• If using the Asynchronous IaaS API to create Cloud Accounts, it is required to fall back to the Sync API version 2019-01-15 by supplying the following query parameter in future API calls

  apiVersion=2019-01-15

• If using the Cloud Assembly UI to create Cloud Accounts, it is required to disable the Asynchronous Cloud IaaS API by flipping a feature toggle with the provided instructions in the Workaround section of this article.

Symptoms:

• Clicking the Validate button of an already existing cloud account whose credentials have expired fails with

  java.lang.RuntimeException: AWS was not able to validate the provided access credentials (Service: AmazonEC2, Status COde: 401, Error Code: AuthFailure, Request ID: <Request_UUID>", Proxy: null)

• Clicking the Validate button of an already existing vSphere or vCF cloud account whose certificate has expired fails with

  2022-01-13T08:03:40.465Z WARN provisioning [host=‘provisioning-service-app-xxxxxxxx-xxx’ thread=‘xn-index-queries-22’ user=‘provisioning-xxxxxxxxx’ org=‘’ trace=‘<Trace_UUID>’ parent=‘<Parent_UUID>’ span=‘<Span_UUID>’] c.v.xenon.common.ServiceErrorResponse.create:85 - message: Failed to validate resource, statusCode: 400, serverErrorId: 8xxxxa-axx1-4xx2-8xx1-fxxxxxxxx4: Caused by java.security.cert.CertificateExpiredException: NotAfter: Fri Sep 17 12:40:26 GMT 2021

• Creating a new vCF or vSphere Cloud account(s) by using actual reference to the API call with version /iaas/api/cloud-account/?version=X fails with

  {“message”:“920002: Invoked action completed with error. Error : Action ‘getAllVsphereCloudRegions’ in module ‘com.xxxxxx.library.vra.infrastructure’ failed : Get VsphereCloudAccountRegions Request Failed to completecom.vmware.photon.controller.model.adapters.vsphere.util.connection.BasicConnection$BasicConnectionException: Failed to connect to vCenter: Your certificate may be untrusted. To trust the certificate validate your account credentials and accept the untrusted certificate. Save your cloud account after validation succeeds. Error: PKIX path building failed: sun.security.provider.certpath.SunCertPathBuilderException: unable to find valid certification path to requested target (com.xxxxxx.library.vra.infrastructure/getAllVsphereCloudRegions#11).“,”messageId”:0,“stackTrace”:null,“statusCode”:400,“errorCode”:920002};

VMware vRealize Automation 8.5.x
VMware vRealize Automation 8.6.x

An issue has been identified in the Asynchronous Cloud Account IaaS API that was recently added in vRA 8.5.

This issue is resolved in VMware vRealize Automation 8.7 and above.

Workaround:

Prerequisites

• Running user must have the Cloud Assembly Admin role.

Procedure

1. Obtain an Access Token for the affected organization
2. Run the following REST request:
   1. POST to

      url-home/provisioning/config/toggles

   2. With the below body using the above access token

      { "key": "iaas.api.tango.85.version.enabled", "value": "false" }

3. To reflect the changes in the UI, please clear your browser’s cache and refresh the web page.

• No changes are required after upgrading to vRA 8.7 and above.
• The Asynchronous Cloud IaaS API will be inaccessible after running the instructions provided in the Workaround section and will be automatically re-enabled once you upgrade to 8.7 or higher.