VMware vCloud Automation Center 6.1.1 Release Notes

vCloud Automation Center 6.1.1 | 30 OCT 2014 | Build 2216936

vCloud Automation Center Application Services 6.1.1 | 30 OCT 2014 | Build 2237640

Updated on: 16 JAN 2015

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New

This version addresses the "shell-shock" vulnerability that was discovered in earlier versions of this product. For your security, VMware recommends that you install this upgrade as soon as possible.

Additional information about the vulnerability is provided in the Knowledge Base in article, see 2091012

Migrating or Upgrading vCloud Automation Center

To migrate vCloud Automation Center version 5.2.1 or 5.2.2 deployment to version 6.1.1, see Migrating to vCloud Automation Center 6.1 in the VMware vCloud Automation Center 6.1 Documentation Center. Upgrade from 6.1 to 6.1.1 is only supported upgrade path. If you have 6.0.x version of vCloud Automation Center in your environment, first upgrade to 6.1 and then upgrade to 6.1.1 version. To upgrade vCloud Automation Center see Upgrading to vCloud Automation Center 6.1 in the VMware vCloud Automation Center 6.1 Documentation Center.

System Requirements and Installation

For information about supported host operating systems, databases, and Web servers, see the vCloud Automation Center Support Matrix.

For additional prerequisites and installation instructions, see vCloud Automation Center Installation and Configuration in the VMware vCloud Automation Center 6.1 Documentation Center.


To access the full set of vCloud Automation Center 6.1.1 documentation, go to the VMware vCloud Automation Center 6.1 Documentation Center.

Known Issues

The known issues are grouped as follows:

Known issues not previously documented are marked with the * symbol. A new issue was added to the end of the Configuration and Provisioning section on 16-JAN-2015.

Installation and Upgrade

  • No message to restart the Identity Appliance after upgrade
    Workaround: Restart the identity virtual appliance after upgrade for identity virtual appliance to work properly.

  • Order of upgrade for vCloud Automation Center and Application Director or IT Business Management, Standard Edition
    If you are using vCloud Automation Center with VMware Application Director or VMware IT Business Management Standard Edition, you must ensure that all products are at the same patch level. Install the vCloud Automation Center upgrade before you install upgrades for Application Director or IT Business Management Standard Edition.

  • The vCloud Automation Center database cannot be installed to a custom directory by using the installation wizard
    In a distributed (custom) installation, the installer ignores changes you make to the default database and log directory. The database and logs are created in the default directory.

    Workaround: To install your database to a non default location, install the database using the DBinstall scripts before installing vCloud Automation Center.

  • Manual clean up is required after a failed installation
    When you uninstall a partially installed IaaS component and run a new installation, you might see errors similar to the following:

    • The application repository exists.
    • The vcac application pools exist.
    • The 443 port is already in use.

    1. Uninstall IaaS and related components from the Programs and Features box on your Windows server.
    2. Start IIS Manager and delete the repository, vcac, wapi, and vcacreports sites.
    3. Delete vcac application pools from IIS.
    4. From the IIS Manager, remove the port binding to port 443.

  • IaaS Authentication Fails During IaaS Web and Model Management Installation due to an issue in IIS
    When running the Prerequisite Checker, the message that the IIS authentication check failed because authentication is not enabled appears, but the IIS authentication check box is selected.


    1. Clear the Windows authentication check box.
    2. Click Save.
    3. Select the Windows authentication check box.
    4. Click Save.
    5. Rerun the Prerequisite Checker.

  • Single Sign-On certificate validation fails if the common name contains an uppercase letter
    When you assign a certificate to a Single Sign-On appliance, all strings are converted to lowercase. Because the validation process is case sensitive, the process fails because the certificate name contains an uppercase letter and the validation process is searching for a name in all lowercase.

    Workaround: When you specify the SSO host address at vCAC Appliance > vCAC Settings > SSO, enter the address with the capitalization used when the certificate was assigned to the SSO appliance.

  • Installation fails when an incorrect host name is specified
    Installation fails with an error similar to the following:
    Info : 2014-06-17 10 42 32 059 AM : System.AggregateException: One or more errors occurred. ---> System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The remote name could not be resolved: 'po-va-rtq8c.sqa.local'Cause: Cause: An incorrect name was entered in the VCAC HostName field at vCAC Settings > Host Settings.


