Part 9: vRA 7.5 fixing installation errors and configuration issues

In this post will cover the issues and the fixes which we might face during the vRA installation and configuration. I know this is not a exhaustive list as of now, but i will keep updating it. if you face any errors during your installation leave a comment so that i can help.

Please find the links for all the posts in this series below.

  1. Introduction and Design : Installing and Configuring vRealize Automation (vRA) 7.5
  2. Part 1: Deploying vRealize Automation (vRA) 7.5 Appliance
  3. Part 2: Installing SQL for vRealize Automation (vRA) 7.5
  4. Part 3: vRealize Automation (vRA) 7.5 Installation and IIS server Configuration
  5. Part 4: vRA 7.5 Initial Configuration of Default tenant and AD Directory Sync
  6. Part 5: vRA 7.5 Sub tenant Creation and Branding
  7. Part 6: vRA 7.5 Custom Groups, End points and Reservation Configuration
  8. Part 7: vRA 7.5 Infrastructure and XaaS Blue Prints Creation
  9. Part 8: vRA 7.5 Approvals, Catalog Management and Testing Blue Prints
  10. Part 9: vRA 7.5 fixing installation errors and configuration issues

Please click on the left side social share icons to share this post if you feel its useful to others.

 

Issue 1: while configuring vra in Part 3 , keep getting logon screen

While configuring VRA appliance particularly during part3 if you are getting login again prompt repeatedly or getting session timed out follow below.

Fix 1: Increase timeout for VRA appliance to fix logon screen popup

Configure the session timeout setting on the vRealize Automation appliance in accordance with your company security policy.

The vRealize Automation appliance default session timeout on user inactivity is 30 minutes. To adjust this time out value to conform to your organization’s security policy, edit the web.xml file on your vRealize Automation appliance host machine.

Procedure

  1. Login to vRA appliance console as root
  2. Open the/usr/lib/vcac/server/webapps/vcac/WEB-INF/web.xml file in a text editor.
    ex: vi /usr/lib/vcac/server/webapps/vcac/WEB-INF/web.xml
  3. Find session-config and set the session-timeout value. See the following code sample. change value in session timeout to something more than 30. Click on i in VI editor to edit , once edited press ESC then :wq to save and exit.
    <!– 30 minutes session expiration time –>
    <session-config>
    <session-timeout>30</session-timeout>
    <tracking-mode>COOKIE</tracking-mode>
    <cookie-config>
    <path>/</path>
    </cookie-config>
    </session-config>
  4. Restart the server by running the following command.
    •  service vcac-server restart
  5. or you can just restart apache services as below
    • /etc/init.d/apache2 stop
    • /etc/init.d/apache2 start

Fix 2: Some times even if VRA appliance root account is working, better reset it.

 

Issue 2: while providing SSO password getting errors in Part 3.

vRealize Automation 7.0.x SSO configuration fails in VAMI page after entering and confirming the SSO administrator password.

You see the error:

nested exception is org.postgresql.util.PSQLException: ERROR: insert or update on table “installation_wizard_params” violates foreign key constraint “installation_wizard_params_pk” Detail: Key (node)=(cafe.node.797715098.13641) is not present in table “cluster_nodes”.

Fix:

1. Log in to the vRealize Automation appliance using root credentials.
Run the command:

/usr/sbin/vcac-config -v -e cluster-config-enable –update-info

Same has been detailed in https://kb.vmware.com/s/article/2145373

 

Issue 3: While configuring vRA its timed out or configuration failed.

During vRA configuration if it is timed out or failed follow below fix.

Fix:

  1. if it is timed out during the configuration part covered in part3 of this series. There are high chances you can re-login and it will continue.
  2. If after relogin if for some reason it not working, try to login to appliance console and check the status there on main screen. If it is showing any errors. Revert appliance and IaaS servers to previous snapshots and continue working.
  3. Increase the session timeout of the VRA appliance using the steps given in Issue 1.

 

Issue 4: Reset vRA appliance root account password if forgot

Please follow below post for the same.

 

Issue 5: While configuring IaaS pre-requisites got errors.

While installing IIS prereqs automatically which is covered in post 3 if for some reasons vra cannot install pre-reqs. below are the detailed steps.

