VMware vRealize Configuration Manager Release Notes

VMware vRealize Configuration Manager 5.8.3 | 01 December 2016 | Build 131

Last Document Update: 01 December 2016

Check frequently for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

What's New

vRealize Configuration Manager 5.8.3 provides several new features and resolves multiple product issues.

New Support

  • Security Enhancements:
    • SHA-2 certificates
      If you are using SHA-1 certificate-based communication and would like to continue to use the same, ignore the pop-up message displayed during upgrade.

    • If you are using SHA-1 certificate and may like to change to SHA-2 enterprise certificate-based communication, follow the prerequesites in KB 2147983.
       
    • TLS 1.2 for installers
      • vRealize Configuration Manager installer, by default, disables TLS 1.0 on Collector and Web machines towards the end of install or upgrade. Make sure that you have the following softwares requirements for non-TLS 1.0 (1.1/1.2) support before install or upgrade:
  • Licensing support
    VCM supports new SKU of vRealize Operations Management Suite 6 Advanced Edition.

  • SCAP 1.1 for Windows
    VCM 5.8.3 supports the compliance assessment of all the SCAP 1.1 content on all the supported Windows platforms.

  • SQL Server 2016
    SQL Server 2016 is supported as part of VCM installation or upgrade, that is, the users can now install or upgrade and run VCM on an upgraded SQL Server or new SQL Server 2016 database.

  • SCR 6.2.15
    The Software Content Repository Tool version is changed to 6.2.15

New platform support for Managed Machines

VCM 5.8.3 adds support for the following platforms:

  • Windows Server 2016
  • vSphere 6.5

Other Enhancements

  • OpenSSL Security 1.0.2j
    OpenSSL Security 1.0.2j support has been provided for Linux, UNIX, and Windows platforms.

  • Python upgrade to 2.7.12
    Python version has been upgraded to 2.7.12 for Linux, UNIX and Windows platforms.

  • Libxml2 upgrade to 2.9.4k
    Libxml2 has been upgraded to 2.9.4k.

  • TC Server upgrade to 3.1.5
    TC server has been upgraded to 3.1.5.

  • JRE upgrade to 1.8.0_101
    JRE has been upgraded to 1.8.0_101.

  • Server bulletin template creation
    You can create Server bulletin template with details showing duplicate bulletins, including client.

  • Posted Date now supports a new filter for Linux templates
    A new rule filter for Posted Date is included in the Linux Assessment templates.

  • Setting enhancement to skip discovered machines
    A collector setting is provided where you can select to skip discovering machines already discovered. This enables faster discovery, as discovery jobs depend on infrastructure or resources used, which consume time and might also pause new jobs.
    To enable the option and skip the machines already discovered, navigate to Administration > Settings > General Settings > Collector and select Configuration to skip the discovery of machines already discovered.
    Note: The default value is 0 to indicate that the configuration to skip the discovery of machines already discovered is disabled. Set the value to '1' to enable the configuration and restart the VCM Collector service.

  • Ability to change the hard disk setting in UNIX Patching Additional Settings
    Based on the hard disk space available, you can change the hard disk space by navigating to Administration > Settings > General Settings > Patching > UNIX > Additional Settings.

Upgrades to This Release

To upgrade your version of VCM to the current version, you must be running VCM 5.7.3 or later. To migrate your environment to the current version of VCM, you must be running VCM 5.7.2 or earlier, EMC Ionix SCM 5.0 or later, or Configuresoft ECM 4.11.1 or later.

  • Upgrades
    An upgrade installs the new version of VCM on the 64-bit Windows machines in single-tier, two-tier, or three-tier installation configurations.
    In this release, the upgrade process verifies your VCM certificates and gives you the option to select or generate new certificates. You must select or generate new certificates if the current certificates are expired.

  • Migrations
    A migration to VCM 5.8.3 requires that you install VCM in a 64-bit environment and migrate your 32-bit database to the 64-bit database. Before you perform the migration, update your environment to include the Windows Server 2008 R2, Windows Server 2012, or Windows Server 2012 R2 operating system, SQL Server 2008 R2, SQL Server 2012, SQL Server 2014, or SQL Server 2016 and SQL Server Reporting Services, and then migrate your existing VCM, SCM, or ECM data to the 64-bit environment.

For more information about upgrading an existing instance of VCM, see the VCM Advanced Installation Guide on the VMware Web site at http://www.vmware.com/support/pubs/vcm_pubs.html.

Open Source Components for vRealize Configuration Manager

The copyright statements and licenses applicable to the open source software components distributed in vRealize Configuration Manager 5.8.3 are available at Download VMware vRealize Configuration Manager, on the Open Source tab. You can also download the source files for any GPL, LGPL, or other similar licenses that require the source code or modifications to source code to be made available for the most recent generally available release of vSphere.

