Lately, I encountered some issues related to VMware vSAN in my Lab environment. The error message that was popping up all the time was “PBM error occurred during PreCloneCheckCallback“.
So how did the problem occur? First, we start with some background information. My Lab environment is powered-on when needed and powered-off when not needed. This is, of course, a little bit different than a production 24×7 environment that you have in your datacenters worldwide.
The environment was booted successfully at first glance. We are talking about Domain Controllers, vCenter Server, VMware NSX-V, nested ESXi Hosts, and vRealize Automation. When I started deploying virtual machines with a vRealize Automation (vRA) based on blueprints with vSphere Templates issues started to occur.
vRealize Automation was failing on the provisioning task and was cleaning up the deployment because of the failed state (default behavior). So it was time to dig into the underlying infrastructure.
Environment
When the issue occurred the following software versions were used in my lab environment:
VMware vCenter 6.5 Update 2B
VMware vRealize Automation 7.3.1
VMware ESXi 6.5 Update 2
VMware vSAN 6.6
Error message(s)
Here is all the information that can be found in various locations surrounding the issue. Lets start with the screenshots. The first one is from VMware vCenter and the second one is from vRealize Automation. As you can see there is clearly a problem.
VMware vCenter – PBM error occurred during PreCloneCheckCallback
vRealize Automation – Service Unavailable (503)
And here is an overview of the error message(s). Here is the vRealize Automation log entry related to the VMware vSAN issue:
Error in Execute DynamicOps.Common.Client.HtmlResponseException: Service Unavailable (503)
Here is the VMware vCenter log entry related to the VMware vSAN issue:
A general system error occurred - PBM error occurred during PreCloneCheckCallback (2118557)
Solution
The solution is quick but is more like a quick fix because it comes back every time I re-start my lab environment (cold boot).
Procedure:
Open a web browser.
Navigate to your vCenter Server URL (https://%vc%/vsphere-client).
Login with a user that has administrator credentials (administrator@vsphere.local).
Navigate to Hosts & Clusters > Select the vCenter Object.
Click on the Configure tab.
Click on the Storage Providers.
Click on the following two buttons:
Synchronizes all Storage Providers with the current state of the environment.
Rescan the storage provider for new storage systems and storage capabilities.
After pressing the buttons, you don’t see any tasks running on the vCenter Server (expected behavior). After 5 seconds everything should be working and provisioning should be possible.
VMware vCenter – PBM error occurred during PreCloneCheckCallback – Solution
Wrap-up
Thanks for reading this blog post. If you have any comments, please respond in the comment section below!
How to upgrade vRealize Orchestrator 7.4 to vRealize Orchestrator 7.5 or to be more precise… migrate! Since the release of vRealize Orchestrator 7.5 a couple of weeks ago the update/upgrade option with the vamicli and appliance management interface is not available (to my surprise).
A quick introduction to how I got in that situation: In my Home Lab my main vRealize Orchestrator appliance is running version 7.4.0 and is responsible for some day-to-day Orchestration of my multiple environments.
You can no longer upgrade to the Orchestrator appliance 7.5, you can only migrate to it.
vRealize Orchestrator 7.5 – Release notes
For the people that are is still running way older versions: Upgrading vRealize Orchestrator Appliance from version 5.5.x to 7.5 is not supported. You must upgrade your vRealize Orchestrator Appliance 5.5.x to 6.0.x first and then migrate to 7.5.
Environment
The following components were running in my environment and have been tested. Note: this part of my Lab environment is not running vRealize Automation. So I have not tested the migration with external vRO nodes in combination with vRealize Automation.
A single vCenter Server 6.5.0 Update 2 (with an embedded PSC)
A single vRealize Orchestrator 7.4.0 (external)
Scenarios
There are two options available. The first option is moving all data between the old and new vRealize Orchestrator. The second option is to migrate vRealize Orchestrator with the migration wizard. The second option is the one VMware recommends. The first option can be easier in some cases, some advantages are you retain your IP address, hostname and SSL certificates.
