DirectManage Deployment Manager Release Notes

2008-2013 Centrify Corporation.

This software is protected by international copyright laws.

All Rights Reserved.

 

Table of Contents

1. About This Release. 1

2. New Features. 2

2.1. New Features in Deployment Manager 5.1.0. 2

2.2. New Features in Deployment Manager 2.1.5. 2

2.3. New Features in Deployment Manager 2.1.4. 2

2.4. New Features in Deployment Manager 2.1.3. 3

2.5. New Features in Deployment Manager 2.1.2. 3

2.6. New Features in Deployment Manager 2.1.1. 3

2.7. New Features in Deployment Manager 2.1.0. 3

3. Bug Fixes. 4

3.1. Bugs Fixed in Deployment Manager 5.1.0. 4

3.2. Bugs Fixed in Deployment Manager 2.1.5. 4

3.3. Bugs Fixed in Deployment Manager 2.1.4. 4

3.4. Bugs Fixed in Deployment Manager 2.1.3. 5

3.5. Bugs Fixed in Deployment Manager 2.1.2. 5

3.6. Bugs Fixed in Deployment Manager 2.1.1. 5

3.7. Bugs Fixed in Deployment Manager 2.1.0. 5

4. Known Issues. 6

5. Additional Information and Support. 8

 

1. About This Release

 

DirectManage Deployment Manager is part of the Centrify Suite. It enables you to identify non-Windows systems within your environment, analyze their readiness to integrate with DirectControl and Active Directory, as well as perform deployment of Centrify Suite editions to these systems.

 

We recommended you download the latest Centrify product catalog from Centrify Download Center that may contain a newer catalog after this release.

2. New Features

 

2.1. New Features in Deployment Manager 5.1.0

 

         Deployment Manager can download the sudoers file from Linux, UNIX and Mac OS/X machine.

 

         WinSCP in Deployment Manager is upgraded from version 4.3.5 to version 5.1.2.

 

         Support the discovery as well as installation and upgrade of Centrify product suite for new OS platforms:

-    Mandriva one 2012 (32- and 64-bit)

-    Red Hat Enterprise Linux 5.8 PPC (64-bit)

-    Red Hat Enterprise Linux 5.8 Itanium (64-bit)

-    Linux Mint Debian Edition (32- and 64-bit)

-    OpenSuSE 12.2, 12.3 (32- and 64-bit)

 

2.2. New Features in Deployment Manager 2.1.5

 

         Support the discovery as well as installation and upgrade of Centrify product suite for new OS platforms:

-    Fedora 18 (32- and 64-bit)

-    Red Hat Enterprise Linux 6.3 (32- and 64-bit)

-    Red Hat Enterprise Linux Desktop 6.3 (32- and 64-bit)

-    CentOS 5.8, 6.3 (32- and 64-bit)

-    Scientific Linux 5.8, 6.3 (32- and 64-bit)

-    Ubuntu Desktop 12.10 (32- and 64-bit)

-    Ubuntu Server 12.10 (32- and 64-bit)

-    Linux Mint 13, 14 (32- and 64-bit)

 

Only x86 and x86-64 Red Hat packages are updated in this release. The Debian packages in Suite 2012.2 are verified to work with Ubuntu 12.10 and Linux Mint 13 and 14.

 

All other packages are identical to DirectControl 5.0.4.

 

2.3. New Features in Deployment Manager 2.1.4

 

         Support the discovery as well as installation and upgrade of Centrify product suite for new OS platforms such as Red Hat Enterprise Linux Desktop 5.6 and 6.0.

 

2.4. New Features in Deployment Manager 2.1.3

 

         Support the discovery as well as installation and upgrade of Centrify product suite for new OS platforms such as Mac OS X 10.8.

 

2.5. New Features in Deployment Manager 2.1.2

 

         (Post GA) Support added for Ubuntu 12.04.

 

         Support the discovery as well as installation and upgrade of Centrify product suite for new OS platforms such as CentOS 6.1 and Linux Mint 12.

 

         There is new menu item "Enable Centrify Product Catalog Auto Update" in the General tab of the Options dialog. If enabled, Deployment Manager will periodically check the Centrify web site for new versions of the Centrify product catalog and automatically download them if found.

 

         The "Import Centrify Product Catalog" is now a wizard. This provides a more responsive GUI as well as allows the import to be done in the background.

 

2.6. New Features in Deployment Manager 2.1.1

 

         The Deployment tab on a computer's Properties will now display Operating System and version information.

