VMware

VMware vCenter Orchestrator 4.1.1 Release Notes

vCenter Orchestrator 4.1.1 | 10 Feb 2011 | Build 733

vCenter Server 4.1.1 | 10 Feb 2011 | Build 345043

Last Document Update: 14 Mar 2011

Check frequently for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

Downloading and Installing VMware vCenter Orchestrator 4.1.1

You can install Orchestrator 4.1.1 only on 64-bit operating system platform. If you have downloaded and installed VMware vCenter Server 4.1.1, Orchestrator is already installed on your system and only needs configuration.

Read the VMware vCenter Orchestrator Installation and Configuration Guide for step-by-step guidance on configuring vCenter Orchestrator.

Upgrading to vCenter Orchestrator 4.1.1 and Migrating the Orchestrator Configuration Data

If you are running an earlier version of Orchestrator on a 32-bit platform, you can use the data migration tool included in the vCenter Server installation media to back up and restore the existing Orchestrator configuration settings.

Read the VMware vCenter Orchestrator Installation and Configuration Guide for step-by-step guidance on migrating the Orchestrator configuration settings.

If you have developed workflows, actions, plug-ins, policies, and so on using a previous version of Orchestrator, perform the following steps:

  1. Export packages of all the custom workflows, actions, policies, and so on, that you developed under the previous version of Orchestrator.
  2. Create a new instance of an empty database for Orchestrator 4.1.1.
  3. Install and Configure Orchestrator 4.1.1 by following the instructions of the VMware vCenter Orchestrator Installation and Configuration Guide.
  4. Connect Orchestrator 4.1.1 to the new Orchestrator database.
  5. Import the packages you exported from the older version of Orchestrator.

Top of Page

Internationalization (I18N) Support

vCenter Orchestrator 4.1.1 complies with I18N Level 1. Although Orchestrator is not localized, it can run on non-English operating systems and handle non-English text.

Functionality Caveats

This release provides experimental support for the following:

  • OpenLDAP
  • MySQL
  • PostrgreSQL

For details about enabling OpenLDAP and experimental database providers in the Orchestrator configuration, see Enabling Experimental Support for OpenLDAP, PostgreSQL, and MySQL in VMware vCenter Orchestrator.

Top of Page

How to Provide Feedback

Your active feedback is appreciated. Provide your feedback through:

  • Support Requests (SRs)
  • Orchestrator Discussion Forum

Support Requests

File all issues that you find as Support Requests (SRs), even if you report them to VMware by other means.

You can find the VMware Support's commitment to SRs filed by customers and instructions on how to file an SR at http://www.vmware.com/support/services/.

Experienced SR users can file support requests at http://www.vmware.com/support/sr/sr_login.jsp.

Use your registered VMware store account to log in.

Include log files in your SRs. To gather log files from Orchestrator:

  1. Go to the Orchestrator configuration interface at http://orchestrator_server_ip_address:8282.
  2. Log in with your username and password.
  3. Click Logs.
  4. Click Generate log report.
  5. Save the generated ZIP file.
  6. Upload the saved ZIP file to VMware Support.

For Orchestrator configuration issues, include an exported configuration file in your SRs. To export your configuration from the Orchestrator configuration interface:

  1. Go to the Orchestrator configuration interface at http://orchestrator_server_ip_address:8282.
  2. Log in with your username and password.
  3. Click General.
  4. Click the Export Configuration tab.
  5. Type your password and press Enter.
  6. Save the *.vmoconfig file.
  7. Upload the saved files to VMware Support.

Orchestrator Discussion Forum

View the Orchestrator forum at http://communities.vmware.com/community/vmtn/mgmt/orchestrator. Use your registered VMware store account to log in.

