VMware

VMware vCenter Configuration Manager Release Notes

VMware vCenter Configuration Manager 5.3 | 9 SEPTEMBER 2010 | Build 657

Last Document Update: 28 SEPTEMBER 2010

Check frequently for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New

Welcome to VMware vCenter Configuration Manager (VCM) 5.3. The following information provides highlights of some of the enhancements available in this release of VCM 5.3.

Features

VMware vCenter Configuration Manager 5.3 is focused primarily on the introduction of Software Provisioning (Software Distribution). VCM 5.3 is the first release of VCM that provides software provisioning features that allow you to install or remove software driven from user actions in the VCM console and tied to compliance enforcement. VCM 5.3 also includes other new features.

  • VMware vCenter Branding
    Ionix Server Configuration Manager (SCM) is now renamed and branded as VMware vCenter Configuration Manager (VCM). Server Advisor (previously known as Security Update Manager (SUM)) is now referred to simply as Patching.

  • Platform Support for VCM 5.3
    The supported platforms for VCM 5.3 and VCM Patching include Novell SUSE 10.2, 10.3, 11, and 11.1. VCM 5.3 supports vSphere 4.0u1, 4.0u2, and 4.1. VCM Patching is not supported for these vSphere platforms.

Software Provisioning Key Features

  • VCM 5.3 Platform Support for Software Provisioning
    Windows Desktop: XP Pro, Vista (Business, Enterprise, Ultimate), Windows 7 (Business, Enterprise, Ultimate). Intel and AMD 32- and 64-bit, with the exception of Itanium). Windows Server: 2003, 2003/R2, 2008, 2008/R2 (Intel and AMD 32- and 64-bit, with the exception of Itanium).

  • Distributed Repository Architecture
    Supports distributed repository architecture, such as for Dev, Test, Production, and geographic locations.

    • Built-in repository (IIS based) that can be deployed on many systems to provide scale-out and local distribution points.

  • Packaging Tool
    Packaging tool to manage repository objects and the following features:

    • Additional package information, such as version and meta tags.

    • Additional cross-package data, including Dependencies, Conflict Management information, and Package Content Provisioning (one package can provide a component that can be used by others).

    • Wrap package deployment action (install or remove) with optional pre-deploy (action) script, post-deploy (action) script, and reboot.

    • Logical packaging to support multiple objects to be installed in one process and software definitions not managed by VCM.

    • Package security, including passwords and certificates.

    • Ability to "read" MSI/ISO images and unpack, including option to set switches and parameters for Install/Remove/Upgrade. You can also use a response file if appropriate.

    • Pre-install action and post-install action scripting mechanisms for installation flexibility.

    • Publish to one or more sections of a repository.

  • Deploying (Installing or Removing) Packages
    Deploying one or more packages to one or more machines by using a single VCM action.

    • Manually through the VCM console.

    • Automatically as a VCM compliance enforcement. You can use existing data types, such as Software Inventory or new Package data, to build actionable compliance rules.

    • Deployment actions include install and remove (if package allows).

    • Deployment actions are schedulable (one time).

Other "Extended" Functionality/Improvements

  • General

    • Improved Remote Command execution: Using the same remote command at different times and for different machines.

    • Job Manager: You can set auto-refresh rates.

  • VCM for Windows

    • New extensible mechanism for Data Inspection for Windows and vCenter using PowerShell.

      • Ability to collect data based in PowerShell script execution on Windows platform.

      • Collected data is exposed to VCM functionality, including Change Log, Compliance, and Reports.

      • Out of the box filters for PowerShell configuration, Open Ports (netstat), Windows Scheduler, SQL Server SMO, NTFS file permissions with audit settings, and certificate data from Windows Certificate store.

      • Provides extensible framework. Allows out-of-band delivery of new inspections for Windows and vCenter; and Services (paid) based extension.

    • Patching (previously known as Server Advisor) supports automatic template reassessment after patch deployment.

    • Agent installation from alternate sources, including support for Microsoft DFS.

    • AMD processor cores collection.

  • VCM for UNIX
    File/directory ownership actions tied to enforceable compliance.

  • VMware vCenter Integration
    vSphere Client VCM Plug-in (previously known as vCenter Compliance Plug-in)includes additional reports for compliance status, compliance details, and trends at the vCenter Datacenter and Cluster level.

  • Information exchange with vCenter Application Stack Manager
    Information exchange with vCenter Application Stack Manager (ASM), which provides OS and initial software provisioning.

    • ASM notifies VCM of systems it deploys, including date/time, and type of Basic (unmodified) or Standard (modified/non-tuned). VCM machines information contains additional attributes to represent these system types.

    • VCM notifies ASM of changes that VCM has made to any ASM deployed systems. For example, a patch has been applied.

Installation

The vCenter Configuration Manager Hardware and Software Requirements Guide provides detailed system configuration information required to ensure a successful installation. The vCenter Configuration Manager Installation and Getting Started Guide provides detailed installation and configuration instructions.

Upgrades for This Release

vCenter Configuration Manager 5.3 supports upgrades EMC Ionix Server Configuration Manager 5.0 and later and Configuresoft ECM version 4.11.1 or later. When upgrading from EMC SCM 5.0 or higher, the upgrade will change the persona of the product to VMware VCM. This upgrade affects both Configuresoft and EMC/EMC Ionix editions. Login screens, the support screen, and window titles have changed. The installation paths and database name(s), IIS Web sites, etc., and all data is preserved "as-is." A clean installation will use VMware paths and naming conventions.

Prior Releases of vCenter Configuration Manager

Features and known issues from prior releases of vCenter Configuration Manager (EMC Ionix Server Configuration Manager (SCM) 5.2 and 5.2.1) are described in the release notes for each release. The current Release Notes are posted to the VMware download Web site and the Configuresoft Customer Download page.

Open Source Components for vCenter Configuration Manager

vCenter Configuration Manager 5.3 ships with a number of open source software components. Copyright statements and licenses are contained in a separate document that describes these open source components; however, vCenter Configuration Manager 5.3 does not necessarily use all of the components listed. You may obtain a copy of the source code corresponding to the binaries for such open source components and modifications thereto, if any, by downloading the Source Files from VMware's Web site at VMware Open Source, or by sending a request, with your name and address to: VMware, Inc., 3401 Hillview Avenue, Palo Alto, CA 94304, United States of America; or email info@vmware.com. All such requests should clearly specify: OPEN SOURCE FILES REQUEST, Attention General Counsel.

Product, Feature, and Platform Support Notices

Frozen Platforms: The platforms now considered to be frozen include VMware ESX 2.5. 3.0, 3.5, ESXi 3.5; and Microsoft Windows 2000, Windows XP SP2 or earlier. Note that "freezing" means these platforms will not support the additional features in VCM 5.3. The platforms are supported with functionality equivalent to the previous release (in this case 5.2.1). If appropriate, additional Agents (to provide continued support for these platforms) will be included with the software distribution and will be available on the VCM collector for deployment.

Resolved Issues

The following items are software fixes included in the VCM 5.3 release.

vCenter Configuration Manager
  • Importing fails if importing when a large amount of compliance content already exists
    VCM Import/Export fails with an out of memory exception when you try to import any XML into VCM if there is already large amount of compliance content loaded into the database.

  • VCM Remote logs messages even when logging is turned off
    Even when VCM Remote is set to not accept jobs, logging is still turned on and info logs are added to the event logs.

  • File System Filter is not detecting folder/file deletion
    If a collection filter is written to find folders and files starting at, say, c:\test123 and this directory exists on the agent machine, the results return as expected; however, if the test123 folder is deleted, the previously found results remain in VCM even though the files were removed from the agent system.

  • VMHosts collection sometimes returns an exception
    When collecting VMHosts data, an exception is returned: "Duplicate object inserted into in-memory set HRESULT 0x80004005 = Unspecified error;".

  • SQL Report Name is not validated for special characters entered
    Whenever creating a SQL Report, the SQL Report Name is not validated for special characters entered, such as an asterisk (*) during creation as is done for the SRS report name, which causes an error on export.

  • Job returns as successful but with a file size of 0.00
    In the node "Past 24 Hours", a job returns as successful but with a file size of 0.00. When you click View Details, no detailed information appears. The same type of Job History entry with a file size >0.00 returns results in View Details.

  • The Patching Assessment Results do not update if there is a failure
    When a patching job fails, the Assessment Results are not updated with the failure. Only the Jobs Manager displays the correct failed status.

