VMware vCenter Orchestrator 4.1 Release Notes

vCenter Orchestrator 4.1 | 13 Jul 2010 | Build 581

vCenter Server 4.1 | 13 Jul 2010 | Build 258902

Last Document Update: 14 Mar 2011

Check frequently for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

Downloading and Installing VMware vCenter Orchestrator 4.1

You can install Orchestrator 4.1 only on 64-bit operating system platform. If you have downloaded and installed VMware vCenter Server 4.1, Orchestrator is already installed on your system and only needs configuration.

Read the VMware vCenter Orchestrator Installation and Configuration Guide for step-by-step guidance on configuring vCenter Orchestrator.

As an Orchestrator 4.1 user, your main focus is to explore new functionality in the release rather than to test product performance and maximized configurations. Your feedback on Orchestrator 4.1 features and their operation helps us ensure a high quality release.

Upgrading to vCenter Orchestrator 4.1 and Migrating the Orchestrator Configuration Data

If you are running an earlier version of Orchestrator on a 32-bit platform, you can use the data migration tool included in the vCenter Server installation media to back up and restore the existing Orchestrator configuration settings.

Read the VMware vCenter Orchestrator Installation and Configuration Guide for step-by-step guidance on migrating the Orchestrator configuration settings.

If you have developed workflows, actions, plug-ins, policies, and so on using a previous version of Orchestrator, perform the following steps:

  1. Export packages of all the custom workflows, actions, policies, and so on, that you developed under the previous version of Orchestrator.
  2. Create a new instance of an empty database for Orchestrator 4.1.
  3. Install and Configure Orchestrator 4.1 by following the instructions of the VMware vCenter Orchestrator Installation and Configuration Guide.
  4. Connect Orchestrator 4.1 to the new Orchestrator database.
  5. Import the packages you exported from the older version of Orchestrator.

Internationalization (I18N) Support

vCenter Orchestrator 4.1 complies with I18N Level 1. Although Orchestrator is not localized, it can run on non-English operating systems and handle non-English text.

Functionality Caveats

This release provides experimental support for the following:

  • OpenLDAP
  • MySQL
  • PostrgreSQL

For details about enabling OpenLDAP and experimental database providers in the Orchestrator configuration, see Enabling Experimental Support for OpenLDAP, PostgreSQL, and MySQL in VMware vCenter Orchestrator.

New Features in Orchestrator 4.1

The following features are new in Orchestrator 4.1:

  • 64-bit client and server running on Java 1.6.
  • Optional standalone 32-bit client.
  • Data migration tool, to help you upgrade from Orchestrator 4.0 on a 32-bit server to Orchestrator 4.1 on a 64-bit server.
  • New workflows in the library.
  • Orchestrator now uses vCenter Server as a license server.
  • vSphere 4.1 plug-in that implements the latest VMODL, with dynamic addition of vCenter Servers.
  • Importing certificates no longer requires you to restart the configuration server.
  • Orchestrator scalability matches the vSphere scalability figures, namely supporting 10,000 connected virtual machines.
  • Performance from 5 to 10 times faster than 4.0.x, depending on the usage scenario.

For details of Orchestrator scalability and configuration maximums, see the VMware vCenter Orchestrator Installation and Configuration Guide.

Deprecated Features in Orchestrator 4.1

The following features are deprecated as of Orchestrator 4.1. Development of these features is not supported in releases of Orchestrator later than 4.1.

  • Authorizations
  • OGNL expressions in workflow presentations
  • Policies

How to Provide Feedback

Your active feedback over the next few weeks is appreciated. Provide your feedback by:

  • Support Requests (SRs)
  • Orchestrator Discussion Forum

Support Requests

File all issues that you find as Support Requests (SRs), even if you report them to VMware by other means.

VMware Support's commitment to SRs filed by customers and instructions on how to file an SR can be found at http://www.vmware.com/support/services/.

For experienced SR users, file your support requests at http://www.vmware.com/support/sr/sr_login.jsp.

Use your registered VMware store account to log in.

Please include log files in your SRs. To gather log files from Orchestrator:

  1. Go to the Orchestrator configuration interface at http://orchestrator_server_ip_address:8282.
  2. Log in with your username and password.
  3. Click Logs.
  4. Click Generate log report.
  5. Save the generated ZIP file.
  6. Upload the saved ZIP file to VMware Support.

For Orchestrator configuration issues, include an exported configuration file in your SRs. To export your configuration from the Orchestrator configuration interface:

  1. Go to the Orchestrator configuration interface at http://orchestrator_server_ip_address:8282.
  2. Log in with your username and password.
  3. Click General.
  4. Click the Export Configuration tab.
  5. Enter your password and press Enter.
  6. Save the *.vmoconfig file.
  7. Upload the saved files to VMware Support.

