Please how do I achieve this in version vRealize Automation 7.1.

Hello,

Can you please let me know what is the default expiration value of vRA catalog request and how to increase/decrease that value ?

I am using vRA 7.0. I would like to have my catalog request should be valid up to 7 days.

Can you please help ?

Thanks.

K

Does anyone know if vRA 7.2 supports adding Azure GovCloud subscription as avRA endpoint?

Note: the Service URI (https://manage.windowsazure.us) and Login URL (https://portal.azure.us) for the Azure GovCloud is different from the commercial service; and the VMware documentation is vague at best. REF: Create a Microsoft Azure Endpoint

NOTE: There is a great blog written about adding an Azure endpoint, but there is no reference to the Azure GovCloud instances, nor does it work when I try to use the Azure GovCloud Service URI and Login URL.  REF: http://www.vaficionado.com/2016/11/using-new-microsoft-azure-endpoint-vrealize-automation-7-2/

I am struggling to find a way to change the owner of a deployment (and all it's child items) using vRO.

To put this into context, I am using XaaS blueprints where the associated workflow makes a call to System.getModule("com.vmware.library.vcaccafe.request").requestCatalogItemWithProvisioningRequest to send a custom request to vRA. I am using a 'service helper' account that requests 'hidden' blueprints that only this account is entitled for.

I have tried setting the following Custom props on the request:

Cafe.Shim.VirtualMachine.AssignToUser

VirtualMachine.Admin.Owner

These fields apply as expected but the deployment and component resources are still owned by this service account and not the user that requested the XaaS blueprint.

I have used the RequestedFor field but this requires that the requestor also have an entitlement to the 'hidden' blueprints, which I do not want as users would see duplication in the service catalog.

Does anyone know if there is an API within vRO that I can use to achieve this or does it not exist for vRA 7?

Thanks,

Gavin

I am running vRA 6.2.5 and have configured a catalog item to execute this PowerShell script.

Add-DnsServerResourceRecordA -Name "host24" -ZoneName "printerlogic.local" -ComputerName "v001.printerlogic.local" -AllowUpdateAny -IPv4Address "10.10.10.7" -TimeToLive 01:00:00

 

The script runs successfully on the IaaS server but I receive the following error executing it through vRA/vRO.  The IaaS server has been joined to the domain so no domain hopping (yet).  I have tried other PS scripts which execute successfully.  What am I missing?

[2017-01-19 14:21:02.716] [D] Invoke command in session 1fb44fbc-dbb6-485e-82d9-9ce7df3ddc1c

[2017-01-19 14:21:07.284] [I] PowerShellInvocationError: Errors found while executing script

Microsoft.Management.Infrastructure.CimException: Failed to get the zone information for domain.local on server dc.domain.local.

   at Microsoft.Management.Infrastructure.Internal.Operations.CimAsyncObserverProxyBase`1.ProcessNativeCallback(OperationCallbackProcessingContext callbackProcessingContext, T currentItem, Boolean moreResults, MiResult operationResult, String errorMessage, InstanceHandle errorDetailsHandle)

(Dynamic Script Module name : invokeScript#14)

I am unable to delete one of my Endpoints because the Compute Resource is greyed out in the "Edit Fabric Group" screen.  There are no reservations using this resource, and it is showing as being active in CloudClient.  How can I deactivate this resource in order to remove it?

Thanks

Hello,

I have a Blueprint that has the following ExternalWF

ExternalWFStubs.BuildingMachine

ExternalWFStubs.BuildingMachine.fqdn

ExternalWFStubs.BuildingMachine.location

ExternalWFStubs.BuildingMachine.vcacVM

ExternalWFStubs.BuildingMachine.vcacHost

When I run this in vRO it works. When I try to run it from vRA it seems to not pass the variables so it errors out saying the strings are null. Anyone come across this? I did use the "Assign a state change workflow to a blueprint and its virtual machines" workflow to get the Custom Properties above to show in the vRA Blueprint. Any help would be appreciated...

vCAC:VirtualMachine and vCAC:VCACHost both appear Null so the script fails out via vRA..