Internationalization

The VCM 5.8.3 release addresses and resolves internationalization defects that affected how VCM processes and displays non-ASCII characters and various date formats.

Resolved Issues

The following issues are resolved in the VCM 5.8.3 release.

  • UNIX Patch Status Details report supports filtering to a specific patch status
    UNIX Patch Status Details screen supports an option to filter to a specific patch status.
  • 'Edit Filter Set' wizard does not display all filters related to the selected filter set
    When you attempt to edit a filter set to update Name, and Description, all existing filters are not displayed resulting in an incorrect filter set.
  • Custom filter collection fails with Windows Scheduled Tasks containing special characters in the description
    The collection fails when you attempt to collect the information of the scheduled tasks containing special characters in the description of any scheduled task.
    This issue occurs when you collect information from Windows machines using the custom filter Custom Info Win 05: Scheduled Tasks.
  • Adding or modifying dynamic templates with IN clause rule on static templates fail
    When you create or modify dynamic templates with IN clause rule defined on static templates, an error similar to the following is displayed:
    ecm_sp_SUM_assessment_template_member_refresh.
  • Dynamic template might not get refreshed automatically
    The dynamic template might not get refreshed automatically after you remove a bulletin from a static template that is a part of the dynamic template.
    This issue might also occur when you add or delete a static template that adheres to the dynamic template rule.
  • Import Export Tool fails to import data with filter set applied to the Compliance Rule Group
    The Import Export Tool fails to import with filter set applied to the Compliance Rule Group. This issue occurs while appending the node information to the XML document.
  • Patch deployment fails on production server
    Patch deployment fails when you run the remote command script on the target node.
  • vCenter Host collection fails with an error
    vCenter Host data collection fails with an error similar to the following:
    Unknown Error: -1006632509" - Update vCenter custom script for existing custom filters
    This issue has been resolved by introducing new filters that are auto populated with new scripts. New filters can also be created to resolve this issue. Delete and recreate new filters if you have old custom filters created in VCM 5.8.0 or earlier.
  • Virtual Environment Compliance assessment might take long time to complete the execution for custom security profile rules
    The Virtual Environment Compliance assessment might take long time to complete the execution of custom Security Profile rules.
  • Performance issues in VCM Console > Alerts > View Alert Details wizard
    Exceptions are generated when you manually run a compliance template. Howerver, exceptions are not generated when you schedule and run a compliance template, and as a result, several alerts are displayed in VCM Console > Alerts > View Alert Details wizard.
  • Unable to modify Advanced settings of vCenter host using UI or through compliance enforcement
    When you attempt to modify Advanced Settings of a vCenter Host, the job fails. An error similar to the following displayed in the database:
    ERROR_MESSAGE=Arithmetic overflow error for data type smallint, value = 577304.; ERROR_LINE=281; This issue is resolved by increasing the size of the parameter value column and adding the double quotes in the script path.
  • Unable to import XML files using Import Export tool
    When you attempt to import XML files using Import/Export tool, an error similar to the following is displayed.
    Unable to initialize resource dispenser for the database xxxxxx/vcm: Database version not supported: _580127
  • Exceptions are ignored when running collections and alerts continue to be generated
    Alerts are created even when you create exceptions and are configured.
  • Delay in displaying data or no data displayed on SSRS dashboards
    When you view the SQL Server Reporting Services (SSRS) dashboard, the data is either displayed after a delay or not displayed at all. The dashboard for Compliance Posture displays the message Retrieving Data.
  • Unable to run UNIX remote commands on more than 50 virtual machines at a time
    UNIX remote commands fail to run on large set of virtual machines. An error similar to the following is displayed:
    Failure processing deferred container, Container Name: EcmColJobNewAgentRequestSubmit HRESULT 0x80040e14;
  • Uninstalling CMAgent fails
    When you attempt to uninstall the CMAgent, the process fails with an error similar to the following:
    CMAgent/uninstall/UninstallCMAgent: line 640: 30148 Trace/BPT trap: 5 $strPythonExe $strMasterInstallScriptFile -r $g_strRootDir $2 >> $g_strBootStrapLog 2>&1
    Killed
  • Linux agent fails to respond for several minutes when RHEL 7.1 is restarted
    Due to a change in service command to systemctl, the Linux Agent installed in daemon mode on RHEL 7.0 and above fails to respond.
  • VE data collection fails for a datastore if names contain special characters
    During VE data collection, the job fails if the name of the data center for a datastore contains a special character.
  • Installing VCM agent on a machine fails when EcmColInstallManifestDLL.dll fails to execute
    VCM agent installation fails when EcmColInstallManifestDLL.dll in EcmAgentInspector and EcmModuleInstaller agent modules fails to execute. An error similar to the following is displayed:
    Faulting module name: EcmCollnstallManifestDLL.dll, version: 0.0.0.0, time stamp: 0xnnnnnnnn
  • Unable to collect IP information on RHEL 7.x server
    In a vCM console, you might not be able to collect the IP information for a RHEL 7.x server.
  • Unable to run two or more compliance enforcement rules
    Due to database issues, running two or more compliance enforcement rules might fail.
  • Unable to modify VCI filter using UI
    When you edit or clone VCI filters, the wizard shows an incorrect script type because the cloned filter is saved with an incorrect script type. As a result, an error similar to the following appears:
    Get-VMhosts is not recognized as name of cmdlet.
  • Windows patch assessment fails with an error when Patch Management service is executed without admin privilege
    When you run the Patch Management service without admin privilege, the Windows patch assessment fails with the error There are incorrect patch names in the patch table. Please contact Configuresoft support.
  • Unable to export data with ECMIE CLI for a named SQL DB instance
    When you use the ECMIE CLI to export content from VCM, the operation fails with an error message similar to the following:
    VCM Import\Export has stopped working
    Windows can check online for a solution to the problem
    .
    This issue occurs when you use a named DB instance.
  • User account roles do not change after deleting the user
    After adding a user to VCM as a direct user using an AD group, and if you delete the explicit user that was added, the roles associated with that user name are not removed for the user.
  • The 'VCM users by role' report does not display placeholder accounts
    After you create a group in an Active Directory environment and add users to the TRUST domain as placeholder accounts, the placeholder accounts do not appear in the 'VCM users by role' report.
  • Attempts to uninstal Windows agent fail when the agent is installed manually
    HTTP Agent installed using .exe cannot be uninstalled manually using C:\Windows\CMAgent\Uninstall\Packages\CMAgentInstall\UnCMAgentInstall.exe.