Both options are written down on this page.
vRO export data and redeploy
I have chosen for this scenario because this machine is only connected to a vCenter Server and can be reastablished very fast. Another reason is that the current vRO instance has been running since version vRO 7.0 and has been upgraded more than seven times in about 2.5 years. So a new clean install ain’t a bad thing!
Procedure:
Create a package in the vRealize Orchestrator Client with all your created workflows, actions and resource elements.
Save the package on a save place.
Remove the registration from vCenter Server (if they are connected). Workflows “Unregister a vCenter Server extension” & “Remove a vCenter Server instance“.
Poweroff the current vRO appliance.
Rename the appliance to %vm-name%.old (for example).
Deploy a new vRealize Orchestrator Appliance on the same IP address and FQDN.
Upgrade the virtual hardware.
Walkthrough the vRealize Orchestrator configuration wizard.
(Optional) install the SSL certificates.
Import the package.
Register with vCenter Server. Workflows “Add a vCenter Server instance” & “Register vCenter Orchestrator as a vCenter Server Extension“.
Screenshot(s):
The old and new vRealize Orchestrator appliances inside the vSphere Web Client.
vRO Migration
The migration path is performed in the following way (the official documentation is extensive, the link is listed below). The migration is a good option for an Orchestrator that is connected to a lot of extensibility and has a lot of plugins installed. The biggest issue for me was the new IP address, FQDN and new certificates required.
Note: Migrations with vRealize Orchestrator Clusters are not described here. There are a couple of small items you need to check in the migration manual.
Prerequisites:
Your source Orchestrator is running at least version 6.X.
Make sure no workflows are running.
Stop the Orchestrator services on the source Orchestrator.
Make sure SSH is enabled on both the source and destination Orchestrator.
Make sure no firewall is blocking traffic for the migration.
Create backups from the source and destination Orchestrator.
Procedure:
Register a new vRealize Orchestrator appliance in your IPAM solution.
Deploy a new vRealize Orchestrator next to the currently running.
Upgrade Virtual Machine Hardware
Power-on the vRealize Orchestrator appliance.
(Optional) Install new SSL Certificates.
Navigate with a browser to the Appliance Management interface (https://%FQDN%:5480).
This week we (Vincent van Vierzen and myself) attended the vRO Master Class that was offered to us by our employee ITQ. It is a three-day course on-site in the VMware UK HQ in Staines. The class was attended by seventeen people from all over the EMEA region. Keep in mind: the Livefire courses are only available to VMware employees and VMware partners. The information shared at the Livefire is protected by the VMware NDA, so no information is covered here that will break the NDA.
Before we went to the vRO Master Class course we didn’t know what to expect. A couple of questions that went through our heads were: What would the expected technical level be? What items would be discussed and explained? Is it a theoretical or hands-on course?
On the first day, we got access to a dedicated HOL environment that has been build for the vRO Master Class and the vRealize Orchestrator history and architecture is explained. There was also a lot of talk about the new and coming features for vRealize Automation (vRA) and vRealize Orchestrator (vRO).
Day two was about Dynamic Types and the APIs available in vRealize Automation & vRealize Orchestrator. Christophe explained some projects he has done and blogged on his one website. There was just a lot of information available first hand.
Day three was about vRealize Orchestrator best practices. The best practices slides were extensive and were covering all the aspects. Examples were workflow performance and troubleshooting. They also covered workflow and action development. In the afternoon Spas covered the integration with Microsoft PowerShell and his first-hand experience.
The vRO Master Class course covered the following use cases that were relevant for in the real world:
Create a bunch of VMs (vCenter plug-in)
Resume a failed workflow
Leverage the vAPI
Create a Dynamic Types plug-in from scratch
Create a plug-in with the Dynamic Types plug-in generator
Extend the vRealize Automation Lifecycle with Event Broker
vRA 7.4 – Create a blueprint with an IP input field (Custom Forms & Iaas plug-in)
vRA 7.3 – Create a blueprint with an IP input field (CBP, XaaS, vRA CAFE & IaaS plug-in)
Leverage Dynamic Types Microsoft DNS plug-in with XaaS and XaaS Blueprint components
Create scalable Photon Swarm Blueprint
Use vRA Scalable XaaS components
Simple Database Integration (SQL Plug-in)
Using PowerShell Credential Delegation in vRO
Leverage Guest Operations with Script Manager
Use the vRO REST API
As consultants, we were also interested in vCloud Director use cases and real-world examples but they will be included in the new vRO Master Class in 2019. So in case you are going for vCD stuff wait for 2019.
