VMware Cloud Community
balawiz
Enthusiast
Enthusiast
Jump to solution

vRA 7.6 Upgrade from 7.2 Pre install script error

The vRA7.2 minimal environment upgrade to 7.6 fails in the pre install script check with the following error to IaaS windows machine ( hosted with all the vRA components like DEM, Manager, Agent etc).

(15047) Applying automatic fix for PowerShellScriptExecution prerequisite failed.

(15005) Applying automatic fix for IISServer prerequisite failed.

Steps followed:

-> Powershell execution is updated in gpedit.msc

-> Management agent Service account is part of Administrators group and IIS App pools are configured with same service account

-> Restarted IaaS server and as well as installation, but same error. Also, firewall is disabled in IaaS server

Below is command logs from IaaS server

[UTC:2019-06-22 19:14:38 Local:2019-06-22 12:14:38] [run-prereq] Applying automatic fix for PowerShellScriptExecution prerequisite (Check that Group Policy enable PowerShell script execution) failed. Error: Disabled

Resolution: Group Policy should enable PowerShell script execution.

UTC:2019-06-22 19:14:38 Local:2019-06-22 12:14:38] [run-prereq] ERROR: Security error. Details: System.Security.SecurityException: Security error.

   at System.Management.Automation.MshCommandRuntime.ThrowTerminatingError(ErrorRecord errorRecord)

The Zone of the assembly that failed was:

MyComputer

[UTC:2019-06-22 19:14:38 Local:2019-06-22 12:14:38] [run-prereq] ERROR: Security error. Details: System.Security.SecurityException: Security error.

   at System.Management.Automation.MshCommandRuntime.ThrowTerminatingError(ErrorRecord errorRecord)

The Zone of the assembly that failed was:

MyComputer

[UTC:2019-06-22 19:14:38 Local:2019-06-22 12:14:38] [run-prereq] ERROR: Applying automatic fix for IISServer prerequisite (IIS Server) failed. Error: Error while applying fix for IISServer:

Security error.

Security error.

From IaaS server All log

[UTC:2019-06-22 19:18:59 Local:2019-06-22 12:18:59] [VMware.Cafe]: [sub-thread-Id="9"  context=""  token=""] (5638) GET config/nodes/7953ABB0-F4D5-......./commands/next-command

[UTC:2019-06-22 19:19:00 Local:2019-06-22 12:19:00] [VMware.Cafe]: [sub-thread-Id="22"  context=""  token=""] (5638) Response: NotFound(404) 0:00.290

Any help appreciated

Tags (2)
Reply
0 Kudos
1 Solution

Accepted Solutions
aenagy
Hot Shot
Hot Shot
Jump to solution

balawiz:

The manual upgrade of the IaaS node amounts to:

a) After the Cafe virtual appliance(s) have been upgraded browse to "https://<FQDN of primary cafe node>:5480/installer/​" and download both "Management Agent Installer" and "IaaS Installer" and save to a folder. Do not browse to the IP address or hostname or VIP name.

b) Login to your IaaS node as the vRA service account. This would be the same Windows account used for the initial setup of vRA. Theoretically you could use any user with local administrator access I have found that things go much better when you use the vRA service account.

c) Copy over the folder with the updates from above.

d) Launch what you downloaded for "Management Agent Installer", e.g. "vCAC-IaaSManagementAgent-Setup.msi", and upgrade the management agent.

e) Launch what you downloaded for "IaaS Installer", e.g. "setup__<FQDN of primary cafe node>@5480.exe" and upgrade the IaaS components.

f) Reboot as required.

g) Next IaaS node.

In a distributed environment there is a specific order of IaaS node upgrades.

Upgrade the IaaS Components After Upgrading vRealize Automation to the Target Release

https://docs.vmware.com/en/vRealize-Automation/7.6/com.vmware.vra.install.upgrade.doc/GUID-E7AC4649-...

View solution in original post

Reply
0 Kudos
10 Replies
balawiz
Enthusiast
Enthusiast
Jump to solution

Have upgraded vRA appliance first by excluding the IaaS components and upgraded them separately.

Reply
0 Kudos
aenagy
Hot Shot
Hot Shot
Jump to solution

blah

I agree with balawiz​. Having encountered problems trying to upgrade from vRA 7.3 to 7.5 with the IaaS components VMware GSS recommended disabling the autoupdate of IaaS and instead upgrade each IaaS node individually. The problem is due to the VAMI upgrade wizard not bubbling up pre-requisite check failures.

My upgrade process (distributed with NLB) from a very high level is something like:

1) Make sure vRA is healthy.

2) Gracefully shutdown all IaaS and Cafe servers.

3) Create backup/virtual machine snapshots.

4) Power up in order.

5) Disable IaaS auto-update, see below.

6) Start upgrade in VAM on primary Cafe node.

7) After the Cafe appliance(s) have been upgraded shut everything down again and create another backup/virtual machine snapshots.This way if the IaaS update bursts into flames it will not be necessary to re-update the Cafe appliance(s).

😎 Upgrade IaaS management agent and components on each IaaS node.

Note that for brevity I'm leaving out a lot of steps that VMware has documented.

Exclude IaaS Upgrade

https://docs.vmware.com/en/vRealize-Automation/7.6/com.vmware.vra.install.upgrade.doc/GUID-0D40B476-...

Updating the vRealize Automation Appliance and IaaS Components

https://docs.vmware.com/en/vRealize-Automation/7.6/com.vmware.vra.install.upgrade.doc/GUID-23EC3C4C-...

Reply
0 Kudos
balawiz
Enthusiast
Enthusiast
Jump to solution

Thank you aenagy!