Fix: Follow below table and correct the same in your IaaS server

 

Rule Result Action Required
IIS Server Installed The module is installed. No action needed.
Check that IIS is able to reset Enabled The module is enabled. No action needed.
IIS Server WindowsAuthentication Module Not Installed Add Windows Authentication Module by completing the following steps: Windows 2008 R2 Server: 1. From Server Manager, select Roles. 2. Under Web Server (IIS) role, select Add Role Services. 3. Under Security node, select Windows Authentication module. Windows 2012 Server: 1. Click Manage from the Server Manager and select Add Roles and Features to start the Add Roles and Features Wizard. Then, click on the Server Roles screen. 2. Under Web Server (IIS) role, expand Web Server. 3. Under Security node, select Windows Authentication module.
IIS Server StaticContent Module Installed The module is installed. No action needed.
IIS Server DefaultDocument Module Installed The module is installed. No action needed.
IIS Server ASPNET Module Not Installed Add ASP .NET Module by completing the following steps: Windows 2008 R2 Server: 1. From Server Manager, select Roles. 2. Under Web Server (IIS) role, select Add Role Services. 3. Under Application Development node, select ASP .NET module.

Windows 2012 Server: 1. Click Manage from the Server Manager and select Add Roles and Features to start the Add Roles and Features Wizard. Then, click on the Server Roles screen. 2. Under Web Server (IIS) role, select Web Server. 3. Under Application Development node, select ASP .NET module.