Top of Page

Prior Releases of vCenter Orchestrator

Features and issues from earlier releases of vCenter Orchestrator are described in the release notes for each release. To review release notes for earlier releases of vCenter Orchestrator, click one of the following links:

Top of Page

Resolved Issues

The following issues have been resolved in the Orchestrator 4.1.1 release:

  • Parent permissions are not propagated to a child object
    Parent permissions are not propagated to the following child objects:
    • ConfigurationElement
    • ConfigurationElementCategory
    • ResourceElement
    • ResourceElementCategory
    The correct parent objects are added to fix the issue in this release.
  • Orchestrator Configuration might not export or import the license configuration
    After you choose to use the vCenter Server license, the Orchestrator configuration interface might not export or import the license configuration. This issue occurs only when you import an Orchestrator configuration containing no license configuration.
  • The SSHSession object is upgraded
    In this release, the SSHSession object is upgraded and the following options are added to the object:
    • Attribute boolean pty
    • Attribute string terminal
    • Method addEnvironment(string key, string value).
  • The Remove snapshots of a given size workflow is updated
    The Remove snapshots of a given size workflow is updated so that only a datastore is searched instead the whole vCenter Server inventory. You can now select the snapshots to be deleted, too.
  • The Add host to cluster workflow has incorrect default port value for the host
    In the Add host to cluster workflow, the default value for the port of the host to be added is 902. However, the actual port at which a host connects to a cluster is 443, and the workflow cannot be completed. In this release, the default value for the port in the Add host to cluster workflow is updated to 443, and the workflow completes successfully.
  • Several workflow names are changed to improve user experience
    In this release, the following workflow names are changed:
    • Migrate virtual machine is changed to Migrate virtual machines with vMotion
    • Migrate virtual machines using vMotion/Storage vMotion is changed to Mass migrate virtual machines with vMotion
    • Quick virtual machine migration is changed to Quick migration of virtual machines
    • Storage vMotion is changed to Mass migrate virtual machines with Storage vMotion
  • XML documents saved by using the Orchestrator scripting API might cause errors when you open them in a browser or an XML editor
    This issue occurs when the XML document contains non-ASCII characters, because Orchestrator always saves the document in UTF-8 encoding.
    In this release, the scripting API is fixed to allow workflow developers to specify the encoding. If not specified, the scripting API saves the documents by using the default encoding.

Top of Page

Known Issues

The known issues in this Orchestrator release are grouped as follows:

Installation Issues

  • Orchestrator 4.1.1 standalone installer does not detect previous versions of Orchestrator and completes the installation process, creating a second Orchestrator instance
    If you have an Orchestrator 4.0.1 or 4.1 installation on a 64-bit server and you run the installer for Orchestrator 4.1.1 standalone, two Orchestrator instances are created. However, the upgrade to Orchestrator 4.1.1 is not successful, and you can run only the previous version of Orchestrator.

    Workaround: To install Orchestrator 4.1.1, perform the following steps:

    1. Export the existing configuration settings.
    2. Uninstall the Orchestrator instance.
    3. Install Orchestrator 4.1.1.
    4. Import the configuration settings.
  • Restarting vCO server service after reinstalling plug-ins adds Java exceptions to the logs
    In the Troubleshooting tab of the Orchestrator configuration interface, if you reinstall plug-ins by clicking Reset current version and then restart the Orchestrator server, several Java exceptions are written to the Orchestrator server logs.
  • Orchestrator registry keys remain after you uninstall Orchestrator by using Windows Control Panel
    If you uninstall Orchestrator using the Windows Control Panel, some Orchestrator registry entries are not removed.

    Workaround: To remove the Orchestrator entries manually:

    1. Click Start > Run.
    2. Type regedit and press Enter.
    3. In the Registry Editor, click File > Export to back up the current registry settings.
    4. Navigate to HKEY_LOCAL_MACHINE\SOFTWARE\VMware.
    5. Right-click the Orchestrator entries and select Delete.

Internationalization Issues

  • You might not be able to configure the LDAP settings if your LDAP password contains non-ASCII characters
    When you try to configure the LDAP settings in the Orchestrator configuration interface and the LDAP password that you enter contains non-ASCII characters, the process of configuring might fail with an error message of the type Unable to connect to LDAP Server. This issue appears under the following conditions:
    • When the LDAP password contains characters such as € and ÿ in German and French locales.
    • When the LDAP password contains any native characters in Japanese, Korean, and Simplified Chinese locales.
  • Problems handling non-ASCII characters in certain contexts
    Using non-ASCII characters in input parameters results in incorrect behavior in the following contexts:
    • If you run the SCP put or SCP get workflows from the SSH folder on a file with a name that contains non-ASCII characters, the workflow runs, but name of the resulting file on the destination machine is garbled.
    • If you try to insert non-ASCII characters into attribute names, the characters do not appear. The issue occurs for Web view attributes, workflow attributes and action attributes.