 

Shell scripts will no longer be run with privilege. Instead, they will be run with the provided credentials. However, customers can still allow their scripts to be run with privilege by specifying "#run-with-privilege" at the top of the script.

 

         The WinSCP version in the Deployment Manager package has been upgraded to v4.3.5.

 

A user no longer had to enter an installation name when configuring a UNIX DirectAudit agent for a secure installation. There is now a radio button to specify that the user has configured the DirectAudit installation by Group Policy.

 

2.7. New Features in Deployment Manager 2.1.0

 

         There is a new "Manage Zone" option to allow users to join or leave a computer to/from an AD domain.

 

         Users can choose to join or not join to an AD domain when installing the Centrify Suite on a computer.

 

         Support new hierarchical zones in DirectControl 5.

 

         Support installation of and upgrade to DirectAudit 2.0.

 

         The product catalog file is now available as part of Centrify Suite 2012. It is called centrify-product-catalog-offline.xml and is contained in Centrify-Suite-2012-agents-DM.iso.

 

3. Bug Fixes

 

3.1. Bugs Fixed in Deployment Manager 5.1.0

 

         Previously, Deployment Manager failed to create home directory when a new user is added in some OS like Solaris and AIX (REF#: 30903). This is now fixed.

 

         Deployment Manager can work with tcsh and csh shell on the target machine via su or sudo (REF#: 23016).

 

         Deployment Manager took long time to open when there are many open issues in the database (REF#: 34431). This issue is now fixed.

 

         Deployment Manager failed to display local groups with more than 100 members (REF# 33191). This is now fixed.

 

         Deployment Manager will not fail to connect to its database larger than 128MB. It now supports up to 2GB database size (REF#: 30203).

 

3.2. Bugs Fixed in Deployment Manager 2.1.5

 

         Deployment Manager has historically written working data to /tmp. This version of Deployment Manager uses /var/centrifydm for its working data. This version is backward compatible with all versions of Suite 2012.

 

3.3. Bugs Fixed in Deployment Manager 2.1.4

 

         The speed to add/delete users in the group is greatly improved. Before, it took couple minutes if the group contains a thousand users.

 

3.4. Bugs Fixed in Deployment Manager 2.1.3

 

         No major bug fixes.

 

3.5. Bugs Fixed in Deployment Manager 2.1.2

 

         In previous releases, we do not detect the minor number of some OS versions. For example, a machine with Scientific 6.1 installed is recognized as Scientific 6, RHEL 5.8 as RHEL 5. This is now resolved.

 

         The "Operating System", "OS Version" and "Architecture" fields in the Computer details pane were wrong for the following OS: VIMA 4, VIMA 4.1 and Oracle Linux EL 6u0. This has been corrected.

 

         Deployment Manager will return an Operation Timeout message if the machine has customized the Shell prompt to be different than the one Deployment Manager expects. To avoid this problem, the customer can now configure the prompt using the registry key "NetShell Prompt" in "HKCU\Software\ Centrify\Common". The default value is "NetShell:" if the registry does not exist.

 

Note: this solution does not work for tcsh.

 

3.6. Bugs Fixed in Deployment Manager 2.1.1

 

         In the previous release, when joining a machine to the new DC5 zone, in the "Credentials to be used after joining Active Directory" page of the Manage Zone wizard, a logon failure error message will show up if you enter an AD account that is added the parent zone instead of the selected zone. This issue is fixed.

 

         Computer alias can now contain the character '.'. In the past an error dialog will be displayed when a computer alias contains the period character.

 

         Deployment Manager (64 bit) can now be installed on a Windows 2008 SP2 (64 bit) machine with SQL 2008 R2 installed. Previously you have to un-install SQL Server Compact 3.5 SP2 and then re-install the Deployment Manager.

 

3.7. Bugs Fixed in Deployment Manager 2.1.0

 

         Support discovery and deployment on Mac 10.7 machines.

 

         On some OS platforms such as HPUX or Solaris, using a non-privileged user account to login and then using the "su" option for privileged commands may result in failure when performing some actions, such as joining a computer to a different zone using the "Join Computer to Zone..." menu item. Or you may see extraneous strings in the "Enable audit for specific shells on the computers" listbox in the Manage Audit dialog. This issue is now fixed.

 

         Joining a computer to an AD domain can fail if the DM console and the computer are connected to different domain controllers. A check box is now provided for user to specify which domain controller to use when joining the computer.