IIS Server ASPNET45 Module Not Installed Add ASP .NET Module by completing the following steps: Windows 2008 R2 Server: 1. From Server Manager, select Roles. 2. Under Web Server (IIS) role, select Add Role Services. 3. Under Application Development node, select ASP .NET 4.5 module. Windows 2012 Server: 1. Click Manage from the Server Manager and select Add Roles and Features to start the Add Roles and Features Wizard. Then, click on the Server Roles screen. 2. Under Web Server (IIS) role, select Web Server. 3. Under Application Development node, select ASP .NET 4.5 module.
IIS Server ISAPIExtensions Module Not Installed Add ISAPI Extensions Module by completing the following steps: Windows 2008 R2 Server: 1. From Server Manager, select Roles. 2. Under Web Server (IIS) role, select Add Role Services. 3. Under Application Development node, select ISAPI Extensions module. Windows 2012 Server: 1. Click Manage from the Server Manager and select Add Roles and Features to start the Add Roles and Features Wizard. Then, click on the Server Roles screen. 2. Under Web Server (IIS) role select Web Server. 3. Under Application Development node, select ISAPI Extensions module.
IIS Server ISAPIFilter Module Not Installed Add ISAPI Filter Module by completing the following steps: Windows 2008 R2 Server: 1. From Server Manager, select Roles. 2. Under Web Server (IIS) role, select Add Role Services. 3. Under Application Development node, select ISAPI Filter module. Windows 2012 Server: 1. Click Manage from the Server Manager and select Add Roles and Features to start the Add Roles and Features Wizard. Then, click on the Server Roles screen. 2. Under Web Server (IIS) role select Web Server. 3. Under Application Development node, select ISAPI Filter module.
IIS Server WindowsAuthentication Status Disabled You must have administrative privileges to change IIS settings in the Internet Information Services (IIS) Manager or the Server Manager. Enable the Windows Authentication Module: 1. Open Internet Information Services (IIS) Manager. 2. In the Connections panel, expand the localhost node. 3. Expand Sites. 4. Click the website to modify. 5. Scroll to IIS in the web site panel and double-click Authentication. 6. Right-click Windows Authentication and select Enable. 7. Restart IIS. Note: You might need to repeat step 6 to make the change in the IIS application host configuration file.
IIS Server WindowsAuthentication Negotiate Provider Disabled You must have administrative privileges to change IIS settings in the Internet Information Services (IIS) Manager or the Server Manager. Enable the Windows Authentication Negotiate provider: 1. Open Internet Information Services (IIS) Manager. 2. In the Connections panel, expand the localhost node. 3. Expand Sites. 4. Click the website to modify. 5. Scroll to IIS in the web site panel and double-click Authentication. 6. Click Windows Authentication. 7. In the Actions panel, click Providers. 8. If Negotiate appears in the list of Enabled Providers (inherited from the root node), select it and click Remove. Note: If Negotiate is inherited from the root node, you must remove it and replace it to ensure that it is included in the Default Web Site’s application host configuration file. 9. Select Negotiate from the Available Providers pull-down list and click Add. 10. Click OK. 11. Restart IIS.
IIS Server WindowsAuthentication NTLM Provider Disabled You must have administrative privileges to change IIS settings in the Internet Information Services (IIS) Manager or the Server Manager. Enable the Windows Authentication NTLM provider: 1. Open Internet Information Services (IIS) Manager. 2. In the Connections panel, expand the localhost node. 3. Expand Sites. 4. Click the website to modify. 5. Scroll to IIS in the web site panel and double-click Authentication. 6. Click Windows Authentication. 7. In the Actions panel, click Providers. 8. If NTLM appears in the list of Enabled Providers (inherited from the root node), select it and click Remove. Note: If NTLM is inherited from the root node, you must remove it and replace it to include it in the Default Web Site’s application host configuration file. 9. Select NTLM from the Available Providers pull-down list and click Add. 10. Click OK. 11. Restart IIS.
IIS Server WindowsAuthentication Extended Protection Enabled You must have administrative privileges to change IIS settings in the Internet Information Services (IIS) Manager or the Server Manager. Disable Windows Authentication extended protection: 1. Open Internet Information Services (IIS) Manager. 2. In the Connections panel, expand the localhost node. 3. Expand Sites. 4. Click the website to modify. 5. Scroll to IIS in the web site panel and double-click Authentication. 6. Click Windows Authentication. 7. In the Actions panel, click Advanced Settings. 8. Select Off from the Extended Protection drop-down menu and click OK.
IIS Server WindowsAuthentication Kernel Mode Disabled You must have administrative privileges to change IIS settings in the Internet Information Services (IIS) Manager or the Server Manager. Enable Windows Authentication Kernel Mode: 1. Open Internet Information Services (IIS) Manager. 2. In the Connections panel, expand the localhost node. 3. Expand Sites. 4. Click the website to modify. 5. Scroll to IIS in the web site panel and double-click Authentication. 6. Click Windows Authentication. 7. In the Actions panel, click Advanced Settings. 8. Select Enable Kernel-mode authentication and click OK.
IIS Server AnonymousAuthentication Status Enabled You must have administrative privileges to change IIS settings in the Internet Information Services (IIS) Manager or the Server Manager. Disable the Anonymous Authentication Module: Windows 2008 R2 Server: 1. In the Server Manager, expand Roles. 2. Expand the Web Server (IIS) role. 3. Click Internet Information Services (IIS) Manager. 4. In the Connections panel, expand the localhost node. 5. Expand Sites. 6. Click the website to modify. 7. Scroll to IIS in the web site panel and double-click Authentication. 8. Right-click Anonymous Authentication and select Disable. 9. Restart IIS. Windows 2012 Server: 1. Open the Server Manager. 2. Click on Tools. 3. Click Internet Information Services (IIS) Manager. 4. In the Connections panel, expand the localhost node. 5. Expand Sites. 6. Click the website to modify. 7. Scroll to IIS in the web site panel and double-click Authentication. 8. Right-click Anonymous Authentication and select Disable. 9. Restart IIS. Note: You might need to repeat step 8 to make the change in the IIS application host configuration file.
Minimum Memory Requirement Resource requirement met Sufficient amount of RAM present. No action needed.
IIS Server Web-based Distributed Authoring and Versioning Disabled The module is disabled. No action needed.
Minimum Processor Requirement Resource requirement met Processor meets minimum hardware requirements. No action needed.
Check that the current user profile is not temporary Profile is OK The user profile is not temporary. No action needed.
Federal Information Processing Standards (FIPS) Disabled Federal Information Processing Standards is disabled. No action needed.
Windows Process Activation Service/Application Services ConfigurationApi Role Not Installed Add Configuration API Feature by completing the following steps: Windows 2008 R2 Server: 1. From Server Manager, select Features > Add Features. 2. Under Windows Process Activation Service node, select Configuration APIs feature.

Windows 2012 Server: 1. Click Manage from the Server Manager and select Add Roles and Features to start the Add Roles and Features Wizard. Then, click on the Features screen. 2. Under Windows Process Activation Service node, select Configuration APIs feature.

Windows Process Activation Service/Application Services NetEnvironment Role Not Installed Add .NET Environment Feature by completing the following steps: Windows 2008 R2 Server: 1. From Server Manager, select Features >Add Features. 2. Under Windows Process Activation Service node, select .NET Environment feature.

