Hi,

I have set up VCO to use kerberos for adding a powershell host before.

It works great.

I had to set up a second VCO instance to be able to talk to some clients behind a firewall via SSH and powershell. The "regular" VCO instance can't talk to these clients becuase opening ports for the working VCO is not an option.

SO, the workaround was, I set up another vco instance, got it added via the multi-node plugin, etc..

The issue came when I tried to add a server as a powershell host. I copied and pasted the krb5.conf file from the working VCO.

Everything is in the same domain as the "working" VCO/powershell host.

When I try to add the troublesome host I get the following error:

Workflow execution stack:

***

item: 'Add a PowerShell host/item8', state: 'failed', business state: 'null', exception: 'No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))) (Dynamic Script Module name : addPowerShellHost#19)'

workflow: 'Add a PowerShell host' (EF8180808080808080808080808080803D80808001270557368849c62c352aa82)

|  'attribute': name=errorCode type=string value=No valid credentials provided (Mechanism level: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7))) (Dynamic Script Module name : addPowerShellHost#19)

|  'attribute': name=sslUrl type=string value=https://powershellhost.fnal.gov:5986/wsman/

|  'input': name=name type=string value=powershellhost

|  'input': name=type type=string value=WinRM

|  'input': name=transportProtocol type=string value=HTTPS

|  'input': name=port type=string value=5986

|  'input': name=hostName type=string value=powershellhost.domain.com

|  'input': name=username type=string value=username@subdomain.domain.com

|  'input': name=password type=SecureString value=__NULL__

|  'input': name=sessionMode type=string value=Shared Session

|  'input': name=authentication type=string value=Kerberos

|  'input': name=acceptAllCertificates type=boolean value=true

|  'input': name=shellCodePage type=string value=IBM437

|  'output': name=host type=PowerShell:PowerShellHost value=null

*** End of execution stack.

I have consulted The Great Oracle (google), and what it told me was that this is usually a DNS issue, but I have checked my DNS, and I can resolve the hostname, as well as all the KDCs.

I have looked at the firewall activity, and can see the VCO server talking to the KDC on port 88, the DNS servers on 53, the Powershell Host on 5986. I dont think it's a Firewall issue.

If anyone has any ideas, I'd appreciate it.

Jason

I'm trying to run a view powercli script on our connection server. I eventually want to include it in a larger workflow.

Trying to make use of the Run Program in Guest workflow but am getting this error:

Workflow execution stack:

***

item: 'Run program in guest/item1', state: 'failed', business state: 'null', exception: 'A general system error occurred: vix error codes = (3004, 0).

(Workflow:Run program in guest / Scriptable task (item1)#15)'

workflow: 'Run program in guest' (C98080808080808080808080808080805E80808001322751030482b80adf61e7c)

|  'input': name=vmUsername type=string value=pakauffm

|  'input': name=vmPassword type=SecureString value=__NULL__

|  'input': name=vm type=VC:VirtualMachine value=dunes://service.dunes.ch/CustomSDKObject?id='shqvmwap60.cabelas.corp/vm-3835'&dunesName='VC:VirtualMachine'

|  'input': name=interactiveSession type=boolean value=false

|  'input': name=programPath type=string value=C:\Scripts\DisableProvisioning\getpool.ps1

|  'input': name=arguments type=string value=

|  'input': name=workingDirectory type=string value=

|  'input': name=environment type=Array/string value=null

|  'output': name=result type=number value=null

|  'no attributes'

*** End of execution stack.

For common parameters I input username and password, select the virtual machine, and select no for interactive session (if I select yes I get vix error code 3035).

Program Path: Path to ps1 file

Arguments: Null

Working Directory: Null

Environment: Null

Obviously I'm doing something wrong. The vix error code reference says the program can't run. Can someone provide some advice?

Hello,

I am having an issue when using the foreach loop to launch a workflow. I am iterating over a list of servers.

I have chosen the option to "Catch any exception and continue with the next iteration", but any time the child workflow throws an error, the entire workflow fails....   it does not continue to the next iteration.

What I would like to have happen is for the error to be caught, so I can report that the iteration failed for a specific target, while continuing to process the rest of the targets. 

I considered trying to manually track success failure and suppress error-throwing in the child workflow, but I would rather not do that.  The child workflow can be run independently, and I would like it to correctly report as successful/failed.

Any ideas?

David

I am trying to use a "Rename virtual machine folder" workflow as an inner call in my wrapper workflow to perform a rename and then log folder name value to console in my wrapper. It works most of the time but once in awhile I find that vc:vmfolder.name produces value of the folder prior to rename even though rename occurred successfully. Any suggestions on how to get consistent results with something like that? reload method on folder object doesn't seem to help.