Configuration Issues

  • Orchestrator does not work with forest and external trusts in Active Directory

    Multiple domains that have a two-way trust, but are not in the same tree, are not supported and do not work with Orchestrator. The only configuration supported for multi-domain Active Directory is domain tree. Forest and external trusts are unsupported.

  • You might not be able to configure your server certificate in the Orchestrator Configuration interface
    If you attempt to import a server certificate with wrong values, you receive a validation message that your server certificate is not signed by a root authority.

    Workaround: If a you have never successfully added a server certificate, perform the following steps:

    1. Delete the vmo-keystore row from the Orchestrator database.
    2. Restart the Orchestrator configuration service.
    3. Import the server certificate.
    If you have previously imported a server certificate, delete the vmo_keystore row from the Orchestrator database and import the certificate again.
    If you have previously imported a server certificate, and backed up the certificate by exporting the certificate database, you can delete the vmo_keystore row, and import the certificate database. The default name of the certificate file is vmo-server.vmokeystore.
  • Support for TNSNames missing when you connect to an Oracle database
    You cannot use TNSNames to connect to an Oracle database. You can connect to an Oracle database using an IP address or a DNS name.

    Workaround: Add support for RAC and TNS configuration for Oracle 11g Database instances to vCenter Orchestrator (KB 1022828).

  • SSL certificate is lost when you import configuration from previous installation
    If you import the configuration of a previous installation into the 4.1.1 installation, the SSL certificate from the old installation is not loaded. In the Orchestrator configuration interface the Server Certificate tab shows a red triangle.

    Workaround: You must import the certificate manually.

  • Restricted access to vCenter Server inventory can cause errors if you set Session per user
    If you select the Session per user option in the vCenter Server tab of the configuration interface, accessing the vCenter Server inventory can result in some errors if the connected user has restricted access to inventory objects.
  • No error message is displayed on the Network tab of the Orchestrator configuration interface when a network port is already in use
    The Network configuration is saved successfully without errors even when the port numbers that you enter are already taken on your host.

    Workaround: Make sure the port numbers you enter on the Network tab are free.

Networking Issues

  • Loss of network connection to vCenter Server 4 can cause workflows to stop
    If Orchestrator loses the network connection to vCenter Server 4 while a workflow is running, and if the workflow attempts to access vCenter Server, that workflow stops and does not attempt to restart. Furthermore, the vCenter Server 4 plug-in flushes its cache if it loses the connection to vCenter Server. Consequently, when the Orchestrator server restarts, it fetches all running objects again from the vCenter Server rather than reloading them from the cache. Fetching the objects again can cause peaks in CPU usage, and increases the load on vCenter Server. An intermittent connection to vCenter Server causes frequent workflow failures. If the network connection to vCenter Server is intermittent, then constantly fetching the objects can consume vCenter Server memory, leading to drops in performance.

    Workaround: Ensure that the network connection to vCenter Server is stable.

Miscellaneous Issues

  • New: Security vulnerabilities in the Apache Struts version embedded in Orchestrator

    The following VMware vCenter Orchestrator (vCO) versions embed Apache Struts 2.0.11 or earlier:

    • vCenter Orchestrator 4.0
    • vCenter Orchestrator 4.0 Update 1
    • vCenter Orchestrator 4.0 Update 2
    • vCenter Orchestrator 4.1
    • vCenter Orchestrator 4.1 Update 1

    A remote security vulnerability that might allow unauthorized users to run code on the vCO system without authentication is reported for Apache Struts version 2.0.11 and earlier (http://struts.apache.org/2.2.1/docs/s2-005.html). The Common Vulnerabilities and Exposures project has assigned the name CVE-2010-1870 to this vulnerability.

