Troubleshooting the workflow Add a PowerShell host in VMware Aria Automation Orchestrator
Article ID: 326016
Updated On:
Products
VMware Aria Suite
Issue/Introduction
Requirements
- Configuring WinRM: HTTP or HTTPs are supported.
- Configure Kerberos Authentification
- Run the workflow Add a PowerShell Host
Optionally, you can integrate the PowerShell plug-in with vSphere PowerCLI and vCenter PowerCLI Integration with the PowerShell Plug-In
Symptoms
The workflow Add a PowerShell host fails with the error Cannot Locate KDC (Dynamic Script Module name: addPowerShellHost#30).
Environment
VMware Aria Automation Orchestrator 8.x
Cause
This issue is most commonly a misconfiguration of the PowerShell host, or the steps suggested to run the workflow were not completed properly.
Resolution
- If Kerberos Authentification is being used validate that a Fully Qualified Domain Name is being used in the Host/IP field, as indicated on step 5 of Add a PowerShell Host
- The username format should be in username@domain, instead of Domain\username
- If your appliance is a 3-node cluster, validate that the file /data/vco/usr/lib/vco/app-server/conf/krb5.conf is the same on all the nodes.
- SSH to your appliance and validate you can ping the FQDN of the PowerShell host.
- Run the following command in order to get the pod ID of one of the VMware Aria Automation Orchestrator pods titled vco.
kubectl get pods -n prelude | grep vco - Using one of the vco pod IDs, connect and validate you can ping the FQDN of the PowerShell host.
kubectl exec -it ID1 -c vco-server-app -n prelude -- /bin/bash ping ID2 exitWhere:
- ID1 is the VCO id obtained in step 5 vco-app-yyyyyyyy-xxxx
- ID2 is the PowerShell host FQDN.
- If the pings are not successful validate your network connectivity and DNS service availability.
- Additional troubleshooting documentation:
- Adding a PowerShell host using Kerberos fails with the error: send message on http://host name or ip:5985/wsman error , document in
- Activate Kerberos Event Logging
- Servers Not Found in Kerberos Database
- Unable to Obtain a Kerberos Ticket
- Kerberos Authentication Fails Due to Different Time Settings
- Kerberos Authentication Session Mode Fails
- Unable to Reach a Key Distribution Center for a Realm
- Unable to Locate the Default Realm
- If the issue persists, file a Service Request with Global Support after gathering the below information.
- Validate if any errors within the PowerShell host are recorded in the Windows Event Viewer under System.
- Enable Kerberos Debug Logging
- Run the following commands on the PowerShell host:
winrm get winrm/config/service winrm get winrm/config/client winrm quickconfig winrm e winrm/config/listener
- Validate if any errors within the PowerShell host are recorded in the Windows Event Viewer under System.
Note: When initially configuring the host, you may try using winrm quickconfig as a starting point.
- Run the following command in the VMware Aria Orchestrator appliance.
cat /data/vco/usr/lib/vco/app-server/conf/krb5.conf
Feedback
Yes
No
Powered by
