VMware

VMware vRealize Configuration Manager Release Notes

VMware vRealize Configuration Manager 5.8 | 9 June 2015 | Build 188

Last Document Update: 9 June 2015

Check frequently for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New

vRealize Configuration Manager 5.8 provides several new features and resolves multiple product issues.

  • New platform support for Managed Machines

    VCM 5.8 adds support for SLES 12 (supports all functionalities except patching). VCM can perform collection, compliance, reporting, and machine filters for this platform.

  • SQL Server 2014 support for VCM 5.8

    SQL Server 2014 is supported as part of VCM installation or upgrade, that is, the users can now install or upgrade and run VCM on an upgraded SQL server or new SQL server 2014 database.

  • Upgraded JRE to 1.7.0_80

    JRE has been upgraded to 1.7.0_80 in this release.

  • Linux agent RPM availability during installation

    RPM generation tool is available with the product installer itself. The RPM agent installation now supports all platforms like RHEL, SLES, OEL, Cent OS. If you install or upgrade the product to latest version, the RPM tool is also installed in the Collector machine. For more information, see KB 2099315.

  • Open SSL upgrade to 1.0.1l

    All Linux, Unix, or Windows agent for supported platform are upgraded to 1.0.1l.

  • vCenter Custom Information (VCI) support

    VCM 5.8 introduces vCenter Custom Information support similar to the Windows Custom Information. VCI displays configuration data that is collected from managed vCenter machines with user-defined scripts.

    An option to add vCenter Custom Information filters using Python or PowerCLI scripts has been provided. The data collected from VCI filters is visible under console slider and is also available to Reporting, Compliance and Change Log.

  • Option to Add or Modify vCenter Guest Configuration Parameters

    VCM 5.8 enables you to add or modify vCenter Guest Configuration Parameters. The guest configuration parameters are used to enforce the configuration settings on guest virtual machines in virtual infrastructure to maintain compliance.

  • All default and OOTB rule groups and templates are removed

    All default and OOTB rule groups and templates are removed from VCM 5.8 in both AD compliance and MG compliance. However, the following rule groups and templates are retained:

    • VMware vCenter Configuration Manager Hardening - Client
    • VMware vCenter Configuration Manager Hardening - Host
    • VMware vCenter Configuration Manager Hardening - SQL Server 2008 R2

  • Purge machines using VCM REST API

    VCM 5.8 provides an option to purge machines under Available Machines using a purging work flow.

  • TC server upgrade

    TC server has been upgraded from 2.5.1 to 3.0.3. The name has also been changed to Pivotal TC server (formerly vFabric TC server).

Updated Documentation

In this release, new features are documented in the VCM online help and the release notes.

The Software Content Repository Tool 6.1 Guide includes support for CentOS 7, Red Hat Enterprise Linux (RHEL) 7, Oracle Enterprise Linux (OEL) 7, and SUSE Linux Enterprise 11 Service Pack 3 platforms including new properties file.

You can access the Software Content Repository Tool 6.1 Guide and the VCM 5.8 online help from the VMware Web site at http://www.vmware.com/support/pubs/vcm_pubs.html.

Upgrades to This Release

To upgrade your version of VCM to the current version, you must be running VCM 5.6.0 or later. To migrate your environment to the current version of VCM, you must be running VCM 5.5 or earlier, EMC Ionix SCM 5.0 or later, or Configuresoft ECM 4.11.1 or later.

  • Upgrades
    An upgrade installs the new version of VCM on the 64-bit Windows machines in single-tier, two-tier, or three-tier installation configurations.
    In this release, the upgrade process verifies your VCM certificates and gives you the option to select or generate new certificates. You must select or generate new certificates if the current certificates are expired.

  • Migrations
    A migration to VCM 5.8 requires that you install VCM in a 64-bit environment and migrate your 32-bit database to the 64-bit database. Before you perform the migration, update your environment to include the Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 operating system; SQL Server 2008 R2, SQL Server 2012, or SQL Server 2014, and SQL Server Reporting Services, and then migrate your existing VCM, SCM, or ECM data to the 64-bit environment.

For more information about upgrading an existing instance of VCM, see the VCM Advanced Installation Guide on the VMware Web site at http://www.vmware.com/support/pubs/vcm_pubs.html.