Livefire instructors
The following instructors can be available for the vRO Master Class. We were lucky to have Spas Kaloferov and Christophe Decanini available for the three days. Here is an overview of the vRO Master Class instructors:
The vRO Master Class is really focused on vRealize Orchestrator. You have to be a vRO guy definitely to join this class. We think it is a good thing that there is a course available that is purely focused on vRO because VMware Education is more or less focused on the entire CMP.
The instructors were really qualified and experts on vRealize Orchestrator. Christophe is one of the original Dunes Technologies employees that came over to VMware when the product was acquired in 2007. He knows all the ins and outs about the Orchestrator product and the history related to chooses that have been made over time.
The balance between talking about the material and spending time in the lab environment could be improved. The course should be extended with an additional day to a total of four days (at least). This will bring the course more into balance and it introduces more time for the attendees to spend time on the labs and get more hands-on experience out of the course.
Sources
Here is a list of interesting sources related to the vRO Master Class course:
When deploying VMware vRealize Automation (vRA) you required to deploy a Windows Server that is responsible for the SQL Server Database. It does not matter if it is a small, medium or large deployment. All deployments require a Microsoft SQL Server. The Microsoft SQL Server is the database for the vRealize Automation IaaS components and is responsible for maintaining information about the machines it manages and its own elements and policies.
In this article, I’m going to describe the vRealize Automation SQL Database Installation with an automated/unattended PowerShell script. This article is mainly focused on the IaaS database part, so no additional information surrounding the installation of vRealize Automation components is descriped.
Requirements
The following items need to be performed before running the script:
Download the latest Microsoft SQL 2016 Server media from the Microsoft website (SQL 2016 – link).
Download the latest Microsoft SQL Server Management Studio from the Microsoft website (SSMS – link).
Create a virtual machine with Windows Server 2016 installed.
LAB-vRA-IAAS.Lab.local – Running Windows Server 2016 responsible for vRealize Automation IaaS Components
LAB-vRA-SQL.Lab.local – Running Windows Server 2016 responsible for the vRealize Automation IaaS SQL Database
vRealize Automation – Minimal Deployment
Note
Keep in mind the following items:
The installation code/script for Microsoft SQL Server is tested with the following versions (2016 Non-SP / 2016 SP1 / 2016 SP2). No doubt the code will work with newer releases but make sure to verify all your settings after installation.
I do not take any responsibility and I’m are not liable for any damage caused by this code.
I did not create a script that fully automates everything. It is based on one-liners with a complete configuration. The reason behind this is flexibility. Every environment is different and every customer is different. This way small tweaks can be made to parts of the code or you just use sections of the code.
Video
To display the full functionality of the code I recorded a video and uploaded it to YouTube. You can see the end result below. The video shows you the execution of the one-liners and what the server is configuring. The video starts after the requirements phase is completed.
Unattended Installation Files
So let’s list all the steps that are executed on the new Windows Server to make it ready to store the vRealize Automation IaaS Database:
Format the D drive and make sure it is using a 64k allocation unit size for storing the Database
Format the E drive and make sure it is using a 64k allocation unit size for storing the TempDB
Format the F drive and make use of a default allocation unit size for storing the log files
Assign both domain service accounts local administrator access on the server (svc-iaas / svc-vra–sql)
Create a Windows Firewall rule to allow SQL traffic on the network
Enable multiple Windows Firewall rules to allow the Microsoft Distributed Transaction Coordinator (DTC)
Install Microsoft SQL Server Management Studio
Install Microsoft SQL Server 2016
Reboot the system
Configure the Microsoft Distributed Transaction Coordinator (DTC).
Reboot the system
Verify the system and functioning of the SQL Server
Optional:
In some cases, an additional G drive is required to store the SQL Backup.
