VMware vRealize Configuration Manager Release Notes

VMware vRealize Configuration Manager 5.8.2 | 10 March 2016 | Build 160

Last Document Update: 10 March 2016

Check frequently for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New

vRealize Configuration Manager 5.8.2 provides several new features and resolves multiple product issues.

  • Hybrid Cloud Licensing Support

    VCM 5.8.2 supports Hybrid Cloud Suite license keys, as VCM will not be part of vCloud Suite anymore. The key can be applied during fresh installation and while using jLicense.

  • New platform support for SLES 11 SP4

    VCM 5.8.2 adds support for SLES 11 SP4 (supports all functionalities except patching). VCM can perform collection, compliance, reporting, and machine filters for this platform.

  • Support for TLS 1.2

    TLS 1.2 is supported in this VCM release.

  • Upgraded JRE to 1.8.0_72

    JRE has been upgraded to 1.8.0_72 in this release.

  • Upgraded Python version to 2.7.10

    Python version for agent install components has been upgraded to 2.7.10 in this release.

  • Upgraded TC server to 3.1.2

    TC server has been upgraded to 3.1.2 in this release.

  • Upgraded libxml2 to 2.9.3

    Libxml2 has been upgraded to 2.9.3 in this release.

  • OpenSSL upgrade to 1.0.1q

    OpenSSL in agents of all supported platforms of Linux, Unix, and Windows has been upgraded to 1.0.1q.

  • Support for vCloud Director 5.5.3 and 5.5.4

    VCM 5.8.2 supports vCloud Director 5.5.3 and 5.5.4.

  • Rule Evaluation Order

    VCM 5.8.2 introduces a rule evaluation order while creating a new rule through which you can set a specific order for the rule and also place the rule as per the set evaluation order.

  • File Integrity Manager

    VCM 5.8.2 introduces File Integrity Manager which enables you to easily configure and monitor file permissions, additions, deletions, and modifications.

Updated Documentation

In this release, new features are documented in the VCM online help and the release notes.

The latest Software Content Repository Tool 6.1 Guide has been updated to include information about configuring the SCR tool and SCR integration with VCM.

You can access the Software Content Repository Tool 6.1 Guide and the VCM 5.8.2 online help from the VMware Web site at http://www.vmware.com/support/pubs/vcm_pubs.html.

Upgrades to This Release

To upgrade your version of VCM to the current version, you must be running VCM 5.6.0 or later. To migrate your environment to the current version of VCM, you must be running VCM 5.5 or earlier, EMC Ionix SCM 5.0 or later, or Configuresoft ECM 4.11.1 or later.

  • Upgrades
    An upgrade installs the new version of VCM on the 64-bit Windows machines in single-tier, two-tier, or three-tier installation configurations.
    In this release, the upgrade process verifies your VCM certificates and gives you the option to select or generate new certificates. You must select or generate new certificates if the current certificates are expired.

  • Migrations
    A migration to VCM 5.8.2 requires that you install VCM in a 64-bit environment and migrate your 32-bit database to the 64-bit database. Before you perform the migration, update your environment to include the Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 operating system; SQL Server 2008 R2, SQL Server 2012, or SQL Server 2014, and SQL Server Reporting Services, and then migrate your existing VCM, SCM, or ECM data to the 64-bit environment.

For more information about upgrading an existing instance of VCM, see the VCM Advanced Installation Guide on the VMware Web site at http://www.vmware.com/support/pubs/vcm_pubs.html.

Open Source Components for vRealize Configuration Manager

The copyright statements and licenses applicable to the open source software components distributed in vRealize Configuration Manager 5.8.2 are available at Download VMware vRealize Configuration Manager, on the Open Source tab. You can also download the source files for any GPL, LGPL, or other similar licenses that require the source code or modifications to source code to be made available for the most recent generally available release of vSphere.

