Similar Questions

• Several problems with VRO 7

  Just a little survey here if someone else saw the same problems I know with VRO 7, or is my installation just watered somehow

  -Copy and paste items from workflow no longer works in the workflow designer, it worked very well on VCO 5.x and I think than 6.x also

  - VRO 7 won't save in vSphere Web Client 6.0 u1, at least when using vSphere authentication mechanism next VRO. User error, see answer below.

  -Workflow Designer seems terribly talkative on network, much larger than in previous versions. I'm having serious slow and even complete hangs Workflow Designer when I access remote server VRO. Remote connection is IPsec VPN internet connection over 10/100 Mbps, with 4ms latency between client and server.

  At least these questions were annoying me on VRO 7, anyone else have similar experiences?

  vRO 7 is no more based on the mechanism of the vCenter extensions and for this reason extension is not created by default when you configure a host to vCenter. You still have the workflow you need to manage the extensions in the configuration for the vCenter plugin folder. vSphere WebClient can find vRO server by looking at the extensions on vCenter.

• VRA unable to create groups of companies with the same name in different tenants with vRO

  vRA 6.2.2 Build - 2754020

  vRO 6.0.1

  Through the vRA GUI I can create groups of companies with the same names in different tenants as follows:

  Tenant1: BusGroup1, BusGroup2, BusGroup3

  Tenant2: BusGroup1, BusGroup2, BusGroup3

  
  

  However, to create business groups with the same names in different tenants via the vRO, specifically the workflow plugin Library / vCloud Automation Center / Administration / Business groups / create a group of companies, fails in the second tenant with the below error:
  

  
  

  [42106] the specified condition is not respected for 'name '. (Name of the dynamic Script Module: createBusinessGroup #12)

  If I change the naming convention to be different by tenant, then I have no problem. I thought it might be a restriction in the product, but as said I was able to create with the names of same origin through the user interface.

  Anyone experience the same thing?

  This is a known problem within IaaS API the plugin vRO uses to manage groups of companies through business groups workflows. You don't have the same problem of the vRA UI because the user interface (according to the 6.x) does not use the same API IaaS to manage groups of companies.

  The only alternative to 6.x for now is to directly use the helper generic entity Manager plug-in itself. You can take a look at the first example in example CRUD Infrastructure tasks management Scripts.

  I hope it helps.

  Sergio

• vRO vRA 6.2 plugin compatibility with vRO 5.5.1

  Has anyone tested vRA 6.2 plugin on vCO (vRO) 5.5.1?

  When I install the plugin plugin said vCACCAFE will carry out the installation at the next startup of the server. but never install after several reboot.

  The interoperability matrix says they are interoperable.

  

  Also, what would be the trade off with vCO that comes with vRA 6.2

  I will not be able to ask them

  He has figured out with the built-in vCO which is obtained 6.0.

• Can access VCSA with the root account, but cannot access vSphere with the same root account

  I am able to connect to the VCSA (: 5480) with the created password for root, but I can't log in vSphere (: 9443) with this same root account).  It seems that the password has been correctly set, but weird that I can connect to one and not the other.  I recently improved bed and breakfast ESXi and VCSA version 5.5 Update 2, but don't think that should have an effect on.  Any suggestions?  Help, please.

  Understand the problem.  When you change the field by default to another identity source, you must type root@localos as the user name to use the root account.

• vRO Plugin not appearing is not on VCSA w/external PSC

  I'm new with vRO and can't seem to get the plugin from vRO registered in vCenter.  My config is vRO 7 (appliance) pointed at a PSC external (device) that is related to a device server vCenter (6.0U1).  When I look in the vCenter MOB in the plugins section, I don't see the plugin for vRO.  I can run the flow of vRO for vRO w/vCenter device registration and for the registration of the plugin.  Everything seems to pass.

  I can connect to via SSO vRO.

  I can run select the correct vCenter during exploration down with a workflow, and then select the correct object to perform something against.

  You are looking for ideas/pointers that anyone can have.  It just seems to work, but when I click with the right button on a vCenter server object (say a VM) and try to run a stream of vRO against her in the webclient service, I was moved to the vRealize Orchestrator section but the intermediate screen is just gray and nothing happens.

  Thanks in advance.

  In the CROWD, there is no entry extensionList ["com.vmware.vco"] , which could mean this workflow "Register vCenter Orchestrator as a vCenter Server extension" has failed to create the extension for some reason any.