PowerShell One-Liners
This file is saved as “Microsoft SQL Server 2016 – Commands.ps1” in the “C:\Temp” directory. The SQL Server media is mounted in the B drive (CD-ROM). The SQL Management Studio installation file is located in the “C:\Temp” directory.
##### Files required
# - Microsoft SQL Server 2016 Installation File
# - Microsoft SQL Management Studio 2016 Installation File
##### Volume 1 - DB 64k
$Disk = Get-Disk -Number 1
Set-Disk -InputObject $Disk -IsOffline $false
Initialize-Disk -InputObject $Disk
New-Partition $Disk.Number -UseMaximumSize -DriveLetter D
Format-Volume -DriveLetter D -FileSystem NTFS -AllocationUnitSize 65536 -NewFileSystemLabel "DB" -Confirm:$false
##### Volume 2 - TEMP DB 64k
$Disk = Get-Disk -Number 2
Set-Disk -InputObject $Disk -IsOffline $false
Initialize-Disk -InputObject $Disk
New-Partition $Disk.Number -UseMaximumSize -DriveLetter E
Format-Volume -DriveLetter E -FileSystem NTFS -AllocationUnitSize 65536 -NewFileSystemLabel "TEMP DB" -Confirm:$false
##### Volume 3 - Logs 4k
$Disk = Get-Disk -Number 3
Set-Disk -InputObject $Disk -IsOffline $false
Initialize-Disk -InputObject $Disk
New-Partition $Disk.Number -UseMaximumSize -DriveLetter F
Format-Volume -DriveLetter F -FileSystem NTFS -NewFileSystemLabel "Logs" -Confirm:$false
##### Make the service account member of the local administrators group
Add-LocalGroupMember -Group "Administrators" -Member "svc-vra-iaas"
Add-LocalGroupMember -Group "Administrators" -Member "svc-vra-sql"
##### Windows Firewall
### Windows Firewall - Allow Microsoft SQL Port 1433 TCP
New-NetFirewallRule -DisplayName "Microsoft SQL Server 2016 - SQL - TCP" -Direction Inbound -LocalPort 1433 -Protocol TCP -Action Allow
### Windows Firewall - Enable rule for RPC for DTC
Enable-NetFirewallRule -DisplayName "Distributed Transaction Coordinator (RPC-EPMAP)"
### Windows Firewall - Enable rule for Incoming DTC
Enable-NetFirewallRule -DisplayName "Distributed Transaction Coordinator (TCP-In)"
### Windows Firewall - Enable rule for Outgoing DTC
Enable-NetFirewallRule -DisplayName "Distributed Transaction Coordinator (TCP-Out)"
##### Microsoft SQL Management Studio
C:\Temp\SSMS-Setup-ENU.exe /install /passive /norestart
##### Microsoft SQL Server 2016
B:\Setup.exe /ConfigurationFile="C:\Temp\Microsoft SQL Server 2016 - Configuration.ini"
##### Reboot the server
shutdown -r -t 0
##### Configure the Microsoft Distributed Transaction Coordinator (DTC)
Set-DtcNetworkSetting -DtcName "Local" -RemoteClientAccessEnabled:$true -RemoteAdministrationAccessEnabled:$false -AuthenticationLevel "Mutual" -InboundTransactionsEnabled:$true -OutboundTransactionsEnabled:$true -XATransactionsEnabled:$false -LUTransactionsEnabled:$true -Confirm:$false
##### Reboot the server
shutdown -r -t 0
This file is saved as “Microsoft SQL Server 2016 – Configuration.ini” in the “C:/Temp” directory.
; ************************************************************************************************************************
; Author: M. Buijs
; Version: 1.0
; Date: 2018-09-26
;
; Information:
; This configuration file is created to install the Microsoft SQL Server 2016 software for VMware vRealize Automation.
;
; VMware Requirements:
; - Enable TCP/IP protocol for SQL Server.
; - The Microsoft Distributed Transaction Coordinator Service (MS DTC) is enabled on all SQL nodes in the system. MS DTC is required to support database transactions and actions such as workflow creation.
