VMware vCenter Orchestrator 4.1.3
vCenter Orchestrator 4.1.3 | 30 Aug 2012 | Build 15
Check frequently for additions and updates to these release
What's in the Release NotesThe release notes cover the following
Downloading and Installing VMware vCenter Orchestrator 4.1.3
You can install Orchestrator 4.1.3 only on a 64-bit operating system
platform. If you have downloaded and installed VMware vCenter Server
4.1.3, Orchestrator is already installed on your system and only needs
For more information about configuring vCenter Orchestrator see VMware vCenter Orchestrator Installation and
Upgrading to vCenter Orchestrator 4.1.3 and Migrating the Orchestrator
If you are running an earlier version of Orchestrator on a 32-bit
platform, you can use the data migration tool included in the vCenter
Server installation media to back up and restore the existing Orchestrator
See the VMware vCenter Orchestrator Installation and
Configuration Guide for step-by-step guidance on migrating the
Orchestrator configuration settings.
If you have developed workflows, actions, plug-ins, policies, and so on
using an earlier version of Orchestrator, perform the following steps:
- Export packages of all the custom workflows, actions, policies, and
so on, that you developed under the earlier version of Orchestrator.
- Create a new instance of an empty database for Orchestrator 4.1.3.
- Install and Configure Orchestrator 4.1.3 by following the
instructions of the VMware vCenter Orchestrator Installation and
- Connect Orchestrator 4.1.3 to the new Orchestrator database.
- Import the packages you exported from the older version of
Internationalization (I18N) Support
vCenter Orchestrator 4.1.3 complies with I18N Level 1. Although
Orchestrator is not localized, it can run on non-English operating systems
and handle non-English text.
This release provides experimental support for the following:
For details about enabling OpenLDAP and experimental database providers
in the Orchestrator configuration, see Enabling Experimental Support for OpenLDAP, PostgreSQL,
and MySQL in VMware vCenter Orchestrator.
How to Provide Feedback
Your active feedback is appreciated. Provide your feedback through the following channels:
- Support Requests (SRs)
- Orchestrator Discussion Forum
File all issues that you find as Support Requests (SRs), even if you
report them to VMware by other means.
You can find the VMware Support's commitment to SRs filed by customers
and instructions on how to file an SR at http://www.vmware.com/support/services/.
Experienced SR users can file support requests at http://www.vmware.com/support/sr/sr_login.jsp.
Use your registered VMware store account to log in.
Include log files in your SRs. To gather log files from
- Go to the Orchestrator configuration interface at
- Log in with your user name and password.
- Click Logs.
- Click Generate log report.
- Save the generated ZIP file.
- Upload the saved ZIP file to VMware Support.
For Orchestrator configuration issues, include an exported
configuration file in your SRs. To export your configuration from the
Orchestrator configuration interface:
- Go to the Orchestrator configuration interface at
- Log in with your user name and password.
- Click General.
- Click the Export Configuration tab.
- Type your password and press Enter.
- Save the
- Upload the saved files to VMware Support.
Orchestrator Discussion Forum
View the Orchestrator forum at http://communities.vmware.com/community/vmtn/mgmt/orchestrator.
Use your registered VMware store account to log in.
Earlier Releases of vCenter Orchestrator
Features and issues from earlier releases of vCenter Orchestrator are
described in the release notes for each release. To review release notes
for earlier releases of vCenter Orchestrator, click one of the following
The known issues in this Orchestrator release are grouped as
Installation and Upgrade Issues
- Orchestrator 4.1.3 standalone installer does not detect earlier versions of Orchestrator and completes the installation process, creating a second Orchestrator instance
If you have
an Orchestrator 4.0.1 or 4.1 installation on a 64-bit server and you run
the installer for Orchestrator 4.1.3 standalone, two Orchestrator
instances are created. However, the upgrade to Orchestrator 4.1.3 is not
successful, and you can run only the earlier version of Orchestrator.
Workaround: To install Orchestrator 4.1.3, perform
the following steps:
- Export the existing configuration settings.
- Uninstall the Orchestrator instance.
- Install Orchestrator 4.1.3.
- Import the configuration settings.
- After you upgrade to Orchestrator 4.1.3, you can log in to the Orchestrator configuration interface with the default password
If you change the default password in Orchestrator 4.0.x or 4.1.x configuration interface and you upgrade Orchestrator to version 4.1.3, your password is reset and you must use the default password to log in to the Orchestrator instance.
- You cannot install Orchestrator in a custom location containing underscore in the path name
When you install Orchestrator 4.1.3, both with the vCenter Server installer or with the standalone installer, you can select to install Orchestrator in a custom location. If the custom installation path you select contains underscore characters, the installation fails.
Workaround: Use custom installation paths without underscore characters.