Windows 2012 Server: 1.Click Manage from the Server Manager and select Add Roles and Features to start the Add Roles and Features Wizard. Then, click on the Features screen. 2. Under Windows Process Activation Service node, select .NET Environment feature.

Windows Process Activation Service/Application Services ProcessModel Role Not Installed Add Process Model Feature by completing the following steps: Windows 2008 R2 Server: 1. From Server Manager, select Features > Add Features. 2. Under Windows Process Activation Service node, select Process Model feature.

Windows 2012 Server: 1. Click Manage from the Server Manager and select Add Roles and Features to start the Add Roles and Features Wizard. Then, click on the Features screen. 2. Under Windows Process Activation Service node, select Process Model feature.

Windows Process Activation Service/Application Services HttpActivation Role Not Installed Add HTTP Activation Feature by completing the following steps: Windows 2008 R2 Server: 1. From Server Manager, select Features then Add Features. 2. Under “.NET Framework 3.5.1 Feature” node select sub-node “WCF Activation” then select HTTP Activation feature.

Windows 2012 Server: 1. From Server Manager, click Manage and select Add Roles and Features and click Next. 2. Under Features, expand .NET Framework 4.5 Features node. 3. Expand WCF Services node. 4. Select HTTP Activation.

Windows Process Activation Service/Application Services NonHttpActivation Role Not Installed Add Non-HTTP Activation Feature by completing the following steps: Windows 2008 R2 Server: 1. From Server Manager, select Features > Add Features. 2. Under .NET Framework 3.5.1 Feature node, select sub-node WCF Activation. 3. Select Non-HTTP Activation feature.

Windows 2012 Server: 1. From Server Manager, click Manage and then select Add Roles and Features to start the Add Roles and Features Wizard. Then, click on Features screen. 2. Under .NET Framework 3.5 Feature node, select Non-HTTP Activation feature.

