.Loading..Loading.
Readme Rev
Service Updates
When the downloaded patch is run, it will extract to a folder and there will be zip files. Those files should be extracted and then Setup.exe can be run. This table outlines the names of the zip files and where they should be run.
Component | Core/Console | Client |
---|
Installation Instructions
The following outlines instructions for installing this update.
This patch requires that Ivanti Endpoint Manager 2022 be installed. For more information about current service packs please see Ivanti Community Doc 1001
Installing on the Core and Rollup Core
Because ADS may block files on Windows systems, it is recommended that you extract the patch on the machine you are going to install it on.
Prior to installing a patch on the Core Server it is recommended to make a backup of the Ivanti database.
Steps
- Disable any services on other machines that interact with the Core Server
- Double-click on the self-extracting executable and extract it
- Extract the files for the Core patch
- From the extracted files, run Setup.exe
- When Setup completes, reboot the machine if a reboot is required
- After applying the patch, you may need to re-activate your Core Server using the Core Server Activation Utility
- Restart any services stopped in Step 1
Note: The installer included with this release writes a detailed log that can be used to help troubleshoot installation problems. After running setup.exe from the patch, the log is located in the \ManagementSuite\log folder.
Installing on Remote Consoles
A Remote Console is any machine that is not the Core Server and has the Ivanti Endpoint Manager Console installed. Console Machines need to be updated to be able to connect to the updated Core Server and Database.
Because ADS may block files on Windows systems, it is recommended that you extract the patch on the machine you are going to install it on.
Steps
- Close the Console
- Double-click on the self-extracting executable and extract it
- Extract the files for the appropriate patch
- From the extracted files, run Setup.exe
- When Setup completes, reboot the machine if a reboot is required
Note: The installer included with this release writes a detailed log that can be used to help troubleshoot installation problems. After running setup.exe from the patch, the log is located in the \ManagementSuite\log folder.
Updating the Agent
The patch should be installed on the Core Server before updating Agents
Use one of the following methods to re-deploy the agent once the patch has been applied to the Core or to apply the patch manually.
Methods of agent deployment
-
Manual: Map a drive to \\Coreserver\ldlogon and run 'wscfg32.exe -f'
This is used for single client installs and testing - Push: Schedule a push of the full agent
- Self-Contained EXE: Create an EXE that can be installed
- Advance Agent: This is a two stage process. The Advance Agent consists of a small MSI and a self-contained EXE. The MSI is deploy to the client and then the MSI downloads and installs the EXE. This allows for bandwidth friendly downloads.
For more information on agent configuration and deployment see Ivanti Community Doc 23482
Manual installation of the client patch
Because ADS may block files on Windows systems, it is recommended that you extract the patch on the machine you are going to install it on.
- Double-click on the self-extracting executable and extract it
- Extract the files for the appropriate patch
- From the extracted files, run Setup.exe
- When Setup completes, reboot the machine if a reboot is required.
Updating the Agent With Patch Manager
Ivanti Patch Manager can also be used to update agent machines with the patch. Content and definitions can be found in Patch Manager as Ivanti Updates and can be used to detect and repair agents that have not been updated. The Core Server must be updated with the Core patch before updating agents.
Not all Component Patches will have Patch Manager Content created. Once it is generally available, this method can be used to update agents. For more information about updating agents using Ivanti Patch Manager see Ivanti Community Doc 24384
Release Information
Please review the following important information about this release BEFORE installing this update.
Feature Changes and Updates
The following features have been changed or updated
Agent
-
917218 Add environment variable for sdmcache for EBA.
- For engine-based agent, install MSI will create cache folder in ProgramData\Ivanti\EPM Agent\sdmcache and set environment variable TMC_CACHE_DIR point to it.
-
761534 Beta Version EBA - Self-Updating, Self Healing Engine Based Agent
-
We are continuing to expand the "Beta" version of our new Engine Based Agent. This is designed to be self-healing and self-updating. It will include reports on each of the component engines on all clients in the console. To enable this feature, you must add this new registry key before starting your console. [HKEY_LOCAL_MACHINE\SOFTWARE\Ivanti\ManagementSuite] "EnableNewAgent"=dword:00000001
- Here is a link to a Community Article: Ivanti EPM Engine Based Agent Information
- EPMAgentinstaller has command-line to accept config name
- EPMAgentinstaller /config “Default Windows Configuration”
- EBA supports embedded OS push installs (deals with write filter)
- Custom Data Forms
- Power Management
- Alerting & Real-time Monitoring
- You can now easily deploy the Engine-Based Agent to existing agents via a new SWD package type.