  • VCM Remote uses Collector's short name rather than the FQDN
    When VCM Remote updates itself, it is putting in the short name in the "Collector" registry key instead of the FQDN.

  • Standalone Foundation Checker error for IIS Check
    Standalone Foundation Checker throws an error for IIS Check "Internal Error Occurred".

  • IP Discovery on UNIX/Linux machine and missing certificate data
    When performing an IP Discovery on a current UNIX/Linux machine, and where determining agent presence and version is selected, an exception occurs due to missing certificate data in the IP discovery request. VMware recommends using the Discovered Machines Import Tool to perform UNIX discoveries.

  • Agent Proxy configuration fails when dot domain notation in credential is used
    Agent Proxy configuration fails when dot domain notation (for example, .\administrator) is the credential used to contact an agent. When installing the agent proxy, the following error appears: m_spiConnectionAgentProxyConfig->AddUserToSecurityGroup() Failed: HRESULT 0x80070534 = No mapping between account names and security IDs was done.

  • Machines data class not appearing
    After uninstalling an agent proxy, the machines data class not showing new agent modules in a delta collection.
    Workaround: Perform a full collection or collect machines data after uninstalling an agent proxy or Active Directory agent.

  • Using the MSI to uninstall breaks the remote client
    Using the MSI to uninstall the VCM Agent from a machine that has VCM core and the VCM remote client installed breaks the remote client by removing registry entries that the remote client needs to operate.

  • Remote Client not installed
    The Licensed Windows Machines data grid displayed a Remote Client Version number after running CSIRemoteBatch on a machine even though the Remote client was not installed.

  • DFS alternate location functionality not supported on the Collector
    The Agent supports DFS alternate location functionality, but the Collector is unable to process the alternate source.

  • Solaris patch deployment does not appear to handle cluster patches
    Solaris cluster patches containing multiple patches, which are installed via a script (contained in the cluster patch bundle) named install_cluster, do not install. The Solaris patch deployment script has no provisions for finding/using the install_cluster script.

  • Changes lost when using UNIX Group Change Membership action with local tools
    Using the UNIX Group Change Membership action concurrently with local tools that update the /etc/groups file may result in one or the other set of changes being lost.

  • Known limitation with ClickOnce (TM) applications
    A known limitation exists with ClickOnce (TM) applications: These applications will not display publishers that cannot be directly verified. The VMware-supplied certificate, is an end-trust certificate, which is verified by an intermediate certificate, and cannot therefore be directly verified. To obtain instructions to install the intermediate certificate, so that the publisher name can be displayed, contact Technical Support.

  • Group Membership information not automatically updated
    The UNIX Delete User action does not automatically update Group Membership information in VCM. A separate re-collection of Groups data is needed to update VCM's display of any groups of which the user was a member.

  • UNIX Change Membership action fails
    The UNIX Change Membership action will fail if used to remove secondary group members without adding any.

  • Inactive value not applied to accounts created with the Add User action
    On HP-UX the inactive value, which is supported on trusted systems and systems with the security package is installed, is not applied to accounts created with the Add User action.

  • Patches show installed, but reboot is still required to complete the installation
    There are circumstances where a UNIX or Linux patch may show as installed, but a reboot is still required before it is applied. Further, if a patch in this state is a prerequisite for another patch, a reboot is required before the dependent patch can be successfully installed.

  • Pre- and post-assessment jobs display failure even though the patch was successfully deployed
    For successful patch deployments on SUSE or Red Hat, the Job History Details indicate the pre- and post-assessments failed. Although the pre and post-assessment jobs display failures, the Assessment results and the VCM Initiated Change logs will correctly report the patch application.

  • Occasionally, first attempt to deploy Red Hat patches fails
    In some cases, the initial attempt to deploy patches to a Red Hat system in single user mode will fail. However, subsequent attempts to deploy such patches will succeed.

  • Updated: Patchadd and pkgadd return contradictory success or failure codes
    For Solaris deployments, patchadd is being called and the return code from it is being evaluated as the success or failure of the job. However, pkgadd, being called from patchadd, can return a failure, but patchadd, did run successfully, so returns an error code of 0. This is due to functionality in the vendor-provided patch and package management tools, and can result in failure to deploy certain patches.

  • Error when closing the Deploy Patches Wizard
    Using the title bar X to close the Deploy Patches Wizard window results in a script error.

  • Pre/post collection is performed when the user deleted does not exist
    Full UNIX File System pre/post collection is performed when the user deleted does not exist on the system and the home directory is checked.

  • Able to enter text in disabled text box
    The "User-defined Command Line Option" is not selected, but text can be entered in the box, which can potentially allow users to run deployments with incorrect switches.

  • Incorrect messages during Agent install on Windows 7 machines
    On Windows 7, the "Program Compatibility Asst" defaults to ON. It has existed since Vista, but is not on. This Asst gives bad messages during a manual Agent install.

  • Collecting UNIX/Linux data where the target machine has many virtual IP addresses returns an error in the Job Manager
    If a UNIX/Linux machine has many virtual IP addresses, the message 'Agent version XML exceeds maximum length: 4000 HRESULT 0x80004005 = Unspecified error;' is displayed in Job Manger.

  • Some Active Directory reports not working
    If the object has a long name, the report fails to run.

  • Some Mac OS patches are not being properly handled
    Some Mac patches are not "mounting" properly and are therefore not deploying.

  • During upgrade, some process fail due to read-only flag on files
    Some installation files are cached on the system with the read-only flag turned on, and then stored on the ISO as read-only. During an upgrade, the VCM installation can fail when it attempts to overwrite these files.

  • Active Directory members by groups displays duplicates if more than one forest exists
    When collecting Active Directory data from multiple forests, there are duplicate records in the Members by Group node and in the exports.

  • UNIX IP General Information collection does not return DNS server names
    UNIX IP General Information collection does not return DNS server names.

  • Role management operations fail with a long user name
    If the user name is long, the name is not processed properly and causes problems with logging, and role and rule administration.

  • Solaris Cluster patches in standard runlevel are being extracted to /tmp, not /var/tmp
    During UNIX Solaris patch cluster deployment, the patch is extracted to /tmp rather than /var/tmp.

  • Imported Patching templates with custom patches containing switches do not allow user to select the switches
    If an imported patching template with custom patches is deployed, the advanced patch information (such as switches and timeout) are not available in the Import Template wizard unless "All Items" rather than "Selected" is selected on the first page of the wizard.

  • Imported Patching templates with custom patches containing switches do not allow user to select the switches
    If an imported patching template with custom patches is deployed, the advanced patch information (such as switches and timeout) are not available in the Import Template wizard unless "All Items" rather than "Selected" is selected on the first page of the wizard.

  • UNIX collections using a default filter set do not run
    The collection will not start if you use the default filter set when collecting UNIX system data.

  • Machine Group Filter based on File Must Exist not displaying members
    When creating a dynamic Machine Group filter based on the existence of a file on the machines, no members are displayed despite the existence of the file.

  • Windows Agents installed using the command line do not install the socket listener service
    The CMAgentInstall.exe (INSTALLPATH= PORTNUMBER= CERTIFICATEFILE=) installs the Agent but does not install the HTTP module.

  • Headers on the Compliance Results Summary for Rules report are not displayed properly when exported to Excel
    The Export of the "Compliance Results Summary for Rules" report to Excel has a formatting error in the header. The Run ID and Machine count values do not line up with their labels.

Known Issues

The following items are known issues in the VCM 5.3 release.

vCenter Configuration Manager General Issues

  • SCM 5.2 Windows agent .msi install package is not available on the ISO image
    To obtain the .msi package, you must download it separately. Contact VMware Customer Support.

  • The Change Port function does not change the port on an Agent machine.
    The Change Port function (Administration | Machines Manager | Licensed Machines | Licensed UNIX Machines) does not change the port on an Agent machine.
    Workaround: The Agent is configured as an (x)inetd process. The port is defined using the/etc/services file. The entry in the file is of the form: csi-agent 26542/tcp
    To change the port:

    1. Enter the following command to stop the CSIAgentListener: /etc/init.d/csi-agent stop.

    2. Edit /etc/services to reflect the new port.

    3. Enter the following command to start the CSIAgentListener: /etc/init.d/csi-agent start.

    4. Enter the following command to make sure the port is open: netstat -an |grep [port number].

    Note: The port number must be identical on both the Agent machine and the Collector.