via vRO

[2017-01-18 14:06:21.128] [I] System info: hostName=P-BLUECAT-101|version=8.1.1-100.GA.bcn|address=172.27.80.60|clusterRole=PRIMARY|replicationRole=PRIMARY|replicationStatus=ON|entityCount=117585|databaseSize=90.46MB|loggedInUsers=6|

[2017-01-18 14:06:21.237] [I] calling API with: 0,IAA-Internal,Configuration

[2017-01-18 14:06:21.268] [I] Configuration,108122

[2017-01-18 14:06:21.296] [I] TagGroup,110728

[2017-01-18 14:06:21.317] [I] Tag,110732

[2017-01-18 14:06:21.339] [I] Tag,110734

[2017-01-18 14:06:21.381] [I] IP4Network,109841

[2017-01-18 14:06:21.431] [I] Netmask: 255.255.255.0

[2017-01-18 14:06:21.436] [I] Free IP: 10.104.1.12

[2017-01-18 14:06:21.466] [I] View: 108204

[2017-01-18 14:06:21.533] [I] IP_id: 118986

[2017-01-18 14:06:22.029] [I] Found property VirtualMachine.Imported.Component = Win2012R2Std64Bit_Prod

[2017-01-18 14:06:22.039] [I] Found property VirtualMachine.Imported.ConvergedBlueprint = SEOnlyServerWin2012R2StdProd

[2017-01-18 14:06:22.047] [I] Found property VirtualMachine.Imported.DeploymentName = CDC01.it.local

[2017-01-18 14:06:22.058] [I] Found property VirtualMachine.Network0.Address = 172.17.65.113

via vRA Blueprint

[2017-01-19 12:13:27.287] [I] System info: hostName=P-BLUECAT-101|version=8.1.1-100.GA.bcn|address=172.27.80.60|clusterRole=PRIMARY|replicationRole=PRIMARY|replicationStatus=ON|entityCount=117585|databaseSize=90.50MB|loggedInUsers=4|

[2017-01-19 12:13:27.409] [I] calling API with: 0,IAA-Internal,Configuration

[2017-01-19 12:13:27.468] [I] Configuration,108122

[2017-01-19 12:13:27.519] [I] TagGroup,110728

[2017-01-19 12:13:27.580] [I] null,0

[2017-01-19 12:13:27.680] [I] null,0

[2017-01-19 12:13:28.022] [I] ERROR: java.lang.reflect.InvocationTargetException (Workflow:GetIP-IPAM / Scriptable task (item0)#35)

[2017-01-19 12:13:28.077] [E] Workflow execution stack:

***

item: 'GetIP-IPAM/item4', state: 'failed', business state: 'null', exception: 'InternalError: java.lang.reflect.InvocationTargetException (Workflow:GetIP-IPAM / Scriptable task (item0)#35) (Workflow:GetIP-IPAM / Scriptable task (item0)#98)'

workflow: 'GetIP-IPAM' (1f293c5b-f7ed-499d-a88f-8112dc28c761)

|  'attribute': name=errorCode type=string value=InternalError: java.lang.reflect.InvocationTargetException (Workflow:GetIP-IPAM / Scriptable task (item0)#35) (Workflow:GetIP-IPAM / Scriptable task (item0)#98)

|  'attribute': name=profileName type=string value=prodipambam

|  'attribute': name=configName type=string value=IAA-Internal

|  'attribute': name=viewName type=string value=IAA

|  'attribute': name=TopTag type=string value=Location

|  'input': name=fqdn type=string value=

|  'input': name=location type=string value=

|  'input': name=vcacVM type=vCAC:VirtualMachine value=null

|  'input': name=vcacHost type=vCAC:VCACHost value=null

|  'output': name=ipaddress type=string value=null

|  'output': name=gateway type=string value=null

|  'output': name=netmask type=string value=null

|  'attribute': name=lifecycleState type=string value={"phase":"POST","state":"VMPSMasterWorkflow32.BuildingMachine"}