  Could check you vRO log file (located in /var/log/vco/app-server/server.log) server errors/exceptions? It is possible that the error is caught in the Java code and not spread to the user interface.

  Also, what user you used to invoke the workflow? This user has enough permissions vCenter side? Registration/change/remove extensions require some level of permissions.

• State HTTP 500 when you point vRO 7.0.1 at Insight Log

  When you configure integration journal Insight with vRO 7.0.1 via the control center ("Intégration Logging" menu), the following error message appears and it does not matter which port or whatever via CFAPI or SYSLOG. Others could not confirm this behavior?

  Pivotal tc DURATION 3.1.3.SR1/8.0.30.C.RELEASE - error report

  HTTP status 500 - impossible to edit the configuration file of newspaper the Agent!

  type of Exception report

  message Impossible to edit the configuration of the Agent log file!

  Description The server encountered an internal error that prevents to satisfy this demand.

  exception

  java.io.IOException: Failed to edit Log Insight Agent configuration file! com.vmware.o11n.configuration.editors.LogInsightAgentConfigurationEditor.exec(LogInsightAgentConfigurationEditor.java:149) com.vmware.o11n.configuration.editors.LogInsightAgentConfigurationEditor.save(LogInsightAgentConfigurationEditor.java:100) com.vmware.o11n.configuration.logging.ConfigureLogging.commit(ConfigureLogging.java:59) com.vmware.o11n.controlcenter.logging.LogsController.acceptWizzard(LogsController.java:190) sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) java.lang.reflect.Method.invoke(Method.java:498) org.springframework.web.method.support.InvocableHandlerMethod.doInvoke(InvocableHandlerMethod.java:222) org.springframework.web.method.support.InvocableHandlerMethod.invokeForRequest(InvocableHandlerMethod.java:137) org.springframework.web.servlet.mvc.method.annotation.ServletInvocableHandlerMethod.invokeAndHandle(ServletInvocableHandlerMethod.java:110) org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.invokeHandlerMethod(RequestMappingHandlerAdapter.java:814) org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter.handleInternal(RequestMappingHandlerAdapter.java:737) org.springframework.web.servlet.mvc.method.AbstractHandlerMethodAdapter.handle(AbstractHandlerMethodAdapter.java:85) org.springframework.web.servlet.DispatcherServlet.doDispatch(DispatcherServlet.java:959) org.springframework.web.servlet.DispatcherServlet.doService(DispatcherServlet.java:893) org.springframework.web.servlet.FrameworkServlet.processRequest(FrameworkServlet.java:969) org.springframework.web.servlet.FrameworkServlet.doPost(FrameworkServlet.java:871) javax.servlet.http.HttpServlet.service(HttpServlet.java:648) org.springframework.web.servlet.FrameworkServlet.service(FrameworkServlet.java:845) javax.servlet.http.HttpServlet.service(HttpServlet.java:729) org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:316) org.springframework.security.web.access.intercept.FilterSecurityInterceptor.invoke(FilterSecurityInterceptor.java:126) org.springframework.security.web.access.intercept.FilterSecurityInterceptor.doFilter(FilterSecurityInterceptor.java:90) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) org.springframework.security.web.access.ExceptionTranslationFilter.doFilter(ExceptionTranslationFilter.java:114) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) org.springframework.security.web.authentication.AnonymousAuthenticationFilter.doFilter(AnonymousAuthenticationFilter.java:111) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter.doFilter(SecurityContextHolderAwareRequestFilter.java:169) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) org.springframework.security.web.authentication.www.BasicAuthenticationFilter.doFilterInternal(BasicAuthenticationFilter.java:213) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) org.springframework.security.web.authentication.ui.DefaultLoginPageGeneratingFilter.doFilter(DefaultLoginPageGeneratingFilter.java:162) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter.doFilter(AbstractAuthenticationProcessingFilter.java:205) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) org.springframework.security.web.authentication.logout.LogoutFilter.doFilter(LogoutFilter.java:120) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) org.springframework.security.web.header.HeaderWriterFilter.doFilterInternal(HeaderWriterFilter.java:64) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) org.springframework.security.web.context.request.async.WebAsyncManagerIntegrationFilter.doFilterInternal(WebAsyncManagerIntegrationFilter.java:53) org.springframework.web.filter.OncePerRequestFilter.doFilter(OncePerRequestFilter.java:107) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) org.springframework.security.web.context.SecurityContextPersistenceFilter.doFilter(SecurityContextPersistenceFilter.java:91) org.springframework.security.web.FilterChainProxy$VirtualFilterChain.doFilter(FilterChainProxy.java:330) org.springframework.security.web.FilterChainProxy.doFilterInternal(FilterChainProxy.java:213) org.springframework.security.web.FilterChainProxy.doFilter(FilterChainProxy.java:176) org.springframework.web.filter.DelegatingFilterProxy.invokeDelegate(DelegatingFilterProxy.java:346) org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:262) 

  Note Track of the full stack of the root cause is available in the tc pivot balls TERM 3.1.3.SR1/8.0.30.C.RELEASE.