Orchestrator Discussion Forum

View the Orchestrator forum at http://communities.vmware.com/community/vmtn/mgmt/orchestrator. Use your registered VMware store account to log in.

Prior Releases of vCenter Orchestrator

See the vCenter Orchestrator 4.0.1 Release Notes.

Known Issues

The following known issues have been discovered through rigorous testing and will help you understand some problems you might encounter in this release. The list of issues below pertains to this release of VMware vCenter Orchestrator only. Test future releases of vCenter Orchestrator for possible improvements and fixes.

The known issues are grouped as follows:

Installation Issues

  • Orchestrator 4.1 standalone installer does not detect previous versions of Orchestrator and completes the installation process, creating a second Orchestrator instance.

    If you have an Orchestrator 4.0.1 or 4.1 installation on a 64-bit server and you run the Orchestrator 4.1 standalone installer, two Orchestrator instances are created. However, the upgrade to Orchestrator 4.1 is not successful and you can only run the previous version of Orchestrator.

    1. Export the existing configuration settings.
    2. Uninstall the Orchestrator instance.
    3. Run the Orchestrator 4.1 installer.
    4. Import the configuration settings.
  • Restarting vCO server service after reinstalling plug-ins adds Java exceptions in the logs.

    In the Troubleshooting tab of the Orchestrator configuration interface, if you reinstall plug-ins by selecting Reset current version and then restart the Orchestrator server, several Java exceptions are recorded in the Orchestrator server logs.

    Workaround: None, but the exceptions do not affect server operation.

  • Orchestrator registry keys remain after you uninstall Orchestrator by using Windows Control Panel.

    If you uninstall Orchestrator using the Windows Control Panel, some Orchestrator registry entries are not removed.

    Workaround: Remove the Orchestrator entries manually, as follows.

    1. Click Start > Run.
    2. Type regedit.
    3. In the Registry Editor, click File > Export to back up the current registry settings.
    4. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\VMware.
    5. Right-click the Orchestrator entries and select Delete.

Internationalization Issues

  • Problems handling non-ASCII characters in certain contexts.

    Using non-ASCII characters in input parameters results in incorrect behavior in the following contexts:

    • If you run the SSH > SCP put or SCP get workflows on a file with a name that features non-ASCII characters, the workflow will run, but name of the resulting file on the destination machine is garbled.
    • If you try to insert non-ASCII characters into attribute names, the characters will not appear. This applies to Web view attributes, workflow attributes and action attributes.

Configuration Issues

  • Orchestrator does not work with forest and external trusts in Active Directory

    Multiple domains that have a two-way trust, but are not in the same tree, are not supported and do not work with Orchestrator. The only configuration supported for multi-domain Active Directory is domain tree. Forest and external trusts are unsupported.

  • Missing support for TNSNames when connecting to an Oracle database.

    You cannot use TNSNames to connect to an Oracle database. You can connect to an Oracle database using an IP address or a DNS name.

    Workaround: See VMware Knowledge Base Article 1022828.

  • SSL certificate is lost when you import configuration from previous installation.

    If you import the configuration of a previous installation into the 4.1 installation, the SSL certificate from the old installation is not loaded. The Server Certificate tab shows red in the configuration interface.

    Workaround: You must import the certificate manually.

  • Restricted access to vCenter inventory can cause errors if Session per user is set.

    If you set the Session per user option in the vCenter tab of the configuration interface, accessing the vCenter inventory can result in some errors if the connected user has restricted access on inventory objects.

  • No error message is displayed on the Network tab of the Orchestrator configuration interface when a network port is already used.

    The Network configuration is saved successfully without errors even when the port numbers that you enter are already taken on your host.

    Workaround: Make sure the port numbers you enter on the Network tab are free.

Networking Issues

  • Loss of network connection to vCenter Server 4 can cause workflows to abort.

    If Orchestrator loses the network connection to vCenter Server 4 while a workflow is running, and if the workflow attempts to access vCenter Server, that workflow will abort and will not attempt to restart. An intermittent connection to vCenter Server causes frequent workflow failure. Furthermore, the vCenter Server 4 plug-in flushes its cache if it loses the connection to vCenter Server. Consequently, when the Orchestrator server restarts, it fetches all running objects again from the vCenter Server rather than reloading them from the cache. Fetching the objects again can cause peaks in CPU usage and increases the load on vCenter Server. If the network connection to vCenter Server is intermittent, then constantly fetching the objects can consume vCenter Server memory, leading to drops in performance.

    Workaround: Ensure that the network connection to vCenter Server is stable.