Open Source Components for vRealize Configuration Manager

The copyright statements and licenses applicable to the open source software components distributed in vRealize Configuration Manager 5.8 are available at Download VMware vRealize Configuration Manager, on the Open Source tab. You can also download the source files for any GPL, LGPL, or other similar licenses that require the source code or modifications to source code to be made available for the most recent generally available release of vSphere.

Internationalization

The VCM 5.8 release addresses and resolves internationalization defects that affected how VCM processes and displays non-ASCII characters and various date formats.

Resolved Issues

The following issues are resolved in the VCM 5.8 release.

  • DB Discovery is not licensing large set of machines that satisfy the rule
    DB Discovery job is not licensing large set of machines that satisfy the rule due to pre-defined length of a variable used for managing guests.
    This issue is resolved in this release.

  • Compliance Assessment template using custom rules takes a long time to execute
    Compliance Assessment template using custom rules on a rule group takes a long time to execute.
    This issue is resolved in this release.

  • Scheduled Job wizard stops responding for a long time on the Parameters section for Virtual Object Reports, Virtual Object Compliance Results Object Group Details, and Trends Details Reports
    The Scheduled Job wizard stops responding for a long time on the Parameters section for Virtual Object Reports, Virtual Object Compliance Results Object Group Details, and Trends Details Reports. Sometimes the job window causes VCM to stop responding and can only be closed by stopping Internet Explorer from the Task Manager.
    This issue is resolved in this release.

  • Network count mismatch is observed in Host Summary dashboard
    When you run VE compliance templates and navigate to Host Summary dashboard under Console > VE > Dashboards, network count mismatch is observed.
    This issue is resolved in this release.

  • After installation, agent install wizard stops responding for some time when logged into VCM using a domain-non-admin account
    After installation, when you log into VCM using a domain-non-admin account, the agent installation wizard stops responding for some time if the update machine security level to collector authentication is selected.
    This issue is resolved in this release.

  • Modified Data Retention value for Assessment Results does not get reflected accurately in reports
    When you modify the data retention value for Assessment Results under Administration Slider > Settings > Windows > Data Retention, it is not set properly in the database, which results in incorrect reports.
    This issue is resolved in this release.

  • Layout issues are observed in the generated Virtual Environment Guest Summary report and Guest Details report in VCM
    The Virtual Environment Guest Summary and Virtual Environment Guest Details report wraps text, which might split the host names and other numeric fields into multiple lines.
    This issue is resolved in this release.

  • Machine Group refresh does not complete when updated manually
    When you manually update a machine group through the GUI, the machine group refresh does not complete and the GUI stops responding.
    This issue is resolved in this release.

  • Patch template results are not displayed accurately for bulletins having msi patches
    If you click the Not Patched number under Patch Status by Asset Classification in the patch template, the Not Patched servers for bulletins having msi patches are not displayed accurately.
    This issue is resolved in this release.

  • Count mismatch observed for all object types in Compliance posture dashboard report
    VM templates are displayed as guests in Compliance posture dashboard, which results in a count mismatch on the Guest > Summary section.
    This issue is resolved in this release.

  • After a Windows patch deployment job times out, subsequent deployment jobs behaves incorrectly
    When a Windows patch deployment job times out, subsequent deployments display success almost immediately after the job gets triggered, even though the deployments were unsuccessful.
    This issue is resolved in this release.

  • VCM Installation fails in validating database if you use SQL Server Datacenter Edition
    Database validation fails if SQL Server Datacenter Edition is detected during VCM installation.
    This issue is resolved in this release.

  • Patch assessment does not update Last Ran date when viewing report
    When you run a patch assessment and view the report within the patch slider, the Last Ran date is not updated.
    This issue is resolved in this release.

  • No data returned for Active Directory Compliance template with rule having data type Domains
    When you execute a rule added for data type Domains under Compliance > Active Directory Compliance through a template, no data is displayed
    This issue is resolved in this release.

  • Modifying values for any registry key from VCM console fails with Bad Input error only when VCM UI is grouped by any column
    Bad Input error appears when you are tying to modify value for any registry key only if VCM UI is grouped by any column at that time.
    This issue is resolved in this release.