; - If you have a firewall running between the database server, Web servers or IaaS servers, deactivate the firewall or open the ports needed (MS SQL server uses port 1433 and MS DTC requires the use of port 135 over TCP and a random port between 1024 and 65535).
; - The database service account needs to be local administrator on the server (svc-vra-sql).
; - The IaaS service account needs to be local administrator on the server (svc-vra-iaas).
; - Set up Microsoft SQL server with separate OS volumes for SQL Data, Transaction Logs, TempDB, and Backup.
; - The NTFS drive where SQL Server is installed has a file allocation unit (cluster) size of 64 KB.
; ************************************************************************************************************************
[OPTIONS]
; SQL Server - Workflow
; Setup Workflow (Install/Uninstall/Upgrade)
ACTION="Install"
; SQL Server - Accept License Agreement (True = Automatically accepted / False = Users needs to accept)
IACCEPTSQLSERVERLICENSETERMS="True"
; Specify that SQL Server feature usage data can be collected and sent to Microsoft.
SQMREPORTING="False"
ERRORREPORTING="False"
; SQL Server - Unatteded
; Parameter that controls the user interface behavior.
; UIMODE="Normal"
; Setup will not display any user interface.
; QUIET="True"
; Setup will display progress only, without any user interaction.
QUIETSIMPLE="True"
; Specifies that the detailed Setup log should be piped to the console.
INDICATEPROGRESS="False"
; Specify if errors can be reported to Microsoft to improve future SQL Server releases.
ERRORREPORTING="True"
; Displays the command line parameters usage
HELP="False"
; RSInputSettings_RSInstallMode_Description
RSINSTALLMODE="DefaultNativeMode"
; SQL Server - Installation Features
; Specifies features to install, uninstall, or upgrade.
FEATURES=SQLENGINE
; Language Pack (English / United States)
ENU="True"
; SQL Server - Updates
; Specify whether SQL Server Setup should discover and include product updates.
UpdateEnabled="True"
; Specify the location where SQL Server Setup will obtain product updates (MU = Microsoft Update).
UpdateSource="MU"
; SQL Server - Installation Directory
; Specify the root installation directory for shared components.
INSTALLSHAREDDIR="D:\Program Files\Microsoft SQL Server"
; Specify the root installation directory for the WOW64 shared components.
INSTALLSHAREDWOWDIR="D:\Program Files (x86)\Microsoft SQL Server"
; Default directory for the Database Engine backup files.
; SQLBACKUPDIR="<InstallSQLDataDir>\<SQLInstanceID>\MSSQL\Backup"
; Default directory for the Database Engine user databases.
SQLUSERDBDIR="D:\Database"
; Directory for Database Engine TempDB files.
SQLTEMPDBDIR="E:\TempDB"
; Default directory for the Database Engine user database logs.
SQLUSERDBLOGDIR="F:\Logs"
; SQL Server - Instance
; Specify a default or named instance. MSSQLSERVER is the default instance for non-Express editions and SQLExpress for Express editions.
INSTANCENAME="MSSQLSERVER"
; Specify the Instance ID for the SQL Server features you have specified.
INSTANCEID="MSSQLSERVER"
; Specify the installation directory.
INSTANCEDIR="D:\Program Files\Microsoft SQL Server"
; Specifies a Windows collation or an SQL collation to use for the Database Engine.
SQLCOLLATION="SQL_Latin1_General_CP1_CI_AS"
; Level to enable FILESTREAM feature at (0, 1, 2 or 3).
FILESTREAMLEVEL="0"
; SQL Server - SA Account
; Specifies the password for the SQL Server SA account.
SAPWD="VMware1!"
; Specifies the security mode for SQL Server.
SECURITYMODE=SQL
; SQL Server - Service Access
; Windows account(s) to provision as SQL Server system administrators.
SQLSYSADMINACCOUNTS="Lab.local\Administrator" "BUILTIN\Administrators"
; Provision current user as a Database Engine system administrator for SQL Server 2012 Express.