- Restarting the Orchestrator server service after reinstalling plug-ins
adds Java exceptions to the logs
Troubleshooting tab of the Orchestrator configuration
interface, if you reinstall plug-ins by clicking Reset current
version and then restart the Orchestrator server, several Java
exceptions are written to the Orchestrator server logs.
- Orchestrator registry keys remain after you uninstall
Orchestrator by using Windows Control Panel
If you uninstall
Orchestrator using the Windows Control Panel, some Orchestrator registry
entries are not removed.
Workaround: To remove the Orchestrator entries
- Click Start > Run.
regedit and press Enter.
- In the Registry Editor, click
File > Export to back up the
current registry settings.
- Navigate to
- Right-click the Orchestrator entries and select
- You might not be able to configure the LDAP settings if your
LDAP password contains non-ASCII characters
When you try to
configure the LDAP settings in the Orchestrator configuration interface
and the LDAP password that you type contains non-ASCII characters, the
process of configuring might fail with an error message of the type
Unable to connect to LDAP Server. This issue appears under
the following conditions:
- When the LDAP password contains characters such as and ÿ in
German and French locales.
- When the LDAP password contains any native characters in Japanese,
Korean, and Simplified Chinese locales.
- Problems handling non-ASCII characters in certain
Using non-ASCII characters in input parameters
results in incorrect behavior in the following contexts:
- If you run the SCP put or SCP get workflows from the SSH folder on
a file with a name that contains non-ASCII characters, the workflow
runs, but name of the resulting file on the destination machine is
- If you try to insert non-ASCII characters into attribute names,
the characters do not appear. The issue occurs for Web view
attributes, workflow attributes, and action attributes.
- Orchestrator does not work with forest and external trusts in Active Directory
Multiple domains that have a two-way trust, but are not in the same tree, are not supported and do not work with Orchestrator. The only configuration supported for multi-domain Active Directory is domain tree. Forest and external trusts are unsupported.
- Windows XP SP2 and earlier cannot connect to Orchestrator 4.1.3
Orchestrator does not allow connecting with Windows XP SP2 and earlier, because of restrictions in the SSL cipher suites that can be used.
Workaround: Upgrade to Windows XP SP3.
- SSL server certificate is overwritten if no new SSL server certificate has been installed
When you upgrade to Orchestrator 4.1.3, the SSL server certificate is overwritten in case you have not created a new self-signed certificate, or if you have not installed a certificate signed by a Certificate Authority. The certificate is overwritten with a newly generated certificate. For more information about replacing and installing certificates, see the VMware vCenter Orchestrator Installation and Configuration Guide.
- You might not be able to configure your server certificate
in the Orchestrator Configuration interface
If you attempt
to import a server certificate with wrong values, you receive a
validation message that your server certificate is not signed by a root
Workaround: If a you have never successfully added a
server certificate, perform the following steps:
If you have previously imported a server certificate, and backed up the
certificate by exporting the certificate database, you can delete the
- Delete the
vmo-keystore row from the Orchestrator
- Restart the Orchestrator configuration service.
- Import the server certificate.
vmo_keystore row, and import the certificate database. The
default name of the certificate file is
If you have previously imported a server certificate, delete the
from the Orchestrator database and import the certificate again.
- Support for TNSNames missing when you connect to an Oracle
You cannot use TNSNames to connect to an Oracle
database. You can connect to an Oracle database using an IP address or a
Workaround: Add support for RAC
and TNS configuration for Oracle 11g Database instances to vCenter
Orchestrator (KB 1022828).
- SSL certificate is lost when you import configuration from
If you import the configuration of a
previous installation into the Orchestrator 4.1.3 installation, the SSL certificate
from the old installation is not loaded. In the Orchestrator
configuration interface the Server Certificate tab
shows a red triangle.
Workaround: You must import the certificate
- Restricted access to vCenter Server inventory might cause
errors if you set Session per user
If you select the
Session per user option on the vCenter
Server tab of the configuration interface, accessing the
vCenter Server inventory might result in some errors if the connected user
has restricted access to inventory objects.
- No error message is displayed on the Network tab of the
Orchestrator configuration interface when a network port is already in
The network configuration is saved successfully without
errors even when the port numbers that you set are already in use on
Workaround: Make sure the port numbers you enter on
the Network tab are free.
- When you add a Custom Decision element to a workflow, the
Orchestrator client might shut down unexpectedly
installing the Orchestrator client on a Windows 7 64-bit machine, if you
try to add a Custom Decision element to a workflow, the Orchestrator
client might shut down unexpectedly without an error message. This issue
occurs when you try to connect the Custom Decision element to the next
element that should run in the workflow.
Workaround: Perform the following steps:
- Connect the workflow element that must run before the Custom
Decision element to the Custom Decision element.