- On upgrade from old agent type, EBA will keep the currently applied agent config unless an assignment has been made on the core.
- Full upgrade abilities have been enabled in this release.
- Any SU applied will cause the agent to be able to upgrade the installer, update service, and engines.
- EBA downloads (from core) and installs .Net 4.8 if not already installed.
- Right click option to “Force agent check in”.
- Individual engines don’t show up in add/remove programs
- Provisioning
- Endpoint Security
- Application Monitor
- Privilege Management
- Antivirus Engine
- Alerting
- Real-time Monitoring
- CBA
- BaseEngine (New to the Engine Based Engine)
- Patch
- Inventory
- Remote Control
- Software Distribution
- Shared Files
- Notifications Manager
- Bitdefender Antivirus
- AMT
-
Autopilot
-
777040 Allow installing of Microsoft 365 apps on Autopilot devices
- Microsoft 365 Apps can now be configured and installed on Autopilot devices.
-
923346 Allow PowerShell scripts to set the device name during Autopilot hybrid-join provisioning
- Multiple customers have requested that we allow device naming via a customer-supplied PowerShell script. Because Microsoft Autopilot does not allow us to customize device naming during AAD-join provisioning, this feature only applies to hybrid-join provisioning -- as we control the process of naming the device during hybrid-join provisioning.
-
923395 Add Product Code detection rule support to Autopilot
- Admins can create a product code and is when the admin wants to create one, it auto-populates a single field with the product code it finds in the selected MSI file. The Application configuration UI now provides the ability to create an MSI (Product Code) Detection rule. The UI extracts the product code from an .msi file or .msi file wrapped in the .intunewin format The Detection rule indicates the app is installed if the product code is found in the registry or not installed if not found We do not display the msi product code option for non-msi applications The product code is saved in the azure application record so if a user wants to add an msi rule after initially creating the app they can When editing an app that was created in a prior version and therefore does NOT have it's product code saved, we try to get the product code out of the file in the same filepath the original msi was in. Warn the user that if they changed the msi the product code won't be correct. If there isn't a file in the original filepath then just don't attempt to get a product code and let the user know.
Core Sync
-
795471 Enable Core Sync to work with untrusted Domains
- Core Sync will now work with two core servers in different domains without any domain trust relationship between them using alternate credentials or an API key.
-
795611 Update Sync to Core to use the Alternate Credentials (or API Key)
- Enable Core Sync to work with untrusted Domains feature, the core sync service is updated to use alternate credentials that is configured in the Core Sync UI.
-
805866 Support in Core Sync for N-1 version
- Customers are now able to sync objects from an older version of EPM to a newer version. Starting with EPM 2022 SU1 you can core sync the current version and one version back.
Data Analytics
-
797107 Remove Silverlight from Data Analytics (DA)
-
There are 5 Dashboard reports that were using a Silverlight wrapper to generate charts for each of the dashboard reports. These reports are now available in the new web console now without having to install Silverlight.
These include:
- Memory Dashboard
- Patch Dashboard
- Processor BarChart Dashboard
- Processor Dashboard
- Server Dashboard
-
There are 5 Dashboard reports that were using a Silverlight wrapper to generate charts for each of the dashboard reports. These reports are now available in the new web console now without having to install Silverlight.
These include:
-
834326 Hard code DTS rules to prevent all of them from being made active
- Needed the ability to prevent certain canned DTS rules from being made active. Some Data Translation Services (DTS) rules have no impact when being set to "Active" while Real Time Processing is enabled. Other rules actually work when made active, but cause such high performance degradation that it's better to run them on a schedule to prevent core/DB performance issues. For additional information please see this Community Artical: What is Content Caching on Mac machines - Apple Support
-
977017 Move Data Analytics discovery service credentials to Credential Manager
- Move discovery services login creation to Credential Manager. We will still allow the customer's to view the logins in Discovery services so they can see what credentials they are using for configuration but creation or editing those credentials needs to take place in Credential Manager.
Inventory
-
933414 Detection through Windows OS of Installed AntiVirus S
- We added a new inventory entry for Installed Antivirus products. A new BNF path, Computer / Security / Antivirus Software / Product, is used to report the presence of any Antivirus software products installed on Windows Work stations. The WMI data that we are gathering for this DOES NOT EXIST ON WINDOWS SERVER OS'S.