  • The Reset Agent function does not reset the UNIX Agents properly
    In Administration | Machines Manager | Licensed Machines | Licensed UNIX Machines, the Reset Agent function does not reset the UNIX Agents properly.
    When a Collection is performed, an .mfl file for each data type is created or updated in the Agent data directory, which defaults to /opt/CSI/data/[YOURCMSERVERNAME]/Master . That is, if five data types were included in the Collection, five .mfl files will be created or updated with changes. Resetting the Agent is a way to force Collections to be full, rather than just recording changes. The Reset Agent function should remove all .mfl files, but does not.
    Workaround: Manually delete the .mfl files on the Agent machines. The next Collection will automatically be a full one.

  • When using IP Discovery, UNIX/Linux machines sometimes will be incorrectly classified as Windows machines
    When a UNIX machine has an Agent installed that is successfully contacted by IP Discovery, the machine is properly classified as a UNIX machine. If a UNIX machine does not have an Agent, or the Agent is not successfully contacted, then IP Discovery does not have enough information to classify the machine. The machine then is assigned a default classification that currently is Windows. This prevents the collector from successfully collecting data from these incorrectly classified machines. Support has a workaround for this that involves changing the machine class in the db.

  • When you create a UNIX Remote Command and select "Certain file(s) are required...", the option cannot be deselected once the Remote Command is saved
    When you create a UNIX Remote Command and select "Certain file(s) are required to be on the target machine for this remote command", the option cannot be cleared once the Remote Command is saved. Editing it will not successfully remove the option.
    Workaround: Recreate the Remote Command, making sure that "Certain file(s) ..." is not selected. Note that the option will remain selected if you try to Clone the defective Remote Command.

  • Unable to drill down in Security Analysis pie chart
    After running the Windows SECURITY ANALYSIS dashboard, you cannot drill down into the top pie chart.

  • Asterisk wildcard does not work in Compliance Rule filenames
    When creating a Compliance Rule using the File System File Structure data class, the asterisk ( * ) does not work as a wildcard character in file names. For example, specifying /etc/* will fail.
    Workaround: Use the percent ( % ) symbol as the wildcard character. For example, /etc/%.

  • If UNIX/Linux machines have been integrated into the Active Directory structure by a third-party application, Active Directory Discovery jobs will incorrectly classify UNIX/Linux machines as Windows machines
    This issue affects newly-discovered UNIX/Linux machines and machines already configured in VCM. For instance, an existing UNIX machine in VCM, correctly classified, licensed, and collected against, will be reclassified as a Windows machine after the AD Discovery, effectively removing all data related to this machine from the relevant UNIX data grids, reports, compliance results, and other areas in VCM.
    Workaround: If AD discovery has already reclassified UNIX/Linux machines as Windows machines, you can do one of the following to correctly reclassify the affected machines.

    • Use the "Add Machines" functionality in Administration | Available [Windows | UNIX] Machines. Whether using an import file or manual entry using the wizard interface, specify the existing UNIX/Linux machine name, domain, domain type, and all other options as they should be for that machine. Choose the correct Machine Type (such as Linux, Solaris, AIX, HP-UX). After finishing the wizard, the UNIX/Linux machine should be correctly reclassified.

    • Use an IP Discovery rule to rediscover the affected UNIX/Linux machines. If IP discovery can detect the proper machine class of the discovered machines, they will be correctly reclassified. Note: IP discovery may not always be able to detect the proper machine class, resulting in the machine being moved to the "Available Windows Machines" area.

    • To prevent future AD Discoveries from wrongly classifying the UNIX/Linux machines, you will need to modify the AD Discovery rule's definition to filter in only Windows machines or filter out all UNIX/Linux machines. You can do this by creating a condition filter: "Operating System like 'Windows%'". Or, if your AD structure has a separate organizational unit to hold all UNIX/Linux machines and only UNIX/Linux machines, you can create a condition filter to filter out the discovery of machines in that organizational unit. For example: "Organizational Unit not like '%UNIX Machines OU%'.

    We recommend using IP discovery with SNMP to correctly classify UNIX/Linux systems. If this is not available, then manually add UNIX/Linux systems to VCM.

  • When creating an IP Discovery rule, you can enter "null" values for Ports on both the "Machine Characterization" and the "Contact Options" dialogs; however, the Discovery fails when run
    Also, if you enter a Port number, a null value is added after it in the list. If you select the null value and remove it, and then try to remove the value you just entered, a "No entries selected from deletion" error message displays.
    Additional notes:

    • With the Port field blank, you can press Add once. The second time generates this error: "Item already exists. Please pick a different one."

    • If you leave the empty field selected, Port 0 will appear in the list box when you edit the Discovery rule.

  • A report will generate a "column prefix does not match" error and fail during preview and when run
    Under these circumstances, a report generates the error:

    1. In the Report wizard, select multiple data types.

    2. At the Columns panel, select a column from data type but none from any other.

    3. In the Filter panel, create an entry using a different data type.

    4. Attempt to Preview or Run the Report.

  • It there are more than 10,000 available machines, the Selected Machines list displays all despite selected subset
    When a user has approximately 20,000 available machines, sets a data grid filter to return specific machines, selects approximately 100 of those returned machines in the data grid, and clicks License, the "Selected machine(s) only" option will be inactive. If the user then clicks Next, VCM lists all available machines as selected (that is, all 20,000 machines). This result occurs because the All Machines option is being set on the Machines Selection screen of the License Machines wizard. This defect has also been observed without setting a data grid filter.
    This defect may also be observed when there are more than 10,000 available machines, and machines were selected that were all greater than the 10,000th machine in the data grid. It also occurred in filtered data grids of fewer than 10,000 machines as long as all the selected machines would be greater than the 10,000th in an unfiltered grid.

  • Unable to view SSRS-based Console node
    When attempting to access a node under Console that is SRS based, an error similar to the following is displayed below in the data grid area.
    Server Error in '/' Application. Server cannot access application directory 'e:\Program Files\VMware\VCM\WebConsole\'. The directory does not exist or is not accessible because of security settings. Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code. Exception Details: System.Web.HttpException: Server cannot access application directory 'e:\Program Files\VMware\VCM\WebConsole\'. The directory does not exist or is not accessible because of security settings.
    Workaround: Modify the Network Service permissions to allow access to this folder.

  • Unassigned account information is not bypassed
    Instead of bypassing the unassigned account, VCM is using the cached credentials to collect from the machine even though the account has been removed from all assignments. Expected Behavior: VCM should not recognize the account.
    Workaround: Update the column for each affected machine (last_successful_principal_id), set the value to ('NULL' in the table 'ecm_dat_machines'), or delete the account in Administration | Settings | Network Authority | Available Accounts.
    An alternate workaround is to change the Network Authority to a valid account under Administration | Machines Manager | Licensed Machines | Licensed Windows Machines. Click Set Network Authority . This workaround enables you to change the account without changing the values in the VCM db.

  • VCM switches the Primary Domain and the Primary User Logon as compared to the Windows Event Viewer
    If the user checks the message on a Windows XP64 Event 560 alert in the VCM Event Log, VCM switches the Primary Domain and the Primary User Logon as compared to the Windows Event Viewer. We support only one operating system/version message template at a time.

  • Discrepancy in the number of displayed User Rights
    When attempting to assign user rights to a user on a Windows 2000 Machine, the User Rights select list wizard displays 39 User Rights available. After the change has been applied the VCM console displays only 36 User Rights. The extra user rights were added in VCM to accommodate both NT 4.0 and Windows 2000. The list that is sent to Windows server machines contains the full list of Windows NT and Windows 2000 user rights and Windows 2000 does not handle the extra rights the way the NT 4.0 does which causes the discrepancy in the VCM console.

  • Compliance Rule containing wildcard in the path are not processed
    Compliance does not process files that exist in a root directory (C: or E:) when the compliance rule is configured to use a wildcard for the "Path".

  • An error message is sometimes generated when installing the agent on HP-UX machines
    Error message: SYSTEM_ERROR Failed registering with pkgmt system: RegisterAgent.sh returned ERROR: "wau027:/": One or more filesystems that appear in the filesystem table are not mounted and cannot be mounted. This activity does not stop the installation of the agent.

  • Jobs created by users not an Admin in the local Administrators group never start
    When creating a job in VCM, while logged in as a user that has an Admin role, but the user is not an Admin in the local Administrators group in Windows, the job created shows up in VCM and shows up in the SQL Server Agent. The owner of the job is the domain account that is not a member of the local Administrators group in Windows. If you try to start the scheduled job (by clicking 'Run Now') the job never shows up in VCM under any of the running or history nodes. You must be a SQL sysadmin to create scheduled jobs. You can attain the sysadmin role in SQL server either via the local Administrators group or explicitly in SQL.