  • Status e-mails sent for Auto-Reassessment job from VCM are empty
    When Auto-reassessment job fails, status e-mails sent from VCM do not contain subject or content.
    This issue is resolved in this release.

  • When Use FQDN setting is ON, Manage Guests action does not license the machines, but they appear in the list of Available Machines
    While using Manage Guests function in Console > Virtual Environments > vCenter > Guests > Summary, if you select License the selected machines option, the machines are not licensed, but appear in the list of Available Machines when Use FQDN setting is ON.
    This issue is resolved in this release.

  • DB Discovery does not license all machines and appends incorrect domain name to domain column
    When a DB Discovery rule is created and appropriate Domain and Domain Type is selected, the discovery rule does not license all machines and appends incorrect domain name to the domain column.
    This issue is resolved in this release.

  • In a 3-tier setup, remote agent upgrade does not work
    During VCM 3-tier installation, the config value for ECM Remote corresponding to Collector is not set properly. It should be set to IIS Server name.
    This issue is resolved in this release.

  • While comparing machines under Machine Group Compliance, all machines including ESX/ESXi hosts are displayed for comparison
    When you navigate to Compliance tab and click Compare Machines under Machine Group Compliance by clicking Browse for the Machine Name field, it will display only the respective Windows or UNIX machines that are being managed in VCM.
    This issue is resolved in this release.

  • Installation Manager should set the principle account for the collector in a three way split for websubmit to work in a non built-in installation
    Installation Manager must set the principle account for the collector service in a three way split for websubmit to work in installations that are not using Built-in accounts.
    This issue is resolved in this release.

  • Two Override port policies were not available in VCM for Distributed Port Groups
    Distributed port group override port policies for the following settings are added under Console > Virtual Environments > vCenter > Networking > Port groups > Settings > Policies in VCM 5.8:

    • NetFlow
    • Traffic filtering and marking
    This issue is resolved in this release.

  • Virtual Environments Unassociated VM files report does not display any data
    When we run Virtual Environments Unassociated VM Files report under Reports > Machine Group Reports > Virtual Environments, no data is returned.
    This issue is resolved in this release.

  • Scheduled Compliance Job on a machine group sends multiple e-mails for the same machine
    A scheduled Compliance Job on a machine group in which one per machine alert assigned, sends multiple e-mails for the same machine. EventLog and SNMP also display duplicate entries for the scheduled jobs.
    This issue is resolved in this release.

  • Patch Deployment History displays no information for many users' jobs
    Deployment status for .exe patches are not populated in the Deployment History table. However, the deployment status for other patches are available. This fix will work for new deployments only. All deployments performed before VCM upgrade will still not be displayed in the report.
    This issue is resolved in this release.

  • VCM installation in an LDAP and NIS+ environment fails to obtain the primary Group ID from /etc/passwd
    When you install VCM in an environment that includes LDAP and the NIS+ directory service, and you create a user account and group in NIS+, include the proper UIDs and GIDs in the csi.config file, and set the flags to create the user and group to N (No), when you run the VCM installation, the /ECMu/1.0/package.py script cannot obtain the primary GID from /etc/passwd, because the GID does not exist. As a result, VCM fails to set the group permissions on $CSI_ROOT_DIRECTORY/ECMu/1.0/bin/RunLow, and the installation fails.
    This issue is resolved in this release.

  • IIS might use SSL v3 protocol for communication purpose
    IIS is used to access VCM user interface and IIS might use SSL v3 protocol for communication purpose. VCM disables SSL v3 during installation or upgrade.
    This issue is resolved in this release.

Known Issues

The following issues are known to occur in the VCM 5.8 release. Known issues not previously documented are marked with the * symbol.

  • Newly added guest configuration setting is not displayed under available settings in Change Settings Wizard*
    When we add a new guest configuration setting for any guest, a key gets added. If I try to edit the same key immediately after adding it, it does not appear in the list of Change Settings wizard.
    Workaround: Performing a delta collection of guest data class makes the new setting available to edit.