Hello,

I'm attempting to deploy vRO(7.3.0.21553-5521409) and I'm having issues with the authentication setup.

I have configured the appliance using vSphere authentication, and have pointed it to an external PSC. It signs in successfully using administrator@vsphere.local, I accept the certificate which is returned from the PSC, I specify the default domain(default domain of the PSC), and I select an Administrator group(which it pulls from the PSC successfully).

At this point, everything looks good(to my untrained eye). But as soon as I save this configuration, I am forwarded to a HTTP 404 page and cannot log into Control Center - unless I SSH to the host and reset the authentication back to default.

Both the vRO and the PSC have forward/reverse lookup records.

Within the server.log I see a number of errors, including the following:

2017-10-21 19:32:50.938+0000 [serverHealthMonitorScheduler-1] ERROR {} [AuthenticationHealth] Unable to check authentication provider, assuming authentication provider is not properly configured.

java.lang.RuntimeException: java.lang.RuntimeException: com.vmware.vcac.platform.rest.client.support.RetriableOperation$RetriableException: Retriable operation failed after the maximum number of attempts - [3]

  at com.vmware.o11n.security.sso.SSOCache$3.newValue(SSOCache.java:167)

  at com.vmware.o11n.security.sso.SSOCache$3.newValue(SSOCache.java:153)

  at ch.dunes.util.CleanableTemporalVariable.get(CleanableTemporalVariable.java:22)

  at com.vmware.o11n.security.sso.SSOCache.getAdminClient(SSOCache.java:174)

  at com.vmware.o11n.security.sso.admin.SsoLdapFactory.findGroup(SsoLdapFactory.java:450)

  at com.vmware.o11n.security.sso.admin.SsoLdapFactory.findElement(SsoLdapFactory.java:320)

  at com.vmware.o11n.service.ldap.LdapCenterImpl.findLdapElement(LdapCenterImpl.java:89)

  at com.vmware.o11n.service.healthstatus.AuthenticationHealth.checkAuthenticationProvider(AuthenticationHealth.java:119)

  at com.vmware.o11n.service.healthstatus.AuthenticationHealth.getHealthStatus(AuthenticationHealth.java:51)

  at com.vmware.o11n.service.healthstatus.AuthenticationHealth.getHealthStatus(AuthenticationHealth.java:27)

  at com.vmware.o11n.service.healthstatus.ServerHealthMonitor.checkStatus(ServerHealthMonitor.java:105)

  at sun.reflect.GeneratedMethodAccessor230.invoke(Unknown Source)

  at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43)

  at java.lang.reflect.Method.invoke(Method.java:498)

  at org.springframework.scheduling.support.ScheduledMethodRunnable.run(ScheduledMethodRunnable.java:65)

  at org.springframework.scheduling.support.DelegatingErrorHandlingRunnable.run(DelegatingErrorHandlingRunnable.java:54)

  at org.springframework.scheduling.concurrent.ReschedulingRunnable.run(ReschedulingRunnable.java:81)

  at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:511)

  at java.util.concurrent.FutureTask.run(FutureTask.java:266)

  at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.access$201(ScheduledThreadPoolExecutor.java:180)

  at java.util.concurrent.ScheduledThreadPoolExecutor$ScheduledFutureTask.run(ScheduledThreadPoolExecutor.java:293)

  at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1142)

  at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:617)

  at java.lang.Thread.run(Thread.java:748)

Caused by: java.lang.RuntimeException: com.vmware.vcac.platform.rest.client.support.RetriableOperation$RetriableException: Retriable operation failed after the maximum number of attempts - [3]

  at com.vmware.o11n.security.sso.SSOCache$4.newValue(SSOCache.java:189)

  at com.vmware.o11n.security.sso.SSOCache$4.newValue(SSOCache.java:182)

  at ch.dunes.util.TemporalVariable.get(TemporalVariable.java:29)

  at com.vmware.o11n.security.sso.SSOCache.getVcoSolutionToken(SSOCache.java:205)

  at com.vmware.o11n.security.sso.SSOCache$3.newValue(SSOCache.java:165)

  ... 23 more

I'm really confused at this point, as the setup seemed to be working okay. I received the cert, and could search and select respective admin groups. Has anyone seen this before? Am I missing something obvious?

Thanks,

Matt

I have to run a few guest operations on a VM, right after it is provisioned.

Until now, I have used a simple sleep value of 60 seconds, during which the vRO workflow execution is halted, before the guest operations are executed. This almost exclusively affects Windows servers since the readiness on Linux systems is given almost instantly.