  • ClusterName key moved between Win32 and Win64, causing error on Win64
    The SQL inspector looks for the following registry key for its virtual (clustered) name. This problem is related to the x64 cluster. [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSQLServer\Cluster] "ClusterName"="" This registry value moved between Win32 and Win64, therefore the agent is not picking up the virtual name and (unsuccessfully) attempting to connect to SQL via the physical name.
    Workaround: Add this registry value.

  • Machine group name with comma causes error
    When creating a machine group with a comma in the name, an error condition occurs after attempting to do a collection on that machine group and then selecting the job in Scheduled Jobs History.
    Workaround: Delete the machine group and recreate the machine group without the comma in the name.

  • UNIX Software Inventory collection returns only one entry for duplicate package names
    When collecting package information for Software Inventory from a UNIX machine, only one entry for duplicate package names/versions is collected.

  • When using column grouping in report window, toolbar functionality is lost
    When a SQL report is run and data is returned, toolbar functionality is lost ONLY when using column grouping from within the report window.

  • When filtering machines, column grouping disables subsequent actions
    User will lose ability to perform subsequent actions on "Filtered Machines Only" if they do a column grouping in View History grid. This appears to be system-wide.
    Workaround: Turn filter off and back on before running second action.

  • Moving multiple reports with one action generates error
    When attempting to move more than one report within a report folder, an alert is generated that states: Nothing selected to move.
    Workaround: Move one report at a time.

  • Agent unaware of Collector's uninstall of .msi
    If the Collector attempts to uninstall an MSI-installed Agent, the MSI package install on the Agent will not be aware of the Collector's uninstall.
    Workaround: If you use MSI to install the Agent, you should also use MSI to uninstall the Agent.

  • Two report folders with the same name must not exist
    Two report folders with the same name must not exist within VCM. It does not matter where the folders are at in the Reports hierarchy. If this occurs, you will be unable to edit either folder. For example, if you have a folder name "test" in one area under the Reports slider (for example, under AD reports) and another folder named "test" anywhere else in the Reports slider, displays an error when you try to edit either folder.

  • Current Paging File Size (MB) is not populated in the 'Machines' node
    After performing a full collection from a Vista operating system, the column Current Paging File Size (MB) is not populated in the 'Machines' node.

  • Missing retention settings for the Internet Explorer Event Log
    There are missing retention settings for the Internet Explorer Event Log. The event log retention setting is configured on the local machine, however, it is not populating the UI with the setting. This value is not present unless it has been modified from the default value.

  • Setting data for Key Management Service under Event Log Settings is missing
    When collected from Vista machines, setting data for Key Management Service under Event Log Settings is missing until modified, including maximum log size and retention days.

  • Using Firefox 2.0 with IE plugin causes problems when you create your own SRS table report
    Using Firefox 2.0 with IE plugin causes problems when you create your own SRS table report. The wizard does not allow you to view the SQL for the report. When you click the View SQL button, a popup is displayed from Internet Explorer that states: HTTP 500 - Internal server error Internet Explorer.

  • Syslog event messages are persisted when the user makes an attempt to delete them
    Syslog event messages are persisted when the user makes an attempt to delete them via the Collection Filter 'Edit' button. Messages persist when the user attempts to delete it by using the backspace key or by deleting the message filtering altogether.
    Workaround: Delete the Collection Filter and create a new Collection Filter with the appropriate settings.

  • Agent 'Run As Daemon' feature is not available
    The Agent 'Run As Daemon' feature is not available on HP-UX.

  • Scheduled Job fails if uses deleted and recreated machine group
    Job Manager - Scheduled: After deleting and then recreating a machine group that a scheduled job used, the scheduled job no longer works. If you try to edit it, you receive the following error ''undefined' is null or not an object'.
    Workaround: You must create a new scheduled job.

  • In IE 7 on Vista, data grid tear off page header displays incorrectly
    When VCM is run in Internet Explorer 7 on Vista, the data grid tear off page header is white text on white background.
    Workaround: Refresh (F5) the page and the text and background will be correct.

  • Exceptions generated when a Compliance exception rule contains < or >
    A Compliance exception rule that uses a ">" or a "<" operator checking the Value Found element is not generating exceptions when it should and is generating exceptions when it should not. For example, a PID is a property in the UNIX Processes-Active data class and its values can only be numeric. An exception definition rule that requests non-compliant results be overridden if the PID value > x (some number) is applied as if the data is ASCII text (so the number 20 is less than the number 3).

  • Using the back button in the Export Report Utility (for SQL reports) causes the report to fail
    Using the back button in the Export Report Utility (for SQL reports) causes the report to fail. The JavaScript method checkSQLParams() in ReportExportWizard.asp is called as part of the validation for the "enter the parameters" page of the wizard. The method replaces the param place holders (delimited with a '|' character) with the entered parameter values. When you press the back button, then press next again, the validation code re-runs. Except this time there are not any '|' delimited substrings to find, and the entire SQL string is corrupted.
    Workaround: Cancel out, go back into Export utility, and enter the right value.

  • User receives an error when trying to import reports
    User receives an error when trying to import reports: "Unable to save one or more reports. Could not find file 'C:\Program Files\VMware\VCM\WebConsole\L1033\Files\...". This error is returned when the user doing the import does not have write access to the directory location necessary to save the report definition file.

  • When editing an Alert Configuration that runs a Remote Command, the chosen folder selection is lost
    When editing an Alert Configuration that runs a Remote Command, the chosen folder selection is lost.
    Workaround: Edit and choose the remote command(s) desired.

  • File uploads of the Vista *:\Boot\BCD file fail if a user is logged on to the machine
    File uploads of the Vista *:\Boot\BCD file fail if a user is logged on to the machine. The Agent reports an error opening the file.

  • A script error occurs when attempting to extract a UNIX file
    A script error occurs when attempting to extract a UNIX file from File System | File Uploads in the UI. The error occurs when the user extracts a file with a Domain User account with role limitations.
    Workaround: Extract the files using an Admin role.

  • Errors when attempting to preview or save a report with Group By or Sub-Divide
    When generating an SSRS graph report, if users select a Group By and/or Sub-Divide property that is the same as the Main Data Point property, they receive errors upon attempting to preview or save the report.

  • CSI_AgentListener drops during UNIX Agent inspections
    During inspections by UNIX Agents installed as daemon on Linux 2.1 machines, the CSI_AgentListener drops, causing the job to fail with error messages.
    Workaround: Run the UNIX Agent as inetd.

  • Audit feature does not create a Failed Logon audit event in the Windows Event Log
    The Audit feature does not create a Failed Logon audit event in the Windows Event Log when a user attempts to logon with an account that has not been added to VCM, and does not have the appropriate privileges on the servers hosting the Collector and Database.

  • Invalid certificates may be used by the Installation Manager
    VCM installation allows the use of CSI-generated certificates that have been previously exported without the associated private key. If the invalid certificates have been imported into the certificate store, then Installation Manager will find and use them when the 'Generate' button is selected. Once VCM is installed with the invalid certificates, users are unable to perform collections against HTTP Agents.
    Workaround:

    1. Be sure to export certificates with the private key. This will require a password and produce a .pfx file. When re-imported, the certificates should be legal and appear in the 'Select' dialog of the VCM installation.

    2. If you have imported keyless certificates, you must delete them from the certificate store before you can generate new ones. This can be done while Installation Manager is running.

  • SSRS graph report display is misaligned
    While adding a Window SSRS Graph Report from the "Chart Data" page, and clicking the ellipsis button, the window's buttons are barely visible. The tops of the buttons are visible at the bottom of the window, but the words on the buttons are not visible.

  • Custom Information for Debian and Red Hat 4 missing
    In Console | UNIX | Custom Information, VCM is missing the following Debian and Red Hat 4 data: Any variable that has a value which looks like $(z o p) or $((z o p)) will display $(z or $((z in the UI. Where z, o, and p are any string; the key here is the space, it stops at the first space.

  • Data missing after UNIX System Logs - syslog Events collection
    In Console | UNIX | System Logs | Syslog(-ng) | Events, no data is present in the data grid after performing a UNIX System Logs - syslog Events collection if NULLs are present in the log files.