|  'attribute': name=componentId type=string value=Windows2016Std64Bit

|  'attribute': name=blueprintName type=string value=Windows2016Std

|  'attribute': name=endpointId type=string value=49ddd3b5-ffec-4d13-a982-b13929c78641

|  'attribute': name=__asd_requestedBy type=string value=me@domain.com

|  'attribute': name=__asd_tenantRef type=string value=vsphere.local

|  'attribute': name=__asd_targetResourceProviderTypeId type=string value=com.vmware.csp.iaas.blueprint.service

|  'attribute': name=__asd_requestInstanceId type=string value=f5418a50-de72-11e6-8492-817107a4417c

|  'attribute': name=__asd_requestInstanceTypeId type=string value=com.vmware.csp.iaas.blueprint.service.machine.lifecycle.provision

|  'attribute': name=__asd_catalogRequestId type=string value=fcc5fc30-a0fd-404d-8f76-33f2776164fb

|  'attribute': name=componentTypeId type=string value=Infrastructure.CatalogItem.Machine.Virtual.vSphere

|  'attribute': name=IaaSTimeoutId type=string value=30731

|  'attribute': name=machine type=string value={"name":"LVRATEST33","externalReference":"vm-19565","owner":"me@domain.com","id":"1e138abc-ae89-4e58-a6db-345ccdec24ce","type":0,"properties":null}

|  'attribute': name=requestId type=string value=4e23d641-1d90-4d6e-bf55-9236fb3a0181

|  'attribute': name=__asd_requestedFor type=string value=me@domain.com

|  'attribute': name=__asd_targetResourceId type=string value=1e138abc-ae89-4e58-a6db-345ccdec24ce

|  'attribute': name=__asd_requestInstanceTimestamp type=string value="2017-01-19T12:13:20.000-06:00"

|  'attribute': name=__asd_targetResourceTypeId type=string value=machine

|  'attribute': name=__asd_correlationId type=string value=76b13dde-c1ba-432b-9459-56fe02c06f38

|  'attribute': name=__asd_requestTraceId type=string value=EvPsSVxr

|  'attribute': name=__asd_targetResourceProviderId type=string value=b5cbdcf8-9d16-464b-9767-edf6bdd5f1c3

*** End of execution stack.

I am running vRA 7.0 with NSX 6.2.4.

Users are unable to request blueprints that contain vRA created NSX networks. vRA admins can successfully deploy VMs from the same blueprint.

The user request fails with the following error.

Request [cfa66fb7-8fae-4f65-90a0-7252b018473c]: System exception.; HTTP/1.1 403 Forbidden : <?xml version="1.0" encoding="utf-8"?><m:error xmlns:m="http://schemas.microsoft.com/ado/2007/08/dataservices/metadata"><m:code /><m:message xml:lang="en-US">Access denied (XXXXXXXXXXXXXXXXXXXX). Entity AddressGroup</m:message><m:innererror><m:message>Exception has been thrown by the target of an invocation.</m:message><m:type>System.Reflection.TargetInvocationException</m:type><m:stacktrace> at System.RuntimeMethodHandle.InvokeMethod(Object target, Object[] arguments, Signature sig, Boolean constructor)&#xD; at System.Reflection.RuntimeMethodInfo.UnsafeInvokeInternal(Object obj, Object[] parameters, Object[] arguments)&#xD; at System.Reflection.RuntimeMethodInfo.Invoke(Object obj, BindingFlags invokeAttr, Binder binder, Object[] parameters, CultureInfo culture)&#xD; at System.Data.Services.DataServiceConfiguration.ComposeResourceContainer(IDataService service, ResourceSetWrapper container, Expression queryExpression)</m:stacktrace><m:internalexception><m:message>Access denied (xxxxxxxxxxxxxxxxxxxxxxx). Entity AddressGroup</m:message><m:type>System.Data.Services.DataServiceException</m:type><m:stacktrace> at DynamicOps.Repository.Runtime.ServiceModel.Data.RepositoryDataService`2.InternalOnQueryEntity[TEntity](Int32 entityId)</m:stacktrace></m:internalexception></m:innererror></m:error>

I see the following error in the catalina.out log.