Mac
-
844485 No Last Policy Sync Date in MACs Inventory
- The Last Policy Sync date is now tracked consistently in Inventory for Mac devices.
-
860097 Support for new Mac bootstrap token calls in check-in handler
- The MDM check-in protocol validates a device’s eligibility for MDM enrollment and informs the server that a device’s push token has been updated. When the MDM payload is installed, the device initiates communication with the check-in server. The device validates the TLS certificate of the server, then uses the identity specified in its MDM payload as the client authentication certificate for the connection. If a check-in server URL is provided in the MDM payload, the check-in protocol communicates with that check-in server. If no check-in server URL is provided, the main MDM server URL is used instead.
-
917631 Add Inventory Support for Mac Agent Behaviors
- Admins can now see what agent behaviors are set for each endpoint.
-
926871 Add Inventory support for Reporting on managed kernel and system extensions through EPM for Intel and M1 Macs
- Mac kernel and system extensions information has been added to inventory
-
948902 Zero Day Support for macOS 13 add support for login items added by apps
- macOS Ventura adds a new feature in the System Preferences (now called System Settings) that allows an admin user to manage, under the title of "login items", the launchdaemons and launchagents installed by some applications. This includes launchdaemons and launchagents installed with the Ivanti EPM macOS Agent as well as the Mobile & Work MI macOS Agent. In the case of both products, disabling such login items disables the agent. Changes were made to the EPM macOS Agent installer to make sure that all launchdaemons and launchagents installed with the Ivanti EPM macOS are represented in the new macOS System Settings login items UI by a single Ivanti, Inc. labeled item. Also, along with the new macOS System Settings login items UI, Apple created a new MDM payload type the allows device management vendors to disable user management of launchdaemons and launchagents with that new macOS System Settings login items UI. We have created and include in core server installs and updates a new configuration profile: LoginItemsPayload_AllIvanti, that prevents users from disabling any Ivanti EPM macOS Agent launchdaemons or launchagents through the new macOS System Settings login items UI.
-
955952 Managing Apple content Caching with CSEP
- Provide a caching service for content the OS understands (OS updates, App Store Apps, etc.). It is controlled by mdm. We are enabling control via CSEP, which means we make one device on a subnet the content caching server. macOS content caching gives peer-peer downloads for Apple content. It means that things like macOS updates (6GB downloads) can be cached by one device on the subnet and provided to the other devices automatically. This is good because it allows you to update macOS by just calling the software update utility. CCC service - vs lddownload What is Content Caching on Mac machines - Apple Support While the EPM lddownload capabilities are great for minimizing internet data usage, macOS Software Update does not support using it.
-
969334 Add Service Management - Managed Login Items payload to manage Ivanti Agent launch agents and daemons
- Along with the new macOS System Settings login items UI, Apple created a new MDM payload type the allows device management vendors to disable user management of launchdaemons and launchagents with that new macOS System Settings login items UI. We have created and include in core server installs and updates a new configuration profile: LoginItemsPayload_AllIvanti, that prevents users from disabling any Ivanti EPM macOS Agent launchdaemons or launchagents through the new macOS System Settings login items UI.
Patch Manager
-
874058 Add patching support for Oracle Linux OS
- EPM now supports patching of the Oracle Linux OS. All vulnerabilities are registered in Scan folder in Patch and Compliance menu: Vulnerability properties -> Package properties The Patch Repair tasks Log file is located here: C:\Program Files\LANDesk\ManagementSuite\log\WSVulnerabilityCore.dll.log
-
874058 Oracle Linux Support
-
Support has been added for Oracle Linux. Including the following:
- Inventory data
- Software Distribution
- Patch
-
Support has been added for Oracle Linux. Including the following:
-
907145 Add ability to Create Custom Patch Campaigns
-
We are now able to create a Patch Campaign for a custom patch group.
Additional highlights include:
- Custom Patch Campaigns won’t repeat.
- Global Autofix can be set for the vulnerabilities included in that campaign, after the campaign has ended.
-
We are now able to create a Patch Campaign for a custom patch group.
Additional highlights include:
-
907146 Add patching for Microsoft Office LTSC 2021
- EPM is now able to patch Office LTSC 2021 with Multi-select configuration options.