  • Running multiple scheduled jobs on Mac OS Agent may cause an error
    Running multiple scheduled jobs of all UNIX data classes on a Mac OS Agent may cause an ::WinHttpReceiveResponse error, causing the server to return an invalid or unrecognized response on the agent machine. If this error occurs, the CSIListener will stop, causing inspections to fail.

  • Columns hidden in the v$database Oracle Management View
    The following columns are hidden in the v$database Oracle Management View: ARCHIVELOG_COMPRESSION, SUPPLEMENTAL_LOG_DATA_UI, FORCE_LOGGING, PLATFORM_ID, PLATFORM_NAME, RECOVERY_TARGET_INCARNATION#, CURRENT_SCN, FLASHBACK_ON, SUPPLEMENTAL_LOG_DATA_FK, SUPPLEMENTAL_LOG_DATA_ALL, DB_UNIQUE_NAME, STANDBY_BECAME_PRIMARY_SCN, FS_FAILOVER_STATUS, FS_FAILOVER_CURRENT_TARGET, FS_FAILOVER_THRESHOLD, FS_FAILOVER_OBSERVER_PRESENT, and FS_FAILOVER_OBSERVER_HOST.

  • Importing an Active Directory report may generate an error
    When importing an AD report into VCM for the first time, the following error may occur: "Unable to save one or more reports - /ECM Reports/ECMAD/ - Please contact your VCM administrator for further help." This may occur when you are using SCM or VCM. Also, the resulting page references "ECM".

  • UNIX Change Password action does not lock the password or shadow file
    The UNIX Change Password action does not lock the password or shadow file on AIX systems when it edits the file with the new password.

  • UNIX Change Password action relies on the shadow file
    The UNIX Change Password action relies on the shadow file for Solaris and AIX systems when it edits the file with the new password. On these systems, the passwd file can be used and the shadow file does not have to be used. However, security recommendations from standards groups and industry experts say the shadow file should be used and that users' passwords should not be stored in the passwd file.

  • DBID column is hidden in the v$database Oracle Management View
    The DBID column is hidden in the v$database Oracle Management View.

  • Oracle reports on columns containing "#" generates error
    When creating a Report containing Oracle - Management View data types where the columns containing a '#' are included, the an error is generated. The problematic columns exist in v$database, v$datafile, v$datafile, v$instance, v$logfile.
    Workaround: Remove problematic columns containing '#' from the report.

  • HASH column is hidden in the v$system_parameter Oracle Management View
    The HASH column is hidden in the v$system_parameter Oracle Management View.

  • Activation# and Switchover# columns are hidden in the v$database Oracle Management View
    The Activation# and Switchover# columns are hidden in the v$database Oracle Management View.

  • A full Oracle - Management Views collection sometimes completes with a transform error
    When performing a full Oracle - Management Views collection, the collection sometimes completes with a transform error. The error is displayed in Console | Enterprise Applications | Oracle | Management Views. No data is collected and the collection completes with the following errors.: Unable to execute command: '{ ? = CALL dbo.ecm_sp_raw_transform_data;1 (?,?,?,?) }'. See logs for details HRESULT 0x80040e2f;.

  • Cannot collect /dev/fd data from Mac OS X clients
    It is currently not possible to collect /dev/fd data from Mac OS X clients.

  • SSRS for non-admin users is not configurable
    ECMSRSUser account, used to access SSRS for non-admin VCM users, should be configurable. During installation, a local account is created on the on the Collector named ECMSRSUser. This account is used by the middle tier to gain access to SRS so that users running reports and dashboards are granted access to the reports console during the time they're running the report. Currently, the name and password of this account is hard-coded into RDLSecurity.cs. This account should be configurable through the VCM UI, and its password should be stored with standard encryption, not embedded in code.

  • Agent rejects collection job displaying misleading message
    When submitting a collection that contains both Windows and UNIX machines, and then you choose only UNIX data classes, the two job types become separate jobs, which generates a request that has no agent jobs. The agent rejects the request with a misleading message: "Agent terminated abnormally and is in an invalid state for the request".

  • Jobs Running window cannot be brought back to the top
    When using Internet Explorer 8, the Jobs Running window cannot be brought back to the top after focusing on the Portal.

  • Collections fail on some machines where the Processes (Advanced) filter is used
    Collections fail on some machines where the Processes (Advanced) filter is used in the Collection Filter Set.
    Workaround: Change the filter from Processes (Advanced) to Processes (Standard).

  • Visual Studio Just-In-Time Debugger popup appears if VCM is idle
    After leaving a VCM host idle for 24 to 48 hours, with the Console open, a Visual Studio Just-In-Time Debugger popup appears.
    Workaround: Log out, and then log back in.

  • Error message returned in View Details is incorrect
    Error message returned in View Details is incorrect when creating a user with the same name as a group that already exists on Red Hat systems.

  • User Account Properties not adding expiration date on HP-UX
    When adding an expiration date to User Account Properties for HP-UX, the expiration date is not added.

  • Access Roles with associations to Active Directory locations cannot be imported
    Access Roles with associations to Active Directory locations cannot be imported into VCM; a fatal unhandled Import/Export exception error occurs. You must then choose to quit the application.

  • The full path should be specified when creating a new user with the UNIX Create User action
    The full path, including the user name, should be specified when creating a new user with the UNIX Create User action. Note that VCM will use the exact path specified as the user's home directory.

  • UNIX Create User action will create a home directory for users when "No Home Directory" option selected
    The UNIX Create User action will create a home directory for users created on AIX systems even when the "No Home Directory" option is checked.

  • Total Current Paging File Size (MB) not displayed for Vista and Windows 2008
    In the Console | Windows tab | Operating System | Machines data grid, the Total Current Paging File Size (MB) displays no value for Vista or Windows 2008 machines.

  • Incorrect error message when invalid GID entered
    Error message returns -1 rather than the invalid secondary GID when a user enters an invalid secondary GID for the UNIX Create User on Red Hat or Debian.

  • Group Members page of Change Membership wizard does not display users
    If a user is removed from a Group using the UNIX Delete User change action, no users/members are displayed on the Group Members page of the Change Membership wizard.

  • A Software Inventory collection on Windows 2008 machines does not retrieve Security Update information
    After collecting Software Inventory data from a fully patched Windows 2008 machines, the Security Update information is not displayed in the Software Inventory data grid.

  • UNIX Change Password action causes a change to the group ownership
    When changing a user's password on HP-UX machines, the UNIX Change Password action causes a change to the group ownership of the /etc/shadow file on HP-UX platforms.

  • Change Password action does not update /etc/oshadow
    The /etc/oshadow file on HP-UX is not updated with entries from the /etc/passwd /and /etc/shadow file when running the Change Password action in VCM.

  • UNIX Change Password action displayed as failed in Job History View Details
    When changing a user's password, the Job History View Details shows a status of "Failed" for the UNIX Change Password even though the password was successfully changed.

  • Logged in AIX users are allowed to be deleted
    On AIX platforms, users that are currently logged in are allowed to be deleted.

  • Password Last Changed values displayed for accounts with no lastchg value
    Solaris machines are returning a 'Password Last Changed' value for accounts that do not have a lastchg value in the shadow file.

  • Job to delete multiple users accounts not displayed in Jobs Running
    When attempting to delete multiple user accounts simultaneously by drilling through the Node Summary Report, the job does not start in Jobs Running. UNIX Account and Group actions such as Delete (Account or Group), Modify Group Membership, and Change Password are designed to be executed on a single Account or Group on one or more machines simultaneously. If you drill through from the Node Summary Report, the VCM data grid does not prevent you from selecting more than one Account/Group and then clicking the Action button. If this is done, the VCM job will not be created, and therefore no action will be taken, and no notification is displayed. Note that the capability to select multiple user accounts is necessary for other purposes such as using Export from the VCM data grid.

  • Incorrect label on Reports results page
    Navigating to http://VCM/ReportServer or http://scm/Reports references "ECM" on resulting loaded page.

  • No machines displayed if using a custom access rule without UNIX Machines General
    In Rules/Roles: If you create a custom Access Rule without the UNIX Machines General data type, there will be no machines in the machine picker page in the custom Role.

  • UNIX Users Information data grid displays incorrect date for the Expiration Date
    Expiration Date column is not reporting the correct date in the data grid. The correct date is applied on the system when setting this value in the UNIX User Add action, but it is not returned correctly in the UI. Note: The Expiration Date field is reported incorrectly both when setting the expiration manually on the system and doing a collect, and when setting the field remotely using the Add User action.
    Workaround: Change display_name nvarchar(256) to display_name nvarchar(512) T83in the temp table creation.

