Orchestrator - troubleshooting errors while downloading repositories
search cancel

Orchestrator - troubleshooting errors while downloading repositories

book

Article ID: 381571

calendar_today

Updated On: 11-25-2024

Products

VMware Aria Suite

Issue/Introduction

Orchestrator - troubleshooting errors while downloading repositories.

When configuring a repository, and defining a module name/version any attempt to download (from) the repository yields the following error : 
Register-PSRepository: \u001B[31;1mThe specified Uri 'https://xxx.xxx.nl/repository/powershell-hosted/' for parameter 'SourceLocation' is an invalid Web Uri. Please ensure that it meets the Web Uri requirements.\u001B[0m

  • It doesn't matter what Uri is presented, it's all deemed 'an invalid Web Uri'
  • When searching for probable causes connected to this error message, the results vary from 'a bug that will be fixed soon' from 2016 to TLS issues or credential issues. 
  • Due to PowerShell and photons limitations self singed certificates cannot be trusted for PowerShell repositories.
  • When use that Uri in a browser, or in a 'http post' script element in the orchestrator  in dev environment, hence the choice for a level 4 request. The increase in useability after version 8.8, and  dramatically increase the processing time of some most often used PowerShell modules. 

Environment

VMware vRealize Automation 8.x

Cause

Most likely the root cause of the issue is that they are using an internal CA, which is not trusted by default in PhotonOS (which all orchestrator runtimes are based on). Custom trust was implemented in 8.18.1:
https://docs.vmware.com/en/VMware-Aria-Automation/services/rn/vmware-aria-automation-release-notes/index.html


Automation Orchestrator trusted certificates are now imported in non-Java runtimes (Python, PowerShell, PowerCLI, and NodeJS).

This resolves the issue with downloading dependencies from repositories which use customer certificate authorities. Additionally, it is no longer required to use insecure connections to endpoints using self-signed or custom CA certificates.
Since both current workarounds were dismissed by the customer, an upgrade is their only option.

The bug has been fixed. 
    

 

Resolution

Workaround:


You might get the error  because using a self-singed / internally signed SSLCcertificate and due to powershell and PhotonOS limitations self singed certificates cannot be trusted for powershell repositories.
Ask customer to confirm if that is correct?


Try below workaround:
    • set a certificate signed by a root ca for the domain, or
    • use http repo (non-ssl), or

use a proxy with a trusted ssl certificate.



Powered by Wolken Software