Part 9: vRA 7.5 fixing installation errors and configuration issues
In this post will cover the issues and the fixes which we might face during the vRA installation and configuration. I know this is not a exhaustive list as of now, but i will keep updating it. if you face any errors during your installation leave a comment so that i can help.
Please find the links for all the posts in this series below.
- Introduction and Design : Installing and Configuring vRealize Automation (vRA) 7.5
- Part 1: Deploying vRealize Automation (vRA) 7.5 Appliance
- Part 2: Installing SQL for vRealize Automation (vRA) 7.5
- Part 3: vRealize Automation (vRA) 7.5 Installation and IIS server Configuration
- Part 4: vRA 7.5 Initial Configuration of Default tenant and AD Directory Sync
- Part 5: vRA 7.5 Sub tenant Creation and Branding
- Part 6: vRA 7.5 Custom Groups, End points and Reservation Configuration
- Part 7: vRA 7.5 Infrastructure and XaaS Blue Prints Creation
- Part 8: vRA 7.5 Approvals, Catalog Management and Testing Blue Prints
- Part 9: vRA 7.5 fixing installation errors and configuration issues
Please click on the left side social share icons to share this post if you feel its useful to others.
Contents of the Post
Issue 1: while configuring vra in Part 3 , keep getting logon screen
While configuring VRA appliance particularly during part3 if you are getting login again prompt repeatedly or getting session timed out follow below.
Fix 1: Increase timeout for VRA appliance to fix logon screen popup
Configure the session timeout setting on the vRealize Automation appliance in accordance with your company security policy.
The vRealize Automation appliance default session timeout on user inactivity is 30 minutes. To adjust this time out value to conform to your organization’s security policy, edit the web.xml file on your vRealize Automation appliance host machine.
Procedure
- Login to vRA appliance console as root
- Open the/usr/lib/vcac/server/webapps/vcac/WEB-INF/web.xml file in a text editor.
ex: vi /usr/lib/vcac/server/webapps/vcac/WEB-INF/web.xml - Find session-config and set the session-timeout value. See the following code sample. change value in session timeout to something more than 30. Click on i in VI editor to edit , once edited press ESC then :wq to save and exit.
<!– 30 minutes session expiration time –>
<session-config>
<session-timeout>30</session-timeout>
<tracking-mode>COOKIE</tracking-mode>
<cookie-config>
<path>/</path>
</cookie-config>
</session-config> - Restart the server by running the following command.
- service vcac-server restart
- or you can just restart apache services as below
Fix 2: Some times even if VRA appliance root account is working, better reset it.
Issue 2: while providing SSO password getting errors in Part 3.
vRealize Automation 7.0.x SSO configuration fails in VAMI page after entering and confirming the SSO administrator password.
You see the error:
nested exception is org.postgresql.util.PSQLException: ERROR: insert or update on table “installation_wizard_params” violates foreign key constraint “installation_wizard_params_pk” Detail: Key (node)=(cafe.node.797715098.13641) is not present in table “cluster_nodes”.
Fix:
1. Log in to the vRealize Automation appliance using root credentials.
Run the command:
/usr/sbin/vcac-config -v -e cluster-config-enable –update-info
Same has been detailed in https://kb.vmware.com/s/article/2145373
Issue 3: While configuring vRA its timed out or configuration failed.
During vRA configuration if it is timed out or failed follow below fix.
Fix:
- if it is timed out during the configuration part covered in part3 of this series. There are high chances you can re-login and it will continue.
- If after relogin if for some reason it not working, try to login to appliance console and check the status there on main screen. If it is showing any errors. Revert appliance and IaaS servers to previous snapshots and continue working.
- Increase the session timeout of the VRA appliance using the steps given in Issue 1.
Issue 4: Reset vRA appliance root account password if forgot
Please follow below post for the same.
Issue 5: While configuring IaaS pre-requisites got errors.
While installing IIS prereqs automatically which is covered in post 3 if for some reasons vra cannot install pre-reqs. below are the detailed steps.
