VMware vCloud Automation Center® 6.0.1 Release Notes

vCloud Automation Center 6.0.1 | 13 FEB 2014 | Build 1569764

What's in the Release Notes

The release notes cover the following topics:

What's New

The 6.0.1 release contains several fixes to release 6.0. What's New information for release 6.0 is available in the vCloud Automation Center 6.0 Release Notes.

System Requirements and Installation

For information about supported host operating systems, databases, and Web servers, see the vCloud Automation Center Support Matrix.

The 6.0.1 installation executable available on the vCloud Automation Center product download page is intended to be installed as a new deployment. If you intend to deploy 6.0.1 as an upgrade to your 6.0 virtual appliance, the patch upgrade executables and upgrade instructions are available from your virtual appliance. When you log in to your 6.0 deployment, you are informed that an upgrade is available. If you confirm the request to continue, you are redirected to the 6.0.1 upgrade page. For information about upgrading from vCloud Automation Center 6.0 to 6.0.1, including the necessary sequential order of patch installations, see Upgrading vCloud Automation Center from 6.0 to 6.0.1.

Important: If you are using vCloud Automation Center with VMware Application Director or VMware IT Business Management Standard Edition, you must ensure that all products are at the same patch level. Install the vCloud Automation Center upgrade before you install upgrades for Application Director or IT Business Management Standard Edition. For details, see Upgrading vCloud Automation Center from 6.0 to 6.0.1.

For additional prerequisites and installation instructions, see vCloud Automation Center Installation and Configuration.


To access the full set of vCloud Automation Center 6.0.1 documentation, see VMware vCloud Automation Center Documentation.

Known Issues

The following known issues have been discovered through rigorous testing and will help you understand some behavior you might encounter in this release. This section lists known issues for release 6.0.1. Known issues from release 6.0 that have been resolved in release 6.0.1 are listed in the What's Been Fixed section of this document. Known issues from vCloud Automation Center 6.0 apply to vCloud Automation Center 6.0.1.

  • Unable to differentiate between the different destroy approval policies
    After navigating to Administration > Approval Policies and clicking + icon, the different destroy action approval policy types are not classified according to the type of the endpoint.
    Workaround: Perform the following steps.
    1. Login to the vCloud Automation Center appliance.
    2. Run the following queries on the PostgreSQL database of vCloud Automation Center.

    3. update approvalpolicytype set name='Service Catalog - Resource Action Request (Destroy vCD vApp)' where description = 'Destroy a vCloud Director vApp.';
      update approvalpolicytype set name='Service Catalog - Resource Action Request (Destroy Virtual Machine)' where description = 'Destroy a virtual machine.';
      update approvalpolicytype set name='Service Catalog - Resource Action Request (Destroy Multi-Machine)' where description = 'Destroy a multi-machine service.';
      update approvalpolicytype set name='Service Catalog - Resource Action Request (Destroy Cloud Machine)' where description = 'Destroy a cloud machine.';

  • Order of upgrade for vCloud Automation Center and Application Director or IT Business Management, Standard Edition
    If you are using vCloud Automation Center with VMware Application Director or VMware IT Business Management Standard Edition, you must ensure that all products are at the same patch level. Install the vCloud Automation Center upgrade before you install upgrades for Application Director or IT Business Management Standard Edition.

  • Modifications made to postgresql.conf are lost after upgrade to 6.0.1
    Any modifications that you have made to the storage/db/pgdata/postgresql.conf file will be lost when upgrading from 6.0 to 6.0.1. Only the VA on which the database is installed will be able to access it by using the localhost.

    Workaround: Make a copy of the postgresql.conf prior to upgrading from 6.0 to 6.0.1 and recreate it after upgrade. After you have recreated the file, restart postgres.

  • Names of custom menu operations display incorrectly on Entitlements page and Actions menu
    When you register a new menu operation that was created by using vCloud Automation Center Designer, the display name for the new menu option appears in the Blueprint page, but the workflow name (for example, WF Machine Menu 1), rather than the display name, appears in the Entitlements page and the Actions menu in the catalog.