    Apache Struts version 2.0.11 and earlier also contain vulnerabilities described at the following URLs:

    The vulnerabilities are classified as Important, according to the VMware Security Response Policy.

    Workaround: To resolve this issue, perform the steps described in Workarounds for vCenter Orchestrator Address Apache Struts Remote Code Execution Vulnerability (KB 1034175).
  • Some relations between objects in the vCenter Server plug-in are invalid
    Some of the relations between vCenter Server plug-in objects are invalid and search results might be empty. The list of the invalid relations is the following:
    • Type name: ResourcePool; Relation name: getNetwork_Network
    • Type name: ResourcePool; Relation name: getNetwork_DistributedVirtualPortgroup
    • Type name: VmFolder; Relation name: getResourcePool_ResourcePool
    • Type name: HostSystem; Relation name: getResourcePool_ResourcePool
    • Type name: HostSystem; Relation name: getResourcePool_VirtualApp
    You should not use these relations.
  • When you run a workflow asynchronously through JavaScript, the workflow parameters might be inconsistent
    When you run a workflow asynchronously through JavaScript, the workflow parameters might be inconsistent, and some of the properties might be null. For instance, if you run a workflow with an input parameter of the type VirtualMachine, when the workflow completes and you get the value of the input parameter from the WorkflowToken, the value of the name property is null.
    Workaround: Use Server.findForType() to refresh the instance of the workflow token. For example, you can use objWfToken = Server.findForType("WorkflowToken", objWfToken.id);.
  • You might not be able to add host to a cluster by running the Add host to cluster workflow
    You might not be able to add a host to a cluster by running the Add host to cluster workflow, because the authenticity of the SSL certificate of the host is not verified. If you try to add a host to a cluster by using the vSphere Client, the vSphere Client prompts you to accept the host certificate or to decline it. The task that the Add host to cluster workflow creates vCenter Server does not prompt for user interaction, and the workflow cannot be completed.
  • The weboperator Web view might not display the schema image of a workflow
    When you select a workflow in the weboperator Web view and click the Schema tab, the schema might not load.

    Workaround: Right-click the image thumbnail and select the option to view the picture. If the schema does not load, copy the o11n-application.jar and o11n-gui.jar from the Orchestrator client to the Orchestrator server. Perform the following steps:

    1. On the machine on which the Orchestrator client is installed, navigate to the installation directory and locate the o11n-application.jar and o11n-gui.jar files.
      The default path to the files is install_directory\VMware\Orchestrator\apps\lib.
    2. Copy the o11n-application.jar and o11n-gui.jar files and paste them to the o11n folder of the Orchestrator server installation directory.
      The default path is install_directory\VMware\Orchestrator\app-server\server\vmo\lib\o11n.

    3. Refresh the weboperator Web view. The schema is displayed.

  • When you add a Custom Decision element to a workflow, the Orchestrator client might shut down unexpectedly
    After installing the Orchestrator client on a Windows 7 64-bit machine, if you try to add a Custom Decision element to a workflow, the Orchestrator client might shut down unexpectedly without an error message. This issue occurs when you try to connect the Custom Decision element to the next element that should run in the workflow.
    Workaround: Perform the following steps:
    1. Connect the workflow element that must run before the Custom Decision element to the Custom Decision element.
    2. Connect the Custom Decision element to the next workflow element that you want to run.
  • Input parameters cannot be selected from some of the drop-down menus for the Decision workflow schema element
    You cannot define or edit the decision statement using the state equals or connectionState equal items. The possible input parameters are not visible on the Decision tab of the Decision schema element.

    Workaround: Use a Custom Decision schema element.

  • Importing a package using the Orchestrator client fails occasionally
    Occasionally, importing a package using the Orchestrator client results in the error Unable to import a certificate, reason : Unable to save keystore.

    Workaround: Close the error message and attempt the import again.

  • The Used plug-ins tab in the Orchestrator client does not appear at all or does not list the plug-ins associated with the selected package
    You cannot check dependencies between packages because the Used plug-ins tab is either not displayed or not populated with the list of associated plug-ins. If the tab is not displayed and the Orchestrator client is not refreshed, you must click another tab or view.
  • The Orchestrator client stops responding if you use the Used plug-ins tab in edit mode
    When you attempt to insert or remove associated plug-ins on the Used plug-ins tab, the Orchestrator client stops responding.