  • When installing Package Manager, incomplete error if .NET 3.5.1 is not installed
    Receive the following error when installing Package Manager on machines where .NET 3.5.1 is not installed: Receive error "Type 'Wasp.Tasks.CrateEntry' cannot be serialized. Consider marking it with the DataContractAttribute attribute, and marking all of its members you want serialized with the DataMemberAttribute attribute". The error is generated if .NET 4.0 is installed but .NET 3.5.1 is not installed. .NET 3.5.1 must be installed.
    Workaround: Install .NET 3.5.1 and then install Package Manager.

  • Compliance exception rule loses + in name
    Compliance exception Rule value will remove + ( plus sign ) if contained in the Rule Name once Exception is edited.

  • Software Provisioning Repository path not automatically adjusted when modified
    Update command does not return the modified repository path. The package still points to the old repository.

  • The Active Directory | Objects | Users dashboard displays numbers different from the data grid
    The dashboard and the data grid do not display the same values.

  • NTFS permissions fail when collecting junction points (pointers) on Windows 2008, Vista, and Windows 7
    When trying to collect from machines based on the new Vista style file system layout, collections fail if the location contains a "junction point" like "C:\Documents and Settings." Since these locations are now just pointers, it puts the collection into a loop and transform fails. The transform messages are about inserting duplicate keys. When looking at the actual data that is returned, the junction point path is repeated over and over.

  • Compliance Rule definition does not work when configuring an "in" operator if the File/Dir path contains a space between the values
    If a space exisits in the the path defined for an "in" operator, the rule will not return results. For example, File/Dir Path in ('/tcb','/tcb/files', '/tcb/files/auth') - notice the space after the second comma.
    Workaround: Avoid or remove spaces in the syntax.

  • Package Studio installs even though .NET 3.5.1 is not installed
    Although Package Studio requires .NET 3.5.1, the Package Studio continues installing even when the correct .NET version is not installed. When you run Package Studio, an error is displayed. The error is generated if .NET 4.0 is installed but .NET 3.5.1 is not installed. .NET 3.5.1 must be installed.
    Workaround: Install .NET 3.5.1.

  • A full (all data types) collection using a 4.9 agent results in no data collected
    A full (all data types) collection using a 4.9 Agent on an an NT4 operating system results in the Job completing in Jobs Running, but no data.
    Workaround: If you do one data class at a time, the collections work and data is returned.

  • Package Studio prompts to save empty or unchanged package
    After opening Package Studio or opening an existing package (.crate), but making no changes, Package Studio still prompts to save changes when exiting the Package Studio or changing tabs.

  • Change Management | Non VCM Initiated displays several blank lines of changes, where nothing is listed for Property Management, Value Changed From, or Value Changed To
    After publishing several packages, and then performing Software Repository and Package Managers collections, the Change Management | Non VCM Initiated | Software Repository data grid displays blank rows. The machine name, data type, and path are listed, but everything else is blank.

  • The Add/Remove Package wizards do not hold the machine selections from the data grid
    Even after collecting Package Manager and Repository data, and then selecting one or more machines in the data grid from which to add or remove packages, the Add/Remove wizards do not have the machines selected. The use must again select the machines.

  • In a split install, Package Manager is not installed on the database machine
    Package Manager is not installed on the database machine during a split installation.
    Workaround: Manually install the Package Manager on the database machine.

  • VCM-initiated change actions for the Registry are displayed as Non VCM-Initiated change
    When running several Registry change actions quickly in a sequence, the actions are displayed as a Non VCM Initiated changes.

  • Package installation jobs fail without clear error messages
    When an Install Package job fails, the Jobs Details in Jobs History does not provide a clear message about why the action failed. For example, If user selects "Skip Validation" on an unsigned package, the Job fails without a clear message as to why.

  • Editing a conditional Compliance Rule causes the "Make available for enforcement" check box to change
    When navigating back and forth through the Compliance Rule wizard while editing the settings, the "Make available for enforcement" check box is changed from the previous selection state.

  • Malformed Package Manager wasp commands give an incorrect error message
    When running an incorrect wasp command, the error returned is "Error: Index was outside the bounds of the array" rather than the more correct "Invalid command."

  • Inconsistent name/product placement under Start > Run > Programs directory on an upgrade from SCM to VCM
    On upgrade from EMC Ionix Server Configuration Manager to VMware vCenter Configuration Manager, the product placements in the menu are not cleanly upgraded. Some components appear to remain in the EMC Ionix menu, while other are available in the VMware vCenter menu.

  • When using the Package Manager, the default values are "no" when they should be "yes"
    The default values for some prompts, for example, "Package is not signed, do you want to continue [Y/n]" are defaulted to N, when they should be defaulted to Y.

  • When running Package Manager from the command line as a non-administrative user, a second window flashes on screen and then disappears before you can read it
    When a user other than the administrator opens a command prompt, navigates to the Package Manager location, and runs a wasp command, a message is displayed asking whether or not you want to allow the program to run. If yes or Allow are selected, the wasp command runs; however, a second window opens to run the program, and then quickly disappears.
    Workaround: Run the wasp commands as an administrator.

  • A full collect of all data type using 4.12.0.57 Agent displays no results even though the Job History says success
    On a split install, a full collection using the 4.12.0.57 Agent results in no data collected.
    Workaround: Select all data types, and then clear Custom Information (Windows), Software Provisioning - Package Managers, and Software Provisioning - Repositories. These are new data types and are not supported on the 4.12 Agent.

  • For UNIX platforms where single user mode patching is not supported, the pre-deployment remote command still runs
    For platforms where single user mode patching is not supported, the pre-deployment remote command still runs. An administrator could have the pre-deployment remote command written to set up a system a certain way to prep for deployment, relying on the reboot, deployment, or a post-deployment remote command to get the system back to a proper state.

  • Using Impersonation in Package Manger will result in failure on operating systems with UAC
    On systems with stricter security and UAC (i.e. Windows 7 and Windows 2008), Impersonation results in a user token with lesser privileges. The Package Manager is using impersonation with the account and password that are passed to it in the LoginFile.enc parameter. As soon as the impersonation occurs Package Manager no longer has access to necessary resources, such as its own log file, and the registry. Package Manager terminates and leaves behind the tls.tls file which results in subsequent calls to wasp command status indicating it is busy. This leaves Package Install/Remove actions - regardless of need for reboot - in a hung state until the action times out. (Default timeout is 8 hours)

  • Duplicate repository source entries cause erroneous package collection results
    If the same repository source is added twice to a Package Manager, a Package Manager collection will display double entries for each package. The normal course of action for the Agent is to delete one of the two entries, which shows up as an error in the Debug Event log. The problem arises when a package is installed from one of the two sources. Depending on which of the two entries is discarded, the package may show up as 'Candidate' or 'Installed' in the Packages grid.

  • Package Manager is unable to install .msu files (Microsoft Updates)
    After generating a package containing an .msu file and attempting to install it on a Windows 2008 machine, it failed.
    Workaround: Manually install the .msu file and add the attributes to the External Software list.

  • The .msi Agent installer uninstalls the Agent rather than stating the Agent is already installed
    The .msi Agent installer has two modes: install or uninstall. If you already installed it, it will automatically uninstall no matter what options you give msiexec.

  • Job Manager not returning a failed Package Manager update message
    When wasp update is run in Package Manager after an invalid repository is added, the failure message is not returned to the Jobs History in VCM. The job is considered successful when it was not.

  • AD Discovery constraint for Operating System = "Hyper-V Server" does not work
    Wildcard generation causing filtering values in AD discovery for Hyper-V Server not working correctly.

  • Software provisioning package allows - (dash) in UpstreamVersion when no Version is specified
    A dash (-) is used to separate the UpstreamVersion from the Version and should not be processed as a value unless a Version is specified. Do not use a dash in the UpstreamVersion unless you have already added "-< version >"

  • Compliance - Provisioning enforcement definition is not held when copying a rule from one rule group to another
    When copying a Compliance rule that has provisioning enforcement defined from one rule group to another group, the provisioning enforcement definition was not held in the copied rule. Possible results:

    • If the data type used in the rule was a standard data type, the enforcement was changed to standard enforcement in the copied rule.