Internationalization

The VCM 5.8.2 release addresses and resolves internationalization defects that affected how VCM processes and displays non-ASCII characters and various date formats.

Resolved Issues

The following issues are resolved in the VCM 5.8.2 release.

  • Values in the "Patch" column under Patching > Job Management > Windows > Job Manager > History are truncated to 4000 characters
    If large number of patches are deployed, the job history in the Patch column under Patching > Job Management > Windows > Job Manager > History displays only 4000 characters.
    This issue is resolved in this release.

  • Enforcement does not work for vCenter-Guests-Configuration parameters, Host-Advanced Settings parameters, and vCenter Settings data types
    When you create and run an enforceable rule on vCenter-Guests Configuration parameters, Host-Advanced Settings parameters, and vCenter Settings data types, the rule enforcement fails.
    This issue is resolved in this release.

  • Performance issues related to scheduled jobs wizard and report configuration in vRealize Configuration Manager environments
    In Scheduled Job wizard, report parameters take long time to load due to performance issues.
    In this release, this issue is resolved for the following reports:

    • Virtual Environment Compliance Posture Details
    • Virtual Environment Compliance Change History
    • Virtual Environment Compliance Results Detail by Object
    • VCVP Compliance Results Detail by Object
    • Virtual Environments Compliance Results Object Group Details
    • Virtual Environment Compliance Results Detail by Rule
    • Virtual Environment Compliance Results Details

  • vCenter filters break rule groups for vSphere hardening network
    In a rule group, if filters are created using vCenter Summary, Host Summary, Host Advanced Configuration, or Guest Summary, the template results are not honoring the filters.
    This issue is resolved in this release.

  • Windows HTTP agent may encounter Create connection failed error on machines in which no memory is available during large deployment of patches
    Create connection failed error may be observed with Windows HTTP agent machines in which no memory is available during large patch deployment jobs. This is because, the patching process consumes memory in spikes per patch and the TrustedInstaller (part of the Windows OS) does not release all that memory after installing each patch. If the memory available at the agent, while the job status check is done by VCM is not enough, job status check would fail and report the overall patching Job failed with error Create connection failed.
    This issue is resolved in this release.

  • Missing CentOS, OEL, and MAC platforms under vCenter--> Guests--> Manage Guests--> Machine Type*
    CentOS, OEL and MAC platforms cannot be added and managed through vCenter Manage guests as the platforms are not available under vCenter--> Guests--> Manage Guests--> Machine Type.
    This issue is resolved in this release.

  • All bulletins are not importing from the template
    The Import Export tool is not able to accommodate large number of bulletins especially with long names. Hence only restricted number of bulletins are getting imported to VCM.
    This issue is resolved in this release.

  • Template results show no data collected after collection and assessment for RHEL, supported by Novell
    After collecting patch assessment data, the template results do not display the RHEL information that is supported by Novell.
    This issue is resolved in this release.

  • Windows Patch Assessments may not respond in large environments
    The auto generated column in some patch assessment related tables are defined as INT. However, in large environments, the column values can be high enough to not fit in the INT data types. As a result, the patch assessments stop responding.
    This issue is resolved in this release.

  • Active Directory collections fail on Transform step
    vRealize Configuration Manager is not updated with the Active Directory information after the Active Directory agent has been installed. Active Directory collection appears to succeed. However, the job history display a transform error.
    This issue is resolved in this release.

  • Active Directory collections always fail even if collections are restricted to Active Directory users
    High CPU usage while collecting for file system data causes Active Directory collections to always fail even if collections are restricted to Active Directory users.
    This issue is resolved in this release.

  • IIS logs are populated with multiple /VCMRemote/ecmremotehttp.asp entries
    If VCM machines cannot be resolved from the collector, IIS logs are populated with multiple /VCMRemote/ecmremotehttp.asp entries.
    This issue is resolved in this release.