Miscellaneous Issues

  • New: Security vulnerabilities in the Apache Struts version embedded in Orchestrator

    The following VMware vCenter Orchestrator (vCO) versions embed Apache Struts 2.0.11 or earlier:

    • vCenter Orchestrator 4.0
    • vCenter Orchestrator 4.0 Update 1
    • vCenter Orchestrator 4.0 Update 2
    • vCenter Orchestrator 4.1
    • vCenter Orchestrator 4.1 Update 1

    A remote security vulnerability that might allow unauthorized users to run code on the vCO system without authentication is reported for Apache Struts version 2.0.11 and earlier (http://struts.apache.org/2.2.1/docs/s2-005.html). The Common Vulnerabilities and Exposures project has assigned the name CVE-2010-1870 to this vulnerability.

    Apache Struts version 2.0.11 and earlier also contain vulnerabilities described at the following URLs:

    The vulnerabilities are classified as Important, according to the VMware Security Response Policy.

    Workaround: To resolve this issue, perform the steps described in Workarounds for vCenter Orchestrator Address Apache Struts Remote Code Execution Vulnerability (KB 1034175).
  • No input parameters are displayed in some of the drop-down menu items for the Decision workflow schema element.

    You cannot define or edit the decision statement using the state equals or connectionState equal items. The possible input parameters are not visible on the Decision schema element's properties tab.

    Workaround: Use a Custom Decision schema element.

  • Importing a package using the Orchestrator client fails occasionally.

    Occasionally, importing a package using the Orchestrator client results in the error "Unable to import a certificate, reason : Unable to save keystore".

    Workaround: Close the error message and attempt the import again.

  • The Used plug-ins tab in the Orchestrator client does not display at all or does not list the plug-ins associated with the selected package.

    You cannot check dependencies between packages because the Used plug-ins tab is either not displayed or not populated with the list of associated plug-ins. If the tab is not displayed and the Orchestrator client does not refresh, you must click another tab or view.

  • The Orchestrator client stops responding if you use the Used plug-ins tab in edit mode.

    When you attempt to insert or remove associated plug-ins on the Used plug-ins tab, the Orchestrator client stops responding.

    Workaround: Restart the Orchestrator client.

  • The Revert option for the parameters table on the Edit Action's view Scripting tab does not revert to the last saved state.

    When you add a parameter to an action script, you cannot remove it using the Revert option.

    Workaround: Right-click the parameter and click Delete Selected.

  • Characters are accepted as the input value for workflow attributes of type number.

    Format validation has been disabled on workflow attributes of type number. Invalid input values are now accepted without any warning and workflows are saved successfully, which can lead to unpredictable results.

  • Changes to input parameter descriptions are not propagated to the presentation.

    If you change the description of an input parameter for a workflow, this change is not propagated to the description in the presentation.

    Workaround: Copy the description to the presentation manually.

  • The Convert disks to thin provisioning workflow does not handle virtual machines with snapshots correctly and does not convert the thick-provisioned disks.

    On completion, the Convert disks to thin provisioning workflow reports that the thick-provisioned disks of virtual machines with snapshots are successfully converted to thin-provisioned, when they are actually not.

    Workaround: Do not include virtual machines with snapshots in the interaction.

  • Windows Server 2008 automatically renames VMOAPP and DAR files to ZIP causing the application installation and plug-in upload in the Orchestrator configuration interface to fail.

    If you are running Orchestrator on Windows Server 2008, the extension of the archives you download is automatically changed to ZIP. When you are installing an application or uploading a plug-in in the Orchestrator configuration interface, you must select a VMOAPP or DAR file.

    Workaround: Change the ZIP extension back to VMOAPP or DAR to use the downloaded archive in the Orchestrator configuration interface.

  • Repeatedly publishing and unpublishing Web views can cause memory issues.

    Publishing and unpublishing Web views restarts the Tapestry framework, which regenerates new meta-class information without cleaning up the previous meta-class information. Publishing and unpublishing a Web view by repeatedly calling the methods Webview.enable() and Webview.disable() in a loop in scripts can consume large quantities of memory and will eventually lead to performance issues.

  • Adding values to vCenter data object properties of type Array is impossible.

    When Orchestrator runs scripts, the vCenter Server 4.1 plug-in converts JavaScript arrays to Java arrays of a fixed size. As a consequence, you cannot add new values to vCenter data objects that take arrays as property values. You can create an object that takes an array as a property if you instantiate that object by passing it a pre-filled array. However, once you have instantiated the object, you will be unable to add values to the array.

    For example, the following code will not work:

    var spec = new VcVirtualMachineConfigSpec();
    spec.deviceChange = [];
    spec.deviceChange[0] = new VcVirtualDeviceConfigSpec();

    In the above code, Orchestrator converts the empty spec.deviceChange JavaScript array into the fixed-size Java array VirtualDeviceConfigSpec[] before it calls setDeviceChange(). When calling spec.deviceChange[0] = new VcVirtualDeviceConfigSpec(), Orchestrator calls getDeviceChange() and the array remains a fixed, empty Java array. Calling spec.deviceChange.add() results in the same behavior.