Fix: Follow below table and correct the same in your IaaS server
Rule | Result | Action Required |
IIS Server | Installed | The module is installed. No action needed. |
Check that IIS is able to reset | Enabled | The module is enabled. No action needed. |
IIS Server WindowsAuthentication Module | Not Installed | Add Windows Authentication Module by completing the following steps: Windows 2008 R2 Server: 1. From Server Manager, select Roles. 2. Under Web Server (IIS) role, select Add Role Services. 3. Under Security node, select Windows Authentication module. Windows 2012 Server: 1. Click Manage from the Server Manager and select Add Roles and Features to start the Add Roles and Features Wizard. Then, click on the Server Roles screen. 2. Under Web Server (IIS) role, expand Web Server. 3. Under Security node, select Windows Authentication module. |
IIS Server StaticContent Module | Installed | The module is installed. No action needed. |
IIS Server DefaultDocument Module | Installed | The module is installed. No action needed. |
IIS Server ASPNET Module | Not Installed | Add ASP .NET Module by completing the following steps: Windows 2008 R2 Server: 1. From Server Manager, select Roles. 2. Under Web Server (IIS) role, select Add Role Services. 3. Under Application Development node, select ASP .NET module.
Windows 2012 Server: 1. Click Manage from the Server Manager and select Add Roles and Features to start the Add Roles and Features Wizard. Then, click on the Server Roles screen. 2. Under Web Server (IIS) role, select Web Server. 3. Under Application Development node, select ASP .NET module. |
IIS Server ASPNET45 Module | Not Installed | Add ASP .NET Module by completing the following steps: Windows 2008 R2 Server: 1. From Server Manager, select Roles. 2. Under Web Server (IIS) role, select Add Role Services. 3. Under Application Development node, select ASP .NET 4.5 module. Windows 2012 Server: 1. Click Manage from the Server Manager and select Add Roles and Features to start the Add Roles and Features Wizard. Then, click on the Server Roles screen. 2. Under Web Server (IIS) role, select Web Server. 3. Under Application Development node, select ASP .NET 4.5 module. |
IIS Server ISAPIExtensions Module | Not Installed | Add ISAPI Extensions Module by completing the following steps: Windows 2008 R2 Server: 1. From Server Manager, select Roles. 2. Under Web Server (IIS) role, select Add Role Services. 3. Under Application Development node, select ISAPI Extensions module. Windows 2012 Server: 1. Click Manage from the Server Manager and select Add Roles and Features to start the Add Roles and Features Wizard. Then, click on the Server Roles screen. 2. Under Web Server (IIS) role select Web Server. 3. Under Application Development node, select ISAPI Extensions module. |
IIS Server ISAPIFilter Module | Not Installed | Add ISAPI Filter Module by completing the following steps: Windows 2008 R2 Server: 1. From Server Manager, select Roles. 2. Under Web Server (IIS) role, select Add Role Services. 3. Under Application Development node, select ISAPI Filter module. Windows 2012 Server: 1. Click Manage from the Server Manager and select Add Roles and Features to start the Add Roles and Features Wizard. Then, click on the Server Roles screen. 2. Under Web Server (IIS) role select Web Server. 3. Under Application Development node, select ISAPI Filter module. |
IIS Server WindowsAuthentication Status | Disabled | You must have administrative privileges to change IIS settings in the Internet Information Services (IIS) Manager or the Server Manager. Enable the Windows Authentication Module: 1. Open Internet Information Services (IIS) Manager. 2. In the Connections panel, expand the localhost node. 3. Expand Sites. 4. Click the website to modify. 5. Scroll to IIS in the web site panel and double-click Authentication. 6. Right-click Windows Authentication and select Enable. 7. Restart IIS. Note: You might need to repeat step 6 to make the change in the IIS application host configuration file. |
IIS Server WindowsAuthentication Negotiate Provider | Disabled | You must have administrative privileges to change IIS settings in the Internet Information Services (IIS) Manager or the Server Manager. Enable the Windows Authentication Negotiate provider: 1. Open Internet Information Services (IIS) Manager. 2. In the Connections panel, expand the localhost node. 3. Expand Sites. 4. Click the website to modify. 5. Scroll to IIS in the web site panel and double-click Authentication. 6. Click Windows Authentication. 7. In the Actions panel, click Providers. 8. If Negotiate appears in the list of Enabled Providers (inherited from the root node), select it and click Remove. Note: If Negotiate is inherited from the root node, you must remove it and replace it to ensure that it is included in the Default Web Site’s application host configuration file. 9. Select Negotiate from the Available Providers pull-down list and click Add. 10. Click OK. 11. Restart IIS. |
