vRA 8.1 Custom Resource error: HTTP 500 when creating AD User custom resource

| 3 minutes
VMware vRealize Suite vRealize Automation vRealize Orchestrator Custom Resource Active Directory

I’ve been spending some time in my vRealize Automation (vRA) 8.1 lab, specifically the Custom Resource capabilities backed by the embedded vRealize Orchestrator instance.

I was following the AD User Custom Resource example from the Docs and kept receiving the following error in vRA:

Failed to get request status: 500 Internal Server Error from POST http://tango-vro-gateway.prelude.svc.cluster.local:8080/vro/blueprint/blueprint-provider-request?operation=status

500 Internal Server Error when requesting the Custom Resource

I was getting this message in vRA whenever I would try to deploy the Blueprint that contained the newly created Custom Resource. The error message gives me a hint stating the “vRO Gateway” service is returning this message. OK, so vRO isn’t happy. But why?

Was it an issue with the vRO workflow? I jumped into vRO and looked at the vRO workflow that is referenced in the Custom Resource, and the most recent run failed with this error message:

Unable to create a new user: InternalError: Failed to create user account... 0000052D: SvcErr: DSID-031A1236, problem 5003 (WILL_NOT_PERFORM), data 0 (Dynamic Script Module name : createUser#1) (Dynamic Script Module name : createUser#5

This message tells me there was an exception returned by the LDAP server and not vRO. A quick Google led me to Stack Overflow and an Atlassian KB where the recurring theme was around setting passwords in LDAP.

I re-ran the workflow manually in vRealize Orchestrator and filled in all the fields as prompted. There’s a mandatory input required for this workflow “Confirm Password”. Huzzah, the missing link. The vRA blueprint using the custom resource does not specify the “Confirm Password” required input, causing a failure.

Running the vRO workflow directly works fine, so my issue was back in my blueprint or Custom Resource. Reviewing the YAML for the blueprint, more specifically the inputs that the blueprint requests and maps to the custom resource, you can see we aren’t prompting for a ‘Confirm Password’ value nor are we referencing a “Confirm Password” field for the resource:

inputs:
  accountName:
    type: string
    title: Password
    encrypted: true   
  displayName:
    type: string
    title: Display name   
  password:
    type: string
    title: Password
    encrypted: true 
  ouContainer: 
    type: object
    title: AD OU container
    $data: 'vro/data/inventory/AD:OrganizationalUnit'
    properties:
        id:
            type: string
        type:
            type: string 
resources:
  Custom_ADUser_1:
    type: Custom.ADUser
    properties:
        accountName: '${input.accountName}'
        displayName: '${input.displayName}'
        ouContainer: '${input.ouContainer}'
        password: '${input.password}' 

You can see the blueprint defines an input for the password but not the ‘Confirm Password’ required for the vRealize Orchestrator workflow. The “Custom_ADUser” resource also leaves out the Confirm Password parameter required by vRO.

To fix this, you’ll need to update the “Inputs” and the “Resources” sections from the VMware Docs example:

inputs:
  accountName:
    type: string
    title: Password
    encrypted: true   
  displayName:
    type: string
    title: Display name   
  password:
    type: string
    title: Password
    encrypted: true 
  confirmPassword:
    type: string
    title: Password
    encrypted: true 
  ouContainer: 
    type: object
    title: AD OU container
    $data: 'vro/data/inventory/AD:OrganizationalUnit'
    properties:
        id:
            type: string
        type:
            type: string 
resources:
  Custom_ADUser_1:
    type: Custom.ADUser
    properties:
        accountName: '${input.accountName}'
        displayName: '${input.displayName}'
        ouContainer: '${input.ouContainer}'
        password: '${input.password}' 
        confirmPassword: '${input.confirmPassword}'

Executing the blueprint with these additions resulted in a new user as expected.

Hopefully, this has helped you with your exploration of the custom resource functionality in vRealize Automation. If not, at least it’ll give you an idea of what you should be looking at if you’re having issues.

Share this on:
About Stellios Williams
Technical Account Manager VMware
This is my personal tech related blog for anything private and public cloud - including homelabs! My postings are my own and don’t necessarily represent VMware’s positions, strategies or opinions. Any technical guidance or advice is given without warranty or consideration for your unique issues or circumstances.
Comments
comments powered by Disqus