    1. Edit the virtual appliance configuration file /etc/sysconfig/network/dhcp to include the correct host name.
    2. Reboot the virtual appliance.
    3. Log in to the virtual appliance management console.
    4. Open the vCAC Settings tab and click Host Settings.
    5. Enter the correct name in the vCAC Host Name text box.
    6. Click Save Settings.
      Note: Do not click Resolve Host Name.
    7. Complete the virtual appliance configuration steps and continue with the installation.


  • Pre-migration erroneously reports that agents are missing in target system
    Pre-migration performs a check to verify that agent names in the source system are present in the target system and it generates a message in the report when there is a mismatch. The pre-migration report might include the message, No matching agent found on the target system. Install an agent with a matching name on the target system, even when a matching agent exists in the target system.

    The message is generated, in error, if a matching agent is present in the target system but that agent has no endpoint configured.

    Workaround: If the message appears in the pre-migration report and a matching agent does exist in the target system, configure an endpoint for the agent in the target system and then rerun pre-migration. Otherwise, ignore the message and configure an endpoint when migration finishes.


  • Guest agent custom scripts that contain unicode characters remain in an infinite loop
    If you use custom scripts with the guest agent that have unicode characters in the name of the script, the VM is not provisioned and the request remains in an infinite loop.

    Workaround: Do not include unicode characters in the name of your script.

  • Non-ASCII job name for Jenkins artifact repository causes application deployment to fail
    If you assign a non-ASCII value to the JOB_NAME property of an artifact repository instance that is created from the supplied Jenkins artifact repository specification, and if you then deploy an application with a blueprint that uses an artifact located in that artifact repository instance, the deployment fails with an error message that starts with "Run failed due to failure of task...."

    Workaround: Use only ASCII characters in a Jenkins job name.


  • Various issues exist with vCloud Automation Center and VMware NSX integrations.
    If you are integrating vCloud Automation Center and VMware NSX, see KB 2088172 for more information on how to resolve known issues.

  • IP ranges in routed network profiles are listed as allocated although no IP addresses are in use
    If a multi-machine blueprint contains the routed external network profile but not an assignment for the routed network to component network adapters, machines are provisioned successfully but an IP address range from the routed network profile is allocated and not actually in use.

  • Incorrect network setting displayed for virtual multi-machine component in vCloud Automation Center after network reconfigured in vCenter
    You cannot reconfigure the vCloud Networking and Security (NSX) network of a virtual multi-machine component in vCloud Automation Center. Instead, you must use the vSphere Client to reconfigure the network in vCenter. Note that some network settings for the virtual multi-machine component do not appear correctly in vCloud Automation Center.

    Workaround: Update the network in vCenter Sever to restore proper network settings.

  • vCloud Networking and Security inventory synchronization fails and an error message appears
    When you delete a transport zone that is assigned to a vCloud Automation Center reservation, a multi-machine blueprint, or a multi-machine instance from the VMware NSX user interface, vCloud Networking and Security inventory synchronization fails and an error message appears. The details of the error message depends on the entity that is using the transport zone.


    1. Unassign the transport zone from the vCloud Automation Center reservation or multi-machine blueprint.
    2. Delete the multi-machine instances provisioned with the transport zone.
    3. Repeat the vCloud Networking and Security inventory synchronization process.

  • Renaming, editing, or viewing an existing VMware vCenter Orchestrator or VMware vSphere endpoint with configured custom properties causes vCloud Automation Center to remove the hidden custom properties from the database
    Without the endpoint hidden custom properties users cannot run the VMware vCloud Networking and Security plug-in workflows.

    Workaround: Perform data collection process on the endpoint to restore all the hidden custom properties in the database for that endpoint.

Application Services

  • Unable to publish a blueprint from Application Director to vCloud Automation Center catalog by using vCloud Automation Center 6.1.1 version
    If you upgrade to vCloud Automation Center 6.1.1 from 6.0.x or later versions and then attempt to publish a blueprint to the vCloud Automation Center catalog, the error message An unexpected error has occurred. Please contact you system administrator appears. This problem does not occur for newly registered instances of Application Director with vCloud Automation Center 6.1.1 version.

    Workaround: Unregister Application Director 6.0.x or later version from vCloud Automation Center 6.1.1 and then register Application Director again with vCloud Automation Center.

