Centrify Deployment Manager 2.1.5 Release Notes (C) 2012 Centrify Corporation. This software is protected by international copyright laws. All Rights Reserved. Table of Contents 1. About This Release 2. New Features 3. Bugs Fixed 4. Known Issues 5. Additional Information and Support 1. About This Release Centrify Deployment Manager is part of the Centrify Suite. It enables you to identify non-Windows systems within your environment, analyze their readiness to integrate with DirectControl and Active Directory, as well as perform deployment of Centrify Suite editions to these systems. Please note that Deployment Manager requires the product catalog to be imported first before using the "Download Software" feature. For example, if you download the software bundles from the Centrify Suite ISO into a local or network drive which is then specified as the software location, Deployment Manager will detect only the adcheck packages if the product catalog is not imported yet. 2. New Features in Deployment Manager 2.1.5 The following is a list of new features in this release: * Support the discovery as well as installation and upgrade of Centrify product suite for new OS platforms: - Fedora 18 (32- and 64-bit) - Red Hat Enterprise Linux 6.3 (32- and 64-bit) - Red Hat Enterprise Linux Desktop 6.3 (32- and 64-bit) - CentOS 5.8, 6.3 (32- and 64-bit) - Scientific Linux 5.8, 6.3 (32- and 64-bit) - Ubuntu Desktop 12.10 (32- and 64-bit) - Ubuntu Server 12.10 (32- and 64-bit) - Linux Mint 13, 14 (32- and 64-bit) * Only x86 and x86-64 Red Hat packages are updated in this release. The Debian packages in Suite 2012.2 are verified to work with Ubuntu 12.10 and Linux Mint 13 and 14. All other packages are identical to DirectControl 5.0.4. 2.1. New Features in Deployment Manager 2.1.4 The following is a list of new features in this release: * Support the discovery as well as installation and upgrade of Centrify product suite for new OS platforms such as Red Hat Enterprise Linux Desktop 5.6 and 6.0. 2.2. New Features in Deployment Manager 2.1.3 The following is a list of new features in this release: * Support the discovery as well as installation and upgrade of Centrify product suite for new OS platforms such as Mac OS X 10.8. 2.3. New Features in Deployment Manager 2.1.2 The following is a list of new features in this release: * (Post GA) Support added for Ubuntu 12.04. * Support the discovery as well as installation and upgrade of Centrify product suite for new OS platforms such as CentOS 6.1 and Linux Mint 12. * There is new menu item "Enable Centrify Product Catalog Auto Update" in the General tab of the Options dialog. If enabled, Deployment Manager will periodically check the Centrify web site for new versions of the Centrify product catalog and automatically download them if found. * The "Import Centrify Product Catalog" is now a wizard. This provides a more responsive GUI as well as allows the import to be done in the background. 2.4. New Features in Deployment Manager 2.1.1 The following is a list of new features in this release: * The Deployment tab on a computer's Properties will now display Operating System and version information. * Shell scripts will no longer be run with privilege. Instead, they will be run with the provided credentials. However, customers can still allow their scripts to be run with privilege by specifying "#run-with-privilege" at the top of the script. * The WinSCP version in the Deployment Manager package has been upgraded to v4.3.5. * A user no longer had to enter an installation name when configuring a UNIX DirectAudit agent for a secure installation. There is now a radio button to specify that the user has configured the DirectAudit installation by Group Policy. 2.5. New Features in Deployment Manager 2.1.0 The following is a list of new features in 2.1.0: * There is a new "Manage Zone" option to allow users to join or leave a computer to/from an AD domain. * Users can choose to join or not join to an AD domain when installing the Centrify Suite on a computer. * Support new hierarchical zones in DirectControl 5. * Support installation of and upgrade to DirectAudit 2.0. * The product catalog file is now available as part of Centrify Suite 2012. It is called centrify-product- catalog-offline.xml and is contained in Centrify-Suite- 2012-agents-DM.iso. 3. Bug Fixes 3.1 Bugs Fixed in Deployment Manager 2.1.5 * Deployment Manager has historically written working data to /tmp. This version of Deployment Manager uses /var/centrifydm for it's working data. This version is backward compatible with all versions of Suite 2012. 3.2 Bugs Fixed in Deployment Manager 2.1.4 * The speed to add/delete users in the group is greatly improved. Before, it took couple minutes if the group contains a thousand users. 3.3 Bugs Fixed in Deployment Manager 2.1.3 * No major bug fixes. 3.4 Bugs Fixed in Deployment Manager 2.1.2 * In previous releases, we do not detect the minor number of some OS versions. For example, a machine with Scientific 6.1 installed is recognized as Scientific 6, RHEL 5.8 as RHEL 5. This is now resolved. * The "Operating System", "OS Version" and "Architecture" fields in the Computer details pane were wrong for the following OS: VIMA 4, VIMA 4.1 and Oracle Linux EL 6u0. This has been corrected. * Deployment Manager will return an Operation Timeout message if the machine has customized the Shell prompt to be different than the one Deployment Manager expects. To avoid this problem, the customer can now configure the prompt using the registry key "NetShell Prompt" in "HKCU\Software\ Centrify\Common". The default value is "NetShell:" if the registry does not exist. Note: this solution does not work for tcsh. 3.5 Bugs Fixed in Deployment Manager 2.1.1 * In the previous release, when joining a machine to the new DC5 zone, in the "Credentials to be used after joining Active Directory" page of the Manage Zone wizard, a logon failure error message will show up if you enter an AD account that is added the parent zone instead of the selected zone. This issue is fixed. * Computer alias can now contain the character '.'. In the past an error dialog will be displayed when a computer alias contains the period character. * Deployment Manager (64 bit) can now be installed on a Windows 2008 SP2 (64 bit) machine with SQL 2008 R2 installed. Previously you have to un-install SQL Server Compact 3.5 SP2 and then re-install the Deployment Manager. 