Can you explain step 8 little elaborately for distributed environment? since, I tested with installing all IaaS components in single server.

Reply
0 Kudos
aenagy
Hot Shot
Hot Shot
Jump to solution

balawiz:

The manual upgrade of the IaaS node amounts to:

a) After the Cafe virtual appliance(s) have been upgraded browse to "https://<FQDN of primary cafe node>:5480/installer/​" and download both "Management Agent Installer" and "IaaS Installer" and save to a folder. Do not browse to the IP address or hostname or VIP name.

b) Login to your IaaS node as the vRA service account. This would be the same Windows account used for the initial setup of vRA. Theoretically you could use any user with local administrator access I have found that things go much better when you use the vRA service account.

c) Copy over the folder with the updates from above.

d) Launch what you downloaded for "Management Agent Installer", e.g. "vCAC-IaaSManagementAgent-Setup.msi", and upgrade the management agent.

e) Launch what you downloaded for "IaaS Installer", e.g. "setup__<FQDN of primary cafe node>@5480.exe" and upgrade the IaaS components.

f) Reboot as required.

g) Next IaaS node.

In a distributed environment there is a specific order of IaaS node upgrades.

Upgrade the IaaS Components After Upgrading vRealize Automation to the Target Release

https://docs.vmware.com/en/vRealize-Automation/7.6/com.vmware.vra.install.upgrade.doc/GUID-E7AC4649-...

Reply
0 Kudos
balawiz
Enthusiast
Enthusiast
Jump to solution

Thank you aenagy!

We have NSX as well and we are planning to upgrade along with this upgrade. Is your environment have NSX and did you perform the upgrade?

Reply
0 Kudos
aenagy
Hot Shot
Hot Shot
Jump to solution

balawiz​:

The lower environments do no have NSX integration. I am trying to upgrade a pre-production environment that does have NSX integration and is still a work in progress. I would recommend the section of the documentation in the link below.

Preparing to Upgrade vRealize Automation

https://docs.vmware.com/en/vRealize-Automation/7.6/com.vmware.vra.install.upgrade.doc/GUID-2E45031E-...

I would advise that you read thoroughly all of the upgrade documentation, both the docs.vmware.com as well as the release notes for the version you are upgrading to. That being said and having encountered errors while performing upgrades (not related to NSX) I will caution that VMware doesn't always make clear the decision tree that customers need to follow. More specifically, if you find yourself needing to leverage something in the Troubleshooting the vRealize Automation Upgrade section then I highly recommend opening a SR so that GSS can provide guidance on the overall procedure. Otherwise you will be left trying to stitch together the upgrade procedure.

Good luck on your upgrade.

Reply
0 Kudos
balawiz
Enthusiast
Enthusiast
Jump to solution

Thank you! I am reading the mentioned documentation and preparing the steps. We are not including NSX with vRA/vRO upgrade and planning to perform along with vSphere(vCenter) upgrade.

Reply
0 Kudos
prestonville
Enthusiast
Enthusiast
Jump to solution

I did upgrade to 7.5 from 7.3 with similar problems and had to do the following

- unbundle the upgrade as the management agents on the IAAS failed to upgrade as IAAS pre-reqs failed.

- NSX enabled endpoint failed on the upgrade and had to get GSS support. Had to complete the IAAS server upgrade steps by running each cmd manually and then finally upgrade the NSX endpoint. Without GSS support couldn't have done this as need to know what upgrade cmds to tun manually.

I will probably from now on always unbundle the upgrade as gives more backout points i.e do backout snapshot post CAFE upgrade successful.

Reply
0 Kudos
balawiz
Enthusiast
Enthusiast
Jump to solution

Have upgraded vRA 7.2 to 7.6 successfully by separating vRA appliance and IaaS upgrades separately. The Management agent is getting upgraded along with IaaS installer. However, IaaS website component wasn't communicating with vRA after upgrade. Had to remove and install the management agent,

Reply
0 Kudos
aenagy
Hot Shot
Hot Shot
Jump to solution

balawiz​​:

I too encountered problems with the Management Agents not being successfully upgraded when using the IaaS Components Installer. GSS found that the identity of the Management Agent on the IaaS node was different than on the Cafe appliance(s). You can find the node identity from the Cafe appliance perspective by executing:

vra-command list-nodes --components

In the Management Agent logs, e.g. "" C:\Program Files (x86)\VMware\vCAC\Management Agent\Logs\All.log", I saw:

[UTC:2019-07-12 18:42:40 Local:2019-07-12 14:42:40] [VMware.Cafe]: [sub-thread-Id="15"  context="" token=""] (31) GET config/nodes/A5891EFD-545B-4C32-9D72-FE24A0D6A120/commands/next-command

[UTC:2019-07-12 18:42:42 Local:2019-07-12 14:42:42] [VMware.Cafe]: [sub-thread-Id="18"  context="" token=""] (30) Response: Unauthorized(401) 0:01.676

[UTC:2019-07-12 18:42:42 Local:2019-07-12 14:42:42] [VMware.Cafe]: [sub-thread-Id="18"  context="" token=""] Http Error: Unauthorized (401)

Request:

PUT https://<FQDN of Cafe appliance>:5480/config/nodes/A5891EFD-545B-4C32-9D72-FE24A0D6A120/ping

Response:

Failure: Unauthorized

Compare the output from the Cafe command above and the line "GET config/nodes/<UUID>/commands/next-command". The <UUID> should be the same if it is not then as you mentioned un-install and re-install the Management Agent.

Reply
0 Kudos