-
914489 Patch Definition Filter Update
- If you select an entire product folder and set all the product versions within the folder to automatic. When a new version of the product is released, it will be automatically selected
-
956225 Remove Linux OS options from the Patch Campaign deployment wizard
- We have removed the patch campaign option for Linux OS (CentOS, Rhinux, Sles9, & Ubuntu) from the Patch Campaign deployment wizard as we don't support Linux OS for Patch Campaigns
Provisioning
-
487016 Support latest OSs in HII including Windows Server 2016+ & Windows 10+
- Provisioning support for Server 2016, Server 2019, Server 2022, latest Win 10 versions, Win 11 Enhance the provisioning workflow to display all supported OS Improved server and client logging. Added an EPM Console warning regarding “unsigned drivers” when performing HII Provisioning Template Actions. Namely, unsigned drivers will not load when Windows Secure Boot is enabled.
Remote Control
-
819871 Remote control - Allow Custom Message in Win Notifications
- Have a custom message displayed when remote controlling a device. Similar to the "custom" messages that are currently in reboot and Software Distribution settings.
-
930219 Remote control - Add the ability to collapse the RC Message window
- The RC Message window now has a collapse button, so it doesn’t take up so much screen space.
-
945746 IPv6 Support for Remote Control
- Added support for IPv6 only networks for Remote Control, including when the tunnel is in use.
Software Distribution
-
869356 SWD package location should default to use https
- We now default to the more secure https for the "landesk/files". You can manually enter http if needed.
-
931285 Add a Default Package Timeout
- You can now specify a global default for package installation timeout. (Applies only to new packages). Also, Windows Actions now support installation timeout setting.
Web Console
-
907174 Web Console 2.0 - Pagination
- Now supports pagination of long lists
-
907176 Web Console 2.0 - Export
- Now able to export a list so that you can work on it offline and take advantage of the customization feature of Excel or other formats.
-
907178 Web Console 2.0 - Notification Panel
- We are now able to see a list of recent notifications of actions initiated from the web console.
-
907180 Web Console 2.0 – UX Improvements
- Several UX updates made to the Web Console.
-
911065 Web Console 2.0 - Physical (NIC) Address information
- Added the information about MAC address in the Network Card of the Device Additional Details
-
933002 Web Console 2.0 - Reboot Device
- Now able to perform a Reboot device action from Device Details screen of the New WebConsole
-
947953 Web Console 2.0 - Search Results Guidelines
- While searching for a specific device, if there are no search results, we offer suggestions to look in the Devices and People tabs including hyperlinks to those.
-
947954 Web Console 2.0 - People List View
- The new People tab provides a list view of all Users. RBA and Scopes apply.
-
947956 Web Console 2.0 - Device List View
- The new Devices tab provides a list view of all Devices. RBA and Scopes apply.
-
947958 Web Console 2.0 - Task History Tab
- The new Task History tab provides an overview of all the tasks initiated by the current logged in user.
-
952503 Web Console 2.0 - New Dashboards
-
New Dashboards created from reports (Not dependent on DA)
- Days since last HW scan(inventory)
- Days since last SW scan(inventory
- Days since last Vulnerability scan (security)
- Operating system summary(general)
- HDD disk space(hardware)
- Devices with < X% disk space remaining
- Customer can specify what "X" is
- AV(security)
- AV installed (yes/no)
- Which AV installed
- Pattern files older than X days
-
New Dashboards created from reports (Not dependent on DA)
-
952504 Web Console 2.0 - View/select queries created in EPM Console
- Query that is created in the EPM console can now be selected and run successfully in the Webconsole. The new custom dashboard has an option to select queries to use as datapoints.
Defects Fixed
Agent
-
937240 'Deploy Agent' task for Unmanaged Device is erroneously scheduled to repeat
- A deploy agent task is now set to run once.
-
952048 LANDeskAgentBoostrap.exe attempts to download non-existent DLLs
- Removed the missing DLL from the list of DLLs to download in LandeskAgentBootstrap.exe.
-
960485 BrokerConfig.exe request fails if the device has any adapter with multiple Connection-specific DNS suffixes
- We now handle multiple suffix strings, and each is added to the certificate request.
-
969732 Reboot/Shutdown function on the management console does not work for the EBA agent
- Fixed the right click reboot functionality in the console for EBA clients.
-
971210 The EBA agent installation fails installing the inventory engine on "Dutch" or "French" machines (impact on other languages unknown)
- Fixed an issue where the engine based agent would not install properly on certain languages.
