Operational Defect Database
BugZero updated this defect 41 days ago.
Data sources
All data on this page is proprietary to BugZero® or gathered from public sources
VMware | 97413
When using FIPS and after upgrading to versions 8.16.2 you receive an error when trying to add a PowerShell host with Kerberos Authentication
Last update date:
4/8/2024
Affected products:
Aria Automation
Aria Automation Orchestrator
Affected releases:
8.16
Fixed releases:
No fixed releases provided.
Description:
Symptoms
You are using either VMware Aria Automation Orchestrator appliances or embedded Automation Orchestrator instances.You have recently upgraded to versions 8.16.2.You are using FIPS.You receive an error similar to the following when trying to add a PowerShell host with Kerberos authentication: Unsupported mechanism requested: 1.2.840.113554.1.2.2
Cause
A security file with a list of security providers was retained during the upgrade and does not contain the SunJGSS security provider added in 8.16.2.
Impact / Risks
Users are unable to user Kerberos authentication for the PowerShell plugin in FIPS mode.
Resolution
This issue is resolved in versions 8.17.0 and above.
Workaround
Delete the security file on all nodes in the cluster: SSH / PuTTy into each appliance in the cluster.Run the following command to remove the file: rm /data/vco/usr/lib/vco/app-server/conf/security/vmware-override-java.security Run the following command once on one node to restart all vco services in the cluster: kubectl rollout restart deployment vco-app -n prelude