    • If the data type used in the rule was provisioning data type, the 'Make available for enforcement where possible' checkbox was checked but neither enforcement button was selected and thus enforcement was not defined.

  • Receive error when updating version field on a Conflict or Depends in Package Studio
    When updating the version field for a package in the Depends and Conflicts tab, the following error appears:'Object reference not set to an instance of an object'. This specifically occurs when clicking in the version field and hitting the backspace button to remove the previous version. Highlighting the entire field and update the version or add an additional digit to the previous version displays no error.

  • "Machine disconnected" status may become "Pre-condition failed because..." exception
    The connection manager returns a connection and a STATUS return value. It appears that many users of this connection function do not check the return value, but rely on the connection object. In cases where DCOM returns a status of "disconnected" and that retry is indicated, the connection object is populated but is not initialized. In this case, the request submit job tries to use the invalid connection object, and a clear status is transformed into an alarming exception -- and the operation is not retried.

VCM for Active Directory

  • Error when running Object | Users collection
    When running collections on Object | Users, two error messages may display in the debug log: Request does not contain machine_platform_compatibility - assuming old collector HRESULT 0x80004005 = Unspecified error; Procedure 'ecm_sp_dbe_ui' expects parameter '@message', which was not supplied.
    Note: Every AD collection displays these errors, but they have no impact on the collection results.

  • Some collected attributes are translated, others are not
    Attributes collected with Active Directory are stored in the database in their native representation. Several of the collected attributes, such as dates and integers, may have translations which apply to selected values. AD provides translations for a limited set of attributes.
    Translated Attributes: Both the native or raw value of the attribute and the translated value are stored in the database. Although the user interface displays the translated value, both the raw and translated values of these attributes are available for compliance and reporting.
    Breakout Attributes: Some attributes, such as systemFlags and userAccountControl, contain several flags represented in a single integer value. In addition to storing the raw attribute value, AD breaks out the individual flags into sub-attributes and stores them in the VCM database. These sub-attributes are available for viewing in the data grid (you must modify the display settings of the data grid to include them), as well as for reporting and compliance. In some cases undocumented flags are set. Undocumented flags are not stored in the VCM database and are not available in data grids, reports, or compliance.

  • Some non-Admin roles have intermittently blank Compliance slider
    When creating a User Access Rule for Active Directory (non-Admin role with no additional machine-level access, the Compliance slider is intermittently blank.

  • Error displayed in Alert Configuration Wizard
    When creating an AD Alert Rule for Compliance Results (Users), you may see an error condition within the Alert Configuration Wizard. Although you may encounter this error, after click OK to acknowledge the message, the alert processing continues as expected. The error is due to a timeout issue with DB Services, but again, it does not impact the processing of the alerts.

  • After adding a new object, a delta collection is full collection
    Any time a new object is added to the structure table, subsequent delta collections from a location ancestral to the added structure object are submitted with a USN of 0 - essentially performing a full collect.
    Workaround: Perform delta collection from the domain scope or higher.

  • Active Directory Agent logging level controlled by DWORD value
    When changing the logging level on an Active Directory Agent, the logging level is controlled by the DWORD value Filter located in the registry at HKEY_LOCAL_MACHINE\SOFTWARE\Configuresoft\CSI\5.0\Common\DebugEvent. The registry value represents a bitmask and can be set to the desired level of logging by adding the appropriate bit values together.
    The following logging levels = bit values:
    Info = 4
    Warning = 8
    Error = 16
    Exception = 32
    The Agent uses a default value of 56 (Exception+Error+Warning) when the value is not present in the registry.

  • Active Directory Discovery is not honoring Ignored Machines
    Active Directory Discovery is not honoring Ignored Machines, generating security events and trying to activate the Agent.

  • Error displayed if attempting to uninstall AD Agent when no machines are selected
    When attempting to uninstall an AD Agent on the VCM for Active Directory data grid and no machines are available, an error message displays the following text: "There is no object data. Window will be closed." When you OK, a script error appears.

VCM Remote

  • Jobs history not displaying resubmitted jobs
    When VCM resubmits failed Patching jobs, the Patching Jobs History does not show a 'VCM Remote Resubmit'.

  • CSIRemoteBatch jobs ignore/type directive
    The CSIRemoteBatch command for VCM Remote is ignoring the Type parameter, performing only delta collections despite the parameter being configured for full collection.

  • VCM Remote will append an entry to the hosts file without checking if it is on a new line
    When VCM appends an entry to the hosts file without checking if it is a new line, the resulting double entry will cause the Agent install to fail with the message Ping Failed.

VCM Import/Export

  • Imported SQL Report with hierarchical data structure displays error
    Importing a SQL report that uses a hierarchical data structure, such as WMI data, from an 4.5.2 database to a later version of VCM can cause problems when running that report. If there is a problem (the cause being incorrect syntax in the SQL (too many quotes) created in the import script), an error message is displayed when you try to run the report. The error message is: Must declare the variable @tree_key_id.
    Workaround: To fix this issue, open the report and correct the hierarchical data to match the VCM hierarchical structure and save it. The report will then execute correctly.

  • Exported Rules tied to an NT Domain Group does not export the domain group
    When exporting Roles from a source database in which the roles are tied to an NT Domain Group (as opposed to individual User Accounts), neither the NT Domain Group nor the associated Logins export. Subsequently, they will not be available for import on the target database.
    Workaround: Manually tie the NT Domain Groups to the appropriate roles through the Console on the target collector.

  • Attached database missing Admin role properties
    When attaching to a VCM database and accessing an Access Role, viewing the properties for the Admin role reveals that not all of the properties appear. In this case, importing or exporting to the database will be unsuccessful.

  • Access Roles not exported if Active Directory is unlicensed
    If AD is not licensed, Import/Export Access Roles cannot be exported.

  • Exported Patching assessment template file does not load correctly
    An exported Patching assessment template file does not load correctly into the Import/Export tool.
    Workaround: This issue is due to internal file changes. Use Import/Export of your current version (4.11.2 version earlier), export to a file, modify the file (change the SUM/Server Advisor templates to Patching templates, or contact VMware Customer Support for modification information), import into 5.0 using the 5.0 Import/Export tool.Example: < ObjectType Group=" Template" / > To < ObjectType Group="Patching Template" / >

  • Import/Export displays System.OutOfMemoryException when saving large Source documents
    Error when trying to save large source document for Import/Export. Workaround: Make smaller source document files.

VCM Integration with Application Discovery Manager

No known issues

Management Extensions for Assets

  • Creating Software Configuration item causes the portal to stop refreshing
    The portal hangs when trying to create a Software Configuration item based on "File System Known Files Data (UNIX)" by browsing for filenames.

Patching

  • Patching date/time behavior inconsistent with other date/time functions
    Patching scheduled downloads operate differently when setting dates and/or times than do VCM scheduled reboots.

  • Exporting the Assessment data grid displays error
    When using the Export function on the VCM assessment data grid, any "credentials failed" error messages appear to break the CSV format, and appear on their own lines.

  • Patching jobs with natively called registered file types fail
    If Patching tries to deploy a patch (or an imported template) that is an MSI package, the job fails. The Windows API (CreateProcessA) that is used to launch a file does not like registered file types when they are called natively.

  • Upgrade does not always correctly process rules and roles
    Custom rules/roles are not always processing correctly when upgrading. On select occasions, access granted before the upgrade is missing after the upgrade.

  • Daylight Savings not properly accounted for in scheduled patches
    When "Next Scheduled" time is calculated in Patching | Scheduled | Assessments, the "Adjust for Daylight Savings Time" check box is not being accounted for. Expected Behavior: Time should display regardless if the Daylight Savings box is checked or not.

  • Naming on outside vendor created patches and bundles inconsistent
    HP-UX and recent AIX patches and bundles are often packaged outside of the vendor public patch downloads, and depending on the options selected on those site, the packages from those public sites can also be named unpredictably. To achieve the most consistent patching results, it is recommended to set up a patch repository using the Software Content Repository (SCR) Tool.

  • UNIX Patch Assessment collection filter created even after error during creation
    When creating a UNIX Patch Assessment Collection filters, the filter criteria sometimes results in data errors. The user has to cancel out of the dialog box, yet the filter is still created.
    Workaround: Delete the failed filter, create a new filter that excludes the data that caused the condition, and save the filter.

  • HP-UX patches containing other patches not automatically reassessing included packages
    On HP-UX, the deployment of patches that include other patches, will not automatically reassess the included patches as part of the deployment operations. These patches will, however, be detected by assessments run after, and independently of, the deployment operation.