  ---

  Pivotal tc LIFE 3.1.3.SR1/8.0.30.C.RELEASE

  Yes, this could be a possible bug that during the upgrade permissions are not defined properly.

  What you can do is open the file/etc/sudoers, and towards the end, there should be the following line

  vco     ALL=(root) NOPASSWD: /etc/init.d/vco-server, /etc/init.d/vco-configurator
  

  Replace it with the following line

  vco     ALL=(root) NOPASSWD: /etc/init.d/vco-server, /etc/init.d/vco-configurator, /var/lib/vco/configuration/bin/config_liagent.sh
  

  Not sure if the change will take effect immediately after save if you can reboot the device.

• How to connect the vCO vRO action name programmatically?

  Anyone know if we can save name of the action by programming just as a workflow name can be made, something like Workflow.action.name?  This helps identify what action the failure occurred.

  Jörg have already said, there is not such a generation - in function. However, you can use the default, that Rhino javascript engine of capabilities to achieve what you're trying to do. Use this:

  //VRO's arguments.callee.name implementation will always return the String "Module + action name".
  //We remove the "Module" prefix. Remember: while this works with vRO 6 and 7, it may stop working if the RHINO implementation changes.
  var actionName = arguments.callee.name.substr(6);
  //Keyword this represents the module this action is part of. The Module scripting object provides access to the name property.
  System.log("The currently running action is: " + this.name + "." + actionName);
  

  Concerning

  Robert

• mgmt vCenter/vCSA and non routable network

  How are they managing get you all vCSA connected non-routable management network without burdening the network mgmt vCSA? I have the VLAN for all networks (mgmt, vmotion, storage) and network of the vm on VLAN 0. When install vCSA you use a routable IP address, but after that, I have to add the network mgmt to the vCSA in order so that it connects to the host, but it does not seem like the right way. vCSA with extra vnic is not supported.

  How do you manage this?

  Well, you need to sort out why one needs a management not routed network. In case it is a safety requirement, you would probably violate it by multiple your vcenter.

  In order to manage your vCenter inventory you would be obliged to get in this isolated NET or create a safe / trust / hardened machine multi-homed "jumpbox" that could be used for management activities.

• Connection to BSA VRO

  Hello

  We have a requirement where we need to integrate BSA BMC with VRO... like many, I checked this can be done through SA BMC plugin... but y at - it an option to connect to BSA without using a plugin from VRO...

  Thank you

  Mano

  Hello

  Take a look at the 'CLITunnelService', 'CLILoginService', 'AssumeRoleService' and the 'RESTRequestService' of BSA.

  (Using BMC Automation - SOAP Web Services - BMC Automation 8.5-BMC Documentation Server server)

  You can connect the vRO to BSA via SOAP and REST. We use a combination of these two protocols.

  (No special Plugin required)

  Example: CLITunnelService SOAP to URL:

  https://: 9843/services/CLITunnelService

  Example: Get a ServerId of BSA inventory through REST:

  -REST-Host: https://: 9843 /

  -REST-operation: / group/Servers //? NAME = {myServerName} & username = myUserName} & password = {myUserPassword} & role = {myUserRole}

  Kind regards

  Marc

• vRO 7 Active Directory plugin return objects of computer when type is set to 'user '.

  First of all, I would like to say that so far its looking like the AD plugin provided with vRO 7 actually work with our directory.  The last time I tested, it was still too slow and unstable.  I don't know if it's something on our end or the result of the changes made vRO team but its promising.

  I'm curious to know if I'm testing something wrong however.  Looks like using functions return types of objects other than "User" when I specify this type of ActiveDirectory.search*.  I certainly see computer objects.  If I specify "ComputerAD" as the type search filtering seems to work because I see only the computers.

  Also, is there a way to specify the field to search?  We created a workflow that is enveloping the dsquery command and query against specific fields.  Is there a way to format the query string for target field?

