.Loading..Loading.
Readme Rev
Service Updates
When the downloaded patch is run, it will extract to a folder and there will be zip files. Those files should be extracted and then Setup.exe can be run. This table outlines the names of the zip files and where they should be run.
Component | Core/Console | Client |
---|
Installation Instructions
The following outlines instructions for installing this update.
This patch requires that Ivanti Endpoint Manager 2019.1 be installed. For more information about current service packs please see Ivanti Community Doc 1001
Installing on the Core and Rollup Core
Because ADS may block files on Windows systems, it is recommended that you extract the patch on the machine you are going to install it on.
Prior to installing a patch on the Core Server it is recommended to make a backup of the Ivanti database.
Steps
- Disable any services on other machines that interact with the Core Server
- Double-click on the self-extracting executable and extract it
- Extract the files for the Core patch
- From the extracted files, run Setup.exe
- When Setup completes, reboot the machine if a reboot is required
- After applying the patch, you may need to re-activate your Core Server using the Core Server Activation Utility
- Restart any services stopped in Step 1
Note: The installer included with this release writes a detailed log that can be used to help troubleshoot installation problems. After running setup.exe from the patch, the log is located in the \ManagementSuite\log folder.
Installing on Remote Consoles
A Remote Console is any machine that is not the Core Server and has the Ivanti Endpoint Manager Console installed. Console Machines need to be updated to be able to connect to the updated Core Server and Database.
Because ADS may block files on Windows systems, it is recommended that you extract the patch on the machine you are going to install it on.
Steps
- Close the Console
- Double-click on the self-extracting executable and extract it
- Extract the files for the appropriate patch
- From the extracted files, run Setup.exe
- When Setup completes, reboot the machine if a reboot is required
Note: The installer included with this release writes a detailed log that can be used to help troubleshoot installation problems. After running setup.exe from the patch, the log is located in the \ManagementSuite\log folder.
Updating the Agent
The patch should be installed on the Core Server before updating Agents
Use one of the following methods to re-deploy the agent once the patch has been applied to the Core or to apply the patch manually.
Methods of agent deployment
- Manual: Map a drive to \\Coreserver\ldlogon and run 'wscfg32.exe -f'
This is used for single client installs and testing - Push: Schedule a push of the full agent
- Self-Contained EXE: Create an EXE that can be installed
- Advance Agent: This is a two stage process. The Advance Agent consists of a small MSI and a self-contained EXE. The MSI is deploy to the client and then the MSI downloads and installs the EXE. This allows for bandwidth friendly downloads.
For more information on agent configuration and deployment see Ivanti Community Doc 23482
Manual installation of the client patch
Because ADS may block files on Windows systems, it is recommended that you extract the patch on the machine you are going to install it on.
- Double-click on the self-extracting executable and extract it
- Extract the files for the appropriate patch
- From the extracted files, run Setup.exe
- When Setup completes, reboot the machine if a reboot is required.
Updating the Agent With Patch Manager
Ivanti Patch Manager can also be used to update agent machines with the patch. Content and definitions can be found in Patch Manager as Ivanti Updates and can be used to detect and repair agents that have not been updated. The Core Server must be updated with the Core patch before updating agents.
Not all Component Patches will have Patch Manager Content created. Once it is generally available, this method can be used to update agents. For more information about updating agents using Ivanti Patch Manager see Ivanti Community Doc 24384
Release Information
Please review the following important information about this release BEFORE installing this update.
Feature Changes and Updates
The following features have been changed or updated
No new features have been added in this update
Defects Fixed
Alerting
- 538576 Core is not sending info about machine name to Syslog server
- added client FQDN to syslog alert message
Anti-Virus
- 353600 If AV2017 realtime scanning is disabled security scan will report it is disabled, re-enabling via task may not work
- If Antivirus Real Time scanning is not running, it can be fixed with a repair task.
Broker Service
- 588573 Posting core cert fails in 2019.1 when CSA cert only has a CN value
- When checking for a name mismatch in the certificate of the remote computer, the code was including a comma after the computer name when comparing the string. This worked for most 3rd party certificates, but there are some that it did not. The fix was to only verify the computer name, without including the comma.
CSEP
- 493656 CSEP- PXE Subnets Disabling at unknown intervals
- Fixed an issue that could cause CSEP subnets disable at unknown intervals.
- 585355 Agents are sending ARP traffic every 10 seconds
- Agents no longer send ARP requests every 10 seconds.
- 593812 CSEP Services may not get elected if Agent state is disabled.
