DirectManage™ Deployment Manager 5.2.2 Release Notes
© 2008-2015 Centrify Corporation.
This software is protected by international copyright laws.
All Rights Reserved.
Table of Contents
DirectManage Deployment Manager is part of Centrify Server Suite. It enables you to identify non-Windows computers within your environment and analyze their readiness to integrate with DirectControl and Active Directory, as well as perform deployment of editions of Centrify Server Suite to these computers.
We recommend that you download the latest Centrify product catalog from Centrify Download Center in case it contains a newer catalog than what is provided with this release.
For a list of newly added or dropped UNIX, Linux, and Mac platforms in this release of Centrify Server Suite, please refer to the DirectControl Release Notes. The Centrify Support Portal on centrify.com has the comprehensive list of supported operating systems.
Centrify Suite is protected by U.S. Patents 7,591,005, 8,024,360, and 8,321,523.
You can obtain information about previous releases from the Centrify Support Portal, in the Documentation & Application Notes page.
· Deployment Manager will import the product catalog if it is located in the same network or local directory during Centrify software download (Ref: 27967).
· Telnet is now disabled by default. It can be enabled in the Network page of Options dialog (Ref: 58400).
· User can now analyze only one domain controller, or all domain controllers on the site during analyze environment (Ref: 67647).
· SSH port can be configured in both option page and computer property page (Ref: 57993).
· Detailed error information can now be exported using new tool DumpDB.exe (Ref: 55576).
· Deployment Manager is now able to perform adjoin for a computer whether its Active Directory object has been pre-created or not. Previously Deployment Manager will fail an adjoin action for a computer that has been pre-created. (Ref: 67656).
· WinSCP and VNCViewer will now be removed from DM installer. DM will detect any installed WinSCP / VNCViewer and show the related feature (Ref: 60384).
· Deployment Manager now support using Apple algorithm in automatic generating of UIDs and GIDs on Mac OS X computers joining the Auto Zone (Ref: 73340).
· Termination of support of Deployment Manager on platform:
- Microsoft Windows XP
· Termination of support of Deployment Manager starting from next release on platform: (Ref: 64457)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 R2
· (Post GA) added support of Mac OS X 10.10. This is the last release that Mac OS X 10.7 is supported.
· WinSCP in Deployment Manager is upgraded from version 5.1.7 to version 5.5.4. Please refer to http://winscp.net/eng/docs/history#5.5.4 for change logs (Ref: 66652).
· Centrify Suite Express Edition does not provide central management of policies, delegated administration, identity control, authorization, and audit policies.
If your organization outgrows the basic functionality of Express, you can upgrade to another edition of Centrify Suite to take advantage of additional features (Ref: 64987).
· A new option page is added for controlling whether the provided UNIX credentials are persisted to local database or temporarily cached in memory (Ref: 63600).
· PuTTY in Deployment Manager has been upgraded from version 0.62 to version 0.63 (Ref: 53652).
· Centrify Identity Risk Assessor
- A new feature is added into Deployment Manager for evaluating and identifying potential areas of concern that might affect the security, compliance, or operational efficiency of the remote computers.
- This new feature supports the following platforms:
· WinSCP in Deployment Manager is upgraded from version 5.1.2 to version 5.1.7. Please refer to http://winscp.net/eng/docs/history#5.1.7 for more bug-fix details (Ref: 50773).
· Termination of support of Deployment Manager on platform:
- Microsoft Windows Vista
· Deployment Manager can download the sudoers file from Linux, UNIX and Mac OS X computers.
· WinSCP in Deployment Manager is upgraded from version 4.3.5 to version 5.1.2.
· In previous release, discover fails on csh/tcsh shell target machine with operation timed out message when using JumpBox due to default "Expect Shell prompt". It is now fixed (Ref: 66762).
· The about dialog now show the current suite name (Ref: 55395).
· Previously with the change of using /var/centrifydm as the working directory, Deployment Manager cannot discover machines using normal user (Ref: 38663). This is now resolved.
· On Mac systems, usage of 'su' in Deployment Manager is not supported due to the change of using /var/centrifydm as the working directory (Ref: 38922). This is now resolved.
· Previously, Deployment Manager failed to create home directory when a new user is added in some OS like Solaris and AIX (Ref: 30903). This is now fixed.
· Deployment Manager can work with tcsh and csh shell on the target machine via su or sudo (Ref: 23016).
· Deployment Manager took long time to open when there are many open issues in the database (Ref: 34431). This issue is now fixed.
· Deployment Manager failed to display local groups with more than 100 members (Ref: 33191). This is now fixed.
· Deployment Manager will not fail to connect to its database larger than 128MB. It now supports up to 2GB database size (Ref: 30203).