Microsoft Windows Firewall Off Windows Firewall is off. No action needed.
Microsoft Distributed Transaction Coordinator Service Incorrect Setting The service is running but the MSDTC settings are not correct. Configure the MSDTC on your local and remote machines: 1. Open Administrative Tools from the Start menu and select Component Services. 2. Expand Component Services, Computers, My Computer, and Distributed Transaction Coordinator. 3. For Local Standalone DTC right-click Local DTC and select Properties. For Clustered DTC expand Clustered DTCs and right-click on the named clustered DTC and select Properties. 4. Open the Security tab. 5. Select Network DTC Access, Allow Remote Clients, Allow Inbound, Allow Outbound, and Mutual Authentication Required. 6. Click OK. Even with Distributed Transaction Coordinator enabled, the distributed transaction might fail if the firewall is turned on.
Authentication loopback check Enabled Authentication Loopback check is enabled. It must be disabled in order to install Model Manager successfully. 1. Click Start, click Run, type regedit, and then click OK. 2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa 3. If there is no entry called “DisableLoopbackCheck”: 3.1. Right-click Lsa, point to New, and then click DWORD Value. 3.2. Type DisableLoopbackCheck, and then press ENTER. 4. Right-click DisableLoopbackCheck, and then click Modify. 5. In the Value data box, type 1, and then click OK. 6. Exit Registry Editor. 7. Restart the computer.
Check that IIS ASP.NET Impersonation Authentication is disabled Disabled The module is disabled. No action needed.
Check that IIS Session State is configured correctly Enabled The module is enabled. No action needed.
Windows PowerShell Version 3.0 Installed The module is installed. No action needed.
Check that TLS 1.2 is enabled Disabled TLS 1.2 is not enabled. It must be enabled in order to IaaS web components to communicate with the vRA server. 1. Click Start, click Run, type regedit, and then click OK. 2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\ 3. If there is no subkey named “TLS 1.2” under “Protocols” – create it. 4. If there is no subkey named “Client” under “TLS 1.2” – create it. 5. If there is no entry called “DisabledByDefault” in “Client” subkey: 5.1. Right-click Client, point to New, and then click DWORD Value. 5.2. Type “DisabledByDefault”, and then press ENTER. 5.3. Right-click “DisabledByDefault”, and then click Modify. 5.4. In the Value data box, type 0, and then click OK. 6. If there is no entry called “Enabled” in “Client” subkey: 6.1. Right-click Client, point to New, and then click DWORD Value. 6.2. Type “Enabled”, and then press ENTER. 6.3. Right-click “Enabled”, and then click Modify. 6.4. In the Value data box, type 1, and then click OK. 7. Exit Registry Editor. 8. Restart the computer.
Check that strong cryptography is enabled for .NET applications Disabled Enable TLS 1.1 or later for .NET applications with version 4 and above. 1. Click Start, click Run, type regedit, and then click OK. 2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 3. If there is no subkey named “SchUseStrongCrypto” – create it. 3.1 Right-click on “v4.0.30319” folder, point to New, and then click DWORD Value. 3.2 Type “SchUseStrongCrypto” and press ENTER. 4. Right-click “SchUseStrongCrypto” and then click Modify 5. In the Value data box, type 1 and then click OK. 6. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319 7. If there is no subkey named “SchUseStrongCrypto” – create it. 8.1 Right-click on “v4.0.30319” folder, point to New, and then click DWORD Value. 8.2 Type “SchUseStrongCrypto” and press ENTER. 9. Right-click “SchUseStrongCrypto” and then click Modify 10. In the Value data box, type 1 and then click OK. 11. Exit Registry Editor.
Check that System default TLS version is enabled for .NET applications Disabled Enable System default TLS version for .NET applications with version 4 and above. 1. Click Start, click Run, type regedit, and then click OK. 2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 3. If there is no subkey named “SystemDefaultTlsVersions” – create it. 3.1 Right-click on “v4.0.30319” folder, point to New, and then click DWORD Value. 3.2 Type “SystemDefaultTlsVersions” and press ENTER. 4. Right-click “SystemDefaultTlsVersions” and then click Modify 5. In the Value data box, type 1 and then click OK. 6. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319 7. If there is no subkey named “SystemDefaultTlsVersions” – create it. 8.1 Right-click on “v4.0.30319” folder, point to New, and then click DWORD Value. 8.2 Type “SystemDefaultTlsVersions” and press ENTER. 9. Right-click “SystemDefaultTlsVersions” and then click Modify 10. In the Value data box, type 1 and then click OK. 11. Exit Registry Editor.
Check that Group Policy enable PowerShell script execution Enabled PowerShell script execution policy is enabled.
Java 1.8 update 181(64-bit) status Not Installed Java version 1.8 update 181 or higher (64-bit) must be installed, the environment variable JAVA_HOME must be set to the Java install folder, and %JAVA_HOME%\bin\java.exe must exist.
Check if reboot is pending Not Pending No reboot is pending.
Secondary Logon Service Not Running The Secondary Logon service is not running. This service is required, and must be running, during installation. Open the Control Panel > Administrative Tools page and start the Secondary Logon service. You can stop the service after installation is finished.
DEM Agent MSI Installer Present MSI Installer files are present. No action needed.

 

Please find the links for all the posts in this series below. Click on the link below for the next post in this series.

  1. Introduction and Design : Installing and Configuring vRealize Automation (vRA) 7.5
  2. Part 1: Deploying vRealize Automation (vRA) 7.5 Appliance
  3. Part 2: Installing SQL for vRealize Automation (vRA) 7.5
  4. Part 3: vRealize Automation (vRA) 7.5 Installation and IIS server Configuration
  5. Part 4: vRA 7.5 Initial Configuration of Default tenant and AD Directory Sync
  6. Part 5: vRA 7.5 Sub tenant Creation and Branding
  7. Part 6: vRA 7.5 Custom Groups, End points and Reservation Configuration
  8. Part 7: vRA 7.5 Infrastructure and XaaS Blue Prints Creation
  9. Part 8: vRA 7.5 Approvals, Catalog Management and Testing Blue Prints
  10. Part 9: vRA 7.5 fixing installation errors and configuration issues

Please click on the left side social share icons to share this post if you feel its useful to others.

Hope this post is useful, please leave your comments below.

 

Siva Sankar

Siva Sankar works as Solution Architect in Abu Dhabi with primary focus on SDDC, Automation,Network Virtualization, Digital Workspace, VDI, HCI and Virtualization products from VMWare, Citrix and Microsoft.

Leave a Reply

Your email address will not be published. Required fields are marked *

Show Buttons
Hide Buttons