OPERATIONAL DEFECT DATABASE
...
...
1. Approval-service pod on vRA 8.x is stuck at CrashLoopBackoff state and will not go to Running stateIn the approval service logs, you see error similar to: org.springframework.web.client.HttpClientErrorException$BadRequest: 400 Bad Request: [{"timestamp":"<Date>T16:51:28.167+0000","path":"/event-broker/api/subscriptions","status":400,"error":"Bad Request","message":"22086-Not allowed to change current org id '<Org_Id> (490 bytes)]Command to get see approval service log: i) Find out approval service pods - kubectl get pods -l app=approval-service-app -n prelude ii) kubectl logs <any of the approval service pod name - outcome of previous command)> -n prelude2. vRealize Automation deployment fails on ABX endpoint registration in non default tenants with:* In the deployment log, you see error similar to: curl: (22) The requested URL returned error: 500 Internal Server Error /opt/scripts/register_abx_endpoint.sh: line 40: [: : integer expression expected Register ABX endpoint in org with ID: <Org_id> % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 264 0 0 100 264 0 392 -::- -::- -::- 392 curl: (22) The requested URL returned error: 500 Internal Server Error Deployment failed. Collecting log bundle * In the provisioning service logs, you see error similar to: <Date>T17:53:07.399Z [priority='ERROR' thread='reactor-http-epoll-7' user='provisioning-gXrQqJpWzxR2zpBz' org='<Org_Id>' context='<Id>' parent='' token='>Token_id>'] o.s.b.a.w.r.e.AbstractErrorWebExceptionHandler.error:122 - [xxxxxxxx-xxxxx] 500 Server Error for HTTP GET "/provisioning/mgmt/endpoints?enumerate&external&$filter=(endpointType%20eq%20%27abx.endpoint%27)"com.vmware.automation.spring.webflux.platform.client.service.exception.WebClientServiceResponseException: ClientResponse has erroneous status code: 400 Bad Request. WebClientServiceResponseException.ErrorDetails(timestamp=null, path=null, type=null, errorCode=0, messageKey=null, messageArguments=null, causeMessage=null) Command to get see provisioning service log: i) Find out provisioning service pods - kubectl get pods -l app=provisioning-service-app -n prelude ii) kubectl logs <any of the provisioning service pod name - outcome of previous command)> -n prelude* In the identity service logs, you see error similar to: <Date> 09:10:09.691+0000 ERROR 14 --- [or-http-epoll-1] v.i.c.RestResponseEntityExceptionHandler : Handling bad request exception: Org IDs from token, host or/and request do not match.java.lang.IllegalArgumentException: Org IDs from token, host or/and request do not match.<Date> 09:10:09.693+0000 INFO 14 --- [or-http-epoll-1] reactor.netty.http.server.AccessLog : <IP> - - [<Date>:09:10:09 +0000] "GET /csp/gateway/am/api/orgs/<Org_Id> HTTP/1.1" 400 241 8080 285 ms Command to get see identity service log: i) Find out identity service pods - kubectl get pods -l app=identity-service-app -n prelude ii) kubectl logs <any of the identity service pod name - outcome of previous command)> -n prelude
Clients are treated as users in Enterprise Group Role Assignment thus when assigning a role to ALL USERS group. This changes the roles of the clients and context_name property in the clients token.
This issue is resolved in vRealize Automation 8.3 and later.
Go to Identity & Access Management -> Enterprise Groups tab in vRealize Automation - Cloud Services Console . {vRA FQDN}/csp/gateway/portal/#/consumer/usermgmt/ad-groupsRemove all organisation and services roles added to ALL USERS enterprise group.Note: VMware recommends not to use ALL USERS enterprise group to assign roles to users. Use either other local groups or groups from the identity provider (AD, OpenLDAP, etc.) synced in vIDM.
Click on a version to see all relevant bugs
VMware Integration
Learn more about where this data comes from
Bug Scrub Advisor
Streamline upgrades with automated vendor bug scrubs
BugZero Enterprise
Wish you caught this bug sooner? Get proactive today.