  > I'm curious if I'm testing something wrong but.  Looks like using functions return types of objects other than "User" when I specify this type of ActiveDirectory.search*.  I certainly see computer objects.  If I specify "ComputerAD" as the type search filtering seems to work because I see only the computers.

  If you check the schema Active directory, you will see that, for example, the computer object is subclass of the user. What makes the user object type.

  If you look at the property of a user object's objectClass, you will find the following object classes "person; organizationalPersion, high; user ".

  If you look at the objectClass for a computer object property, you will find the following object classes "high; person; organizationalPersion; computer user.

  When AD plugin runs the query for user objetcs, it limited the result based on the object class by asking all objects that have at least after classes "person; organizationalPersion, high; user", but does not specify that class of the object hierarchy does not contain others. That's why he also returns in the form of the user computer.

  We maintain this behavior for bakward compatibility with the old version of the plugin, but I agree that it wise to limit your search only to the objects 'User '. You can open a request from client for the appropriate follow-up.

  > Also, is there a way to specify the field to search?  We created a workflow that is enveloping the dsquery command and query against specific fields.  Is there a way to format the query string for target field?

  As much as I know there is no such possibiliy in current plguin. There are several requests about the generic search method allowing the use of the LDAP syntax directly to mark against ad server. We are considering adding these features to the plugin, but it is a metter of priorities.  Somethig like AdHost.search (ldpa_query_string)

  Not sure if this will solve your use cases. Could you give a little more detais arround it. Example of workflow will also help.

• Interact with ssh session?

  I want to the domain (domain join) join a Linux VM recently deployed.  The only way I can think to do is run Kingdom join via SSH, but requires a password rather than taking it as an argument (in other words, he did the right thing).  Can I somehow send text over the hose?

  And assuming that I can do, how can I convert a SecureString to a string?  I guess that's not possible, so I drizzled on this method too.

  How else people unite their Linux virtual machines, deployed with vRO?

  If you are planning a workflow, value for the entry of type SecureString is stored encrypted in the database. But there are also other cases, for example. If you connect using System.log (), I think it appears in clear text in the log file.

• PSC external - VCSA Gets the invalid credentials

  I recently deployed a PSC external, using the device of VCSA 6.0 U1 recently made public.  Beginning of the PSC external deployment took place without a hitch.  No problem whatsoever.  However, when it comes to then deploy the VCSA with a PSC external, I get the invalid credentials.

  The PSC and VCSA are on the same subnet, and I deploy from my office.  There is no firewall between them and no control of the East-West traffic that could be disturbing the communication.  I can telnet to the PSC to my office on 443.  No internal certs are used, just the standard self-signed certs of VMware.

  I do NOT use the PSC HA config where an F5 (or any other load balancing program) comes into play.  Just a PSC and a device of vCenter (with the same configuration in another data center and related enhanced modes enabled... If I ever get to this point).

  Any ideas?  I think I've exhausted all the Vmkware KB and google this thing to death.

  

  I also see these things in the newspaper of the csd, that correspond with invalid credentials messages in the vcsa newspapers:

  2015-09-15 15:17:51] request [INFO] 1151 - [sso: QyUT-UDyA-Okks-RXbt] .validate: receipt.

  [2015-09-15 15:18:12] [ERRO] Ask 1151 - [sso: QyUT-UDyA-Okks-RXbt] .validate: ERROR_GET_DOMAIN_NAME error status: failure to the UNIQUE application of '005F2F80' authentication domain: 58

  [2015-09-15 15:18:19] [INFO] Ask 1153 - [session: session] .ping: receipt.

  [2015-09-15 15:18:49] [INFO] Ask 1154 - [session: session] .ping: receipt.

  [2015-09-15 15:19:19] [INFO] Ask 1155 - [session: session] .ping: receipt.

  [2015-09-15 15:19:47] [INFO] Ask 1157 - [sso: QyUT-UDyA-Okks-RXbt] .validate: receipt.

  [2015-09-15 15:20:08] [ERRO] Ask 1157 - [sso: QyUT-UDyA-Okks-RXbt] .validate: ERROR_GET_DOMAIN_NAME error status: failure to the UNIQUE application of '005F2D18' authentication domain: 58

  [2015-09-15 15:20:08] [INFO] Ask 1158 - [session: session] .ping: receipt.

  [2015-09-15 15:20:19] [INFO] Ask 1160 - [session: session] .ping: receipt.

  [2015-09-15 15:20:49] [INFO] Ask 1161 - [session: session] .ping: receipt.