IIS Server WindowsAuthentication NTLM Provider | Disabled | You must have administrative privileges to change IIS settings in the Internet Information Services (IIS) Manager or the Server Manager. Enable the Windows Authentication NTLM provider: 1. Open Internet Information Services (IIS) Manager. 2. In the Connections panel, expand the localhost node. 3. Expand Sites. 4. Click the website to modify. 5. Scroll to IIS in the web site panel and double-click Authentication. 6. Click Windows Authentication. 7. In the Actions panel, click Providers. 8. If NTLM appears in the list of Enabled Providers (inherited from the root node), select it and click Remove. Note: If NTLM is inherited from the root node, you must remove it and replace it to include it in the Default Web Site’s application host configuration file. 9. Select NTLM from the Available Providers pull-down list and click Add. 10. Click OK. 11. Restart IIS. |
IIS Server WindowsAuthentication Extended Protection | Enabled | You must have administrative privileges to change IIS settings in the Internet Information Services (IIS) Manager or the Server Manager. Disable Windows Authentication extended protection: 1. Open Internet Information Services (IIS) Manager. 2. In the Connections panel, expand the localhost node. 3. Expand Sites. 4. Click the website to modify. 5. Scroll to IIS in the web site panel and double-click Authentication. 6. Click Windows Authentication. 7. In the Actions panel, click Advanced Settings. 8. Select Off from the Extended Protection drop-down menu and click OK. |
IIS Server WindowsAuthentication Kernel Mode | Disabled | You must have administrative privileges to change IIS settings in the Internet Information Services (IIS) Manager or the Server Manager. Enable Windows Authentication Kernel Mode: 1. Open Internet Information Services (IIS) Manager. 2. In the Connections panel, expand the localhost node. 3. Expand Sites. 4. Click the website to modify. 5. Scroll to IIS in the web site panel and double-click Authentication. 6. Click Windows Authentication. 7. In the Actions panel, click Advanced Settings. 8. Select Enable Kernel-mode authentication and click OK. |
IIS Server AnonymousAuthentication Status | Enabled | You must have administrative privileges to change IIS settings in the Internet Information Services (IIS) Manager or the Server Manager. Disable the Anonymous Authentication Module: Windows 2008 R2 Server: 1. In the Server Manager, expand Roles. 2. Expand the Web Server (IIS) role. 3. Click Internet Information Services (IIS) Manager. 4. In the Connections panel, expand the localhost node. 5. Expand Sites. 6. Click the website to modify. 7. Scroll to IIS in the web site panel and double-click Authentication. 8. Right-click Anonymous Authentication and select Disable. 9. Restart IIS. Windows 2012 Server: 1. Open the Server Manager. 2. Click on Tools. 3. Click Internet Information Services (IIS) Manager. 4. In the Connections panel, expand the localhost node. 5. Expand Sites. 6. Click the website to modify. 7. Scroll to IIS in the web site panel and double-click Authentication. 8. Right-click Anonymous Authentication and select Disable. 9. Restart IIS. Note: You might need to repeat step 8 to make the change in the IIS application host configuration file. |
Minimum Memory Requirement | Resource requirement met | Sufficient amount of RAM present. No action needed. |
IIS Server Web-based Distributed Authoring and Versioning | Disabled | The module is disabled. No action needed. |
Minimum Processor Requirement | Resource requirement met | Processor meets minimum hardware requirements. No action needed. |
Check that the current user profile is not temporary | Profile is OK | The user profile is not temporary. No action needed. |
Federal Information Processing Standards (FIPS) | Disabled | Federal Information Processing Standards is disabled. No action needed. |
Windows Process Activation Service/Application Services ConfigurationApi Role | Not Installed | Add Configuration API Feature by completing the following steps: Windows 2008 R2 Server: 1. From Server Manager, select Features > Add Features. 2. Under Windows Process Activation Service node, select Configuration APIs feature.
Windows 2012 Server: 1. Click Manage from the Server Manager and select Add Roles and Features to start the Add Roles and Features Wizard. Then, click on the Features screen. 2. Under Windows Process Activation Service node, select Configuration APIs feature. |
Windows Process Activation Service/Application Services NetEnvironment Role | Not Installed | Add .NET Environment Feature by completing the following steps: Windows 2008 R2 Server: 1. From Server Manager, select Features >Add Features. 2. Under Windows Process Activation Service node, select .NET Environment feature.