Antivirus
-
914057 Antivirus agent settings: Unable to configure process/file exclusions for "On-Access" and "ATC/IDS"
- Antivirus exclusion settings are now applied correctly to Ivanti AntiVirus agents.
-
934911 Third Party Antivirus Sophos Antivirus does not show in inventory.
- Display Sophos Endpoint Protection
-
966788 SentinelOne Antivirus version 22.1.217 does not show in Inventory
- We have made a fix for accurate reporting in the Security section of Inventory of a managed device for Sentinel One security solution.
Autopilot
-
977900 Client unable to get list of apps to install from Autopilot service Deployment Profile is configured for All Devices
- Due to an unexpected change by Microsoft, the list of devices associated with a deployment profile is no longer available for "All Devices". We have implemented a workaround such that the deployment profile is no longer used when determining the list of apps for "All Devices". Since apps may reference "All Devices", those apps will always be assigned to a device being provisioned.
Console
-
922283 Auditing not properly capturing the Console user who initializes the command
- Audit logs enhanced to show the name of the console user who initiated a remote command to a managed device instead of "NT AUTHORITY\NETWORK SERVICE"
Core Sync
-
977802 Coresync not translating the %CoreName% variable in package paths properly when syncing packages
- Correctly handles core name that can be mixed with short name (host name) or long name (FQDN) when replace with %corename% for export.
Data Analytics
-
942304 Asset Control Column Set Display Name Modifications are not displayed
- The display names are now reflected under Assets
Endpoint Security
-
785106 Endpoint Security UI Administrator Prompt on logon (when there is no network)
- If there is no network connection, the EPS service will still start.
-
934491 Application Blocking exception request granted by administrator on the management console never is reflected in the EPS GUI on the client machine as granted.
- The approval request status of an application blocked by EPS is now accurately reported
-
967545 Download Error “getting-processing” Ivanti Reputation Files from Download Servers
- Improve performance when downloading file reputations.
File Replication
-
971151 Replication will fail to identify the correct list of files to replicate and will always fail the first file that it tries to replicate in certain scenarios
- Fixed replication when failing to identify the correct list of files to replicate and would always fail the first file that it tried to replicate.
Firewall
-
926626 Agent installation fails if the Windows Defender Firewall Service "MPSSVC" is disabled.
- When the Windows Defender Firewall Service "MPSSVC" is disabled, the agent install will no longer attempt to modify the firewall and will continue installation as expected.
Inventory
-
929834 Inventory is flagging Azure virtual desktops as servers.
- Fixed Inventory to show Azure virtual desktop devices as workstation type.
-
957845 Faulting Application LDInv32.exe crashing
- Log an event and delete the file when a file gets into the decomp folder. The inventory scanner will continue to run.
-
967241 The inventory scanner process and child processes are causing CPU spikes on server/workstation devices
- Lowered the process priority for the inventory scanner and child processes when run with the /noui switch
Mac
-
868275 Mac Profiles are not being collected in Inventory Scans
- The new inventory scanner properly reports configuration profiles
-
912271 com.landesk.ldms.plist file reverts inventory upon agent install
- Agent install now updates the plist to the correct parameters.
-
917217 EPM Mac Agent installer doesn't delete agent settings hash files when upgrading.
- We now delete the old settings hash files before upgrading.
-
917631 Installing new Mac agent does not pull new settings
- Resolved. The old hash files used to track changes to the agent behavior files are deleted as part of the new agent install, so that agent settings are properly used to update the various agent components
-
919116 Mac RC "permission required" checkbox is unchecked in Ivanti agent UI even though it is checked on Core.
- Resolved. The new Ivanti Agent Tool properly displays the settings downloaded from the core server
-
919118 RC shows version "z" in Ivanti agent UI on mac client
- Resolved. The new Ivanti Agent Tool queries IVRemoteControl to obtain the correct version
-
919119 RC shows status: "Stopped" in Ivanti agent UI on mac even though RC is actively being used on the mac client
- Resolved. The new Ivanti Agent Tool queries IVRemoteControl to obtain the correct state of ivremote
-
919120 Inventory scan last run is not being updated on Ivanti agent UI on the mac client
- Inventory Scanner now updates Last Run info correctly.
-
919121 CBA version is showing old 11.0.4.253 after upgrade to EPM 2022
- Updated the build pipeline to build 11.0.5.
-
919124 EPM Mac Agent user interface is not being updated in real time.
- The agent user interface now updates in real time.