Known Issues

The following issues are known to occur in the VCM 5.8.3 release. New known issues are marked with the * symbol.

  • Unable to upgrade VCM on any other drive other than C:\ drive with 8.3 naming disabled*
    Upgrading VCM on any drive other than C:\ drive with 8.3 naming disabled fails with an error message Could not open install.log file. When you click OK on the pop-up screen, the upgrade continues without any impact of VCM functionalities.
    Workaround: None.
  • Windows 2016 Server core machines are reported as full installation instead of core installation*
    VCM reports Windows 2016 Server Core machines as full installation instead of core installation. This does not impact patching as the situation is handled in content.
    Workaround: None.
  • In Jlicense, the new SKU of vRealize Operations Management Suite 6 Advanced Edition is displayed as 'Server' edition instead of 'vRealize Operations Manager Advanced Suite'*
    During dry run, when you apply Jlicense, the new SKU of vRealize Operations Management Suite 6 Advanced Edition is displayed as 'Server' edition instead of 'vRealize Operations Manager Advanced Suite'. You will notice that the license applied is displayed under 'vRealize Operations Manager Suite Server' Machine Class as expected and the functionality is unaffected.
    Workaround: None.
  • In an upgraded VCM environment, the TLS 1.2 protocol is not supported before the Agent upgrades*
    You can use TLS 1.2 protocol only after the Agent upgrades in an upgraded VCM environment.
    Workaround: Follow the steps below to workaround this issue:
    1. Enable all TLS protocols.
    2. Upgrade all Agents.
    3. Disable TLS 1.0 and 1.1 to work with only TLS 1.2 protocol.
  • Solaris 11 does not support agent installation in xinetd mode
    Solaris 11 supports agent installation only through daemon mode and does not support agent installation in xinetd mode.
    Workaround: Install the agent in daemon mode.
  • Microsoft Edge is not supported with vRealize Configuration Manager
    Accessing vRealize Configuration Manager from Microsoft Edge browser is not supported.
    Workaround: Use Internet Explorer 11 to access vRealize Configuration Manager.
  • Newly added guest configuration setting is not displayed under available settings in Change Settings Wizard
    When we add a new guest configuration setting for any guest, a key gets added. If I try to edit the same key immediately after adding it, it does not appear in the list of Change Settings wizard.
    Workaround: Performing a delta collection of guest data class makes the new setting available to edit.
  • Foundation Checker is not checking whether the SQL Server Agent is enabled and running
    The SQL Server Agent service is required for housekeeping and scheduled jobs processing. Currently, Foundation Checker is not making any notification when the SQL Server Agent is disabled.
    Workaround: Validate the SQL Server agent services that must be running.
  • IP Address column is not populated if Allowed IP Range in vCenter is specified in CIDR notation
    If Allowed IP Range in vCenter is specified in CIDR notation, the IP Address column is not populated with data under Console > Virtual Environments > vCenter > Hosts > Advanced Configuration > Security Profile node.
    Workaround: None
  • VCM delta collection of File system data type collects all data after time changes due to Daylight Saving
    After time changes due to day light saving, the first delta collection of data type File system is treated as a non-delta collection, and also the same is reported in the change management tool.
    Workaround: None
  • Collections from vCloud Director with vCenter Single Sign-On fail because VCM cannot authenticate the user
    When VCM collects data from a vCloud Director instance that is configured with vCenter Server Single Sign On, the collection fails.
    Workaround: None.
  • Manage Guests option under Console > Virtual Environments > vCenter > Guests > Summary creates duplicate machines of same guest name if the guest is already managed
    Manage Guests option on any guest machine under Console > Virtual Environments > vCenter > Guests > Summary is allowed multiple times. This causes the duplicate guest machines to be created if the guest is already managed.
    Workaround: None.
  • Double-byte characters are not recognized while adding accounts with double-byte full name and description in a high ASCII environment. High ASCII characters are not recognized while adding accounts with high ASCII full name and description in a double-byte environment