  • Failure to remove old RPM packages
    Deployments attempted on a Red Hat or SUSE system running SE Linux and the Agent through xinetd can fail to remove the old RPM packages. This is due to an SE Linux policy that blocks certain RPM actions when RPM is called from an inetd process. This behavior does not occur if the agent is run in daemon mode or if in single-user mode patching.
    Workaround: Add a SE Linux Policy to allow this operation. The workaround could potentially open up security vulnerabilities that the installed SE Linux policy is in place to prevent.

  • The Patching Add Imported Template wizard loads slowly
    When the Add Imported Template button is clicked, the dialog box can take a minute or more to display.

  • Deploying UNIX patches in single user mode, and possibly deployments with reboots, on systems where the clock may be inconsistent (i.e. the hardware clock being out of sync with an NTP server, etc), causes the patch deployment to have unexpected results
    On UNIX patch deployments involving reboots, where the time may be inconsistent for various reasons, the reboot logic can have unexpected results, which can also result in unexpected results in the patch deployment. The resultant behavior is that the system could shut down to single user mode before all the timeouts that to happen have run out, so no reboot message is displayed, no custom reboot time is used, and the Agent is losing the state of the job. The patches are still deployed, but the Agent had no context of the job to report back results to the Collector. The Collector continues checking for results from the Agent with no success.

  • Large sets of simultaneous UNIX patch deployments with remote commands with command files can result in a race condition to access the remote command files
    For UNIX patch deployment jobs with remote commands that have command files (and/or possibly include files) where multiple jobs are run from the same wizard (i.e. multiple bulletins selected across multiple machines), the wizard creates a separate job for the different machine/bulletin combinations. This can result in multiple jobs trying to access the same remote command files, resulting in some jobs failing.

  • Scheduled deployments not honoring custom reboot message and timing
    When a deployment is scheduled, the job is not honoring the custom reboot message and timing. Unscheduled jobs are working as expected.

VCM for Systems Management Server (SMS)

  • SMS machine group may not include all SMS server machines
    The "Microsoft SMS Servers" machine group may not include all possible SMS server machines. The machine group filter is a registry filter checking for the existence of a certain registry path. However, it is possible to host components of the SMS system (for example, the SQL database) on separate server machines that do not have the same registry path. These machines will not be included in the "Microsoft SMS Servers" machine group. Therefore, these machines never appear in the appropriate child machine groups, such as, "Microsoft SMS SQL Servers".

VCM for Virtualization

  • Key generation script reports an incorrect error
    If you generate the Secure Comm and SSH keys on the Collector as the Agent Proxy and if a Secure Comm key from another agent proxy has been copied into that directory for importing, the key generation script reports an incorrect error. This error could lead the user to misconfigure ESX servers that are properly configured for VCM for Virtualization already. The error message reads: !!! WARNING !!! Keys have already been generated. If you continue you will need to redistribute the new keys. Type Ctrl-C to abort or Press any key to continue.
    Workaround: Continue to run the script. For ESX host servers that you wish to keep collecting from through VCM's method of communicating with those ESX host servers. Only push the newly generated key to the ESX host machines that are being configured to collect through the Agent Proxy running on the collector.

  • Upgraded Collector used as Agent Proxy fails machines collection
    When upgrading and using the Collector as an Agent Proxy, proxy collections will fail until a machines collection is executed against the collector. Currently, VCM thinks the Collector's Agent is old and sends the wrong product name to the agent listener.
    Workaround: Verify that you have successfully collected the machines data type, and then verify that your Agent Proxy machine appears within the data grid. After upgrading VCM, you will need to recollect the machines data type from the collector.

  • Data from the ESX3i system is not collected when collecting from multiple ESX machines types
    When VCM collects from multiple machines that include an ESX 3i machine, and either ESX machines of another version and/or a non-ESX UNIX machine, and the collection includes VM Guests and/or VM Hosts, and any other UNIX/Virtualization data classes, then data from the ESX3i system is not collected.

  • Error running UNIX Remote Commands on ESX systems
    When running UNIX Remote Commands on ESX systems, a DBE is being returned with the following error, which is being sent from the Agent Proxy: Request does not contain machine_platform_compatibility - assuming old collector HRESULT 0x80004005 = Unspecified error.
    Workaround: Although this error occurs, the remote command actually runs normally, and there is no loss of functionality. This error occurs on ESX 3.0.1 and ESX 3.5 systems, but not on ESX 2.5 system.

  • After upgrade, VCM Services application pool changed to default settings
    After an upgrade, remote Viewpoint no longer functions due to a setting for the VCM Services application pool being changed to default settings. On the collector machine, open Start | Control Panel | Administrative Tools | Internet Information Services (IIS) Manager. Expand the tree: <System Name> (local computer) | Web Sites | Default Web Site. Right-click VCM Services, and select Properties. In the Virtual Directory tab, change the Application Pooldrop-down to the application pool that was configured for the Kerberos delegation account. Click Apply and OK, and close Internet Information Services (IIS) Manager. Reset IIS by executing the command iisreset in a command prompt (be aware that this action will interrupt VCM functionality).

  • Uninstalling the VCM Agent does not remove or update the Agent Proxy status
    An uninstall of the VCM Agent does not remove or update the Agent Proxy status because a machines collection does not exist. An uninstall of the Agent Proxy should update the Agent Proxy Version with a "No Agent" status without having to run a Windows machine inspection.

  • Error when collecting VMHosts
    When collecting VMHosts, the following exception may occur: Duplicate object inserted into in-memory set HRESULT 0x80004005 = Unspecified error.

  • Data not displayed when running VCVP Compliance or Assessment
    When running a vSphere Client VCM Plug-in (VCVP) Compliance or Assessment Run, the data doesn't appear in . This appears to be happening because of the temporary machine group that is used to run compliance from VCVP, impacting whether the reports can effectively show the results from these runs in VCVP and VCM.
    Workaround: To view the VCVP-initiated Compliance Assessment Run results, in VCM go to Reports | Machine Group Reports | Compliance folder and run the VirtualCenter Plug-in Compliance Results Detail by Machine report. To view the VCVP-initiated Assessment Run results, go to Reports | Machine Group Reports | Patching folder and run the VirtualCenter Plug-in UNIX Patch Status Details or VirtualCenter Plug-in Windows Patch Status Details report.

  • Error if not logged into the Collector when accessing VCVP on a split installation
    When working with the vSphere Client VCM Plug-in Compliance tab and with a split installation of VCM, if a user is not logged in to the Collector, the following error appears: Reporting Services Error. For more information about this error navigate to the report server on the local server machine, or enable remote errors. SQL Server Reporting Services.
    Workaround: Log in to the Collector before working on the Compliance tab.

  • Error if not logged into the Collector when running VCVP reports on a split installation
    When working with the vSphere Client VCM Plug-in Reports and with a split installation of VCM, if a user is not logged in to the Collector, the following error appears: An error has occurred during report processing. (rsProcessingAborted), Cannot create a connection to data source ''. (sErrorOpeningConnection). For more information about this error navigate to the report server on the local server machine, or enable remote errors.
    Workaround: Log in to the Collector before running the Reports.

  • Collections through VirtualCenter 2.5 and higher fail
    Collections through VirtualCenter 2.5, 3.x, and vCenter 4.x and higher are failing due to vCenter attempting mutual authentication.
    Workaround: Enable the "Ignore certificate errors" hidden option that basically bypasses certificate authentication. This opens potential security risks between and the VirtualCenter, as untrusted certificates are treated the same as trusted with this option enabled.

  • Virtual Environments - VM Hosts - Resources displays incorrect values
    The Memory and CPU Share for some of the VM Hosts resources is incorrect when compared to the values in the vSphere client.

  • Script Error when selecting a guest that has two machine records when using VCVP
    After running Compliance, going to the Host, and then click on a guest, a script error is displayed.
    Workaround: Click NO on the script error, highlight the machine name, and then click OK. The report works fine.

  • ESXi 4.0 and 4.1 not returning Security Profile data
    After collecting ESXi 4.0 and 4.1 Security Profile data, data is not displayed for these platforms.

  • ESXi 4.0 not returning data when collecting using the default filter set
    When collecting data from an ESXi 4.0 machine using the default filter set, no data is displayed.
    Workaround: Run the collection selecting Host and Guest data types, not any UNIX data types.

VCM for Windows Server Update Service (WSUS)

No known issues