  [2015-09-15 15:21:19] [INFO] Ask 1162 - [session: session] .ping: receipt.

  [2015-09-15 15:21:49] [INFO] Ask 1163 - [session: session] .ping: receipt.

  [2015-09-15 15:22:11] [INFO] Ask 1165 - [sso: QyUT-UDyA-Okks-RXbt] .validate: receipt.

  [2015-09-15 15:22:32] [ERRO] Ask 1165 - [sso: QyUT-UDyA-Okks-RXbt] .validate: ERROR_GET_DOMAIN_NAME error status: failure to the UNIQUE application of '005F2D70' authentication domain: 58

  [2015-09-15 15:22:32] [INFO] Ask 1166 - [session: session] .ping: receipt.

  [2015-09-15 15:22:49] [INFO] Ask 1168 - [session: session] .ping: receipt.

  [2015-09-15 15:23:19] [INFO] Ask 1170 - [session: session] .ping: receipt.

  [2015-09-15 15:23:44] [INFO] Ask 1173 - [sso: QyUT-UDyA-Okks-RXbt] .validate: receipt.

  While this may be caused by an incompatibility of certificate, in my case, it was a problem with the office network.  While port 443 is open to the ESXi host and the PSC external UDP 123 was not, and did not observe in any newspaper, it seems to have been the problem.  NTP on the PSC itself worked fine.

  As a test, I tried to deploy VCSA w/year embedded PSC.  This deployment also failed NTP citing it as a problem.  Changing the setting to synchronize with the host allowed FRO deployment to continue.  If you have a similar problem with invalid credentials, this can be a good test for you as well to make sure that UDP 123 is accessible from your desktop.  I don't know why it should be, but I can only assume that the place from which you are running the installation acts as a proxy for communication of all kinds.

  So in addition to making sure DNS lookup front and rear work correctly, verify the port 443 to the PSC external target host and if these things are good, try to deploy a device VCSA with the PSC incorporated using NTP for time synchronization.  If this fails, you may need to change your deployment location (unless it's easy for you to get this open port).

  Simply, I built a Windows VM base on the same subnet as my other management/infra peripheral, pushed the .iso from a store of data and mounted on this VM and connected to install it there.  Went off without a hitch.

• Remove objects from the AD when a virtual machine is removed from the vCenter with vCO

  All,

  I am new to vCenter Orchestrator and have bad getting started with him.  I'm trying to figure out how to automatically remove the Active Directory from the computer object when it is deleted in vCenter.  My idea is when the virtual machine is removed, it starts a workflow that deletes the object.  I don't know how to call that or if it is still possible.

  The problem I am trying to solve, is that our developers are self provisioning of servers Windows and Linux through vCAC in the realm of 50 + per day.  They also remove most of them in 5 or 6 days causing much left on objects cluttering up AD.   So I try to find a way to have the deleted object when they destroy their vCAC provisioned machines.  My original idea was to make based on the GUID and UUID but I not figure out how to actually call with vRO.  I'm open to other ideas that can adapt to this task better, no need to force this idea of the solution to the problem if someone already knows a way to do that.

  Little background information is that I'm under vCenter 5.5 Update 2, 6.1 and vCO 5.5.2 vCAC.  The objects being deleted are Windows 2008 R2, Windows 2012 R2 and CentOS 6.5 servers.

  Thank you in advance, I think that once I get more of an idea on how it works, I'll be able to deploy more ideas.

  This can be achieved by simply adding following some custom properties in your Machine Blueprint or group of companies in VCAC.

  Plugin.AdMachineCleanup.UserName-

  Plugin.AdMachineCleanup.Password-

  Plugin.AdMachineCleanup.Execute

  Plugin.AdMachineCleanup.Delete

  Otherwise, create a profile to build using above set of custom properties, this way it will be easy for you to add in several plans in your environment vCAC.

• Get data center or resource pool by using script vRO

  I am trying to build a service plan, but don't want the user to have to enter the information pool or a folder of resources.

  How to retrieve the objects as a data center pool or resource using the vRO scripting language?

  I'm trying to use var myDatacenters = VcPlugin.getAllDatacenters (); to retrieve a list of data centers to go, but I'm back zero results.

  Are there tricks to do this?  Should I connect to vCenter?  VCenter may not communicate with vRO?

  Any help would be greatly appreciated!

  I solved this by running a configuration in vRO workflow that adds an instance of vCenter vRO.