Windows 2012 Server: 1.Click Manage from the Server Manager and select Add Roles and Features to start the Add Roles and Features Wizard. Then, click on the Features screen. 2. Under Windows Process Activation Service node, select .NET Environment feature. |
Windows Process Activation Service/Application Services ProcessModel Role | Not Installed | Add Process Model Feature by completing the following steps: Windows 2008 R2 Server: 1. From Server Manager, select Features > Add Features. 2. Under Windows Process Activation Service node, select Process Model feature.
Windows 2012 Server: 1. Click Manage from the Server Manager and select Add Roles and Features to start the Add Roles and Features Wizard. Then, click on the Features screen. 2. Under Windows Process Activation Service node, select Process Model feature. |
Windows Process Activation Service/Application Services HttpActivation Role | Not Installed | Add HTTP Activation Feature by completing the following steps: Windows 2008 R2 Server: 1. From Server Manager, select Features then Add Features. 2. Under “.NET Framework 3.5.1 Feature” node select sub-node “WCF Activation” then select HTTP Activation feature.
Windows 2012 Server: 1. From Server Manager, click Manage and select Add Roles and Features and click Next. 2. Under Features, expand .NET Framework 4.5 Features node. 3. Expand WCF Services node. 4. Select HTTP Activation. |
Windows Process Activation Service/Application Services NonHttpActivation Role | Not Installed | Add Non-HTTP Activation Feature by completing the following steps: Windows 2008 R2 Server: 1. From Server Manager, select Features > Add Features. 2. Under .NET Framework 3.5.1 Feature node, select sub-node WCF Activation. 3. Select Non-HTTP Activation feature.
Windows 2012 Server: 1. From Server Manager, click Manage and then select Add Roles and Features to start the Add Roles and Features Wizard. Then, click on Features screen. 2. Under .NET Framework 3.5 Feature node, select Non-HTTP Activation feature. |
Microsoft Windows Firewall | Off | Windows Firewall is off. No action needed. |
Microsoft Distributed Transaction Coordinator Service | Incorrect Setting | The service is running but the MSDTC settings are not correct. Configure the MSDTC on your local and remote machines: 1. Open Administrative Tools from the Start menu and select Component Services. 2. Expand Component Services, Computers, My Computer, and Distributed Transaction Coordinator. 3. For Local Standalone DTC right-click Local DTC and select Properties. For Clustered DTC expand Clustered DTCs and right-click on the named clustered DTC and select Properties. 4. Open the Security tab. 5. Select Network DTC Access, Allow Remote Clients, Allow Inbound, Allow Outbound, and Mutual Authentication Required. 6. Click OK. Even with Distributed Transaction Coordinator enabled, the distributed transaction might fail if the firewall is turned on. |
Authentication loopback check | Enabled | Authentication Loopback check is enabled. It must be disabled in order to install Model Manager successfully. 1. Click Start, click Run, type regedit, and then click OK. 2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa 3. If there is no entry called “DisableLoopbackCheck”: 3.1. Right-click Lsa, point to New, and then click DWORD Value. 3.2. Type DisableLoopbackCheck, and then press ENTER. 4. Right-click DisableLoopbackCheck, and then click Modify. 5. In the Value data box, type 1, and then click OK. 6. Exit Registry Editor. 7. Restart the computer. |
Check that IIS ASP.NET Impersonation Authentication is disabled | Disabled | The module is disabled. No action needed. |
Check that IIS Session State is configured correctly | Enabled | The module is enabled. No action needed. |
Windows PowerShell Version 3.0 | Installed | The module is installed. No action needed. |
Check that TLS 1.2 is enabled | Disabled | TLS 1.2 is not enabled. It must be enabled in order to IaaS web components to communicate with the vRA server. 1. Click Start, click Run, type regedit, and then click OK. 2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\ 3. If there is no subkey named “TLS 1.2” under “Protocols” – create it. 4. If there is no subkey named “Client” under “TLS 1.2” – create it. 5. If there is no entry called “DisabledByDefault” in “Client” subkey: 5.1. Right-click Client, point to New, and then click DWORD Value. 5.2. Type “DisabledByDefault”, and then press ENTER. 5.3. Right-click “DisabledByDefault”, and then click Modify. 5.4. In the Value data box, type 0, and then click OK. 6. If there is no entry called “Enabled” in “Client” subkey: 6.1. Right-click Client, point to New, and then click DWORD Value. 6.2. Type “Enabled”, and then press ENTER. 6.3. Right-click “Enabled”, and then click Modify. 6.4. In the Value data box, type 1, and then click OK. 7. Exit Registry Editor. 8. Restart the computer. |