-
930674 HTML5 RC icon in Console Network view should no longer be showing up for Mac machines
- We removed the old RC5 icons and all files associated with the Legacy RC and HTML5 RC.
-
932802 Detection of direct core connection sometimes blocks infinitely
- This fix is intended to check for data and make sure it is there before trying to read it to prevent blocking.
-
952427 Mac Agent not showing Tenant Information
- Tenant information is now showing in inventory. It can be viewed by double clicking on the device and then double clicking on Tenant. Ability to add the name and unique id columns of the Tenant for sorting and management of Tenants again.
-
960469 M1 Macs report Battery Info when they shouldn't
- M1 devices without a battery no longer report battery information. Additionally, some devices, both M1 and Intel, reported battery info incorrectly are now report battery info correctly
MBSDK
-
861566 MBSDK Add Device to scheduled task writes data into DB without validating
- Validate numeric input to see if the input number is a valid computer id in computer table.
-
873886 /distributionapi/api/v1/RebootSettings returns Distribution and Patch info instead
- When enumerate reboot settings from database, use already created object that is initialized with reboot setting behavior, not creating default agent behavior object without specific agent behavior type.
-
879607 Postman tasks via DistributionAPI Swagger API fails with 403 when the account credentials used is non-admin
- When the tokens are created for the API, please ensure that User used for token creation has the rights in EPM corresponding the API action. For example, when querying the API for reboot settings, make sure the user has EPM Console rights under Agent Set
MDM
-
882137 Android Enterprise CPE setting "Enable installation of apps from unknown sources" is not working.
- Updated Google API libraries were incorporated in EPM, the UI was updated to reflect the new options for enabling developer mode and handling launching apps from unknown sources. Once the fields are properly set in the Config Profile Editor save and sync devices.
Patch Manager
-
890756 Repair task that is set to ignore maintenance window will grab next continue task and run even if no continuation is selected in agent settings
- Repair task that is set to ignore maintenance window will not grab the next continue task, if no continuation is selected in agent settings.
-
906825 Reboot dialog window on German Windows clients is cutting off "Reboot Now" button
- Fixed an issue causing the "Reboot Now" button to be truncated in the reboot dialog in German.
-
912477 Agent Service Update via patch manager repair task returns a failure message when the remote control component is not installed
- Agents are correctly updated and repair task is successful, using Ivanti SU definitions.
-
923221 Cannot see all the parameters under Distribution/Patch settings -> Patch only settings due to Screen \ Display Resolution Size
- For resolution set to 1280 x 800 (around 720p) in Distribution and Patch > Patch Only agent settings options: all settings are now visible.
-
923340 Patch campaign not updating
- In Patch Automation feature Patch Campaigns are updated without errors.
-
929394 Patch Tuesday campaigns say they are started and nothing more. No progress.
- In Patch Automation feature - Patch Tuesday campaigns were fixed to work as expected.
-
935234 VLC-220419_INTL patch downloads failing
- In Patch and Compliance - Patch download is extended to work also for URLs that are using mirror sites.
-
942570 Filter Definitions- OS versions do not display in 2022
- For EPM 2022 when going to Download updates>Filter Definitions, OS tab filters are now correctly populated.
-
947548 Patch Automation LDAP query does not place machines in campaign steps
- LDAP query now adds machines in patch campaign steps.
-
975160 Patch Campaign did not create any tasks for Linux patches.
- Linux patching is not supported in patch automation. Linux filters have been removed from Patch Automation.
Power Management
-
902515 Restarting the WMI service could cause Process Trigger and/or Power Management services to spike in CPU to 100%
- Resolved high CPU usage caused by WMI service on Power Management services.
Provisioning
-
849805 Disconnected Provisioning Template Takes a Long Time to Start
- When using a disconnected template, we no longer retry obtaining the client cert if the first attempt fails. Sensitive variables and other secrets will not be accessible in this case.
-
874217 The Delete File action in OS Provisioning templates doesn't delete files over 2147483647 bytes
- We changed to use a 64 bit file structure (instead of 32 bit) to allow reading of large file sizes.
-
882474 PXE Services do not restart after shutting down because of loss of communication with core server
- Using PXE_SVC_WIN registry key will force the node to win the election and stay elected even when unable to contact the core. It will resume reporting when connectivity is re-established.
-
908092 L14 Gen2 Lenovo HII drivers fail to download
- L14 Gen2 Lenovo HII drivers download works as expected.