3.6 Bugs Fixed in Deployment Manager 2.1.0 GA * Support discovery and deployment on Mac 10.7 machines. * After installing the Centrify Suite Express Edition on a machine, if you invoke the Properties page of this computer and select the Centrify Profile tab, the Centrify DirectControl Setup Wizard is launched. When going through the steps in this wizard, an Unexpected Error dialog appears. This issue is now fixed. 3.7 Bugs Fixed in Deployment Manager 2.1.0 Beta 1 * On some OS platforms such as HPUX or Solaris, using a non-privileged user account to login and then using the "su" option for privileged commands may result in failure when performing some actions, such as joining a computer to a different zone using the "Join Computer to Zone..." menu item. Or you may see extraneous strings in the "Enable audit for specific shells on the computers" listbox in the Manage Audit dialog. This issue is now fixed. * Joining a computer to an AD domain can fail if the DM console and the computer are connected to different domain controllers. A check box is now provided for user to specify which domain controller to use when joining the computer. 4. Known Issues The following sections describe common known issues or limitations associated with Centrify Deployment Manager. * In the Centrify Profile tab of the Properties page of a computer joined to a hierarchical zone, you cannot move this computer to a classic zone. Nor can you move it to a zone in another domain. There are no such problems with a computer joined to a classic zone. * When joining a computer to a zone, if the container's name starts with a '/' or contains space(s), the join operation will fail. * For the account used by Deployment Manager to login to the machines, please set the shell to /bin/sh or bash. Deployment Manager may run into problems with tcsh. * Deployment Manager may not be able to discover a HPUX 11.23 machine if its DNS is not configured properly. * The "UNIX name" field on the Properties dialog for a local user or local group on an AIX computer is disabled. This is because the chuser and chgroup commands do not allow for name change. * Deployment Manager will report an error when creating a local user on a HPUX machine in trusted mode. This is because it cannot set the password for the new user. The newly created user also cannot login since the password is not set. * On some platforms such as Red Hat, you cannot change a local user's password when the user name is the same as an AD user. * The Reset Password feature is disabled for a local user on a HPUX machine running in trusted mode. This feature is not allowed in trusted mode. * On a HPUX machine, it is possible that some actions to add, edit or map local users may fail due to the length of the command Deployment Manager sends to HPUX to perform the action. For examples, a user may have long GECOS or home directory paths; using sudo instead of root to execute the command may also lengthen it. * If you have both pre v5.0 Centrify DirectControl console and Deployment Manager installed, and then un-install the DirectControl console, the welcome page of the Deployment Manager is no longer accessible. This does not happen if the Centrify DirectControl console is v5.0. * Launching multiple instances of Deployment Manager It is not recommended that you launch multiple instances of Deployment Manager; you will be warned if you attempt to do so. If you run multiple instances at the same time you may experience the following problems: - The UI between the consoles is not synchronized. - There will be a chance of database conflicts. For example, analyzing computers would have a greater chance of failing as it may not be able to update the database. * History records contain non-printing characters There may be some non-printing characters displayed in the history records after running analysis; these are usually control characters captured while capturing the history and may be ignored. * Special user accounts on AIX UIDs imported for special user accounts on AIX will be displayed as negative numbers. The UIDs are correct, it is just the display that is incorrect, and this may be ignored. * System.AccessViolationException shown Occasionally Deployment Manager will show an error dialog box reporting a System.AccessViolationException due to an attempt to read or write protected memory due to a problem with SQL CE. You should restart Deployment Manager if you encounter this. * Can discover a computer but not discover information or deploy Deployment Manager relies on the SSH service on computers it discovers in order to learn more about the computer and deploy software to it. If the SSH service is running but not functioning correctly, the computer will be discovered but Deployment Manager will not be able to learn more about it or deploy software. * Access violations occur when run under heavy load This is a known issue with Microsoft SQLCE. You can find more information about this, including a patch to fix it, at: http://support.microsoft.com/kb/970269/en-us * Deployment Manager will report that there is no software on the local system even though it successfully downloaded to a VMware Shared Folder. VMware Shared Folders do not trigger filesystem notifications so Deployment Manager is not notified. * Fail to upgrade from 2.1.3 and 2.1.4 Deployment Manager It will be fixed in the next release. * Discovery does not work with non-root users due to the change of using /var/centrifydm instead of /tmp as the working directory. It will be fixed in next release. * If Jump Box is used, it requires root login. This is also due to the change of using /var/centrifydm as the working directory. It will be fixed in next release. * On Mac systems, usage of 'su' in Deployment Manager is not supported due to the change of using /var/centrifydm as the working directory. It will be fixed in later release. For the most up to date list of known issues, please login to the Customer Support Portal at http://www.centrify.com/support and refer to Knowledge Base articles for any known issues with the release. 5. Additional Information and Support In addition to the documentation provided with this package, you can find the answers to common questions and information about any general or platform-specific known limitations as well as tips and suggestions from the Centrify Knowledge Base. You can also contact Centrify Support directly with your questions through the Centrify Web site, by email, or by telephone. To contact Centrify Support or to get help with installing or using this software, send email to support@centrify.com or call 1-408-542-7500, option 2. For information about purchasing or evaluating Centrify products, send email to info@centrify.com.