I've built up and tore down my vRealize Automation lab several times in the past month in order to familiarize myself with some of the pitfalls. As a result, I've run into some installation gotchas that I noted down, and decided to post them here.
Iaas Installation Issues
Each of these issues were found after attempting to install IaaS in a different configuration (I.e. Windows Server 2008 R2 as opposed to Windows Server 2012 R2, local vs. remote MSSQL server, etc.)
Issue 1:
During the IaaS Windows installation, the following error occurs:
“Error occurred while executing SQL file: Cannot open user default database. Login failed.
This issue was caused by an incompatible version of Java Runtime. According to the documentation, at least Java Version 1.7 is required. At the time of writing, the latest version available is 1.8, so I used 1.8. Reverting back to 1.7 resolved the issue.
Issue 2:
The installer complains that the specified database already exists on the specified SQL server.
Do not create a blank database for the IaaS installation prior to running the IaaS installer. Instead add the service account used to install IaaS as a login on the SQL server, and grant the sysadmin role to this user. You can then use Windows Authentication as part of the IaaS installation process to authenticate against the SQL server using the service account. The IaaS installer will attempt to create a new database as part of the installation.
Issue 3:
During the installation of IaaS with a database located on remote SQL server, the installation fails during the database creation stage and is rolled back. There are two main reasons why I had run into this issue.
Reason 1: Although I had met the prerequisites on the IaaS server and enabled and configured DTC properly, I failed to keep in mind that the DTC needed to be enabled and configured on the remote MSSQL server in the same manner as well.
Reason 2: Once DTC was enabled on both the IaaS and the remote SQL server, the installation still failed. After some searching, I found that since the IaaS server and SQL server VMs were provisioned using the same Virtual Machine template in vSphere, DTC had to be uninstalled and re-installed on one of the servers, either the IaaS server or the SQL server. To perform this task, execute the following commands from an elevated command prompt (run cmd.exe as an Administrator):
msdtc –uninstall msdtc –install
Once completed, restart the application services on the server, either vRA IaaS or MS SQL.
vRealize Automation Issues:
Issue 1:
When attempting to log into the vRealize Automation Console, you are presented with the following error message:
Login failed. Please contact your System Administrator and report error code AjO1bLQ7
Image may be NSFW.
Clik here to view.
The error code can be any strange looking code, and probably won't match AjO1bLQ7, but the error is still the same really. If you run into this issue, please ensure that time synchronisation between the vRA appliance and the Identity appliance is correct. If one of the appliances has incorrect time settings, then this error will occur.
Issue 2:
When requesting a new catalog item from the service catalog (logged in as any user), the following error occurs:
An unexpected error occurred while validating your request.
Image may be NSFW.
Clik here to view.
Additionally, in the vRA 6.2 appliance, the following is logged in /var/log/vcac/catalina.out:
2015-03-19 23:51:15,455 vcac: [component="cafe:iaas-proxy" priority="ERROR" thread="tomcat-http--52" tenant="vsphere.local"] com.vmware.vcac.iaas.gateway.impl.BaseGatewayImpl.mapIaasGatewayExceptio
n:55 - Exception thrown for IaaS endpoint: https://vcaciaas.spiesr.com/WAPI/
2015-03-19 23:51:15,457 vcac: [component="cafe:iaas-proxy" priority="ERROR" thread="tomcat-http--52" tenant="vsphere.local"] com.vmware.vcac.iaas.gateway.impl.BaseGatewayImpl.mapIaasGatewayExceptio
n:76 - Exception thrown for IaaS endpoint: https://vcaciaas.spiesr.com/WAPI/ - Error Message: java.security.cert.CertificateException: Untrusted certificate chain.
2015-03-19 23:51:15,458 vcac: [component="cafe:iaas-proxy" priority="INFO" thread="eventPublisherExecutor-1" tenant=""] com.vmware.vcac.core.eventlog.rest.client.service.ServiceEventPublisher.run:1
12 - Event to be published: [eventType: EXCEPTION, userName: rynardts@spiesr.com, tenantId: vsphere.local, targetType: IaasApiException, targetId: https://vcaciaas.spiesr.com/WAPI/, description: E
xception thrown for IaaS endpoint: https://vcaciaas.spiesr.com/WAPI/ - Error Message: java.security.cert.CertificateException: Untrusted certificate chain.]
2015-03-19 23:51:15,530 vcac: [component="cafe:catalog" priority="ERROR" thread="tomcat-http--91" tenant="vsphere.local"] com.vmware.vcac.platform.rest.client.error.ResponseErrorHandler.handleError
:55 - [Rest Error]: {Status code: 502}, {Error code: 10107} , {Error Source: null}, {Error Msg: You cannot perform that action because the system cannot connect to the provider at https://vcaciaas.
spiesr.com/WAPI/.}, {System Msg: Provider service is not available or in error state.}
This was caused by (you guessed it) a change in the IaaS IIS SSL certificate. To fix this issue, register the endpoint again. Run the following commands with administrator rights on cmd.exe (elevated prompt). The fix and related commands were found at http://pubs.vmware.com/vra-62/topic/com.vmware.vra.install.doc/GUID-91B9E89E-206B-4B1C-983D-D58A1CEDA7B4.html
1. Navigate to the Cafe directory on the IaaS machine that has an updated certificate.
C:\Program Files (x86)\VMware\vCAC\Server\Model Manager Data\Cafe
2. Register the endpoint address for the UI using a command of this form:
Vcac-Config.exe RegisterEndpoint --EndpointAddress https://<IaaS UI server hostname> or <lbhostname>/<IaaS UI application path> --Endpoint ui -v For example: Vcac-Config.exe RegisterEndpoint --EndpointAddress https://192.168.1.1/vcac/ --Endpoint ui -v
3. Register the endpoint address for the Model Manager Web server using a command of this form:
Vcac-Config.exe RegisterEndpoint --EndpointAddress https://<Model Manager Web server hostname> or <lbhostname>/<Model Manager Web application path> --Endpoint repo -v For example: Vcac-Config.exe RegisterEndpoint --EndpointAddress https://192.168.1.1/Repository --Endpoint repo -v
4. Register the endpoint address for the WAPI server using a command of this form:
Vcac-Config.exe RegisterEndpoint --EndpointAddress https://<IaaS WAPI server hostname> or <lbhostname>/<IaaS WAPI application path>/ --Endpoint wapi -v For example: Vcac-Config.exe RegisterEndpoint --EndpointAddress https://192.168.1.1/WAPI --Endpoint wapi -v
5. Register the address for the status endpoint using a command of this form:
Vcac-Config.exe RegisterEndpoint --EndpointAddress https://<IaaS WAPI server hostname> or <lbhostname>/<IaaS WAPI application path>/api/status --Endpoint status -v For example: Vcac-Config.exe RegisterEndpoint --EndpointAddress https://192.168.1.1/WAPI/api/status --Endpoint status -v
6. Restart each vRealize Appliance server by using the following Windows commands:
sc stop "VMware vCloud Automation Center Service" sc start "VMware vCloud Automation Center Service"
Wait approximately 15 minutes for the services to restart.
These are the main issues that I've encountered. As things progress, I'll add more issues here if need be.