Check that strong cryptography is enabled for .NET applications | Disabled | Enable TLS 1.1 or later for .NET applications with version 4 and above. 1. Click Start, click Run, type regedit, and then click OK. 2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 3. If there is no subkey named “SchUseStrongCrypto” – create it. 3.1 Right-click on “v4.0.30319” folder, point to New, and then click DWORD Value. 3.2 Type “SchUseStrongCrypto” and press ENTER. 4. Right-click “SchUseStrongCrypto” and then click Modify 5. In the Value data box, type 1 and then click OK. 6. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319 7. If there is no subkey named “SchUseStrongCrypto” – create it. 8.1 Right-click on “v4.0.30319” folder, point to New, and then click DWORD Value. 8.2 Type “SchUseStrongCrypto” and press ENTER. 9. Right-click “SchUseStrongCrypto” and then click Modify 10. In the Value data box, type 1 and then click OK. 11. Exit Registry Editor. |
Check that System default TLS version is enabled for .NET applications | Disabled | Enable System default TLS version for .NET applications with version 4 and above. 1. Click Start, click Run, type regedit, and then click OK. 2. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319 3. If there is no subkey named “SystemDefaultTlsVersions” – create it. 3.1 Right-click on “v4.0.30319” folder, point to New, and then click DWORD Value. 3.2 Type “SystemDefaultTlsVersions” and press ENTER. 4. Right-click “SystemDefaultTlsVersions” and then click Modify 5. In the Value data box, type 1 and then click OK. 6. Locate and then click the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v4.0.30319 7. If there is no subkey named “SystemDefaultTlsVersions” – create it. 8.1 Right-click on “v4.0.30319” folder, point to New, and then click DWORD Value. 8.2 Type “SystemDefaultTlsVersions” and press ENTER. 9. Right-click “SystemDefaultTlsVersions” and then click Modify 10. In the Value data box, type 1 and then click OK. 11. Exit Registry Editor. |
Check that Group Policy enable PowerShell script execution | Enabled | PowerShell script execution policy is enabled. |
Java 1.8 update 181(64-bit) status | Not Installed | Java version 1.8 update 181 or higher (64-bit) must be installed, the environment variable JAVA_HOME must be set to the Java install folder, and %JAVA_HOME%\bin\java.exe must exist. |
Check if reboot is pending | Not Pending | No reboot is pending. |
Secondary Logon Service | Not Running | The Secondary Logon service is not running. This service is required, and must be running, during installation. Open the Control Panel > Administrative Tools page and start the Secondary Logon service. You can stop the service after installation is finished. |
DEM Agent MSI Installer | Present | MSI Installer files are present. No action needed. |
Please find the links for all the posts in this series below. Click on the link below for the next post in this series.
- Introduction and Design : Installing and Configuring vRealize Automation (vRA) 7.5
- Part 1: Deploying vRealize Automation (vRA) 7.5 Appliance
- Part 2: Installing SQL for vRealize Automation (vRA) 7.5
- Part 3: vRealize Automation (vRA) 7.5 Installation and IIS server Configuration
- Part 4: vRA 7.5 Initial Configuration of Default tenant and AD Directory Sync
- Part 5: vRA 7.5 Sub tenant Creation and Branding
- Part 6: vRA 7.5 Custom Groups, End points and Reservation Configuration
- Part 7: vRA 7.5 Infrastructure and XaaS Blue Prints Creation
- Part 8: vRA 7.5 Approvals, Catalog Management and Testing Blue Prints
- Part 9: vRA 7.5 fixing installation errors and configuration issues
Please click on the left side social share icons to share this post if you feel its useful to others.
Hope this post is useful, please leave your comments below.
Nice Article Siva,
very good and detail info. are you plan to have for ver. 8 ? thanks