ADDCURRENTUSERASSQLADMIN="False"
; SQL Server - Connection Support
; Specify 0 to disable or 1 to enable the TCP/IP protocol.
TCPENABLED="1"
; Specify 0 to disable or 1 to enable the Named Pipes protocol.
NPENABLED="0"
; CM brick TCP communication port
COMMFABRICPORT="0"
; How matrix will use private networks
COMMFABRICNETWORKLEVEL="0"
; How inter brick communication will be protected
COMMFABRICENCRYPTION="0"
; TCP port used by the CM brick
MATRIXCMBRICKCOMMPORT="0"
; SQL Server - Agent Service and Service Account
; Auto-start service after installation.
AGTSVCSTARTUPTYPE="Manual"
; Specifies the account for the SQL Server Agent service.
AGTSVCACCOUNT="NT AUTHORITY\SYSTEM"
; Required Specifies the password for SQL Server Agent service account.
;AGTSVCPASSWORD=""
; SQL Server - Browser Service and Service Account
; Startup type for Browser Service.
BROWSERSVCSTARTUPTYPE="Disabled"
; SQL Server - Server Service Account
; Startup type for the SQL Server service.
SQLSVCSTARTUPTYPE="Automatic"
; Account for SQL Server service: Domain\User or system account.
SQLSVCACCOUNT="Lab.local\svc-vra-sql"
; Specifies the password for SQLSVCACCOUNT.
SQLSVCPASSWORD="heT5S-AbEsagu7ad"
; SQL Server - Report Server Service and Service Account
; Specifies how the startup mode of the report server NT service.
RSSVCSTARTUPTYPE="Manual"
; Specifies which account the report server NT service should execute under.
RSSVCACCOUNT="NT AUTHORITY\SYSTEM"
; Specifies the password for the startup account for the Reporting Services service.
;RSSVCPASSWORD=""
This blog post helps you to set up a Microsoft SQL Server 2016 for vRealize Automation 7.X. The code can be used in lab and production environments but make sure to verify the configuration. I think there might be more improvements possible related to the one-lines but maybe also additional SQL configuration improvements. Do you have feedback please respond below or send me an email.
Sources
To create this article and scripts I used the following resources:
Update 2018-10-04 – Article was missing the Microsoft Distributed Transaction Coordinator (DTC) information and code (video recording is still missing that part).
I’m happy to announce that as of today my lightboard session about VMware vRealize Orchestrator (vRO) is online. The guys at ITQ (the company I work for) build a lightboard to record lightboard sessions. So I decided to record a session to help people getting started with automation and introduced to the vRealize Orchestrator.
The session is called “Mischa Buijs explains the benefits of vRealize Orchestrator“. In the session, I explain a basic use case to automate virtual machine provisioning and integrate with external systems like Microsoft Active Directory and a storage array with an SSH interface.
The Storyline Lightboard Session:
Here is an overview of the storyline that I am presenting in the video:
Step 01: We are using the REST API integration in vRO for communicating with VMware NSX-V to provision a new virtual network (Logical Switch).
Step 02: We need storage to provide space for a new virtual machine. So we are leveraging the SSH integration in vRO to create a new volume on the storage array. This can be for example a NetApp FAS array or a FreeNAS virtual appliance.
Step 03: Let’s use vCenter to format the new datastore with VMFS, so it can be used by the ESXi Hosts.
Step 04: Than again we are using the vCenter integration to mount the new volume on an entire vSphere Cluster so let’s say, ten ESXi hosts.
Step 05: We also use the vCenter integration to build a new virtual machine.
Step 06: Now it is time to leverage PowerShell to create a new computer account in Active Directory.
Step 07: The last step is with PowerShell, now we are creating forward and reverse DNS records on the Windows DNS Server.
ITQ YouTube Channel
At ITQ we created a lot of recordings the last couple of months. For all the videos go to the ITQ YouTube channel.
In this blog post, I am going to show you how to enable the VMware Identity Manager GUI when it is located inside vRealize Automation. I am going to explain why you sometimes should and how the procedure is performed.