  • Access denied for fabric administrator destroying cross-tenant Physical, Application Service
    Fabric administrators receive an Access Denied message when destroying cross-tenant Physical, Application Service.

  • Workaround: Log in as a fabric administrator of the fabric group in the tenant where the machine resides to destroy it.

  • vCloud Automation Center does not support multiple hosts in the system with the same name
    Data collection updates hosts based on the host name. If two endpoints have identically named hosts, endpoints contend over ownership of the host.

    Workaround: Ensure that all host names are unique.

  • In Application Services, you cannot add a description to a disk in a blueprint canvas
    If you are using Windows Internet Explorer 11, you cannot add a description to a disk on the Disks tab of a blueprint canvas.

    Workaround: To add a description to a disk in a blueprint canvas, you must use Chrome or Firefox.

  • You cannot update nodes that use Puppet services deployed with Application Director 6.0.1 or later version
    Application Services 6.1.1 does not support the updating of nodes that use Puppet services that were deployed with Application Director 6.0.1 or later versions. Application Services 6.1.1 creates a Puppet node manifest that allows you to update specific services, but it is not compatible with the node manifest files generated in Application Director 6.0.1 or later versions.

Advanced Service Designer

  • Unable to find vSphere or vCloud Director virtual machines by unique identifier using the vCenter Orchestrator Plug-In for vCloud Automation Center 6.1.1 or directly in vSphere API
    The Workflow Runner helper workflow might fail to locate the VC:VirtualMachine inventory object. As a result, custom workflows invoked by the Workflow Runner workflow might fail with the error: TypeError: Cannot read property "datastore" from null. The VMUniqueID virtual machine entity property is changed from BiosUUID to InstanceUUID.

    Workaround: For more information on how to resolve this issue, see KB 2088838.

  • Number maximum value and String maximum length conditions are not populated from vCenter Orchestrator in the Advanced Service Designer form
    When a service architect creates a blueprint form in Advanced Service Designer and loads a vCenter Orchestrator workflow that contains a number field with an associated maximum value condition or contains a string field with an associated maximum length condition, the restrictions applied to these fields do not appear in the Constraints tab on the blueprint.

    Workaround: The service architect should re-enter the constraints manually as follows:

    1. Click the Edit option for the input parameter.
    2. Click the Constraints tab.
    3. Insert a restriction for the Maximum value if the parameter is a number or Maximum length if the parameter is a string.

  • Cannot create a service blueprint or resource action in the Advanced Service Designer when selecting a workflow that has an input of a string array type with a predefined answers action that could return null
    In the Advanced Service Designer, during creating a service blueprint or resource action, if you select a vCenter Orchestrator workflow that has an input parameter of a string array type with a predefined answers property in the presentation that calls a scripting action that could return null, when you click Next, the procedure fails and the following error message is displayed:Internal ErrorAn internal error has occurred. If the problem persists, please contact your system administrator.When contacting your system administrator, use this reference: ...

    Workaround: From the Design perspective of the vCenter Orchestrator client, edit the predefined answers action by replacing null with an empty array. For example, if the action scripting code is:

    if (someCondition) {

    return ["a", "b", "c"];

    } else {

    return null;


    You must change the code to:

    if (someCondition) {

    return ["a", "b", "c"];

    } else {

    return [];


  • Unable to refresh submission form fields when requesting some catalog items with detected cyclic dependencies published by using the Advanced Service Designer
    When all input parameters of a vCenter Orchestrator workflow have OGNL dependencies or validations, if you use this workflow to create and publish a service blueprint, when consumers request the catalog item, the form designer does not refresh the submission form fields because of detected cyclic dependencies. Example for cyclic dependency is when you have two input parameters and the value of every field depends on the value of the other field.

    Workaround: Edit the service blueprint submission form by adding a hidden field.

  • Resource actions for Hyper-V, SCVMM, and XenServer virtual machines might fail if based on resource mapping workflows that query the EXTERNAL_REFERENCE_ID property
    If you create a resource mapping for a Hyper-V, SCVMM, or XenServer virtual machine based on a resource mapping workflow that queries the EXTERNAL_REFERENCE_ID property, when a resource action runs the workflow, it fails because the EXTERNAL_REFERENCE_ID property is not set in the Properties object passed to the workflow.

