Update 2 provides various fixes to known issues in VMware Aria Automation and Automation Orchestrator and can be downloaded from here.

VMware Aria Automation 8.18.1

VMware Aria Automation Orchestrator 8.18.1

VMware Aria Automation:

Known issues

• Missing NTP settings post upgrade to Aria Automation/Orchestrator 8.18.1 Patch 2 - KB Article

Resolved issues

• CVEs reported by scanners - CVE-2024-9143, CVE-2024-45802, CVE-2024-25710 and more
• This release resolves CVE-2025-22249. For more information on these vulnerabilities and their impact on VMware products, please see VMSA-2025-0008.
• DNS flooded with IPv6 requests for "contour"
• 'vracli status' only showing a single node of a 3-node cluster in the databaseNodes section
• Namespace creation failing with 500 Internal server error
• Replacement of Microsoft CA signed certificate fails during validation phase (KB 385447)
• Regression in "Search for form definitions and form versions with the specified term" API
• Changed order of custom resources as presented initially vs when revisiting the page
• Custom forms with an external action generate an error on action run.
• ABX based Resource action forms cannot be updated
• Multiple small issues around custom forms
• NPE thrown when subnet range references missing subnet
• Count of images on the Image profiles doesn't match what's available in certain case
• "/provisioning/mgmt/image-names" REST endpoint to search for names in refactored image profiles.
• Disk reconciliation needs to include onboarded disk record
• Attached disk failed to reconcile when doing HCX backup/restore within the same vCenter.
• Enumeration fails on NSX Federated cloud accounts
• "Add disk" day-2 operation fails on VMs on a SDRS Cluster in certain case with "Cannot invoke Map.entrySet()" error
• Failure to collect networks associated with some Transport Zones in VCF 5.2
• Concurrent deployments may fail with error "Limit for queue index-service-query exceeded: 100000"
• Maintenance mode datastore is getting selected while deploying.
• OvfParserService considers a URL with multiple "dots" as invalid
• Some VMs migrated cross-vCenter still have a Status of ON instead of correct status MISSING
• vMotion and SRM clash in workload mobility scenario may cause machines to not be enumerated
• " Scale out with NSX LB with TCP route and passiveMonitor times out
• Aria Suite NSX LB template fails with timeout when updating deployment for TCP"
• LB creation and update failures post 8.18.1 upgrade
• Deployment failures post upgrade from 8.17 to 8.18.x  "Cannot deploy library item" error
• Auto approval/rejection is not getting triggered
• Local user can request a catalog item via API, even when he is not entitled to it.
• Exceeded limit on max bytes to buffer : 262144" error  while creating project in K8s zone
• Deployments stalling or failing with "Failed to publish event to topic" error
• Blueprint syntax issue where the "count.index" is not resolved in certain case
• Scrollbar not visible for day2 actions using long custom resource action name
• When adding input to manifest it changes it to key:value
• Feedback button is still showing when disabled

Automation Orchestrator:

Known issues:

• All SRM sites are missing from Aria Orchestrator inventory after installing Aria Automation/Orchestrator 8.18.1 Patch 2 - KB 399347

Resolved issues:

• CVEs reported by scanners - CVE-2022-22950 CVE-2024-50379 CVE-2024-54677 CVE-2024-56337, CVE-2024-5204
• Unable to Add or Remove Items in Package (HTTP 500) when the package contains an environment
• Fixed "TypeError: Cannot find function registerOutParameter in object DynamicWrapper (Instance)" error
• Compute Post Provision Workflow - fixed "Cannot find currentItem for tokenId __NULL__" error
• When System.setLogMarker is run from an action an exception is thrown
• vSphere plugin The device '0' is referring to a nonexisting controller '-1'
• In some situation, Orchestrator doesn't run scheduled workflows
• "Failed to connect vRO server. Please validate hostname, port and credentials" when connecting to VMware Identity Manager.
• Workflow icons would randomly change
• OOM in vSphere plugin in scenario with hundreds of endpoint certificates.

Installation Instructions:

Prerequisites

• You must back up all VMware Aria Automation or Orchestrator appliances, at the same time simultaneously for all nodes.
  • If you are creating the snapshots manually, you must start the snapshots of the second and third node no more than 40 seconds after you start the snapshots for the first node.
    • If the quiesced state was not achieved for all 3 nodes within the ~40 seconds time frame, the following strings will be found in the logs: "Freeze synchronization failed" and "Sync failed, making inconsistent snapshot".
      • Run the following command from one of the nodes to filter for all vmtoolsd messages:
        journalctl --identifier=vmtoolsd
• When you back up the VMware Aria Automation or Orchestrator appliance, disable in-memory snapshots and enable quiescing.

VMware Aria Automation (managed by Aria Suite Lifecycle):

• Installation instructions are located in the official Aria Suite Lifecycle product documentation located here and under the knowledge article: Downloading patches, PSPAKs, and hotfixes from Broadcom Support Portal for Aria Suite products.
• API application instructions are located here.

Standalone VMware Automation Orchestrator (managed or not managed by Aria Suite Lifecycle):

Prerequisites:

• • You have valid backups or snapshots of the Automation Orchestrator appliance(s) in the cluster.
  • You have downloaded O11N_VA-8.18.1.36920-24702838-updaterepo.iso from here.
  • You are using a standalone instance of VMware Aria Automation Orchestrator 8.18.1
  • There is nothing else mounted in the CD-ROM of the Appliance(s).
  • You have root username and password and SSH access to the appliance(s).
  • Note: This process will require a short downtime for reboot when we run the upgrade.

Procedure:

1. 1. Log in to the Automation Orchestrator Appliance command line as root.
   2. Make a copy of the lcm upgrade profile:
      cp /etc/vmware-prelude/upgrade-lcm.conf  /etc/vmware-prelude/upgrade-lcm-b2b.conf
   3. Modify the /etc/vmware-prelude/upgrade-lcm-b2b.conf file by adding the following value:
      workflow.step.vami-postupdate.reboot.skip=false
   4. Mount the CD-ROM using mount /dev/xxx /mnt/cdrom
      mount /dev/sr0 /mnt/cdrom
   5. Run the upgrade in the command line with the new lcm profile:
      vracli upgrade exec -y --profile lcm-b2b --repo cdrom://

Review Installed Patch History:

1. To view the history of patches, click Patches > History.
   
2. Click on History.
   Note: Alternatively, the vracli version patch command may be used to validate that the patch is installed.
   Note: The product version and build numbers reported via the Aria Automation GUI will not change after installing any patches. Please use the steps below to validate the patch installation.
   1. Login to one of the Aria Automation appliances via an SSH session.
   2. Run the following command:
      vracli version patch
   3. Verify the patch installed matches the build number - 24702833.

Note: For Standalone Aria Automation Orchestrator the vracli version patch will not show any patch installed. The correct build if the patch is installed should reflect as 24702838, using vracli version.

This patch is cumulative and includes all fixes reported in VMware Aria Automation 8.18.1 Cumulative Update - Patch 1.