VMware

VMware vCenter Orchestrator 4.0.1 Release Notes

vCenter Orchestrator 4.0.1 | 11/19/2009 | Build 4502

vCenter Server 4.0 update 1 | 11/19/2009 | Build 205877

Last Document Update:14 Mar 2011

Check frequently for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

Downloading and Installing VMware vCenter Orchestrator

If you have downloaded and installed VMware vCenter Server, Orchestrator is already installed on your system and only needs configuration.

Read the VMware vCenter Orchestrator Installation and Configuration Guide for step-by-step guidance on configuring vCenter Orchestrator.

Upgrading or Migrating to vCenter Orchestrator 4.0.1

You can migrate an existing Orchestrator 4.0 installation to Orchestrator 4.0.1 by following the instructions of the VMware vCenter Orchestrator Installation and Configuration Guide.

Compatibility

Orchestrator's vCenter 4.0 plug-in is fully supported for use with vCenter 4.0. However, using the vCenter Server 4.0 plug-in with vCenter Server 2.5 is not supported. To use Orchestrator 4.0 with vCenter Server 2.5, you must install Orchestrator's Virtual Infrastructure 3.5 plug-in.

Orchestrator provides the Virtual Infrastructure 3.5 plug-in in the following locations after installation:

  • If you installed Orchestrator using the standalone installer:
    C:\Program Files\VMware\Infrastructure\Orchestrator\extras\plugins\vmo_vi35_4_0_1_4502.vmoapp
  • If the vCenter Server installed Orchestrator:
    C:\Program Files\VMware\Orchestrator\extras\plugins\vmo_vi35_4_0_1_4502.vmoapp

Internationalization (I18N) Support

vCenter Orchestrator 4.0.1 complies with I18N Level 1. Although Orchestrator is not localized, it can run on non-English operating systems and handle non-English text.

How to Provide Feedback

Your active feedback is appreciated. Provide your feedback by:

  • Support Requests (SRs)
  • Orchestrator Discussion Forum

Support Requests

File all issues that you find as Support Requests (SRs), even if you report them to VMware by other means.

VMware Support's commitment to SRs filed by customers and instructions on how to file an SR can be found at http://www.vmware.com/support/services/.

For experienced SR users, file your support requests at http://www.vmware.com/support/sr/sr_login.jsp.

Use your registered VMware store account to log in.

Please include log files in your SRs. To gather log files from Orchestrator:

  1. Go to the Orchestrator configuration interface at http://orchestrator_server:8282.
  2. Log in with your username and password.
  3. Click Logs.
  4. Click Generate log report.
  5. Save the generated ZIP file.
  6. Upload the saved ZIP file to VMware Support.

For Orchestrator configuration issues, please include an exported configuration file in your SRs. To export your configuration from the Orchestrator configuration interface:

  1. Go to the Orchestrator configuration interface at http://orchestrator_server:8282.
  2. Log in with your username and password.
  3. Click General.
  4. Click the Export Configuration tab.
  5. Enter your password and press Enter.
  6. Save the *.vmoconfig file.
  7. Upload the saved files to VMware Support.

Orchestrator Discussion Forum

View the Orchestrator forum at http://communities.vmware.com/community/vmtn/mgmt/orchestrator. Use your registered VMware store account to login.

Prior Releases of vCenter Orchestrator

See the vCenter Orchestrator 4.0 Release Notes.

Resolved Issues

The following issues from Orchestrator 4.0 have been resolved in Orchestrator 4.0.1:

Installation Issues
  • The installer_debug.txt file is not removed when Orchestrator is uninstalled.

    Orchestrator installer creates a file called installer_debug.txt that is not deleted when you uninstall Orchestrator from command line or Windows Control Panel.

  • Orchestrator registry remains after you uninstall Orchestrator by using Windows Control Panel.

    If you installed Orchestrator by installing vCenter Server 4, and you uninstall Orchestrator using the Windows Control Panel, some Orchestrator registry entries are not removed.

Configuration Issues
  • Orchestrator does not work with forest and external trusts in Active Directory

    Multiple domains that have a two-way trust, but are not in the same tree, are not supported and do not work with Orchestrator. The only configuration supported for multi-domain Active Directory is domain tree. Forest and external trusts are unsupported.

  • Server restarts when performing swapping or when running with a heavy load.

    If the Orchestrator server is running with a heavy load, for example if you have connected Orchestrator to many vCenter Servers which are running many virtual machines, or if the server is performing swapping, you might experience an unwanted server restart. The server restart is due to the default timeout that the Orchestrator watchdog service sets. In certain circumstances, if a response time exceeds the watchdog timeout period, the watchdog can falsely detect a JVM error, which leads to a server restart.

  • Microsoft plug-in configuration requires the LDAP host to be set to the Domain Controller name.

    Calling the ActiveDirectory.getDC() method returns null if the IP addresss or DNS name is used in the LDAP configuration settings of the Microsoft plug-in.