    Workaround: When creating resource mapping workflows for Hyper-V, SCVMM, and XenServer virtual machines query one of the other properties that are passed for the individual machines such as name, description, and so on.

Configuration and Provisioning

  • Attempts to log in as the IaaS administrator with incorrect UPN format credentials fails with no explanation
    If you attempt to log in to vCloud Automation Center as an IaaS administrator with UPN credentials that do not include the @yourdomain portion of the user name, you are logged out of SSO immediately and redirected to the login page with no explanation.

    Workaround: The UPN entered must adhere to a yourname.admin@yourdomain format, for example if you log in using jsmith.admin@sqa.local as the user name but the UPN in the Active Directory is only set as jsmith.admin, the login fails. To correct the problem change the userPrincipalName value to include the needed @yourdomain content and retry login. In this example the UPN name should be jsmith.admin@sqa.local. This information is provided in the log file in the log/vcac folder.

  • Email template customization behavior has changed and extraneous templates are unusable
    In vCloud Automation Center 6.0 or later, only notifications generated by the IaaS component can be customized by using the email template functionality from earlier versions.

    Workaround: You can use the following XSLT templates:

    • ArchivePeriodExpired
    • EpiRegister
    • EpiUnregister
    • LeaseAboutToExpire
    • LeaseExpired
    • LeaseExpiredPowerOff
    • ManagerLeaseAboutToExpire
    • ManagerLeaseExpired
    • ManagerReclamationExpiredLeaseModified
    • ManagerReclamationForcedLeaseModified
    • ReclamationExpiredLeaseModified
    • ReclamationForcedLeaseModified
    • VdiRegister
    • VdiUnregister

    Email templates are located in the \Templates directory under the server installation directory, typically %SystemDrive%\Program Files x86\VMware\vCAC\Server. The \Templates directory also includes XSLT templates that are no longer supported and cannot be modified. For more information about configuring notifications, see Configuring Notifications in VMware vCloud Automation Center Documentation.

  • Access to embedded vCloud Orchestrator server impacted by changes to its administration group
    When the administration group of the embedded vCloud Orchestrator server is changed, the server can no longer be used in embedded mode.

  • Workaround: Use basic authentication to configure the vCloud Orchestrator server as an external server.

  • Actions on provisioned machines are marked complete before they finish
    Actions such as Reprovision or Power Off might appear as Complete on the Requests page when the operation might still be in progress. The actual status of the machine is reflected on the Items page.

  • Guest agent file SCCMPackageDefinitionFile.sms needs to be updated
    The guest agent file SCCMPackageDefinitionFile.sms contains outdated name and publisher information. This does not affect functionality.

  • Lease dates can be changed to fall outside of the Approval Policy value
    Lease dates can be changed by using the Change Lease resource action to a date that is later than the maximum lease range specified on the blueprint.

  • Deleted custom groups are not removed from entitlements
    When a custom group that is linked to an entitlement is deleted, the custom group is not removed from the entitlement.

    Workaround: To delete a custom group and to remove it from the entitlement:

    1. Remove the custom group from the entitlement.
    2. Delete the custom group.

  • Removing the business group role from a custom group does not revoke entitlements
    When a custom group that is linked to an entitlement is removed from the business group role, the custom group is not removed from the entitlement.

    Workaround: To remove the business group role from a custom group and to delete it from the an entitlement:

    1. Remove the custom group from the entitlement.
    2. Remove the custom group from the business group role.

  • Hyper-V endpoint is incorrectly listed as an unmanaged machine in Infrastructure Organizer
    When a Hyper-V endpoint fails to provision, vCloud Automation Center reports the machine as destroyed, but it remains on the endpoint, and appears as an unmanaged machine in Infrastructure Organizer.

  • When provisioning a Citrix XenDesktop/Provisioning Service machine, the machine remains in the Unprovisioning state
    This issue can occur with the VMware VDI agent, and any version of the VMware EPI agent, such as, Citrix, BMC, Opsware, VBScripts, and so on. It can also occur at various points throughout the master workflow machine provision cycle.

    It is possible that the agent was installed to use a specific server name rather than left blank to handle all third party server requests. If a specific server name is entered, this agent can handle requests only for a server that exactly matches that server name. vCloud Automation Center uses the value in the custom properies EPI.Server.Name or VDI.Server.Name to locate a corresponding agent to handle the request. If no matching agent is found, the machine remains in the EPIRegister/Machine Provisioned state during provisioning, or the Unprovisioning/DeactivateMachine state, until a corresponding agent is found.