  • vCloud Automation Center does not support multiple hosts in the system with the same name
    Data collection updates hosts based upon the host name. If two endpoints have identically named hosts, there will be contention between the endpoints over ownership of the host.

    Workaround: Ensure that all host names are unique.
  • Advanced Service Designer conditions are not applied to or triggered for fields that contain a defined default value
    When creating a conditional constraint between fields in Advanced Service Designer, the constraint is not triggered if there is a defined default value to be used when none of the conditions is met. Because of this, some auto-calculated fields are not populated with their expected values. This behavior manifests somewhat differently depending on whether a field is added in the vCloud Orchestrator presentation or in Advanced Service Designer.

    • Conditions added over fields from vCloud Orchestrator presentation:
      Conditions with specified default value are not applied to fields. When a set of expressions are specified as condition for a field parameter, they won't take an effect if default value is defined for use in case none of expressions is met.
      Workaround: Set the conditional constraint directly in the vCloud Orchestrator presentation.

    • Conditions added over fields that are created in Advanced Service Designer:
      Conditions are not triggered if the vCloud Orchestrator presentation has not dependent fields. When creating a conditional constraint between Advanced Service Designer added fields they will take an effect only if the vCloud Orchestrator presentation has dependent fields.
      Workaround: Create the fields and their conditional constraint directly in the vCloud Orchestrator presentation.

  • For machines provisioned by vCloud Automation Center, an Advanced Service Designer resource action can only be attached for vSphere and vCloud Director vApps machines
    In Advanced Service Designer, service architects can expose vCenter Orchestrator workflows as catalog items. They can also create resource actions to define the post-provisioning actions that the consumers of the catalog items can perform on the items they provision, as well as on provisioned vSphere virtual machines and vCloud Director vApps and machines inside vApps. For related information, see Create and Publish an Action to Take a Snapshot in the Advanced Service Design guide.

  • Logging in as the IaaS administrator with incorrect UPN format credentials fails with no explanation
    If you attempt to log in to vCloud Automation Center as an IaaS administrator with UPN credentials that do not include the @yourdomain portion of the user name, you are logged out of SSO immediately and redirected to the login page with no explanation.

    Workaround: The UPN entered must adhere to a yourname.admin@yourdomain format, for example if you log in using jsmith.admin@sqa.local as the user name but the UPN in the Active Directory is only set as jsmith.admin, the login will fail. To correct the problem change the userPrincipalName value to include the needed @yourdomain content and retry login. In this example the UPN name should be jsmith.admin@sqa.local. This information is provided in the log file in the log/vcac folder.

  • Chrome browser incorrectly handles comma symbol when used as a decimal delimiter
    When working in a locale in which the comma symbol, rather than the period symbol, is used as a decimal value delimiter, Chrome browsers incorrectly parse numeric values that contain decimals.

    Workaround: To avoid this problem, do not use a comma symbol as a decimal value delimiter or else use a different and supported browser.

  • After patch upgrade, machines might need to be re-entitled
    When the 6.0.1 upgrade is installed, the entitlement for the action Connect by Using Virtual Desktop is removed for virtual machines.

    Before you install 6.0.1, note places where this entitlement is used and use that list to re-entitle actions after version 6.0.1 is installed. The entitlement can be restored by a tenant administrator or business group manager. For more information, see the Installation and Configuration guide.

  • The message displayed when a VM import fails is ambiguous
    When a business group manager with fabric administrator rights attempts to import a machine and if there is a failure during import, the machine will not be deleted from the hypervisor. However, the user events would say "Machine name: has been destroyed!". In this situation, the machine is only destroyed in vCloud Automation Center; the VM remains viable on the hypervisor.
  • Updated endpoint configuration workflows package available for Advanced Service Designer
    An updated com.vmware.asd.endpoints.configuration.package is supplied, and needed, for Advanced Services Designer with vCloud Automation Center 6.0.1. The package contains updated endpoint configuration workflows. For an embedded vCenter Orchestrator, the configuration package is automatically applied on the vCenter Orchestrator during upgrade. If a new external vCenter Orchestrator is added after upgrade, the correct version of the package is automatically imported. However, for all external vCenter Orchestrators, you must upload the package manually to the vCenter Orchestrator after saving the server configurations. The version value for each workflow in the package is of a higher incremental value than the workflows supplied in vCloud Automation Center 6.0.