The following sections describe common known issues or limitations associated with DirectManage Deployment Manager.
· Please note that Deployment Manager requires the Centrify product catalog to be imported first before using the "Download Software" feature. For example, if you download the software bundles from the Centrify Suite ISO into a local or network drive which is then specified as the software location, Deployment Manager will detect only the adcheck packages if the product catalog is not imported.
· In the Centrify Profile tab of the Properties page of a computer joined to a hierarchical zone, you cannot move this computer to a classic zone. Nor can you move it to a zone in another domain. There are no such problems with a computer joined to a classic zone.
· When joining a computer to a zone, if the container's name starts with a '/' or contains space(s), the join operation will fail.
· Deployment Manager may not be able to discover a HPUX 11.23 machine if it’s DNS is not configured properly.
· The "UNIX name" field on the Properties dialog for a local user or local group on an AIX computer is disabled. This is because the chuser and chgroup commands do not allow for name change.
· Deployment Manager will report an error when creating a local user on a HPUX machine in trusted mode. This is because it cannot set the password for the new user. The newly created user also cannot login since the password is not set.
· On some platforms such as Red Hat, you cannot change a local user's password when the user name is the same as an AD user.
· The Reset Password feature is disabled for a local user on a HPUX machine running in trusted mode. This feature is not allowed in trusted mode.
· On a HPUX machine, it is possible that some actions to add, edit or map local users may fail due to the length of the command that Deployment Manager sends to HPUX to perform the action. For examples, a user may have long GECOS or home directory paths; using sudo instead of root to execute the command may also lengthen it.
· If you have both pre v5.0 Centrify DirectControl Administrator console and Deployment Manager installed, and then un-install the DirectControl Administrator console, the welcome page of the Deployment Manager is no longer accessible. This does not happen if the Centrify DirectControl Administrator console is v5.0 0 and above or you are using Centrify DirectManage Access Manager.
· We recommend that you DO NOT launch multiple instances of Deployment Manager. If you run multiple instances at the same time you may experience the following problems:
- The UI between the consoles is not synchronized.
- There will be a chance of database conflicts. For example, analyzing computers would have a greater chance of failing as it may not be able to update the database.
· History records contain non-printing characters
There may be some non-printing characters displayed in the history records after running analysis; these are usually control characters captured while capturing the history and may be ignored.
· Special user accounts on AIX
UIDs imported for special user accounts on AIX will be displayed as negative numbers. The UIDs are correct, it is just the display that is incorrect, and this may be ignored.
· System.AccessViolationException shown
Occasionally Deployment Manager will show an error dialog box reporting a System.AccessViolationException due to an attempt to read or write protected memory due to a problem with SQL CE. You should restart Deployment Manager if you encounter this.
· Can discover a computer but cannot deploy software if SSH service is not functioning.
Deployment Manager relies on the SSH service on a discovered computer for information gathering and software deployment. If the SSH service is running but not functioning correctly, Deployment Manager cannot retrieve additional information nor deploy software to it.
· Access violations occur when run under heavy load
This is a known issue with Microsoft SQLCE. You can find more information about this, including a patch to fix it, at:
· Deployment Manager will report that there is no software on the local system even though it successfully downloaded to a VMware Shared Folder. VMware Shared Folders do not trigger file system notifications so Deployment Manager is not notified.
· MMC crash after switching from UNIX name filter to History Node (Ref: 23122)
This is how it may happen:
- “Users” node is selected and some characters are typed into “UNIX Name” filter
- Then select “History” node as soon as possible after deleting the characters in previous filter
· Deployment Manager fails to discover HP-UX 11.31 computer host name in normal mode (Ref: 76720)
Using sudo to add a HPUX 11.31 computer running normal mode (untrusted mode) results in the computer host name incorrectly discovered as “Last successful login: …”. You can avoid this problem by setting the DISPLAY_LAST_LOGIN attribute in /etc/default/security to 0 that will turn off both last successful login and the last authentication failure messages. This problem does not happen on other HPUX versions or using trusted mode. This is a known issue to be fixed in a future release.
For the most up to date list of known issues, please login to the Customer Support Portal at http://www.centrify.com/support and refer to Knowledge Base articles for any known issues with the release.
In addition to the documentation provided with this package, you can find the answers to common questions and information about any general or platform-specific known limitations as well as tips and suggestions from the Centrify Knowledge Base.
You can also contact Centrify Support directly with your questions through the Centrify Web site, by email, or by telephone. To contact Centrify Support or to get help with installing or using this software, send email to firstname.lastname@example.org or call 1-669-444-5200, option 2. For information about purchasing or evaluating Centrify products, send email to email@example.com.