    Workaround: Install a new EPI/VDI agent where the server value is exactly what was entered in EPI.Server.Name/VDI.Server.Name, or leave the server name blank.
    Optionally, you can update the agent config file of your current agent and change the server value by completing the following steps.

    1. Back up your agent config file, typically located at C:\Program Files (x86)\VMware\vCAC\Agents\agentName\VRMAgent.exe.config.
    2. Open a text editor as an administrator.
    3. To make the change for any agent type, replace SERVER_NAME_VALUE with your server name, or delete it to leave it blank.
      epiIntegrationConfiguration epiType="CitrixProvisioning" server="SERVER_NAME_VALUE"
      vdiIntegrationConfiguration vdiType="XenDesktop" server=""X
    4. Save your changes.
    5. Restart your agent service.
        1. Click Start > Administrative Tools > Services.
        2. Right-click your desired VMware vCloud Automation Center Agent service, and click Restart.
        3. After the agent restarts successfully, your job continues as expected.

  • XenDesktop machine registration times out if not completed in under 2.5 minutes
    The value of $regTries in the XenDesktopFunctions script needs to be increased.


    1. Back up your XenDesktopFunctions.ps1 script, typically located at C:\Program Files (x86)\VMware\vCAC\Agents\\Scripts\XenDesktopFunctions.ps1.
    2. Open Notepad as an administrator.
    3. Increase the value in $regTries to the number of minutes you want to wait before registration times out.
      For example, $regTries = 60 sets the time out to 30 minutes.
    4. Save your changes.
    5. Restart your VDI agent service.

  • Approvals that were active before upgrading to 6.1.1 do not appear after upgrade
    When you navigate to Inbox > Approvals, the default filter is set to Active and none of the active approvals appear. If you filter by any status other than All, none of the approvals that were active before upgrading to 6.1.1 appear.

    Workaround:To view active approvals, filter by selecting All.

  • Opening the Infrastructure tab fails when the administrator is a member of several hundred groups* 16-JAN-2015
    When using Active Directory and SSO, an IaaS administrator who is a member of many groups might be unable to display the Infrastructure tab. Attempting to do so may yield one of the following errors:
    • Bad Request - Request Too Long - HTTP Error 400. The size of the request headers is too long.
    • Service Unreachable - A required service cannot be reached at the expected address. Contact your system administrator for assistance. Reference error REPO404.

  • Workaround: The resolution is to increase the token limitations as in the following example.

    1. Determine and set the maximum Kerberos token size. To determine the correct Kerberos maximum token size for your deployment, use the following guideline:

    Kerberos MaxTokenSize = 1200 + 40d + 8s (bytes)

    This formula uses the following values:

    • d -- The number of domain local groups a user is a member of plus the number of universal groups outside the user's account domain that the user is a member of plus the number of groups represented in security ID (SID) history.
    • s -- The number of security global groups that a user is a member of plus the number of universal groups in a user's account domain that the user is a member of.
    • 1200 -- The estimated value for ticket overhead. This value can vary depending on factors such as DNS domain name length and client name.

    2. Determine if you need to modify the registry entry. If the token size that you calculate by using the above formula is less than 12,000 bytes (default size), you do not have to modify the MaxTokenSize registry value on domain clients. If the value is more than 12,000 bytes, adjust the MaxTokenSize registry value (reference http://support.microsoft.com/kb/263693). If you need to change the Kerberos MaxTokenSize value, modify the following registry entry:

    MaxTokenSize, REG_DWORD,
    <value> (the recommended value for the MaxTokenSize registry entry is 65535 decimal or FFFF hexadecimal)

    3. Determine and set the correct HTTP maximum request size for your deployment by using the following guideline, where T is the Kerberos MaxTokenSize as set above:

    MaxFieldLength = (4/3 * T bytes) + 200
    MaxRequestBytes = (4/3 * T bytes) + 200

    Set MaxFieldLength and MaxRequestBytes to the calculated values, as in the following example where they are set to the permitted maximum value:

    MaxFieldLength DWORD 65534
    MaxRequestBytes DWORD 16777216

    For related information about issues with Kerberos authentication when a user belongs to many groups, see the following support notes: