BugZero | VMware BugID 83818 - Cannot acccess orchestration-ui on vRA 8.2 after u...

VMware - Defect ID: 83818

Cannot acccess orchestration-ui on vRA 8.2 after upgrade

VMware - Defect ID: 83818

Cannot acccess orchestration-ui on vRA 8.2 after upgrade

Last updated on May 26th, 2021

BugZero Risk Score
5.3 Medium

Overall: N/A

Severity: N/A

Community: N/A

Lifecycle: N/A

What is the BugZero Risk Score?

VMware Integration

Learn more about where this data comes from

VMware Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Bug Details

Views: 1

Description

Symptoms

After upgrading from vRA 8.1 or earlier to vRA 8.2 or later, direct login to the orchestrator UI is impossible. That is the login to https://vra-host/orchestration-ui.When a login is attempted on that URL, after entering the username and password, the user is redirected to a black page containing the following error message: { "error": "invalid_request", "error_description": "Must provide a matching redirect uri." } Note: This issue is NOT observed on fresh vRA deployment after 8.2. Only environments upgraded from 8.1 or earlier suffer from it.

Cause

This is a known issue in vRA due to which the redirect URI of the vRO client is not properly updated in the k8s configmap cache during an upgrade. The redirect URI of vRO was changed in vRA 8.2.

Resolution

IMPORTANT: Make sure that you take snapshots before attempting these steps.1. Run this to verify that the config map contains the wrong redirectUri for vRO:kubectl get vaconfigs.prelude.vmware.com prelude-vaconfig -o json | jq -r .spec.clientsecrets | base64 -d | grep vro-config | cut -d "," -f 2 | base64 -dYou should see a line similar to:redirectUri: /vco-controlcenter/authn/callback2. Edit the config map so that the correct redirectUri is set for the vro-configkubectl patch configmaps -n prelude vro-config --type json -p '[{"op": "add", "path": "/data/redirectUri", "value": "/vco/authn/callback"}]'3. Save the change to the config map's cache. This requires running the following two commands:source /opt/scripts/persistence_utils.sh;client_secrets_save;You should see several warning followed by this line:vaconfig.prelude.vmware.com/prelude-vaconfig patchedNote: if you see below message, this means that you haven't changed the config map's cache.vaconfig.prelude.vmware.com/prelude-vaconfig patched (no change)4. Run this command to verify that the new redirectUri is now set (using the command from step 1):redirectUri: /vco/authn/callback5. Run /opt/scripts/deploy.sh

Change history

Top VMware Defects

No bugs this month

VMware Integration

Learn more about where this data comes from

VMware Integration

Learn more

Bug Scrub Advisor

Streamline upgrades with automated vendor bug scrubs

Bug Scrub Advisor

Learn more

BugZero Enterprise

Wish you caught this bug sooner? Get proactive today.

BugZero Enterprise

Learn more

Ready to prevent the next vendor outage?

Get a demo

VMware - Defect ID: 83818

Cannot acccess orchestration-ui on vRA 8.2 after upgrade

VMware - Defect ID: 83818

Cannot acccess orchestration-ui on vRA 8.2 after upgrade

Last updated on May 26th, 2021

BugZero Risk Score5.3 Medium

Bug Details

Symptoms

Cause

Resolution

Links

Top VMware Defects

Ready to prevent the next vendor outage?

BugZero Risk Score
5.3 Medium