    Workaround: Declare the array as a local variable, as follows:

    var spec = new VcVirtualMachineConfigSpec();
    var deviceSpec = [];
    deviceSpec[0] = new VcVirtualDeviceConfigSpec();
    spec.deviceChange = deviceSpec;

  • Workflow input parameters of type SecureString cannot take a null value.

    You cannot start a workflow with a null value if that workflow takes a SecureString as an input parameter, unless you start the workflow from within another workflow. In this case, the server loads attributes from the cache rather than from the Orchestrator database, resulting in a null input parameter. If you then set the workflow into a passive state by implementing a long-running workflow element, the attributes are reloaded from the database, converting the null value into an empty string. This is the only way to start with a null value a workflow that requires a SecureString input parameter.

Resolved Issues

The following issues with Orchestrator 4.1 Beta have been resolved in the Orchestrator 4.1 release:

Resolved Internationalization Issues

  • Problems handling non-ASCII characters in certain contexts.

    Using non-ASCII characters in input parameters results in incorrect behavior in the following contexts:

    • The Mail workflows cannot take non-ASCII as input parameters. Any non-ASCII characters will be garbled in the resulting email.
    • If you create an authorization that refers to an Active Directory group with a name that contains non-ASCII characters, the name will appear garbled in the General tab for that authorization. However, the name is stored correctly in the database. AD group names render correctly on Windows 2003.
  • Input fields on the LDAP tab of the Orchestrator configuration interface do not support non-ASCII characters.

    You cannot configure Orchestrator to use an LDAP server that uses non-ASCII characters.

Resolved Configuration Issues

  • The Licenses tab in the Orchestrator configuration interface stops responding when you enter an invalid license string.

    The License tab does not display an error message if you click Apply changes when either of the following is true:

    • the license key is valid but there is space at the end
    • the license key is not valid or expired
    • the license key field is empty

    Workaround: Click the License tab to reload the page and display the error message.

  • vCenter Orchestrator server mode is not displayed in the license details.

    The license key details do not display the vCenter Orchestrator mode which is "server" for the 4.1 Beta license key. This means that you are granted full read and write privileges to all Orchestrator elements.

  • Erroneous license error message after installing Orchestrator with a new database.

    The following error message appears in the Licenses tab of the Orchestrator configuration interface if you install Orchestrator with a new database and you click the Licenses tab before configuring the database:

    ..\..\.\app-server\server\vmo\deploy\vmo-server\vmo-ds.xml (The system cannot find the file specified)

    Ignore this message.

Resolved Server Issues

  • Using the 4.1 beta Orchestrator Web service requires you to replace NULL with empty string in the API input parameters.

    When you call the Orchestrator Service APIs, you must use an empty string as the input parameter. For example, instead of using find(type, null, username, password), use find(type, "", username, password).

  • The hasRights(workflowId, userName, password, 'r') operation cannot be compiled.

    Workaround: Call this API as hasRights(workflowId, userName, password, (int)'r').

Resolved Miscellaneous Issues

  • The Orchestrator client stops responding when you run long-running workflows from the Inventory tab.

    When you run a long-running workflow that waits for an event, timer or user interaction, all of the following options become unavailable and the Orchestrator client stops responding until the event in question occurs or the workflow times out:

    • Run in background
    • Show workflow run
    • Answer
    • Cancel run

    Workaround: Restart the application or log in to a second Orchestrator client to cancel the workflow or provide the information for which it is waiting.

  • The Orchestrator client displays a warning icon and an error message even when the client and server versions are correct.

    When you log in to the Orchestrator client, the following error message appears in the bottom right corner of the pane:

    MessageFormat parse error!

    Ignore this message.

  • Orchestrator Web Views do not support Mozilla Firefox 3.5.

    Selectors in the weboperator and vCenter Lifecycle Manager Web views might stop responding in Mozilla Firefox 3.5.

  • Workflows with VIM3 objects fail validation and cannot be invoked.

    The workflows in the Library > VIM 3 > SSH category are not valid and you cannot run them. The validation tool returns errors for the com.vmware.library.ssh package.

  • Remote workflows are not accessible from the Nested Workflows schema element.

    You cannot select remote workflows because they are not returned by the search on the Remote workflows tab of the Workflows chooser dialog box.

  • Access rights and workflow version numbers on the Packages view's Workflows tab do not refresh after forcing a package import.

    When you import a package, the server compares the versions of the different elements of its contents to matching local elements. If you force the import of elements with different access rights and version numbers lower than those of the local elements, the details about the imported elements are not updated on the Packages view's Workflows tab.

    Workaround: Click the Refresh icon to update the details about the imported elements.