The sleep method works fine, however now I want to query the exact status of the guest operation readiness, instead of a sleep timer, to save some time and get an accurate status of the guest operations.

So far I have used following approaches, without success (vm = target vCenter VM):

- vm.guest.guestOperationsReady - this returns true, right after a vm comes online and VMTools initialize, however even though it returns "true", guest operations fail with error: The guest operations agent could not be contacted. I still have to wait some time, before executing guest operations.

- vm.guest.isInteractiveGuestOperationsReady(); - this always returns "false", even when checking a vm that has been running for some time and where manualy executing a guest operation workflow works.

What would be a reliable method to check the guest operations availability?

Hello,

I'm using the following schema for my workflow

The first action gets all virtual machines in a folder.

The second workflow is a foreach workflow that is supposed to create a snapshot for each VM passed to it from the getAllVirtualMachinesInFolder action.

The third workflow is a foreach workflow that is supposed to reboot guest OS in the same manner as the snapshot.

Seems simple enough, but I'm getting this error:

com.vmware.library.vc.basic/vim3WaitTaskEnd) Error in (Dynamic Script Module name : vim3WaitTaskEnd#20) Task 'CreateSnapshot_Task' error: The operation is not supported on the object.

Workflow execution stack:

***

item: 'Create a snapshot/item1', state: 'failed', business state: 'null', exception: 'Task 'CreateSnapshot_Task' error: The operation is not supported on the object. (Dynamic Script Module name : vim3WaitTaskEnd#20)'

workflow: 'Create snapshot of all virtual machines in a folder' (8a33318d-c441-4931-8de6-224aa3c03aa3)

So what is happening here? It's trying to snapshot the folder? Why? Here is my visual binding, it seems correct.

Thanks in advance!

I am having a problem getting the Guest Script Manager to execute a simple bash script:

cp /tmp/gg /tmp/gg2

Is there a reason why this bash command will not run?  Is it the way that it's being interpreted when it is passed...I'm unsure.  I am able to run this basic bash script:

sudo useradd [userName]

So I know that everything is working...just seems something is weird with how things are parsed when it runs.  Any ideas?

Hello,

after registering vRO Appliance to vSphere SSO login to Control Center is not possible.

-> PSC URL is displayed with Error 500 prior login

-> in PSC Logs we can see this error:

[2017-10-24T09:28:09.703+02:00 vsphere.local aa8544fb-f398-4acd-a7ba-fdfc5cfc4463 ERROR] [ServerUtils] Exception 'com.vmware.identity.idm.IDMLoginException: Login failed'

-> vRO is newly installed

-> Single PSC   

-> vRO 7.30

-> PSC 6.0 U2

Any hints?

Best Regards,

Markus                                 

Hi,

Need to create a workflow:

1. List all templates in vCenter.

2. Based on user selection of the template, need to deploy a VM.

Can anybody point me on how to get list of templates in vCenter Orchestrator workflow.

-Ajay

In a lot of workflows, when I have to update an external system, like a REST API, about a status of a Workflow, add a block that will retry the Operation for 3 times with a sleep of 60 seconds. Just in case that the REST API is down, and if its down for more than 3 minutes, I'll send an email with the status.

Is there a better way than to repeat this block over and over in all my workflows ?

Is there any comparison done between vRO and other orchestrators or UCS director?

With UCS director, there are out of box easy integration with Cisco ACI/APIC, and very good plugins for the multiple hardware vendors.

Thanks

Fred

The KB containing the fixed café plug-in for vRO 7.3 has had the attachment removed with the recent revision of the KB. Can this be put back, please?

Hi guys,

wonder if anyone yet tried to save SecureStrings in an automated way. I got the following within an action element:

configElement.setAttributeWithKey(attributeKey, attributeValue);

The input attributeValue in that case is of type SecureString and the workflow calling the action also submits a SecureString object. However, when I look into the saved ConfigurationElement the value is saved as a String in clear-text, so any vRO admin is able to read the data just by browsing. I'm aware that "SecureString" is not as secure as the object name may sound - in fact SecureString objects in any language can easily converted back into Strings of course - but still: there's a reason why that object exists (prevent "quickly getting sensitive data just by viewing").

So I really want that SecureString inside my ConfigurationElement, which is totally possible if manually creating a ConfigurationElement.

If checking the type of the submitted attributeValue inside the action element using:

System.log(typeof attributeValue)

It becomes clear that the attributeValue conversion from SecureString to String happens while the object is submitted to the action. Or so I thought.