Miscellaneous Issues
  • The number of virtual CPUs you can add when you run the Create VM workflows is limited to 4.

    When you create a virtual machine using the vSphere client, you can add up to 8 CPUs. With the Create VM workflows you can add up to 4 virtual CPUs. This is a limitation of vCenter Orchestrator 4.0.

  • Plug-in method behavior depends on exact Java signature.

    For example, if you map a JavaScript method foo() to a Java method bar(), which takes an integer as a parameter and returns it, you can implement the Java code for foo() in two different ways:

    1. int bar(int i) { return i; }
      In this case, the call to foo() is the same as foo(null), which translates to bar(0), which returns 0 in Java, and then returns 0 in JavaScript, because null implicitly converts to 0 in an integral context
    2. Integer bar(Integer i) { return i; }
      In this case, the call to foo() is the same as foo(null), which translates to bar(null), which returns null in Java, and then returns null in JavaScript. Because this code uses objects instead of integral contexts, no conversion takes place.
  • No input parameters are displayed in the drop-down menu for the Decision workflow schema element.

    You cannot define or edit the decision statement because the possible input parameters are not visible on the Decision schema element's properties tab.

  • The Remove host workflow fails to remove a standalone ESX host from vCenter.

    You can run the Remove host workflow on an ESX host which is inside a cluster and in maintenance mode.

Known Issues

The following known issues have been discovered through rigorous testing and will help you understand some problems you might encounter in this release. The list of issues below pertains to this release of VMware vCenter Orchestrator only. Please test future releases of vCenter Orchestrator for possible improvements and fixes.

List of Known Issues

The known issues are grouped as follows:

Installation Issues

  • Restarting vCO server service after reinstalling plug-ins adds Java exceptions in the logs.

    In the Troubleshooting tab of the Orchestrator configuration interface, if you reinstall plug-ins by selecting "Reset current version" and then restart the Orchestrator server, several Java exceptions are recorded in the Orchestrator server logs.

    Workaround: None, but the exceptions do not affect server operation.

Internationalization Issues

  • Problems handling non-ASCII characters in certain contexts.

    Using non-ASCII characaters in input parameters results in incorrect behavior in the following contexts:

    • The Mail workflows cannot take non-ASCII as input parameters. Any non-ASCII characters will be garbled in the resulting email.
    • If you run the SSH > SCP put workflow on a file with a name that features non-ASCII characters, the workflow will run, but name of the resulting file on the destination machine is garbled.
    • If you create an authorization that refers to an Active Directory group with a name that contains non-ASCII characters, the name will appear garbled in the General tab for that authorization. However, the name is stored correctly in the database. AD group names render correctly on Windows 2003.
    • If you try to insert non-ASCII characters into attribute names, the characters will not appear. This applies to Web view attributes, workflow attributes and action attributes.
Upgrade Issues

  • Client-only upgrade shows incorrect version number in the configuration interface.

    If you have an existing Orchestrator installation of both the client and the server on the same machine, and you use the standalone Orchestrator installer to upgrade the client by choosing the Client-Only installation option, after the upgrade the Orchestrator configuration interface will show the version number of the new client installation. This is incorrect. The server has not been upgraded.

  • SSL certificate is lost during upgrade from 4.0 to 4.0.1

    If you upgrade an existing Orchestrator 4.0 installation to 4.0.1, and import the configuration of the previous installation into the 4.0.1 installation, the SSL certificate from the old installation is not loaded. The Server Certificate tab shows red in the configuration interface.

    Workaround: You must import the certificate manually.

Networking Issues
  • Loss of network connection to vCenter Server 4 can cause workflows to abort.

    If Orchestrator loses the network connection to vCenter Server 4 while a workflow is running, and if the workflow attempts to access vCenter Server, that workflow will abort and will not attempt to restart. An intermittent connection to vCenter Server causes frequent workflow failure. Furthermore, the vCenter Server 4 plug-in flushes its cache if it loses the connection to vCenter Server. Consequently, when the Orchestrator server restarts, it fetches all running objects again from the vCenter Server rather than reloading them from the cache. Fetching the objects again can cause peaks in CPU usage and increases the load on vCenter Server. If the network connection to vCenter Server is intermittent, then constantly fetching the objects can consume vCenter Server memory, leading to drops in performance.

    Workaround: Ensure that the network connection to vCenter Server is stable.

Server Issues

  • Some workflows that write to the server file system are blocked by a new security implementation.

    Following a change to the security policy to limit the parts of the server file system to which workflows can write, the following workflows do not run:

    • XML > Create address book CSS
    • XML > Create address book CSS
    • XML > Create address book DTD
    • XML > Create address book XML
    • XML > Full address book test
    • Datastore and files > Log unused datastore files
    • Datastore and files > Export unused datastore files
    • vCenter > Virtual Machine management > Clone > Customize virtual machines from properties

    Workaround: Duplicate the workflows and update the file-path input parameter to write to the permitted locations on the Orchestrator server. See Setting Server File System Access from Workflows and JavaScript in the vCenter Orchestrator Administration Guide for information.