  • New database function runs constantly utilizing lot of resources
    When Open SSL version is displayed for machines, Administration > Machines Manager > Licensed Machines > Licensed UNIX Machines page takes long time to load as the resource utilization is very high.
    This issue is resolved in this release.

  • After IP discovery, Linux machines do not get licensed and appears in Machines Manager as StatusConnectionGeneralFailure
    After manually installing agent, the VCM IP discovery succeeds, but fails to auto-license, even though the option to "Also discover the presence and version of the VCM Agent when this rule is run." Once discovery is complete, the machines are in a StatusConnectionGeneralFailure.
    This issue is resolved in this release.

  • After collecting Oracle Linux patches, the assessment template displays "Not Collected"
    If an assessment template has obsolete bulletins, that is, the vendor stopped supporting the bulletin and it is not available in the content feed, then after patch assessment collection, the bulletin is shown as Not collected.
    This issue is resolved in this release.

  • vCenter Custom information collection failed when VCM is installed on a drive in which 8.3 naming is disabled
    When vRealize Configuration Manager is installed on a drive in which 8.3 naming is disabled, vCenter Custom information collection fails.
    This issue is resolved in this release.

Known Issues

The following issues are known to occur in the VCM 5.8.2 release. Known issues not previously documented are marked with the * symbol.

  • Compliance content cannot be downloaded using content wizard tool on the system when only TLS 1.2 protocol is enabled*
    If the system only has TLS 1.2 protocol, online content download using content wizard tool does not work.
    Workaround: None

  • TLS 1.2 protocol only is not supported before VCM installation or upgrade, including agent upgrades*
    TLS 1.2 protocol only is not supported in VCM product installers. You can use TLS 1.2 protocol only after VCM installation or upgrade, including agent upgrades.
    Workaround:

    1. Enable all TLS protocols.
    2. Install VCM or upgrade VCM including agents.
    3. Disable TLS 1.0 and 1.1 to work with only TLS 1.2 protocol.

  • Solaris 11 does not support agent installation in xinetd mode*
    Solaris 11 supports agent installation only through daemon mode and does not support agent installation in xinetd mode.
    Workaround: Install the agent in daemon mode.

  • Microsoft Edge is not supported with vRealize Configuration Manager*
    Accessing vRealize Configuration Manager from Microsoft Edge browser is not supported.
    Workaround: Use Internet Explorer 11 to access vRealize Configuration Manager.

  • Newly added guest configuration setting is not displayed under available settings in Change Settings Wizard
    When we add a new guest configuration setting for any guest, a key gets added. If I try to edit the same key immediately after adding it, it does not appear in the list of Change Settings wizard.
    Workaround: Performing a delta collection of guest data class makes the new setting available to edit.

  • Foundation Checker is not checking whether the SQL Server Agent is enabled and running
    The SQL Server Agent service is required for housekeeping and scheduled jobs processing. Currently, Foundation Checker is not making any notification when the SQL Server Agent is disabled.
    Workaround: Validate the SQL Server agent services that must be be running.

  • IP Address column is not populated if Allowed IP Range in vCenter is specified in CIDR notation
    If Allowed IP Range in vCenter is specified in CIDR notation, the IP Address column is not populated with data under Console > Virtual Environments > vCenter > Hosts > Advanced Configuration > Security Profile node.
    Workaround: None

  • VCM delta collection of File system data type collects all data after time changes due to Daylight Saving
    After time changes due to day light saving, the first delta collection of data type File system is treated as a non-delta collection, and also the same is reported in the change management tool.
    Workaround: None

  • Collections from vCloud Director with vCenter Single Sign-On fail because VCM cannot authenticate the user
    When VCM collects data from a vCloud Director instance that is configured with vCenter Server Single Sign On, the collection fails.
    Workaround: None.

  • Manage Guests option under Console > Virtual Environments > vCenter > Guests > Summary creates duplicate machines of same guest name if the guest is already managed
    Manage Guests option on any guest machine under Console > Virtual Environments > vCenter > Guests > Summary is allowed multiple times. This causes the duplicate guest machines to be created if the guest is already managed.
    Workaround: None.