Checking the type using typeof in a normal scripting element inside the workflow shows the same result. So I guess, typeof is the issue here, which will always return "String" for a SecureString. Am I correct to suppose that typeof is used by setAttributeWithKey to detect the type to use when creating a ConfigurationElement attribute and that SecureString is only handled differently by the UI, but not the RHINO engine itself (thus, any meaning to the UI get's lost once we use it inside scripts and from that point it's handled as a regular String)?

Some clarification on that topic and - if available - a workaround would be nice.

regards

Robert

Hello,

I am migrating workflows from vco 5.3 to vro 7.3 and I have an issue on array management

the indexOf property seems to not work anymore

array.indexOf(member) gives -1 even if the member value is realy member of array

I want to check if an item is member of an Array but I have no way to test it

can some one help?

Hi,

we use the JavaScript(JS) to invoke the Work Flow. In that, we are unable to authenticate service account against vRO.  The vRO authentication has integrated with AD(LDAP). while invoking the WF we are getting the error code 401: Unauthorised  (401 full authentications required to access the resource. attached the html and JS code with this. Any pointers? 

JS script

<!DOCTYPE html>

<html>

<head>

        <title>Open console and type testwebclient2()</title>

</head>

<body>

<h1>Open console and type <code>testwebclient2()</code></h1>

<script src="js/jquery.min.js"></script>

<script type="text/javascript">

        function testwebclient2(){

var vmname = 'Linux';

var RAM = 2;

var CPU = 8;

var usr = 'user.name@domain.com';

var pwd = '*******';

var vroServer = '10.xx.xx.06:8281';

// URL for the request

var wfid = 'f3d58869-3a4c-4a26-8841-30b0dc6ab6f3';

// URL for the request

var workflow_invoke_url = "https://"+vroServer+"/vco/api/workflows/"+wfid+"/executions";

var vRO_Request_Data = '{"parameters": [{"value":{"number": {"value": "'+RAM+'"}},"type": "number","name": "memory","scope": vmname+'"}},"type": "string","name": "VMname","scope": "local"},{"value":{"numbe

function success(data, textStatus, jqXHR){

                console.log('result for post request',data, textStatus, jqXHR);

                getData();

        }

$.ajax({

          type: "POST",

          url: workflow_invoke_url,

          data: vRO_Request_Data,

          success: success,

          dataType: 'application/json',

          headers: {

            "Authorization": "Basic " +  btoa(usr + ":" + pwd)

          },

        });

        }

</script>

</body>

</html>

*********************************************************************************

Thanks and regards,

Bhupathysav

Hello,

I faced issues when creating Configuration Elements, hope you can help with solution.

Case is: under vRO workflow I would like to create three configuration elements under the same path. So at the end that should look like that:

Root Folder

• Folder A
  • Subfolder A
    • Conf. Element A
    • Conf. Element B
    • Conf. Element C

Unfortunately what I get current is:

Root Folder

• Folder A
  • Subfolder A
    • Conf. Element A
• Folder A
  • Subfolder A
    • Conf. Element B
• Folder A
  • Subfolder A
    • Conf. Element C

So something that you cannot do manually from vRO.

The investigation I did so far shows that number of elements under WF is not changing – the new created are not visible.

I was trying to do reload, reading configuration elements between creation, adding delay, creating configuration elements thru separate WF – unfortunately result is not changing.

Ideas ?

Is there any way to update the Properties (Property Groups and Custom) on a vSphere (vCenter) Machine Type in a vRA Blueprint using vRO?

Since I'm unable to locate any Inventory Element associated with a vSphere Machine Type in vRO, I'm not sure if this can be done.

I believe the vRA Property Name that I'm trying to target using vRO is VirtualMachine.Cafe.Blueprint.Component.Id

Thx. Ron

Hi All,

Our VM provisioning workflow calls BuidlingMachine and MachineProvisioned workflows during provisioning. When provisioning fails the "Status Detail" of the request is populated by VRA. It does not provide useful information to the user. For example if the request fails in "BuildingMachine" workflow during ActiveDirectory object creation then status detail should display "ActiveDirectory integration failed". Currently it displays "Machine deleted before provisoning". The field "StatusDetail" can be updated in BuildingMachine but it might get overwritten by VRA. How to update Status Detail? or How you are providing useful information about failure to the requester?

Thx

I have a dual-list input (type array(string)) and action that does some processing with that input. Action results are displayed on presentation as readonly input (via databinding). Action is time consuming so I have moved result display to next step and added new boolean input run that is also databinded to action. If run=false then action returns immediately, otherwise input is processed.

Action is now invoked every time that input is changed, but even with run=false the delay in UI is noticeably (~500ms and loading gif animation). Can this be changed in a way that the action will be called only once - when entering next step or when setting run=true?