- Fixed CSEP continuing to run if agent state is disabled.
Data Analytics
- 363125 Barcode merge service isn't merging devices correctly
- Fixed the problem that merge is based on barcode scan type.
Endpoint Security
- 586159 CHS/CHT - Application control settings has no Save, Cancel button.
- When editing the Endpoint Security / Application Control settings on a Chinese core, the buttons Save and Cancel were not visible.
Inventory
- 492965 4100 on the fileconnectioninfo table
- inventory service will now handle much larger attribute values. In this case it was 1.3 Mb.
Mac
- 467520 The UI for the "Install macOS" provisioning action incorrectly fails validation
- The UI for the Install macOS provisioning actionincorrectly fails validation if the install agent option is unchecked, and the URL for the configuration file is not set.
- 533672 Ivinstallmacos "escaped" characters and file names need to be removed/replaced
- If links are copied into one of the text fields for the Install macOS provisioning action, and there are any HTTP URL encoded characters, they are decoded in order to make the validation tests in the User Interface work correctly. Previously if there were any encoded characters, such as a space, these would cause the validations to fail. This issue has now been fixed.
- 541984 Portal Manager tasks disappear after the reboot when using LDAP targeting
- -
- 572580 LDVDETECT - Cannot return logic on file that does not exist
- Files that are missing are now properly reported.
MDM
- 543259 Relaunching VPP app package in EPM is missing app icon
- In the EPM console, after an iOS VPP SWD package has been created for a specific app, and then closed and reopened, the icon next to the left of the app description now shows the correct app icon.
Patch Manager
- 454665 Compliance Group does not display patches assigned
- Show Approved for scoped scan vulnerabilities in Compliance Group
- 572108 Import CVEs progress window will do nothing if an empty CSV file is given
- Importing an empty CSV file will yield a warning message and gracefully end the action
- 586069 Invalid Input error when saving patch definition filter
- Save button will be disabled and a note will notify the user why is disabled. Once the products load into the filters will reactivate the save button and clear the notification.
- 601869 Filter form no longer loads after deleting some filters with default generated name
- Deleting filters created with auto-generated names will not break the future filters created with auto-generated names
Provisioning
- 502505 Self-electing subnet service 'core unreachable' message
- move the csep endpoints into a new app pool
- 575662 Maintenance task is not removing old devices when one of them is linked in Provisioning -> Machine Mapping
- A database constraint prevented inventory records from being deleted if the machines were part of a machine mapping in Provisioning. Provisioning maintenance will now clean up machine mappings older than the number of days specified in the file prov_mapping.ini, located in the ManagementSuite folder. After this cleanup has occurred, inventory records will be deleted normally.
Remote Control
- 570043 RCViewer- Identity Server Failing due to outdated TPS.config
- Fixed an issue with an invalid tps.config file after product installation.
- 581023 Linux RC Tunnel Connection limitation
- Fixed an issue that caused the Linux RC tunnel to limit the number of connections allowed.
- 596271 Rcviewer duplicating devices due to devices in multiple scopes
- Don't duplicate devices for each scope they are included in.
- 600448 Tunnel Crashes with event message Event 1000
- Fixed a memory leak in the RC tunnel that occurred when machines would register with the tunnel without cleaning up the original socket.
Software Distribution
- 489439 If PolicySync /enforce runs at reboot it may interfere with sdclient continue tasks.
- Added new IN-REBOOT status to avoid PolicySync.exe /enforce re-run the same policy that is in the state of continuing after reboot.
- 498545 Windows Actions - copy file list
- Added option to copy lists of files to Windows Actions.
- 530726 LDAPS environments may experience smart card authentication prompts when LDAPWhoAmI runs
- Add choice of always use LDAPS, not use LDAPS and dynamic on not use LDPAS if detected that a smart card connected to the machine.
- 586213 Tmp tables could become orphaned in the database
- This issue caused by SQL server fail to drop table. The cause of this failure may caused by table still in use, such as replication. The fix is using real temporary table name that is leading with # character so that in case the table cannot be dropped, SQL server will take care of it later.
- 586844 Downloading a partial file is not resumed
- Fixed the code to check for both types of hashes before it determines that the partial file is invalid. Before the fix it was only checking for md5 hashes which are no longer supported.
Web Console
- 575611 Legacy Remote control via management gateway button does not work
- Fixed an issue that prevent a legacy remote control session through the management gateway.
Win Console
- 583303 User names that begin with the letter 'X' cause the web console to not function properly
- escape '\' for user name use in .aspx page.
Known Issues
No Known Issues