  • Double-byte characters are not recognized while adding accounts with double-byte full name and description in a high ASCII environment. High ASCII characters are not recognized while adding accounts with high ASCII full name and description in a double-byte environment
    In a double-byte environment, when you create user accounts having full name and description in high ASCII characters, the high ASCII characters are not recognized. Similarly, in a high ASCII environment, if the accounts are created in double-byte characters, then the double-byte characters are not recognized.
    Workaround: None.

  • Unable to deploy patches from imported templates for UNIX/Linux platforms
    After you create an imported template with appropriate patching format, if you click Deploy to deploy the patches, the operation fails and the warning message There are no assessment items to deploy. The deployment is applicable to a machine licensed for Unix patching and with a patch status of 'Not patched'. The wizard will be closed is displayed.
    Workaround: None.

  • Check boxes do not work on Report data page while creating an Active Directory Report in Internet Explorer 10 or 11
    Some checkboxes cannot be selected or do not appear in the Report data page while creating Active Directory Reports in Internet Explorer 10 or 11.
    Workaround: Click Back and return to the Data Type wizard. The check boxes appears correctly.

  • Patch deployment fails for some Linux managed machines, such as CentOS and OEL, when SELinux is enabled on the managed machine
    VCM installs the Linux Agent in inetd or xinetd mode by default. When SELinux is enabled on the managed machine, and the Linux Agent on the managed machine is running in inetd mode, patch deployment fails and VCM displays an error similar to the following error: install: %pre scriptlet failed (2), skipping <PACKAGE>. For more information, see KB 2079311
    Workaround: Redeploy the Linux Agent to the managed machine in daemon mode.

  • You cannot set Network Authority to the CMDelegate account when the protocol of a Windows machine is unknown
    When you use VCM Remote before an Agent is installed on the managed machine, or when you use an earlier version of VCM Remote, then manually install an HTTP Agent, the protocol setting is empty in Administration > Machines Manager > Licensed Machines > Licensed Windows Machines, and does not change when you run the Change Protocol action. You cannot set the Network Authority to the CMDelegate account, because the Network Authority requires HTTP as the protocol.
    Workaround: Wait 2 to 5 minutes for VCM Remote to update the protocol to HTTP in the user interface, then set the Network authority to the CMDelegate account.

  • VCM does not update the list of snapshots after you delete a snapshot
    After you collect data from a vCenter Server instance that includes multiple hosts, guests, and snapshots, when you navigate to Console > Virtual Environments > vCenter > Guests > Snapshot, select one or more snapshots, and click Delete Snapshot, when you view the list of snapshots in Console > Virtual Environments > vCenter > Guests > Snapshot, VCM does not update the list of snapshots, even though the snapshots are deleted. This behavior also occurs if you use the Virtual Environment Compliance remediation action to delete a snapshot.
    Workaround: Collect the vCenter Server Guests data from the managed machines, and view the updated list of snapshots.

  • McAfee Solidifier blocks the VCM installation
    When you attempt to install VCM on a machine that has McAfee Solidifier installed, the installation fails.
    Workaround: To install VCM on a machine that has McAfee Solidifier installed, either put McAfee Solidifier in update mode, add an exception rule in McAfee Solidifier, or disable McAfee Solidifier until VCM is installed, and then enable it again.

  • VCM Collector is not trusted as a Managing Agent after upgrade from VCM 5.4
    On a VCM Collector that has VCM 5.4 installed and data collected from managed machines, when you upgrade the Collector to the current VCM version, neither the Trust status or the Managing Agent status are enabled for the Collector machine.
    Workaround: After you upgrade the Collector to the current VCM version, restart the Collector service, then navigate to Administration > Settings > Certificates on the Collector, and verify that the Trust status and Managing Agent status are enabled for the Collector.