Symptoms:

• You are using either VMware Aria Automation Orchestrator appliances or embedded Automation Orchestrator instances.
• You have recently upgraded to versions 8.16.2.
  • This issue presents itself in 8.14 with any stricter custom TLS security provider modifications.

Note: Greenfield deployments of 8.16.2 are not impacted.

• You are using FIPS.
• You receive an error similar to the following when trying to add a PowerShell host with Kerberos authentication:

  Unsupported mechanism requested: 1.2.840.113554.1.2.2

VMware Aria Automation 8.14.0 - 8.16.x
VMware Aria Automation Orchestrator 8.14.0 - 8.16.x

A security file with a list of security providers was retained during the upgrade and does not contain the SunJGSS security provider added in 8.16.2.

This issue is resolved in versions 8.17.0 and above.

Workaround:

Delete the security file on all nodes in the cluster:

1. SSH / PuTTy into each appliance in the cluster.
2. Run the following command to remove the file:

   rm /data/vco/usr/lib/vco/app-server/conf/security/vmware-override-java.security

3. Run the following command once on one node to restart all vco services in the cluster:

   kubectl rollout restart deployment vco-app -n prelude