For some who don’t know, VMware vRealize Automation (vRA) is using under the covers VMware Identity Manager (vIDM). By default is the VMware Identity Manager GUI disabled after the vRealize Automation installation process. If you want to configure parts of vIDM you are configuring it through the vRealize Automation GUI.
Let’s get everybody on the same page: So you are talking about two GUIs the vRealize Automation GUI and the VMware Identity Manager GUI? Who is who, explain it to me!
Here is the vRealize Automation (vRA) GUI – Displaying multiple Active Directory users
Here is the VMware Identity Manager (vIDM) GUI – Displaying an Active Directory user (by the way: the name Dick is a common name in The Netherlands)
Keep in mind: I’m not completely sure what will happen if you would configure items with the vIDM GUI. Because you are bypassing the default vRealize Automation GUI. I have done some tests and no problems were caused in my Lab environment but it might cause issues later on… So why do you enable it then? Because of the large amount of information provided throughout the vIDM GUI. The vRealize Automation GUI is only showing a small peace and not the big picture.
Product support: I have tested this procedure on vRealize Automation version 7.3 and vRealize Automation 7.3.1. I would expect it to work on newer and older vRealize Automation 7.X releases.
Enable the vIDM Interface
This procedure is for enabling the interface:
Step 01: Connect with an SSH session to the vRealize Automation Appliance. Use for example Putty.
Step 02: Login with the root credentials.
Step 03: Run the following command to start the VMware Identity Manager Interface: (vcac–vami horizon ui enable).
Step 04: Open a web browser and navigate to the following URL:(https://%FQDN%/SAAS/admin/).
VMware Identity Manager (vIDM) interface enable
Disable the vIDM Interface
This procedure is for disabling the interface:
Step 01: Connect with an SSH session to the vRealize Automation Appliance. Use for example Putty.
Step 02: Login with the root credentials.
Step 03: Run the following command to stop the VMware Identity Manager Interface: (vcac–vami horizon ui disable).
Step 04: When you navigate to the following URL no page should appear: (https://%FQDN%/SAAS/admin/).
VMware Identity Manager (vIDM) interface disable
Status of the vIDM Interface
This procedure is for viewing the vIDM Interface status:
Step 01: Connect with an SSH session to the vRealize Automation Appliance. Use for example Putty.
Step 02: Login with the root credentials.
Step 03: Run the following command to view the current status of the VMware Identity Manager Interface: (vcac–vami horizon ui status).
Step 04: When you navigate to the following URL no page should appear: (https://%FQDN%/SAAS/admin/).
VMware Identity Manager (vIDM) interface status
VMware Identity Manager URLs
The following URLs are available when the GUI is enabled (there are probably more URLs available than listed below):
To explain what happens under the covers is the following: When you run the command to start or stop vIDM interface the reverse proxy configuration located in vRealize Automation Appliance (vRA) is changed. The command adds or removes some configuration files. Then the proxy daemon is reloaded to pick up the changes. At that point, the vIDM webpage becomes available or unavailable depending on the given command. Under the covers, vRealize Automation uses HAProxy for IT guys working in container or web hosting environments that might be a very familiar product. Here is a quote from the HAProxy website to explain what HAProxy is capable of:
HAProxy is a free, very fast and reliable solution offering high availability, load balancing, and proxying for TCP and HTTP-based applications. It is particularly suited for very high traffic websites and powers quite a number of the world’s most visited ones. Over the years it has become the de-facto standard opensource load balancer, is now shipped with most mainstream Linux distributions, and is often deployed by default in cloud platforms. Since it does not advertise itself, we only know it’s used when the admins report it.
https://www.haproxy.org/#desc
VMware Identity Manager GUI Advantages
The main advantages of enabling the GUI:
You can view the currently logged in users in vRealize Automation.
When logging into the default tenant in the vIDM GUI you can view the total amount of users and groups that are identified by vIDM (counters are from all tenants combined).
You can view the health status of VMware Identity Manager (vIDM).
You can view the user login history based on the last days and you have reporting functionality.
Final word
In this blog post, I explained how to enable and disable the VMware Identity Manager interface on a vRealize Automation Appliance. As noted before be careful! I personally only use this method for troubleshooting Identity Manager related problems with authentication and viewing user activity.
