VMware vCenter Orchestrator 4.0.2 Release Notes

vCenter Orchestrator 4.0.2 | 6 Jun 2010 | Build 4639

vCenter Server 4.0.2 | 6 Jun 2010 | Build 258672

Last Document Update: 14 Mar 2011

Check frequently for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

Downloading and Installing VMware vCenter Orchestrator

If you have downloaded and installed VMware vCenter Server, Orchestrator is already installed on your system and only needs configuration.

Read the VMware vCenter Orchestrator Installation and Configuration Guide for step-by-step guidance on configuring vCenter Orchestrator.

Upgrading or Migrating to vCenter Orchestrator 4.0.2

You can migrate an existing Orchestrator 4.0 installation to Orchestrator 4.0.2 by following the instructions in the VMware vCenter Orchestrator Installation and Configuration Guide.


Orchestrator's vCenter 4.0 plug-in is fully supported for use with vCenter 4.0. However, using the vCenter Server 4.0 plug-in with vCenter Server 2.5 is not supported. To use Orchestrator 4.0 with vCenter Server 2.5, you must install Orchestrator's Virtual Infrastructure 3.5 plug-in.

Orchestrator provides the Virtual Infrastructure 3.5 plug-in in the following locations after installation:

  • If you installed Orchestrator using the standalone installer:
  • If the vCenter Server installed Orchestrator:

Internationalization (I18N) Support

vCenter Orchestrator 4.0.2 complies with I18N Level 1. Although Orchestrator is not localized, it can run on non-English operating systems and handle non-English text.

How to Provide Feedback

Your active feedback over the next few weeks is appreciated. Provide your feedback by:

  • Support Requests (SRs)
  • Orchestrator Discussion Forum

Support Requests

File all issues that you find as Support Requests (SRs), even if you report them to VMware by other means.

VMware Support's commitment to SRs filed by customers and instructions on how to file an SR can be found at http://www.vmware.com/support/services/.

For experienced SR users, file your support requests at http://www.vmware.com/support/sr/sr_login.jsp.

Use your registered VMware store account to log in.

Please include log files in your SRs. To gather log files from Orchestrator:

  1. Go to the Orchestrator configuration interface at http://orchestrator_server_ip_address:8282.
  2. Log in with your username and password.
  3. Click Logs.
  4. Click Generate log report.
  5. Save the generated ZIP file.
  6. Upload the saved ZIP file to VMware Support.

For Orchestrator configuration issues, please include an exported configuration file in your SRs. To export your configuration from the Orchestrator configuration interface:

  1. Go to the Orchestrator configuration interface at http://orchestrator_server_ip_address:8282.
  2. Log in with your username and password.
  3. Click General.
  4. Click the Export Configuration tab.
  5. Enter your password and press Enter.
  6. Save the *.vmoconfig file.
  7. Upload the saved files to VMware Support.

Orchestrator Discussion Forum

View the Orchestrator forum at http://communities.vmware.com/community/vmtn/mgmt/orchestrator. Use your registered VMware store account to log in.

Prior Releases of vCenter Orchestrator

See the vCenter Orchestrator 4.0.1 Release Notes.

Known Issues

The following known issues have been discovered through rigorous testing and will help you understand some problems you might encounter in this release. The list of issues below pertains to this release of VMware vCenter Orchestrator only. Please test future releases of vCenter Orchestrator for possible improvements and fixes.

List of Known Issues

The known issues are grouped as follows:

Installation Issues
  • Restarting vCO server service after reinstalling plug-ins adds Java exceptions in the logs.

    In the Troubleshooting tab of the Orchestrator configuration interface, if you reinstall plug-ins by selecting "Reset current version" and then restart the Orchestrator server, several Java exceptions are recorded in the Orchestrator server logs.

    Workaround: None, but the exceptions do not affect server operation.

Internationalization Issues
  • Problems handling non-ASCII characters in certain contexts.

