FIPS enabled vRO instances using the Plug-In for vSphere Web Client (vCOIN) fails with root cause exception Invalid Keystore Format
search cancel

FIPS enabled vRO instances using the Plug-In for vSphere Web Client (vCOIN) fails with root cause exception Invalid Keystore Format

book

Article ID: 326102

calendar_today

Updated On:

Products

VMware Aria Suite

Issue/Introduction

Symptoms:
In a FIPS enabled vRO deployment, enablement of vCOIN plug-in capability fails with a root cause exception Invalid Keystore Format.

Environment

VMware vRealize Orchestrator 8.x
VMware vRealize Automation 8.x

Cause

The FIPS enablement properties were not properly transferred to the vCOIN plugin container, causing an invalid keystore format exception.

Resolution

This issue has been fixed in Aria Orchestrator version 8.12 and above.

Workaround:
Prerequisites
  • Please take simultaneous non-memory snapshots of each virtual appliance(s) in the cluster.
  • You have access to root user and password.
  • You have SSH or console access to each virtual appliance.
Procedure
  1. SSH / PuTTy into one vRO virtual appliance in the cluster
  2. Edit the vCOIN deployment template using the command: 
    vi /opt/charts/vcoin/templates/deployment.yaml
  3. Add the following parameters in the vCOIN-server-app container env section: 
    - name: FIPS_MODE
  value: {{ .Values.fips_mode | quote }}
Note: Be sure to match the indentation of the existing name/value pairs within this file when inserting this value.
  1. Save and exit.
  2. Run /opt/script/deploy.sh to deploy the changes.
It is recommended to upgrade to the latest version of vRealize Orchestrator to ensure proper FIPS enablement and avoid any issues with vCOIN capability.

Additional Information

Impact/Risks:
vRealize Orchestrator server with enabled vCOIN capability in FIPS mode cannot boot up.

Powered by Wolken Software