2017-01-19 14:55:45,463 vcac: [component="cafe:iaas-proxy" priority="ERROR" thread="tomcat-http--42" tenant="studenttestvdc" context="pG0M4x81" token="z6TRzp6S"] com.vmware.vcac.iaas.controller.CompositionCallbackController.allocateComponent:95 - AllocateComponent failed for request [Composition RequestId: [null], CompTypeId: [Infrastructure.Network.Gateway.NSX.Edge], BlueprintId: [comp204], CompId: [NSX Edge], BlueprintRequestId: [2a53eadd-a046-4311-94c0-f818f0d3083e], SubtenantId: [79fc3c80-b53d-4651-b546-550e9776e0bd]]

Any idea what permissions my users maybe lacking?

I should add, the users with this issue are entitled to the catalog item. If I recreate the a new catalog item and leave out the automated routed network, the request complete successfully.

Hi,

I want to create a custom property during the approval process.

When I create it, there is only a plain text.

When creating a custom property in the property dictionary I have more than a string, and I can also use an action from the Orchestrator.

Is it available when creating it from the approval?

Thanks!

Hi,

When creating a new virtual machine with vRA 7, I use the following custom properties:

Sysprep.Identification.DomainAdmin: username (without domain name)

Sysprep.Identification.JoinDoamin: XXX.YYY (domain name)

Sysprep.Identification.domainAdminPassword: XXXXXX

Moreover, I use VirtualMachine.Network0.* custom properties for network configuration

When the vRA finishes to create the virtual machine, the virtual machine has the network configuration, but it is not in the domain.

When I try to add the virtual machine to the domain manually, it join the domain without any error.

any idea?

Thanks!

Hi ..

we have a VMware Private cloud 7.2 running at our company with local domain ( company.local )

we did publish the vRA ip to accessed from outside, but when we access a tenant ip url,

as it indicates to local fqdn like the fqdn of LB of vRA which aren't known to our publish DNS & only known to our local DNS.

this way, our employees can't access the private cloud making it pointless to create it in the first place.

I know someone might see this as a stupid question, but unfortunately, I don't have the experience to do it.

I appreciate if someone helps with how to make our tenant accessible from outside the local environment of the company.

Thanks in advanced

So I opted to go with an external vRO7 server using vCenter authentication.  I'm able to added it as the vRO in vRA, and am running most workflows, up until I added Active Directory Policies.  I get an error that it must be registered with the https://vRA/component-registry/  Everywhere in the vray-7.1 documentation, it states if you are using an external vRO, you must register it with the component-registry.  You know what I have yet to find?  The documentation to do this.  I found a KB article for vRA/vRO6 that says to run the workflow, "Register Orchestrator in vRealize Automation component registry”, but all of the methods in that workflow are no longer valid or are missing in vRO7.

Anytime a catalog VM is requested from the business group with the active directory policy, the error I am getting is the following:

sendEBSMessage15(workflow=eadcdd33-c688-4fd3-b996-eec873d684e0) Error in state VMPSMasterWorkflow32.BuildingMachine phase PRE event (queue = e5259088-2575-469b-a9ac-7fa592f2aa7b):

Extensibility consumer error(20999) - In order to use the session mode 'Per User Session' vCO must be registered in the vCAC component registry. (Dynamic Script Module name : getDefaultHostForTenant#8)

When I ran the “Register Orchestrator in vRealize Automation component registry” workflow, I received the following error:

  [2017-01-24 13:29:06.117] [E] Error in (Workflow:Register Orchestrator in vRealize Automation component registry / Find the SSO URL (item3)#12758) ReferenceError: "ConfiguratorRetrieveSSOFromComponentRegistryAction" is not defined.

From vRA7/component-registry/services/status/current:

<serviceStatus serviceId="XXXX-XXX-XXX-XXX" serviceName="vco" serviceTypeId="com.vmware.vco.o11n" notAvailable="false">

</serviceStatus>

It's possible get the payload of a VM in vro when i use XaaS Blueprint ?