- Connect the Custom Decision element to the next workflow element
that you want to run.
- Importing a package using the Orchestrator client fails
Occasionally, when your database is a MySQL database, importing a package using the
Orchestrator client results in the error
Unable to import a
certificate, reason : Unable to save keystore.
Workaround: Close the error message and attempt the
- The Used plug-ins tab in the Orchestrator client does not
appear at all or does not list the plug-ins associated with the selected
You cannot check dependencies between packages
because the Used plug-ins tab is either not displayed
or not populated with the list of associated plug-ins. If the tab is not
displayed and the Orchestrator client is not refreshed, you must click
another tab or view.
- The Orchestrator client stops responding if you use the Used
plug-ins tab in edit mode
When you attempt to insert or
remove associated plug-ins on the Used plug-ins tab,
the Orchestrator client stops responding.
Workaround: Restart the Orchestrator client.
- The Revert option for the parameters table on the Scripting
tab of the Edit Actions view does not revert to the last saved
When you add a parameter to an action script, you
cannot remove it using the Revert option.
Workaround: Right-click the parameter and click
- Characters are accepted as the input value for workflow
attributes of number type
Format validation has been
disabled on workflow attributes that are of the number type. Invalid
input values are accepted without any warning, and workflows are saved
successfully, which might lead to unpredictable results.
- Changes to input parameter descriptions are not propagated
to the presentation
If you change the description of an
input parameter for a workflow, the change is not propagated to the
description in the presentation.
Workaround: Copy the description to the presentation
- The Convert disks to thin provisioning workflow does not
handle virtual machines with snapshots correctly and does not convert
the thick-provisioned disks
On completion, the Convert disks
to thin provisioning workflow reports that the thick-provisioned disks
of virtual machines with snapshots are successfully converted to
thin-provisioned, when they are actually not.
Workaround: Do not include virtual machines with
snapshots in the workflow.
- Windows Server 2008 automatically renames VMOAPP and DAR
files to ZIP causing the application installation and plug-in upload in
the Orchestrator configuration interface to fail
If you are
running Orchestrator on Windows Server 2008, the extension of the
archives you download is automatically changed to ZIP. When you are
installing an application or uploading a plug-in by using the
Orchestrator configuration interface, you must use a VMOAPP or DAR file.
Workaround: Change the ZIP extension back to either
VMOAPP or DAR to use the downloaded archive in the Orchestrator
- Repeatedly publishing and unpublishing Web views might cause
Publishing and unpublishing of Web views
restarts the Tapestry framework, which regenerates new meta-class
information without cleaning up the previous meta-class information.
Publishing and unpublishing a Web view by repeatedly calling the methods
Webview.disable() in a
loop in scripts might consume large quantities of memory and eventually
leads to performance issues.
- Adding values to vCenter Server data object properties of
type Array is impossible
When Orchestrator runs scripts, the
a fixed size. As a consequence, you cannot add new values to vCenter
Server data objects that take arrays as property values. You can create
an object that takes an array as a property if you instantiate that
object by passing it a pre-filled array. However, after you have
instantiated the object, you cannot add values to the array.
For example, the following code does not work:
var spec = new
spec.deviceChange = new
In the above code, Orchestrator converts the empty
VirtualDeviceConfigSpec before it calls
setDeviceChange(). When calling
= new VcVirtualDeviceConfigSpec(), Orchestrator calls
getDeviceChange() and the array remains a fixed, empty Java
array. Calling s
pec.deviceChange.add() results in the same
Workaround: Declare the array as a local variable,
var spec = new VcVirtualMachineConfigSpec();
deviceSpec = new
- Workflow input parameters of type SecureString cannot take a
You cannot start a workflow with a null value if
that workflow takes a
SecureString as an input parameter,
unless you start the workflow from within another workflow. If you start
a workflow with a null value when that workflow takes a
SecureString as an input parameter, the server loads
attributes from the cache rather than from the Orchestrator database,
resulting in a null input parameter. If you then change the workflow
state to passive by implementing a long-running workflow element, the
attributes are reloaded from the database, converting the null value
into an empty string. This is the only way you can use a null value to
start a workflow that requires a
- Workflow fails and an error message is displayed
LockingSystem.lockAndWait() API method is called with parameters exceeding 100 characters in length, the current workflow run fails and displays one of the following error messages
Lock id must be not null and no longer than 100 characters
Owner must be not null and no longer than 100 characters
Workaround: Reduce the parameter length using a hash of the original parameter (SHA-1, SHA-256, or MD5)
- HTML tags used in workflow presentation descriptions or names are not rendered in Web views
HTML tags used in workflow presentation descriptions or names are not rendered in Web views. This is a security fix preventing potential cross-scripting exploits.