  • Foundation Checker is not checking whether the SQL Server Agent is enabled and running*
    The SQL Server Agent service is required for housekeeping and scheduled jobs processing. Foundation checker should verify that this service is enabled and running at VCM install time. Currently, Foundation Checker is not making any notification when the SQL Server Agent is disabled.
    Workaround: None

  • Linux agent upgrade through Remote Commands is failing with error Remote Command returned non-zero exit code : 127*
    Linux agent upgrade for Ubuntu through Remote Commands fails with an error Remote Command returned non-zero exit code : 127. This is because, the script is not in the Unix format.
    Workaround: Change the value of the setting RemoteCommandShellCompare in /opt/CMAgent/CSIRegistry to shell script

  • IP Address column is not populated if Allowed IP Range in vCenter is specified in CIDR notation*
    If Allowed IP Range in vCenter is specified in CIDR notation, the IP Address column is not populated with data under Console > Virtual Environments > vCenter > Hosts > Advanced Configuration > Security Profile node.
    Workaround: None

  • VCM delta collection of File system data type collects all data after time changes due to Daylight Saving*
    After time changes due to day light saving, the first delta collection of data type File system is treated as a non-delta collection, and also the same is reported in the change management tool.
    Workaround: None

  • Collection fails on RHEL 7.X versions when an agent is installed in xinetd mode*
    If you install an agent in xinetd mode, data collection fails on all RHEL 7.x versions.
    Workaround: Install redhat-lsb-core package and execute lsb_release command. This command is available in all RHEL/SLES/Ubuntu templates.

  • Errors appear in DBE file while opening the Settings registry key
    When you start an Unix agent installation from VCM or launch vCloud Director, vCenter Server, or vShield Manager collections from VCM, an error Error while opening the registry key - Settings is displayed in the DBE file. This error does not have any impact on the functionality.
    Workaround: Create the registry key Settings under HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Configuresoft\CSI\5.0\Common\Settings and create a DWORD EnableFips under this key. This also helps in performing operations in FIPS mode.

  • Collections from vCloud Director with vCenter Single Sign-On fail because VCM cannot authenticate the user
    When VCM collects data from a vCloud Director instance that is configured with vCenter Server Single Sign On, the collection fails, because VCM requires the user name to be in the form username@SYSTEM or username@<OrganizationName>.
    If you navigate to Administration > Machines manager > Licensed Machines > Licensed Virtual Environments, click Configure Settings, and provide the user credentials of the SSO user, the collection fails because VCM cannot authenticate the user.
    Workaround: None.

  • Manage Guests option under Console > Virtual Environments > vCenter > Guests > Summary creates duplicate machines of same guest name if the guest is already managed
    Manage Guests option on any guest machine under Console > Virtual Environments > vCenter > Guests > Summary is allowed multiple times. This causes the duplicate guest machines to be created if the guest is already managed.
    Workaround: None.

  • Double-byte characters are not recognized while adding accounts with double-byte full name and description in a high ASCII environment. High ASCII characters are not recognized while adding accounts with high ASCII full name and description in a double-byte environment
    In a double-byte environment, when you create user accounts having full name and description in high ASCII characters, the high ASCII characters are not recognized. Similarly, in a high ASCII environment, if the accounts are created in double-byte characters, then the double-byte characters are not recognized.
    Workaround: None.

  • Unable to deploy patches from imported templates for UNIX/Linux platforms
    After you create an imported template with appropriate patching format, if you click Deploy to deploy the patches, the operation fails and the warning message There are no assessment items to deploy. The deployment is applicable to a machine licensed for Unix patching and with a patch status of 'Not patched'. The wizard will be closed is displayed.
    Workaround: None.

  • Check boxes do not work on Report data page while creating an Active Directory Report in Internet Explorer 10 or 11
    Some checkboxes cannot be selected or do not appear in the Report data page while creating Active Directory Reports in Internet Explorer 10 or 11.
    Workaround: Click Back and return to the Data Type wizard. The check boxes appears correctly.

  • Patch deployment fails for some Linux managed machines, such as CentOS and OEL, when SELinux is enabled on the managed machine
    VCM installs the Linux Agent in inetd or xinetd mode by default. When SELinux is enabled on the managed machine, and the Linux Agent on the managed machine is running in inetd mode, patch deployment fails and VCM displays an error similar to the following error: install: %pre scriptlet failed (2), skipping <PACKAGE>. For more information, see KB 2079311
    Workaround: Redeploy the Linux Agent to the managed machine in daemon mode.