4. Known Issues

 

The following sections describe common known issues or limitations associated with DirectManage Deployment Manager.

 

         Please note that Deployment Manager requires the Centrify product catalog to be imported first before using the "Download Software" feature. For example, if you download the software bundles from the Centrify Suite ISO into a local or network drive which is then specified as the software location, Deployment Manager will detect only the adcheck packages if the product catalog is not imported.

 

         In the Centrify Profile tab of the Properties page of a computer joined to a hierarchical zone, you cannot move this computer to a classic zone. Nor can you move it to a zone in another domain. There are no such problems with a computer joined to a classic zone.

 

         When joining a computer to a zone, if the container's name starts with a '/' or contains space(s), the join operation will fail.

 

         Deployment Manager may not be able to discover a HPUX 11.23 machine if its DNS is not configured properly.

 

         The "UNIX name" field on the Properties dialog for a local user or local group on an AIX computer is disabled. This is because the chuser and chgroup commands do not allow for name change.

 

         Deployment Manager will report an error when creating a local user on a HPUX machine in trusted mode. This is because it cannot set the password for the new user. The newly created user also cannot login since the password is not set.

 

         On some platforms such as Red Hat, you cannot change a local user's password when the user name is the same as an AD user.

 

         The Reset Password feature is disabled for a local user on a HPUX machine running in trusted mode. This feature is not allowed in trusted mode.

 

         On a HPUX machine, it is possible that some actions to add, edit or map local users may fail due to the length of the command that Deployment Manager sends to HPUX to perform the action. For examples, a user may have long GECOS or home directory paths; using sudo instead of root to execute the command may also lengthen it.

 

         If you have both pre v5.0 Centrify DirectControl Administrator console and Deployment Manager installed, and then un-install the DirectControl Administrator console, the welcome page of the Deployment Manager is no longer accessible. This does not happen if the Centrify DirectControl Administrator console is v5.0 0 and above or you are using Centrify DirectManage Access Manager.

 

         We recommend that you DO NOT launch multiple instances of Deployment Manager. If you run multiple instances at the same time you may experience the following problems:

 

- The UI between the consoles is not synchronized.

 

- There will be a chance of database conflicts. For example, analyzing computers would have a greater chance of failing as it may not be able to update the database.

 

         History records contain non-printing characters

 

There may be some non-printing characters displayed in the history records after running analysis; these are usually control characters captured while capturing the history and may be ignored.

 

         Special user accounts on AIX

 

UIDs imported for special user accounts on AIX will be displayed as negative numbers. The UIDs are correct, it is just the display that is incorrect, and this may be ignored.

 

         System.AccessViolationException shown

 

Occasionally Deployment Manager will show an error dialog box reporting a System.AccessViolationException due to an attempt to read or write protected memory due to a problem with SQL CE. You should restart Deployment Manager if you encounter this.

 

         Can discover a computer but cannot deploy software if SSH service is not functioning.

 

Deployment Manager relies on the SSH service on a discovered computer for information gathering and software deployment. If the SSH service is running but not functioning correctly, Deployment Manager cannot retrieve additional information nor deploy software to it.

 

         Access violations occur when run under heavy load

 

This is a known issue with Microsoft SQLCE. You can find more information about this, including a patch to fix it, at:

 

http://support.microsoft.com/kb/970269/en-us

 

         Deployment Manager will report that there is no software on the local system even though it successfully downloaded to a VMware Shared Folder. VMware Shared Folders do not trigger file system notifications so Deployment Manager is not notified.

 

         To support the normal user using jump box, the /var/centrifydm folder needs to be created with a privilege account and change the owner to the normal user and set permissions to 755 (REF#: 38662).

 

         On Mac systems, usage of 'su' in Deployment Manager is not supported due to the change of using /var/centrifydm as the working directory (REF#: 38922).

 

For the most up to date list of known issues, please login to the Customer Support Portal at http://www.centrify.com/support and refer to Knowledge Base articles for any known issues with the release.

5. Additional Information and Support

 

In addition to the documentation provided with this package, you can find the answers to common questions and information about any general or platform-specific known limitations as well as tips and suggestions from the Centrify Knowledge Base.

 

You can also contact Centrify Support directly with your questions through the Centrify Web site, by email, or by telephone. To contact Centrify Support or to get help with installing or using this software, send email to support@centrify.com or call 1-408-542-7500, option 2. For information about purchasing or evaluating Centrify products, send email to info@centrify.com.