I have an scripteable taks whith: "var machine = payload.get("machine") ;" but the log show machine=null .

When i use the scriptable task on a subscription the payload.get work perfectly .

Thanks!  

I am trying to accomplish whats written in this blog https://www.vmguru.com/2016/11/nsx-edge-load-balancer-nodes-not-accessible/ but with vra7

I.e I deploy the load balancer and the vm's from a blueprint. the vm's belongs to a security group. But the loadbalancer can't access them because I cant add the load balancer to the SG. What I need to do is to add firewall rules with the ip of the load balancer to a security group which includes the deployed vm's. Are there any prewritten integration for this?

br

Johan

Hello, the problem is that when running a blueprint that creates a virtual machine and the link to windows AD does not run the workflow in Orchestrator. The configurations are as follows:

- VRO endpoint: Configured correctly against windows AD.

- AD policies: Configured correctly and linked to the VRO endpoint.

- Entitlements and services configured correctly.

- Blueprint created in clone mode, custom specs correctly configured.

- User used in AD policies with create and delete permissions in the defined OU (if manually tested). This user is also used in custom specs.

NOTE: orchestrator embedded in VRA is used.

When executing the blueprint and entering in orchestrator does not execute the workflow that creates the registry in the corresponding OU, but if it creates the VM without errors.

Any ideas?

From a customer: 

we have VRA 7.2 + ServiceNow (H release) configured on separate domains.   We have our corporate ADFS solution providing PasswordProtectedTransport between VRA and the ADFS solution.   SNOW is configured to use the same ADFS solution.   When we turn on the SNOW-->VRA7.2 plugin, SNOW forwards users through VRA for authentication, resulting in an OAuth error when network access is allowed to the user, and a timeout when not. 

We need for users to not go through VRA in the first place, the point of ADFS is so we can have a centralized trust for authentication, while allowing 3rd party apps to provide their own repository of groups, roles, etc.  The benefit we were hoping to get out of the VRA plugin for SNOW is to allow the creation of VRA requests from ServiceNow, without requiring network access to the VRA server itself in the first place (ServiceNow uses Mid servers to allow this to work).

We can get through the instructions to the point where we start running the scripts, but they all fail with:

REST call error found inside VRASNAuthGenerator.generateAuthCode: Method failed: (/identity/api/tokens) with code: 400

Hi everyone, I'm interested to try the vRealize for Business Cloud in order to compare the costs of on-prem vs AWS vs Azure... the question is: how vRealize can know the cost of a machine running on Azure/AWS? For example, Azure often changes the list prices....

Hello,

I would like to know if, under vRealize 7.1 , there is a way to connect all my Tenants to a "saml 2.0 Federation"
I know you can import the corresponding xml under Administration --> Identity Providers, for each Tenant, and then export the VRA xml to the Federation.
My infrastructure has about 400 Tenants, so I would like to know if there is a way to perform this action at a higher level than the single tenant, so that all Tenantsinherit the connection with the Federation.

Thanks so much

Sergio

I have a vRO workflow that has an input field of type SecureString. In the vRO Presentation section, I set a default value for this field (set via an Action normally but the same issue happens if I just hard-code it). This works fine when the workflow is run in vRO. The field is shown with **** values that I can either overwrite or leave alone and the value will be passed to the workflow.

If I create an XaaS Blueprint in vRA that points to this workflow, when I request the corresponding catalog item, the input form does not have a default value for the field.

This works fine for input fields of other types - default values appear on the form as expected. It just doesn't work for SecureStrings as far as I can tell.

Is this just not supported or am I doing something wrong?

Thanks

Hello,

Does anyone have an example blog or forum post on how to do a time based deprovision?

For example, I want to create a blue print that adds a Active Directory group to another Active Directory group and put an end date using the Date & time field in the blueprint form.

Then I want to create a de-provisioning process that would basically do the reverse and remove the group from the group it was added to.

If someone can provide any schedule / time based posts that would be great. I am having a hard time googling this feature...