  • Unable to import Microsoft SQL Reporting Service Report
    You cannot import Microsoft SQL Reporting Service Report when you log in to VCM with a domain user that is added into VCM by a domain user with VCM administrator role. The error message Unable to save one or more reports is displayed.
    Workaround: None.

  • Collector is set as a patching repository after upgrade
    If you upgrade from VCM 5.4, 5.4.1, 5.5, 5.5.1, or 5.6 to 5.7.2 version, collector is set as a patching repository.
    Workaround: Perform the following procedure to disable collector as patching repository.

    1. Log in to VCM.
    2. Navigate to Administration > Certificates.
    3. Select the Collector machine.
    4. Click Patching Repository.
    5. Select Disable – do not allow the selected machines(s) to be used as patch repository.
  • Software Content Repository (SCR) 6.1.6 fails to download the patches if more than one channels value are specified in properties file
    For SCR 6.1.6, if you specify more than one channels value in the properties file, SCR fails to download the patches. For example, if you define channels=orae5,orae6, SCR 6.1.6 downloads only for orae6 and fails to download for orae5. This behavior applies to RHEL, OEL, and CentOS platforms.
    Workaround: Define separate properties file for each of the channels. For example:
    properties file name: oracle5.properties
    Channels=orae5
    properties file name: oracle6.properties
    Channels=orae6
    properties file name: oracle7.properties
    Channels=orae7

  • You cannot set Network Authority to the CMDelegate account when the protocol of a Windows machine is unknown
    When you use VCM Remote before an Agent is installed on the managed machine, or when you use an earlier version of VCM Remote, then manually install an HTTP Agent, the protocol setting is empty in Administration > Machines Manager > Licensed Machines > Licensed Windows Machines, and does not change when you run the Change Protocol action. You cannot set the Network Authority to the CMDelegate account, because the Network Authority requires HTTP as the protocol.
    Workaround: Wait 2 to 5 minutes for VCM Remote to update the protocol to HTTP in the user interface, then set the Network authority to the CMDelegate account.

  • VCM does not update the list of snapshots after you delete a snapshot
    After you collect data from a vCenter Server instance that includes multiple hosts, guests, and snapshots, when you navigate to Console > Virtual Environments > vCenter > Guests > Snapshot, select one or more snapshots, and click Delete Snapshot, when you view the list of snapshots in Console > Virtual Environments > vCenter > Guests > Snapshot, VCM does not update the list of snapshots, even though the snapshots are deleted. This behavior also occurs if you use the Virtual Environment Compliance remediation action to delete a snapshot.
    Workaround: Collect the vCenter Server Guests data from the managed machines, and view the updated list of snapshots.

  • McAfee Solidifier blocks the VCM installation
    When you attempt to install VCM on a machine that has McAfee Solidifier installed, the installation fails.
    Workaround: To install VCM on a machine that has McAfee Solidifier installed, either put McAfee Solidifier in update mode, add an exception rule in McAfee Solidifier, or disable McAfee Solidifier until VCM is installed, and then enable it again.

  • VCM Collector is not trusted as a Managing Agent after upgrade from VCM 5.4
    On a VCM Collector that has VCM 5.4 installed and data collected from managed machines, when you upgrade the Collector to VCM 5.7.3, neither the Trust status or the Managing Agent status are enabled for the Collector machine.
    Workaround: After you upgrade the Collector to VCM 5.7.3, restart the Collector service, then navigate to Administration > Settings > Certificates on the Collector, and verify that the Trust status and Managing Agent status are enabled for the Collector.

  • VCM displays incorrect results for a virtual environment conditional compliance rule on vCenter Server advanced configuration settings if you use the greater than (>) operator or the greater than or equal to (>=) operator in the conditional rule properties for the compliance check
    When you create a conditional compliance rule for vCenter Server advanced configuration settings, if you use the > or >= operator in the conditional properties for the compliance check in the rule, and specify a number that is greater than or equal to the existing value, after you run the respective compliance template, and the value found is less than the expected value, VCM displays the result as compliant instead of noncompliant.
    Workaround: None