-
947303 Provisioning Action template to update registry in client machines is not working as expected
- Made the option to use the 64-bit registry view available on the Import File option of the Update Registry Provisioning action.
-
954711 Intel DCH Graphics Driver Causing HII Build Error: Failed to process repository drivers with error Index and length must refer to a location within the string. Parameter name: length
- The INF parsing workflow now handles exceptions to errors found in the INF. This defect was found to have a root cause of formatting differences used in some INFs (technically not correct but should be handled and ignored). Now handles this as well as generically handling other errors that may be found. If the INF has an error, it will be noted in the log file, but processing will continue for other valid INFs. A warning message will indicate IF an error has been handled and the INF ignored. The user will be directed to the log file with those details. In the HII.log, failing INF files will have a line that reads "INF file: '{0}' had an error in processing. This INF and corresponding driver(s) will be skipped and not applied to devices until the error is resolved." where {0} will be replaced with the failing INF file path/name.
RBA
-
942270 When a Group's Assigned Scope is Deleted in User Management, the Group is Reassigned to 'All Devices'
- No longer assign Default Template User's scope to a user whose last scope was deleted.
Remote Control
-
919715 EPM 2022 RCViewer isn't Getting Upgraded when Upgrading from Older Version
- The issue with the RCViewer not being upgraded with the rest of the suite is fixed and should update as expected.
-
919971 USB smart card reader not recognized by RCviewer
- Modified the RCViewer smart card logic to detect that power had been removed from the smart card. And then apply a 're-connect' message to re-power on the card. After that whatever command that had failed was resent.
-
924934 Remote Control Floating Desktop icon/notification does not show the username of the user who initiated RC when the session is launched from Web Console 2.0
- The username of the session initiator is now passed to the Remote Control session when using Web Console 2.0 and appears on the floating notification as expected.
-
968861 RC Tunnel cannot find certificates in the same folder as itself
- RC tunnel can now find certificates using relative paths to itself.
-
974530 RC Service does not restart when VPN adapter is turned off
- Added a delay for checking for communication with a core to work better with certain VPN solutions.
Reporting
-
944818 Health Dashboard "Unable to contact the core server" error.
- Changed the request to support HTTPS since the HTTP is now redirected to HTTPS
Software Distribution
-
804514 A standard EPM user with read-only rights on public packages is able to move a public package from public folder to their own folder then able to modify the said package inside their folder.
- If the user logged into the CORE console does NOT have "public edit" rights for Software Distribution (SWD) Packages, then they will NOT be able to "move" a SWD package to a Team or "MY" folder. They can only make a copy of it.
-
840664 Replication - vulscan.exe /replicate /settingsindex=0 remains running which causes the next scheduled Replication to fail immediately with Another instance of this file replication task is already running (Teleperformance)
- Fixed the downloader code so that in case of an exception in any of the processing threads, it will cleanup and return rather than wait for unfinished files indefinitely.
-
895548 Wrong message showing on toast notifications when certain options are selected
- Fixed to show correct timeout action.
-
899434 Error when adding a folder to additional files on Windows Action packages - SWD
- We now check for null/empty primary file when getting a file list so that we handle the folders structure properly.
-
920692 S3 bucket download failure of large file when in a subfolder of the share.
- Updated the path to be correct in all cases.
-
921061 SDMCache file retention issue. If the "Number of days files stay in cache" is over a certain amount of days the files are deleted daily.
- The value processed was changed to a larger variable type to handle much large retention values in days (which are converted to seconds). This means the files will be kept according to the settings in Client Connectivity Settings and correctly displayed
-
934186 Issue with task status when multicast and "Always reboot" setting is used.
- For reboot reconnect, do not try to download files that were already downloaded before reboot.
-
942864 When restarting a task that previously had an LDAP query targeted, the task still targets the query.
- When removing a LDAP query from properties target panel, clear already resolved targets from the removed LDAP query.
Web Console
-
908867 Web Console 2.0: Result column not accurate for some SWD task return codes
- We made a modification in the Web Console to display the Return Code and Result columns like in the desktop console
-
951547 Web Console 2.0: Software Distribution Tasks with Return Code 0 Are Not Showing Correct Task History Information
- Show correct task history information for software distribution tasks.
XDD-UDD
-
912897 UDD Wireless Access Points "Mark as Allowed" does not do anything
- Fix the right click allow and not allow for WAPs. Also fix UDD scans putting APs in the right group.