    Workaround: For all external vCenter Orchestrators (configured before upgrade), manually save the current configuration after upgrade completion; the new package version is automatically uploaded. Log in to the tenant as a tenant administrator and select Administration > Advanced Services > Server Configuration. If the Use an external Orchestrator server option is selected, click Update.

  • Number maximum value and String maximum length conditions are not populated from vCenter Orchestrator in the Advanced Service Designer form
    When a service architect creates a blueprint form in Advanced Service Designer and loads a vCenter Orchestrator workflow that contains either a number field with an associated maximum value condition or a string field with an associated maximum length condition, the restrictions applied to these fields do not appear in the Constraints tab on the blueprint.

    Workaround: The service architect should re-enter the constraints manually as follows:

    1. Click the Edit option for the input parameter.
    2. Click the Constraints tab.
    3. Insert a restriction for the Maximum value: (for a number parameter) or Maximum length: (for a string parameter) options.
  • Upgrading from vCloud Automation Center 6.0 to 6.0.1 resets the specified external vCenter Orchestrator to the embedded vCenter Orchestrator
    When the system administrator (administrator@vsphere.local) configures an external vCenter Orchestrator, the configuration is erroneously reset to the embedded vCenter Orchestrator after the upgrade process completes.

    Workaround: Reconfigure the vCenter Orchestrator configuration after upgrade to enable the correct external vCenter Orchestrator.

  • Opening the Infrastructure tab fails when the administrator is a member of several hundred groups
    When using Active Directory and SSO, an IaaS administrator who is a member of many groups might be unable to display the Infrastructure tab. Attempting to do so may yield one of the following errors:
    • Bad Request - Request Too Long - HTTP Error 400. The size of the request headers is too long.
    • Service Unreachable - A required service cannot be reached at the expected address. Contact your system administrator for assistance. Reference error REPO404.

  • Workaround: The resolution is to increase the token limitations as in the following example.

    1. Determine and set the maximum Kerberos token size. To determine the correct Kerberos maximum token size for your deployment, use the following guideline:

    Kerberos MaxTokenSize = 1200 + 40d + 8s (bytes)

    This formula uses the following values:

    • d -- The number of domain local groups a user is a member of plus the number of universal groups outside the user's account domain that the user is a member of plus the number of groups represented in security ID (SID) history.
    • s -- The number of security global groups that a user is a member of plus the number of universal groups in a user's account domain that the user is a member of.
    • 1200 -- The estimated value for ticket overhead. This value can vary depending on factors such as DNS domain name length and client name.

    2. Determine if you need to modify the registry entry. If the token size that you calculate by using the above formula is less than 12,000 bytes (default size), you do not have to modify the MaxTokenSize registry value on domain clients. If the value is more than 12,000 bytes, adjust the MaxTokenSize registry value (reference http://support.microsoft.com/kb/263693). If you need to change the Kerberos MaxTokenSize value, modify the following registry entry:

    MaxTokenSize, REG_DWORD,
    <value> (the recommended value for the MaxTokenSize registry entry is 65535 decimal or FFFF hexadecimal)

    3. Determine and set the correct HTTP maximum request size for your deployment by using the following guideline, where T is the Kerberos MaxTokenSize as set above:

    MaxFieldLength = (4/3 * T bytes) + 200
    MaxRequestBytes = (4/3 * T bytes) + 200

    Set MaxFieldLength and MaxRequestBytes to the calculated values, as in the following example where they are set to the permitted maximum value:

    MaxFieldLength DWORD 65534
    MaxRequestBytes DWORD 16777216

    For related information about issues with Kerberos authentication when a user belongs to many groups, see the following support notes:

  • Email template customization behavior has changed and extraneous templates are unusable
    In vCloud Automation Center 6.0 or later, only notifications generated by the IaaS component can be customized by using the email template functionality from earlier versions.