    Using non-ASCII characaters in input parameters results in incorrect behavior in the following contexts:

    • If you run the SSH > SCP put workflow on a file with a name that features non-ASCII characters, the workflow will run, but name of the resulting file on the destination machine is garbled.
    • If you try to insert non-ASCII characters into attribute names, the characters will not appear. This applies to Web view attributes, workflow attributes and action attributes.
Upgrade Issues
  • Client-only upgrade shows incorrect version number in the configuration interface.

    If you have an existing Orchestrator installation of both the client and the server on the same machine, and you use the standalone Orchestrator installer to upgrade the client by choosing the Client-Only installation option, after the upgrade the Orchestrator configuration interface will show the version number of the new client installation. This is incorrect. The server has not been upgraded.

  • SSL certificate is lost during upgrade from 4.0 to 4.0.1

    If you upgrade an existing Orchestrator 4.0 installation to 4.0.1, and import the configuration of the previous installation into the 4.0.1 installation, the SSL certificate from the old installation is not loaded. The Server Certificate tab shows red in the configuration interface.

    Workaround: You must import the certificate manually.

Networking Issues
  • Loss of network connection to vCenter Server 4 can cause workflows to abort.

    If Orchestrator loses the network connection to vCenter Server 4 while a workflow is running, and if the workflow attempts to access vCenter Server, that workflow will abort and will not attempt to restart. An intermittent connection to vCenter Server causes frequent workflow failure. Furthermore, the vCenter Server 4 plug-in flushes its cache if it loses the connection to vCenter Server. Consequently, when the Orchestrator server restarts, it fetches all running objects again from the vCenter Server rather than reloading them from the cache. Fetching the objects again can cause peaks in CPU usage and increases the load on vCenter Server. If the network connection to vCenter Server is intermittent, then constantly fetching the objects can consume vCenter Server memory, leading to drops in performance.

    Workaround: Ensure that the network connection to vCenter Server is stable.

Configuration Issues
  • Orchestrator does not work with forest and external trusts in Active Directory

    Multiple domains that have a two-way trust, but are not in the same tree, are not supported and do not work with Orchestrator. The only configuration supported for multi-domain Active Directory is domain tree. Forest and external trusts are unsupported.

  • Missing support for TNSNames when connecting to an Oracle database.

    You cannot use TNSNames to connect to an Oracle database. You can connect to an Oracle database using an IP address or a DNS name.

    Workaround: See VMware Knowledge Base Article 1022828.

  • Restricted access to vCenter inventory can cause errors if Session per user is set.

    If you set the Session per user option in the vCenter tab of the configuration interface, accessing the vCenter inventory can result in some errors if the connected user has restricted access on inventory objects.

  • No error message is displayed on the Network tab of the Orchestrator configuration interface when a network port is already used.

    The Network configuration is saved successfully without errors even when the port numbers that you enter are already taken on your host.

    Workaround: Make sure the port numbers you enter on the Network tab are free.

Miscellaneous Issues
  • New: Security vulnerabilities in the Apache Struts version embedded in Orchestrator

    The following VMware vCenter Orchestrator (vCO) versions embed Apache Struts 2.0.11 or earlier:

    • vCenter Orchestrator 4.0
    • vCenter Orchestrator 4.0 Update 1
    • vCenter Orchestrator 4.0 Update 2
    • vCenter Orchestrator 4.1
    • vCenter Orchestrator 4.1 Update 1

    A remote security vulnerability that might allow unauthorized users to run code on the vCO system without authentication is reported for Apache Struts version 2.0.11 and earlier (http://struts.apache.org/2.2.1/docs/s2-005.html). The Common Vulnerabilities and Exposures project has assigned the name CVE-2010-1870 to this vulnerability.

    Apache Struts version 2.0.11 and earlier also contain vulnerabilities described at the following URLs:

    The vulnerabilities are classified as Important, according to the VMware Security Response Policy.

    Workaround: To resolve this issue, perform the steps described in Workarounds for vCenter Orchestrator Address Apache Struts Remote Code Execution Vulnerability (KB 1034175).
  • Possible loss of logs when using vmo.bat file to restart Orchestrator server.

