.3.

Cheers

I am currently deploying servers into our AWS environment via an AWS Blueprint in vRA 7.3. 

In the 'Infrastructure' -> 'Administration' -> 'Instance Types' portion of vRA, I have defined the instance types to associate to my blueprints, as well as set their storage size. We are wanting to default all builds to have an 80gb root drive.

When I deply my blueprint, per my request, I do see the disk size being 80gb. But when I get into the AWS console, every build is building at 30gb. 

Is there something in AWS that I am missing causing this to happen?

I've been banging my head against this one for a bit now, and am just not running across the correct way of doing this. Hopefully some of you can help. I'm trying to get all data about a vRA deployment via the event broker and pass that across to a vRO workflow.

We are currently using the Machine Provisioning event subscription to grab all the relevant information about an individual VM during deployment for all sorts of useful tasks, but now we're needing to grab data about an entire deployment. To simplify for example sake, we have a blueprint that has two machines attached to a single load balancer. We want to kick off a workflow when this deployment is requested which can get the load balancer name, load balancer IP, and properties from the VMs so we can generate a hostname by combining this information and kick off a request to create a DNS entry for the load balancer.

How can we get all relevant information from a deployment via the event broker in the same way we can from an individual machine deployment?

Hi!

I'm trying to find a way to run "Reconfigure" action in the vRO to change network portgroup for my machine (and script some stuff-related changes in my environment, of course). It seems easy with other actions (like snapshots, power on/off" but not with this one. I figure out to get "Form", but when I tried vCACCAFERequestsHelper.getRequestFormForResourceAction(Reconfigure) i got "Form" i know nothing to do with It is wrapped LiteralMap/lang.Iterable bla-bla...

var fields = vCACCAFERequestsHelper.getFormKeys(form) ----- Fields = provider-MachineName,provider-machineId,provider-operationId

So, anybody knows the right direction to crack this quest?

daphnissov - you are the expert with this "dark magic" - would appreciate any thoughts/help!

Hi All,

I know this is probably a long shot, however figured it was worth asking.

We have a vRA7.3 deployment, and were curious if there is ANY way, (easy or hack and slash) to change the logon window.

We want to remove or edit the "Forgot Password" at the bottom of the logon window (see attached).

Ideally we would like to have a hyperlink in its place or anywhere else in the logon window, that directs users to an intranet site with instructions on how to access and use the solution.

I will reserve any criticism, as the product has many shining qualities that make up for its deficiencies.

Thanks in advance.

Hello.

My workflow has an 'User Interaction' element as part of the pre-approval workflow.

The user is able to see the request pending for approval in their Inbox->Manual User Action. But many times there is a second request with same details also waiting.

What then happens is that once the user responds to one of the identical approval request, the other one becomes stale. Not able to clear those requests at all. It is there always.

Two questions regarding this.

1. Why is there a duplicate? I tested this in the lab before pushing to QA. It is fine in lab but not in QA.  What causes this duplicate?

2. How to clear these stale Manual User Action requests?

Thanks

-SS

We recently split out our vCenter clusters and need to migrate all the Windows VMs from the shared cluster reservation to a new reservation. As we have ~200 VMs to move, I'd prefer to do this in some sort of batch job. I'd prefer PowerShell, but from what I understand CloudClient should be able to do the job.

For the sake of completeness, we're running the following:

• vRA 7.2
• CloudClient 4.4.0
• vSphere 6.5

The old reservation is "Windows - 01", we need to move the Windows VMs to "Windows - 02" (super descriptive names, I know).

I was able to successfully log in interactively to vRA and the IaaS service, then change the reservation for a single vm (and back again):

CloudClient>vra machines change reservation --ids restest01 --reservationName "Windows - 02"

Successfully sent request to register machine restest01

CloudClient>vra machines change reservation --ids restest01 --reservationName "Windows - 01"

Successfully sent request to register machine restest01

I'd like to source the list of machines somehow (manually grab, use PowerShell, cloud client.. something), then provide that list of machines that need to move to cloud client. The first step will be try the change above from command line, but I'm getting auth errors:

C:\temp\cloudclient\4.4.0\VMware_vRealize_CloudClient-4.4.0-5511232> .\bin\cloudclient.bat vra machines change reservation --ids restest --reservationName "Windows - 02"

Picked up _JAVA_OPTIONS: -Djava.net.preferIPv4Stack=true

JRE Version: 1.8.0_121

Dec 07, 2017 3:45:45 PM org.springframework.shell.core.SimpleParser parse

WARNING: com.vmware.cloudclient.exception.CloudClientException: Failed to convert 'restest01' to type CloudMachineView[] for option 'ids'

Dec 07, 2017 3:45:45 PM org.springframework.shell.core.SimpleParser parse

WARNING: Authentication Error : Login required.

I've tried generating a CloudClient.properties file, and an encoded credential, but it doesn't seem to want to work.

Thoughts?

Im attempting to fetch a list of objects from vRA where there might be more than 100 objects returned. Im executing an OdataRequest but its still limited to 100 return results. Is this expected or should this allow me to return more than 100 items?

service = cafeHost.createCatalogClient().getCatalogConsumerResourceService();

var filter = new Array();
filter[0] = vCACCAFEFilterParam.substringOf("organization/subTenant/id", vCACCAFEFilterParam.string(bg.id));
var query = vCACCAFEOdataQuery.query().addFilter(filter);
var odataRequest = new vCACCAFEPageOdataRequest(1, 10000, query);
resources = service.getResourcesList(odataRequest);

Request was denied due to exceeded resource size limit. The maximum number of resources allowed is 100.

If this "work around" does not allow me to return more than 100 objects in a single query does anyone have any usable examples of iterating through pages and concatenating the results into a large array?

Hi,

I've searched for an answer to my question without much luck which may mean it is not possible (or it seems to be possible with Sovlabs module).

A business group needs to be able to create machines with either srv-web-### or srv-app-### as a machine prefix. Using two blueprints is one solution, but what I would like to do is, with one blueprint, to present the user with the option of which type of server he/she wants to create. I've seen several examples on how to manipulate the name, but they don't seem to keep the numbering the way I want to.

Let me explain what I mean by some examples.

1. User creates a web server that gets the name srv-web-001.

2. User creates a app server that get the name srv-app-002.

3. User creates a web server that get the name srv-web-003.

4. User creates a app server that get the name srv-app-004.

What I want is:

1. User creates a web server that gets the name srv-web-001.

2. User creates a app server that get the name srv-app-001.

3. User creates a web server that get the name srv-web-002.

4. User creates a app server that get the name srv-app-002.

So my question is, is it possible to "replace" or set the machine prefix to be used at request time? Ideally this would be possible "natively" with vRA, but suggestions on how to accomplish this with scripting/workflows will be greatly appreciated.

Thanks in advance.

GB