    Workaround: You can use the following XSLT templates:

    • ArchivePeriodExpired
    • EpiRegister
    • EpiUnregister
    • LeaseAboutToExpire
    • LeaseExpired
    • LeaseExpiredPowerOff
    • ManagerLeaseAboutToExpire
    • ManagerLeaseExpired
    • ManagerReclamationExpiredLeaseModified
    • ManagerReclamationForcedLeaseModified
    • ReclamationExpiredLeaseModified
    • ReclamationForcedLeaseModified
    • VdiRegister
    • VdiUnregister

    These templates are located in the \Templates directory under the server installation directory, typically %SystemDrive%\Program Files x86\VMware\vCAC\Server. The \Templates directory also includes XSLT templates that are no longer supported. These templates cannot be modified and will be removed from the directory in a future release. For more information about configuring notifications, see Configuring Notifications in VMware vCloud Automation Center Documentation.

  • Requirement for .NET 4.5 does not extend to .NET 4.5.1
    .NET 4.5.1 is not currently supported. While system requirements state that .NET 4.5 is required, they should also explicitly state that vCloud Automation Center release 6.0 and 6.0.1 do not support .NET 4.5.1.

  • Access to embedded vCloud Orchestrator server impacted by changes to its administration group
    When the administration group of the embedded vCloud Orchestrator server is changed, the server can no longer be used in embedded mode.

  • Workaround:Use basic authentication to configure the vCloud Orchestrator server as an external server.

  • IP ranges in routed network profiles are listed as allocated when no IP addresses are in use
    If a multi-machine blueprint contains the routed external network profile but not an assignment for the routed network to component network adapters, machines will provision successfully but an IP range from the routed network profile will be allocated and not actually in use.

  • Approval requests result in an error when the approver is not a member of any business group or is a member of a different business group
    If an approval request is sent to a user who is not a member of the same business group as the requester, or is not a member of any business group, an Exception has been thrown error occurs when the approver clicks View Request on the Approval page. However, the approver should be able to see the request.
  • Workaround: Ensure that the approver has a manager, support, or user role assignment in the same business group as that of the requester.

  • Unable to dispose of multi-machine service when orphaned NSX edge is using network
    If an NSX edge is not registered in the vCloud Automation Center environment (probably due to an NSX error), and if that edge is using the external network associated with the routed gateway of a multi-machine service, then an attempt to dispose of that service will fail with multiple AppServiceDisposeVM workflow timeouts.

  • Workaround: Delete the orphaned edge in the NSX environment. After you delete the edge, all AppServiceDisposeVM workflows complete and the multi-machine service is destroyed.

  • The guest agent does not check for a certificate if a PEM file already exists in the VRMGuestAgent directory
    By design, a guest agent does not check for certificates if a PEM file exists nor does it refresh the certificates in the PEM file. This is to ensure that the Guest Agent only takes work items from a trusted source.

    There are 2 options for configuring which server the guest agent trusts:

    1. The most secure option is for the administrator to populate the trusted PEM manually by putting the PEM of the trusted certificate in the template with the guest agent. If the server certificate changes for any reason (for example the old one expired, hostnames changed, or the original certificate was invalid) the administrator can manually rebuild the template with the PEM of the new trusted certificate.
    2. A more flexible, but less secure option, is for an administrator to allow the guest agent to automatically populate the trusted PEM on first use. To do this, the administrator would create a template with no PEM files in the VRMGuestAgent directory. The first time the guest agent starts, it downloads the certificate from the server it was configured to connect with and stores the resulting PEM in the VRMGuestAgent directory. Subsequently it will only accept work items from that server. If the server certificate expires, changes, or the agent was configured for the wrong server, new instances of the template will obtain the latest certificate from the server and always trust the first system they connect with.