    Workaround: Restart the Orchestrator client.

  • The Revert option for the parameters table on the Scripting tab of the Edit Actions view does not revert to the last saved state
    When you add a parameter to an action script, you cannot remove it using the Revert option.

    Workaround: Right-click the parameter and click Delete Selected.

  • Characters are accepted as the input value for workflow attributes of number type
    Format validation has been disabled on workflow attributes that are of the number type. Invalid input values are accepted without any warning, and workflows are saved successfully, which can lead to unpredictable results.
  • Changes to input parameter descriptions are not propagated to the presentation
    If you change the description of an input parameter for a workflow, the change is not propagated to the description in the presentation.

    Workaround: Copy the description to the presentation manually.

  • The Convert disks to thin provisioning workflow does not handle virtual machines with snapshots correctly and does not convert the thick-provisioned disks
    On completion, the Convert disks to thin provisioning workflow reports that the thick-provisioned disks of virtual machines with snapshots are successfully converted to thin-provisioned, when they are actually not.

    Workaround: Do not include virtual machines with snapshots in the workflow.

  • Windows Server 2008 automatically renames VMOAPP and DAR files to ZIP causing the application installation and plug-in upload in the Orchestrator configuration interface to fail
    If you are running Orchestrator on Windows Server 2008, the extension of the archives you download is automatically changed to ZIP. When you are installing an application or uploading a plug-in by using the Orchestrator configuration interface, you must use a VMOAPP or DAR file.

    Workaround: Change the ZIP extension back to either VMOAPP or DAR to use the downloaded archive in the Orchestrator configuration interface.

  • Repeatedly publishing and unpublishing Web views can cause memory issues
    Publishing and unpublishing of Web views restarts the Tapestry framework, which regenerates new meta-class information without cleaning up the previous meta-class information. Publishing and unpublishing a Web view by repeatedly calling the methods Webview.enable() and Webview.disable() in a loop in scripts can consume large quantities of memory and eventually leads to performance issues.
  • Adding values to vCenter Server data object properties of type Array is impossible
    When Orchestrator runs scripts, the vCenter Server 4.1 plug-in converts JavaScript arrays to Java arrays of a fixed size. As a consequence, you cannot add new values to vCenter Server data objects that take arrays as property values. You can create an object that takes an array as a property if you instantiate that object by passing it a pre-filled array. However, after you have instantiated the object, you cannot add values to the array.

    For example, the following code does not work:

    var spec = new VcVirtualMachineConfigSpec();
    spec.deviceChange = [];
    spec.deviceChange[0] = new VcVirtualDeviceConfigSpec();
    System.log(spec.deviceChange[0]);

    In the above code, Orchestrator converts the empty spec.deviceChange JavaScript array into the fixed-size Java array VirtualDeviceConfigSpec[] before it calls setDeviceChange(). When calling spec.deviceChange[0] = new VcVirtualDeviceConfigSpec(), Orchestrator calls getDeviceChange() and the array remains a fixed, empty Java array. Calling spec.deviceChange.add() results in the same behavior.

    Workaround: Declare the array as a local variable, as follows:

    var spec = new VcVirtualMachineConfigSpec();
    var deviceSpec = [];
    deviceSpec[0] = new VcVirtualDeviceConfigSpec();
    spec.deviceChange = deviceSpec;
    System.log(spec.deviceChange[0]);

  • Workflow input parameters of type SecureString cannot take a null value
    You cannot start a workflow with a null value if that workflow takes a SecureString as an input parameter, unless you start the workflow from within another workflow. If you start a workflow with a null value when that workflow takes a SecureString as an input parameter, the server loads attributes from the cache rather than from the Orchestrator database, resulting in a null input parameter. If you then change the workflow state to passive by implementing a long-running workflow element, the attributes are reloaded from the database, converting the null value into an empty string. This is the only way you can use a null value to start a workflow that requires a SecureString input parameter.

Top of Page