VMware Aria Automation Tools

 View Only

 Aria Automation update 8.16.2 to 8.17.0 failed with error LCMVRACONFIG50008 (resolved)

DanielStastka's profile image
DanielStastka posted Jun 18, 2024 11:19 AM

I upgrade today my Aria Automation from 8.16.2 to 8.17.0 onprem. The Upgrade over LifeCycle Manager Ends with following error:

2024-06-18 13:51:03.592 ERROR [pool-3-thread-28] c.v.v.l.p.c.v.t.VraVaUpgradeStatusCheckTask -  -- Exception while checking upgrade status VMware Aria Automation VA : 
com.vmware.vrealize.lcm.common.exception.userinput.vra.VraVamiHostNameInvalidException: Unable to run command + vracli upgrade status --json . Ensure the VMware Aria Automation VA host aria.domain.ch is reachable.
	at com.vmware.vrealize.lcm.drivers.vra80.helpers.VraPreludeInstallHelper.checkUpgradeStatus(VraPreludeInstallHelper.java:495) ~[vmlcm-vrapreludeplugin-driver-8.16.0-SNAPSHOT.jar!/:?]
	at com.vmware.vrealize.lcm.plugin.core.vra80.task.VraVaUpgradeStatusCheckTask.execute(VraVaUpgradeStatusCheckTask.java:109) [vmlcm-vrapreludeplugin-core-8.16.0-SNAPSHOT.jar!/:?]
	at com.vmware.vrealize.lcm.plugin.core.vra80.task.VraVaUpgradeStatusCheckTask.retry(VraVaUpgradeStatusCheckTask.java:668) [vmlcm-vrapreludeplugin-core-8.16.0-SNAPSHOT.jar!/:?]
	at com.vmware.vrealize.lcm.automata.core.TaskThread.run(TaskThread.java:60) [vmlcm-engineservice-core-8.16.0-SNAPSHOT.jar!/:?]
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?]
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?]
	at java.base/java.lang.Thread.run(Unknown Source) [?:?]

But after Analyse Log from LifeCycle Manager /var/log/vrlcm/vmware_vrlcm.log  i found following previous errors:

com.jcraft.jsch.JSchException: Session.connect: java.security.spec.InvalidKeySpecException: key spec not recognized
	at com.jcraft.jsch.Session.connect(Session.java:550) ~[jsch-0.2.13.jar!/:0.2.13]
	at com.vmware.vrealize.lcm.util.SessionHolder.newSession(SessionHolder.java:53) [lcm-util-8.16.0-SNAPSHOT.jar!/:?]
	at com.vmware.vrealize.lcm.util.SessionHolder.<init>(SessionHolder.java:37) [lcm-util-8.16.0-SNAPSHOT.jar!/:?]
	at com.vmware.vrealize.lcm.util.SshUtils.execute(SshUtils.java:663) [lcm-util-8.16.0-SNAPSHOT.jar!/:?]
	at com.vmware.vrealize.lcm.util.SshUtils.runCommand(SshUtils.java:547) [lcm-util-8.16.0-SNAPSHOT.jar!/:?]
	at com.vmware.vrealize.lcm.drivers.vra80.helpers.VraPreludeInstallHelper.runCommandOnVra(VraPreludeInstallHelper.java:141) [vmlcm-vrapreludeplugin-driver-8.16.0-SNAPSHOT.jar!/:?]
	at com.vmware.vrealize.lcm.drivers.vra80.helpers.VraPreludeInstallHelper.runCommandOnVra(VraPreludeInstallHelper.java:122) [vmlcm-vrapreludeplugin-driver-8.16.0-SNAPSHOT.jar!/:?]
	at com.vmware.vrealize.lcm.drivers.vra80.helpers.VraPreludeInstallHelper.runCommandOnVra(VraPreludeInstallHelper.java:118) [vmlcm-vrapreludeplugin-driver-8.16.0-SNAPSHOT.jar!/:?]
	at com.vmware.vrealize.lcm.drivers.vra80.helpers.VraPreludeInstallHelper.checkUpgradeStatus(VraPreludeInstallHelper.java:490) [vmlcm-vrapreludeplugin-driver-8.16.0-SNAPSHOT.jar!/:?]
	at com.vmware.vrealize.lcm.plugin.core.vra80.task.VraVaUpgradeStatusCheckTask.execute(VraVaUpgradeStatusCheckTask.java:109) [vmlcm-vrapreludeplugin-core-8.16.0-SNAPSHOT.jar!/:?]
	at com.vmware.vrealize.lcm.plugin.core.vra80.task.VraVaUpgradeStatusCheckTask.retry(VraVaUpgradeStatusCheckTask.java:668) [vmlcm-vrapreludeplugin-core-8.16.0-SNAPSHOT.jar!/:?]
	at com.vmware.vrealize.lcm.automata.core.TaskThread.run(TaskThread.java:60) [vmlcm-engineservice-core-8.16.0-SNAPSHOT.jar!/:?]
	at java.base/java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source) [?:?]
	at java.base/java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source) [?:?]
	at java.base/java.lang.Thread.run(Unknown Source) [?:?]
Caused by: java.security.spec.InvalidKeySpecException: key spec not recognized
	at org.bouncycastle.jcajce.provider.asymmetric.util.BaseKeyFactorySpi.engineGeneratePublic(Unknown Source) ~[bcprov-jdk15on-1.65.jar:1.65.0]
	at org.bouncycastle.jcajce.provider.asymmetric.edec.KeyFactorySpi.engineGeneratePublic(KeyFactorySpi.java:212) ~[bcprov-jdk15on-1.65.jar:1.65.0]
	at java.base/java.security.KeyFactory.generatePublic(Unknown Source) ~[?:?]
	at com.jcraft.jsch.jce.XDH.getSecret(XDH.java:71) ~[jsch-0.2.13.jar!/:0.2.13]
	at com.jcraft.jsch.DHXEC.next(DHXEC.java:134) ~[jsch-0.2.13.jar!/:0.2.13]
	at com.jcraft.jsch.Session.connect(Session.java:328) ~[jsch-0.2.13.jar!/:0.2.13]
	... 14 more

I resolve my Problem with editing sshd config from Aria Automation with following settings: Steps for removing weak SHA1 algorithms and ciphers from VMware Aria Products (broadcom.com).

  1. Log in to each Aria Automation appliance and take a backup of the /etc/ssh/sshd_config_effective file
  2. Add or replace the following settings in /etc/ssh/sshd_config_effective file (for versions bellow 8.11.2 modify the /etc/ssh/sshd_config file):

    MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,hmac-sha2-512,hmac-sha2-256
    KexAlgorithms diffie-hellman-group-exchange-sha256,diffie-hellman-group16-sha512,diffie-hellman-group18-sha512,diffie-hellman-group14-sha256

    Note that the MACs modification removes HMAC-SHA2-512 and HMAC-SHA2-256 algorithms, keeping only the ETM versions.

  3. Save the changes to /etc/ssh/sshd_config_effective and restart the SSH service using the command "systemctl restart sshd".

After restart SSH Deamon und retry by Upgrade Workflow i success upgrade Aria Automation.

I hope my Post helps few engineers to save Time.

Greatings Dany

tarek_nader's profile image
tarek_nader

@DanielStastka Bravo & good job 👍