    Note that if you test your guest agent before creating the template, you must delete the downloaded PEM file from the VRMGuestAgent directory before creating the template to obtain the behavior of option 2. Otherwise the template will be created to only trust the server you tested against because it will have downloaded the PEM from that server.

What's Been Fixed

The following issues have been resolved in vCloud Automation Center release 6.0.1:

  • Error during import leads to data loss and machines being destroyed in vCenter
    When importing VMs into vCloud Automation Center, VMs are destroyed in the hypervisor when there is a failure during import. This issue causes high levels of data loss.
    This issue has been resolved with release 6.0.1. For more information, see KB article 2066200.

  • Incorrect currency symbol appears on Cost Profiles page under Infrastructure tab
    The currency symbol will always be the currency symbol used by the operating system (OS) of the server machine. For example, if the server machine is running a Chinese OS it uses the Chinese OS currency symbol. Similarly, a server machine running a Japanese OS uses the Japanese OS currency symbol. The currency symbol does not change with the browser settings.
    This issue has been resolved.

  • IaaS Configuration for Virtual Platforms release 6.0 guide contains misleading information about installing the Guest Agent using vcac_fqdn
    Because of a documentation error, installing the guest agent using vcac_fqdn fails because the manager service is located on the IaaS server and not the vCloud Automation Center appliance. The following correction was made to the Install the Guest Agent on a Windows Machine and Install the Guest Agent on a Linux Machine topics in the release 6.0.1 IaaS Configuration for Virtual Platforms guide:

    Changed from:
    Configure the guest agent by running the following command in an elevated command prompt:
    winservice -i -h vcac_fqdn[:portnumber -p ssl]

    Changed to:
    Configure the guest agent to communicate with the Manager Service by running the following command in an elevated command prompt:
    winservice -i -h Manager_Service_Hostname_fdqn[:portnumber -p ssl]

    Note: If you have already installed with vcac_fdqn, you must first delete the contents of the file VRMGuestAgent\certificate.pem before reinstalling.
    This documentation issue has been resolved.

  • Cannot configure load balancer VIP with an external network profile
    In vCloud Automation Center release 6.0, you could not use an external network profile for a network adapter of a component machine if that network adapter had load balancing enabled for it. This was corrected in vCloud Automation Center release 6.0.1 such that you can use an external network profile on an adapter that has load balancing enabled if the following conditions are met:

    • The external network profile has defined a static IP range and the network adapter is using static IP.
    • The virtual IP (VIP) of the load balancer is using the same external network profile as the selected adapter.

    The Configure Load Balancers for Component Machines documentation topic has been updated in Configuring IaaS for Multi-Machine Services to describe this behavioral change.
    This issue has been resolved as described above.

  • Special characters in password not being parsed correctly
    A command line install issue regarding the following characters in password names has been fixed in release 6.0.1. The following characters are now correctly parsed in password names when used in either the user interface or command line install:
    ? * ; ' % @

    This issue has been resolved.

  • Exceeding the vCloud Automation Center server maximum header size causes performance problems
    The maximum header size for vCloud Automation Center server HTTP requests is 8K and cannot be increased in the current version. When a header exceeds this maximum size, the system is often unable to fulfill HTTP requests. This 8K limit can be exceeded in the following situations:

    • The logged-in user belongs to a large number of SSO groups (more than 75 groups) or belongs to groups with large group names. A large number of groups or large group names increases the size of the SAML token.
    • A third-party service or component accesses vCloud Automation Center services using a delegated SAML token, which also contains the certificate chain of the signing certificate.
    Because the SAML token is always included in the request header, this additional data can cause the header size to exceed 8K.
    This issue has been resolved.

  • Attempting to perform an action based on newly acquired permissions causes a system error
    If users are granted permission to perform a new task, they may find that they are unable to complete the task.
    This issue has been resolved.