Content Update
The following items have been verified:
2020-09-24: This is still working on vRealize Automation 7.6.
The vRealize Orchestrator Client is the required tool for vRealize Orchestrator (vRO) server. The vRealize Orchestrator client is used for designing, administering, setting permissions and running workflows. The vRealize Orchestrator client is Java 8 based and should be running locally on your Windows desktop or management server.
The last couple of years a lot of new displays are released that are supporting resolutions above full high definition (HD) (1920 x 1080). As a result of these large displays with high resolutions (for example 3840 × 2160), the vRealize Orchestrator Client is not scaling correctly. The fonts are too small and some boxes are not readable anymore, this is mainly caused because of the scaling that is zoomed out like 300%. This is quite irritating when developing a workflow and you are just not sure if you typed “Input_Username”, “Input Username” or “Input__Username” for example. You are just guessing or copy and pasting between an application to view the text that is written.
So it was time to investigate the problem and look for a solution.
Option 01: Lowering your screen resolution
The easiest option is to lower your screen resolution to 1920 x 1080. This is not always the most prefered option but it is the fastest.
Option 02: Modifying the vRO Client File
This option modifies the file that is used to launch the vRealize Orchestrator Client.
Procedure:
1. Navigate to the vRealize Orchestrator webpage (https://%FQDN%:8281/vco/). 2. Click on the link “START THE ORCHESTRATOR CLIENT“. 3. Save the “client.jnlp” on your desktop or other location on your workstation. 4. Open the “client.jnlp” file with a code/text editor for example Notepad++. 5. Add the following line of code to the resources block at the end (see screenshot below).
6. Save the file and close the editor. 7. Now launch the “client.jnlp“. This will start-up the vRealize Orchestrator Client without the screen resolution problems.
Gallery
vRealize Orchestrator 7.4 – Start the Orchestrator Client
vRealize Orchestrator 7.4 – Client.jnlp
vRealize Orchestrator 7.4 – Without DPI aware setting
vRealize Orchestrator 7.4 – With DPI aware setting
Final Word
In this blog post, I described two methods to deal with large screen resolutions in combination with the vRealize Orchestrator Client. Personally, I prefer option two because it is more permanent and I don’t have to change my resolution which effects other applications. Keep in mind: I only tested this on Microsoft Windows and not on Apple OS X or Linux.
Today I was dealing with an issue in vRealize Automation (vRA). The customer had deleted some virtual machines in the vCenter inventory that were managed by vRealize Automation (vRA). So this resulted in registered virtual machines in vRealize Automation that were reported as missing.
For this blog post I recreated the problem in my Lab environment to have the ability to share the screenshots.
Like explained in the beginning of this blog post. I recreated the problem in my home lab environment. To give you some background information about this environment. The Lab environment is running the following products and versions: – VMware vCenter 6.5 – VMware ESXi 6.5 – VMware vRealize Automation 7.3.1 – VMware vRealize Orchestrator 7.3.1 – VMware NSX-V 6.4.0
The clusters are split into a “Mgmt & Edge” Cluster and a “Payload” Cluster. The virtual machines that were managed by vRealize Automation were located on the “Payload” cluster. So to recreate the problem I removed the virtual machines in the “Payload” cluster.
Incase you are interested in more information about my Home Lab, you can go to the following page.
Procedure:
Download the latest version of the vRealize ClientCloud from the VMware website (the link can be found below).
When the download is done, unzip the zip file (VMware_vRealize_CloudClient-4.5.0-8227624.zip).
Navigate to the following directory (VMware_vRealize_CloudClient-4.5.0-8227624bin).
Start the CloudClient (Windows: cloudclient.bat / Linux: cloudclient.sh).
Log in to the vRA Appliance: Syntax: vra login userpass --user admin ID --tenant Tenant Name --server vRA FQDN --password Password
Privacy & Cookies: This site uses cookies. By continuing to use this website, you agree to their use. Accept and closeRead More
Privacy & Cookies Policy
Privacy Overview
This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