    In a double-byte environment, when you create user accounts having full name and description in high ASCII characters, the high ASCII characters are not recognized. Similarly, in a high ASCII environment, if the accounts are created in double-byte characters, then the double-byte characters are not recognized.
    Workaround: None.
  • Unable to deploy patches from imported templates for UNIX/Linux platforms
    After you create an imported template with appropriate patching format, if you click Deploy to deploy the patches, the operation fails and the warning message There are no assessment items to deploy. The deployment is applicable to a machine licensed for Unix patching and with a patch status of 'Not patched'. The wizard will be closed is displayed.
    Workaround: None.
  • Check boxes do not work on Report data page while creating an Active Directory Report in Internet Explorer 10 or 11
    Some checkboxes cannot be selected or do not appear in the Report data page while creating Active Directory Reports in Internet Explorer 10 or 11.
    Workaround: Click Back and return to the Data Type wizard. The check boxes appears correctly.
  • Patch deployment fails for some Linux managed machines, such as CentOS and OEL, when SELinux is enabled on the managed machine
    VCM installs the Linux Agent in inetd or xinetd mode by default. When SELinux is enabled on the managed machine, and the Linux Agent on the managed machine is running in inetd mode, patch deployment fails and VCM displays an error similar to the following error: install: %pre scriptlet failed (2), skipping <PACKAGE>. For more information, see KB 2079311
    Workaround: Redeploy the Linux Agent to the managed machine in daemon mode.
  • You cannot set Network Authority to the CMDelegate account when the protocol of a Windows machine is unknown
    When you use VCM Remote before an Agent is installed on the managed machine, or when you use an earlier version of VCM Remote, then manually install an HTTP Agent, the protocol setting is empty in Administration > Machines Manager > Licensed Machines > Licensed Windows Machines, and does not change when you run the Change Protocol action. You cannot set the Network Authority to the CMDelegate account, because the Network Authority requires HTTP as the protocol.
    Workaround: Wait 2 to 5 minutes for VCM Remote to update the protocol to HTTP in the user interface, then set the Network authority to the CMDelegate account.

  • VCM does not update the list of snapshots after you delete a snapshot
    After you collect data from a vCenter Server instance that includes multiple hosts, guests, and snapshots, when you navigate to Console > Virtual Environments > vCenter > Guests > Snapshot, select one or more snapshots, and click Delete Snapshot, when you view the list of snapshots in Console > Virtual Environments > vCenter > Guests > Snapshot, VCM does not update the list of snapshots, even though the snapshots are deleted. This behavior also occurs if you use the Virtual Environment Compliance remediation action to delete a snapshot.
    Workaround: Collect the vCenter Server Guests data from the managed machines, and view the updated list of snapshots.
  • McAfee Solidifier blocks the VCM installation
    When you attempt to install VCM on a machine that has McAfee Solidifier installed, the installation fails.
    Workaround: To install VCM on a machine that has McAfee Solidifier installed, either put McAfee Solidifier in update mode, add an exception rule in McAfee Solidifier, or disable McAfee Solidifier until VCM is installed, and then enable it again.
  • VCM Collector is not trusted as a Managing Agent after upgrade from VCM 5.4
    On a VCM Collector that has VCM 5.4 installed and data collected from managed machines, when you upgrade the Collector to the current VCM version, neither the Trust status or the Managing Agent status are enabled for the Collector machine.
    Workaround: After you upgrade the Collector to the current VCM version, restart the Collector service, then navigate to Administration > Settings > Certificates on the Collector, and verify that the Trust status and Managing Agent status are enabled for the Collector.
  • Unable to import Microsoft SQL Reporting Service Report
    You cannot import Microsoft SQL Reporting Service Report when you log in to VCM with a domain user that is added into VCM by a domain user with VCM administrator role. The error message Unable to save one or more reports is displayed. 
    Workaround: None.