  • Adding an identity store using the same name for the domain and domain alias causes connection to fail
    When you create an identity store where the domain name is the same as the domain alias name, an error message appears saying that there was a connection failure.
    This issue has been resolved.

  • An access denied message appears when administrator clicks the logout link after configuring system
    Clicking on the logout link multiple times without waiting for the session to finish causes an access denied message to appear. If this happens, the only option is to wait for the session to timeout (30 min) or clear the cookies related to the session.
    This issue has been resolved.

  • The tenant administrator of the default tenant can configure the vCenter Orchestrator server for all tenants
    By default, system administrators can configure the vCenter Orchestrator server for all tenants and tenant administrators can configure the vCenter Orchestrator server for their own tenants only. If a system administrator configures vCloud Automation Center to use a specific Orchestrator server, and the tenant administrator of the default tenant configures vCloud Automation Center to use another Orchestrator server, the settings which the tenant administrator configures are applied to all tenants that use the default Orchestrator server.
    This issue has been resolved.

  • Documentation error in custom property name
    The property documented as VirtualMachine.NetworkN.DnsSearchSuffix in the Custom Properties guide should be VirtualMachine.NetworkN.DnsSearchSuffixes.
    This documentation issue has been resolved.

  • Virtual machine reconfiguration is not supported by VMware vCloud Networking and Security
    Virtual Network and IP address are lost after reconfiguring any of the following:

    • storage
    • cpu
    • memory
    • network

    This issue has been resolved.

  • Imported machines cannot be assigned to users who are not explicitly added to a business group
    When an administrator imports a machine using the Infrastructure Organizer and sets the owner to a user who belongs to a business group via membership in an identity store group or custom group, the operation returns an error that the selected user does not belong to the group.
    This issue has been resolved.

  • Cannot connect to a vApp or vSphere provisioned system with Internet Explorer
    When you try to connect to a vSphere or vApp provisioned resource with Internet Explorer using VMRC, you see an error message indicating that the virtual machine is not powered on or is not available on the network.
    This issue has been resolved.

  • The Prerequisite Checker does not check HTTP activation for .NET 4.5 when installing on Windows 2012
    If HTTP Activation is disabled, the Prerequisite Checker shows that HTTP Activation is enabled. If HTTP Activation is not enabled, the installation fails.
    This issue has been resolved.

  • Connect to Virtual Desktop Command Fails to Open the XenDesktop Web Interface Portal
    Selecting Connect to Virtual Desktop machine for XenDesktop machines in vCloud Automation Center should open the Citrix XenDesktop Web Interface Portal in a new window or tab. However, the site is blocked because vCloud Automation Center is trying to connect via HTTP instead of HTTPS.
    This issue has been resolved.

  • vCloud Automation Center does not work with vCenter Virtual Appliance
    vCloud Automation Center 6.0 does not work with vCenter Virtual Appliance as an single sign-on (SSO) provider if the SSO is configured to use native Active Directory (AD).
    This issue has been resolved.

  • An empty vApp container causes data collection to fail
    When running data collection on a vCloud Director endpoint in which the vApp contains no components, data collection fails as indicated in the Inventory Status field on the Data Collection page. The error in the log file is: Workflow vCloudInventory failed with the following exception: System.ArgumentNullException: Value cannot be null.
    This issue has been resolved.

  • All items to which a user is entitled do not appear on the Entitled Items tab
    A tenant administrator cannot see all the items to which the user is entitled when viewing the Entitled Items tab on the User Details page. The administrator is limited to see no more than 30 items. Any additional items that appear after the first page are not available.
    This issue has been resolved.

  • The Orchestrator server might not start when you join vCloud Automation Center Single Sign-On to an Active Directory domain
    System administrators can configure vCloud Automation Center to use Single Sign-On joined to an Active Directory domain. When they restart the Orchestrator server, Orchestrator might fail to start.
    This issue has been resolved.