    If you start the Orchestrator server as a service and you then restart the Orchestrator server by running the vmo.bat file directly, you can experience a potential loss of logs. The loss of logs is due to the Orchestrator server potentially running with different permissions if you started it as a service and then restarted it using the vmo.bat file.

    Workaround: Do not restart the server by using the vmo.bat file. Start the Orchestrator server as a service as follows:

    1. Right-click My Computer and select Manage > Services and Applications > Services
    2. Right-click VMware vCenter Orchestrator Server and select Start
  • Importing packages using the Orchestrator client fails occasionally.

    Occasionally, importing a package using the Orchestrator client results in the error "Unable to import a certificate, reason : Unable to save keystore".

    Workaround: Close the error message and attempt the import again.

  • The Revert option for the parameters table on the Edit Action's view Scripting tab does not revert to the last saved state.

    When you add a parameter to an action script, you cannot remove it using the Revert option.

    Workaround: Right-click the parameter and click Delete Selected.

  • Characters are accepted as the input value for workflow attributes of type number.

    Format validation has been disabled on workflow attributes of type number. Invalid input values are now accepted without any warning and workflows are saved successfully, which can lead to unpredictable results.

  • The Find orphaned virtual machines workflow might detect VMDK files that are used by linked clones.

    Some VMDK files that are associated with linked clones in the Orchestrator inventory might be listed as unused by the Find orphaned virtual machines workflow. If you remove these VMDK files, the linked clones become unusable.

  • Changes to input parameter descriptions are not propagated to the presentation.

    If you change the description of an input parameter for a workflow, this change is not propagated to the description in the presentation.

    Workaround: Copy the description to the presentation manually.

  • Cannot export policies as templates.

    The Export as policy template function is disabled in the Orchestrator client and cannot be used.

  • The Convert disks to thin provisioning workflow does not handle virtual machines with snapshots correctly and does not convert the thick-provisioned disks.

    On completion, the Convert disks to thin provisioning workflow reports that the thick-provisioned disks of virtual machines with snapshots are successfully converted to thin-provisioned, when they are actually not.

    Workaround: Do not include virtual machines with snapshots in the interaction.

Resolved Issues

The following issues with Orchestrator 4.0.1 have been resolved in the Orchestrator 4.0.2 release:

Resolved Internationalization Issues
  • Problems handling non-ASCII characters in certain contexts.

    Using non-ASCII characaters in input parameters results in incorrect behavior in the following contexts:

    • The Mail workflows cannot take non-ASCII as input parameters. Any non-ASCII characters will be garbled in the resulting email.
    • If you create an authorization that refers to an Active Directory group with a name that contains non-ASCII characters, the name will appear garbled in the General tab for that authorization. However, the name is stored correctly in the database. AD group names render correctly on Windows 2003.
Resolved Server Issues
  • Some workflows that write to the server file system are blocked by a new security implementation.

    Following a change to the security policy to limit the parts of the server file system to which workflows can write, the following workflows do not run:

    • XML > Create address book CSS
    • XML > Create address book CSS
    • XML > Create address book DTD
    • XML > Create address book XML
    • XML > Full address book test
    • Datastore and files > Log unused datastore files
    • Datastore and files > Export unused datastore files
    • vCenter > Virtual Machine management > Clone > Customize virtual machines from properties

    Workaround: Duplicate the workflows and update the file-path input parameter to write to the permitted locations on the Orchestrator server. See Setting Server File System Access from Workflows and JavaScript in the vCenter Orchestrator Administration Guide for information.

Resolved Miscellaneous Issues
  • Orchestrator Web Views do not support Mozilla Firefox 3.5.

    Selectors in the weboperator and vCenter Lifecycle Manager Web views might stop responding in Mozilla Firefox 3.5.

  • Access rights and workflow version numbers on the Packages view's Workflows tab do not refresh after forcing a package import.

    When you import a package, the server compares the versions of the different elements of its contents to matching local elements. If you force the import of elements with different access rights and version numbers lower than those of the local elements, the details about the imported elements are not updated on the Packages view's Workflows tab.

    Workaround: Click the Refresh icon to update the details about the imported elements.