Configuration Issues
  • Orchestrator does not work with forest and external trusts in Active Directory

    Multiple domains that are not in the same tree, but have a two-way trust, are not supported and do not work with Orchestrator. The only configuration supported for multi-domain Active Directory is domain tree. Forest and external trusts are unsupported.

  • Missing support for TNSNames when connecting to an Oracle database.

    You cannot use TNSNames to connect to an Oracle database. You can connect to an Oracle database using an IP address or a DNS name.

    Workaround: See VMware Knowledge Base Article 1022828.

  • Restricted access to vCenter inventory can cause errors if Session per user is set.

    If you set the Session per user option in the vCenter tab of the configuration interface, accessing the vCenter inventory can result in some errors if the connected user has restricted access on inventory objects.

  • No error message is displayed on the Network tab of the Orchestrator configuration interface when a network port is already used.

    The Network configuration is saved successfully without errors even when the port numbers that you enter are already taken on your host.

    Workaround: Make sure the port numbers you enter on the Network tab are free.

Miscellaneous Issues
  • New: Security vulnerabilities in the Apache Struts version embedded in Orchestrator

    The following VMware vCenter Orchestrator (vCO) versions embed Apache Struts 2.0.11 or earlier:

    • vCenter Orchestrator 4.0
    • vCenter Orchestrator 4.0 Update 1
    • vCenter Orchestrator 4.0 Update 2
    • vCenter Orchestrator 4.1
    • vCenter Orchestrator 4.1 Update 1

    A remote security vulnerability that might allow unauthorized users to run code on the vCO system without authentication is reported for Apache Struts version 2.0.11 and earlier (http://struts.apache.org/2.2.1/docs/s2-005.html). The Common Vulnerabilities and Exposures project has assigned the name CVE-2010-1870 to this vulnerability.

    Apache Struts version 2.0.11 and earlier also contain vulnerabilities described at the following URLs:

    The vulnerabilities are classified as Important, according to the VMware Security Response Policy.

    Workaround: To resolve this issue, perform the steps described in Workarounds for vCenter Orchestrator Address Apache Struts Remote Code Execution Vulnerability (KB 1034175).
  • Possible loss of logs when using vmo.bat file to restart Orchestrator server.

    If you start the Orchestrator server as a service and you then restart the Orchestrator server by running the vmo.bat file directly, you can experience a potential loss of logs. The loss of logs is due to the Orchestrator server potentially running with different permissions if you started it as a service and then restarted it using the vmo.bat file.

    Workaround: Do not restart the server by using the vmo.bat file. Start the Orchestrator server as a service as follows:

    1. Right-click My Computer and select Manage > Services and Applications > Services
    2. Right-click VMware vCenter Orchestrator Server and select Start
  • Importing packages using the Orchestrator client fails occasionally.

    Occasionally, importing a package using the Orchestrator client results in the error "Unable to import a certificate, reason : Unable to save keystore".

    Workaround: Close the error message and attempt the import again.

  • The Revert option for the parameters table on the Edit Action's view Scripting tab does not revert to the last saved state.

    When you add a parameter to an action script, you cannot remove it using the Revert option.

    Workaround: Right-click the parameter and click Delete Selected.

  • Characters are accepted as the input value for workflow attributes of type number.

    Format validation has been disabled on workflow attributes of type number. Invalid input values are now accepted without any warning and workflows are saved successfully.

  • Access rights and workflow version numbers on the Packages view's Workflows tab do not refresh after forcing a package import.

    When you import a package, the server compares the versions of the different elements of its contents to matching local elements. If you force the import of elements with different access rights and version numbers lower than those of the local elements, the details about the imported elements are not updated on the Packages view's Workflows tab.

    Workaround: Click the Refresh icon to update the details about the imported elements.

  • The Find orphaned virtual machines workflow might detect VMDK files that are used by linked clones.

    Some VMDK files that are associated with linked clones in the Orchestrator inventory might be listed as unused by the Find orphaned virtual machines workflow. If you remove these VMDK files, the linked clones become unusable.

  • Orchestrator Web Views do not support Mozilla Firefox 3.5.

    Selectors in the weboperator and vCenter Lifecycle Manager Web views might stop responding in Mozilla Firefox 3.5.

  • Changes to input parameter descriptions are not propagated to the presentation.

    If you change the description of an input parameter for a workflow, this change is not propagated to the description in the presentation.

    Workaround: Copy the description to the presentation manually.

  • Cannot export policies as templates

    The Export as policy template function is disabled in the Orchestrator client and cannot be used.

  • The Convert disks to thin provisioning workflow does not handle virtual machines with snapshots correctly and does not convert the thick-provisioned disks.

    On completion, the Convert disks to thin provisioning workflow reports that the thick-provisioned disks of virtual machines with snapshots are successfully converted to thin-provisioned, when they are actually not.

    Workaround: Do not include virtual machines with snapshots in the interaction.