DirectManage™ Deployment Manager 5.3.0 Release Notes
© 2008-2016 Centrify Corporation.
This software is protected by international copyright laws.
All Rights Reserved.
Table of Contents
DirectManage Deployment Manager is part of Centrify Server Suite. It enables you to identify non-Windows computers within your environment and analyze their readiness to integrate with DirectControl and Active Directory, as well as perform deployment of editions of Centrify Server Suite to these computers.
We recommend that you download the latest Centrify product catalog from Centrify Download Center in case it contains a newer catalog than what is provided with this release.
For a list of newly added or dropped UNIX, Linux, and Mac platforms in this release of Centrify Server Suite, please refer to the DirectControl Release Notes. The Centrify Support Portal on centrify.com has the comprehensive list of supported operating systems.
The Centrify Server Suite release notes and documents are available online at http://docs.centrify.com.
Centrify software is protected by U.S. Patent No. 7,591,005, 8,024,360, 8,321,523, 9,015,103 B2 and 9,112,846.
· Deployment Manager now supports public key authentication using AES-128-CBC encrypted keys (Ref: CS-38600).
· In manage software wizard, installed components will be automatically selected for upgrade (Ref: CS-38266).
· In “Manage Audit”, Deployment Manager now supports change of DirectAudit Installation name on computers allowing locally configured installation (Ref: CS-38035).
· Termination of support of Deployment Manager on platform: (Ref: CS-38998)
- All 32-bit Windows platforms
· Connect Prompt and Connect Expects can be configured in both option page and computer property page (Ref: 48556).
· Workstation or server license type can now be configured during adjoin (Ref: 77120).
· PuTTY in Deployment Manager has been upgraded from version 0.63 to version 0.64 (Ref: 74953).
· Deployment Manager now support SHA-2 key exchange algorithm. Please be noted that in previous version only SHA-1 key exchange algorithm is supported. It is suggested to upgrade to Deployment Manager 5.2.3 together with the *nix packages (Ref: 80099, 76877).
· User can group computers into custom groups and operations can be performed to the groups. This feature can be enabled by adding a new DWORD “Custom Groups” registry with value 1 to
HKEY_CURRENT_USER\Software\Centrify\Deployment Manager (Ref: 68766).
· Termination of support of Deployment Manager on platform: (Ref: 64457)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 R2
· Deployment Manager will import the product catalog if it is located in the same network or local directory during Centrify software download (Ref: 27967).
· Telnet is now disabled by default. It can be enabled in the Network page of Options dialog (Ref: 58400).
· User can now analyze only one domain controller, or all domain controllers on the site during analyze environment (Ref: 67647).
· SSH port can be configured in both option page and computer property page (Ref: 57993).
· Detailed error information can now be exported using new tool DumpDB.exe (Ref: 55576).
· Deployment Manager is now able to perform adjoin for a computer whether its Active Directory object has been pre-created or not. Previously Deployment Manager will fail an adjoin action for a computer that has been pre-created. (Ref: 67656).
· WinSCP and VNCViewer will now be removed from DM installer. DM will detect any installed WinSCP / VNCViewer and show the related feature (Ref: 60384).
· Deployment Manager now support using Apple algorithm in automatic generating of UIDs and GIDs on Mac OS X computers joining the Auto Zone (Ref: 73340).
· Termination of support of Deployment Manager on platform:
- Microsoft Windows XP
· Termination of support of Deployment Manager starting from next release on platform: (Ref: 64457)
- Microsoft Windows Server 2003
- Microsoft Windows Server 2003 R2
· (Post GA) added support of Mac OS X 10.10. This is the last release that Mac OS X 10.7 is supported.
· WinSCP in Deployment Manager is upgraded from version 5.1.7 to version 5.5.4. Please refer to http://winscp.net/eng/docs/history#5.5.4 for change logs (Ref: 66652).
· Centrify Suite Express Edition does not provide central management of policies, delegated administration, identity control, authorization, and audit policies.
If your organization outgrows the basic functionality of Express, you can upgrade to another edition of Centrify Suite to take advantage of additional features (Ref: 64987).
· A new option page is added for controlling whether the provided UNIX credentials are persisted to local database or temporarily cached in memory (Ref: 63600).
· Deployment Manager fails to discover computers supporting SHA256 KEX algorithms in SSH connection on FIPS-enabled environment previously (Ref: CS-38314). The issue is now fixed.
· Previously, Deployment Manager fails to discover HP-UX 11.31 computer host name in normal mode (Ref: 76720). This is now fixed.
· In previous release, discover fails on csh/tcsh shell target machine with operation timed out message when using JumpBox due to default "Expect Shell prompt". It is now fixed (Ref: 66762).
The following sections describe common known issues or limitations associated with DirectManage Deployment Manager.
· Please note that Deployment Manager requires the Centrify product catalog to be imported first before using the "Download Software" feature. For example, if you download the software bundles from the Centrify Suite ISO into a local or network drive which is then specified as the software location, Deployment Manager will detect only the adcheck packages if the product catalog is not imported.
· In the Centrify Profile tab of the Properties page of a computer joined to a hierarchical zone, you cannot move this computer to a classic zone. Nor can you move it to a zone in another domain. There are no such problems with a computer joined to a classic zone.
· When joining a computer to a zone, if the container's name starts with a '/' or contains space(s), the join operation will fail.
· Deployment Manager may not be able to discover a HPUX 11.23 machine if it’s DNS is not configured properly.
· The "UNIX name" field on the Properties dialog for a local user or local group on an AIX computer is disabled. This is because the chuser and chgroup commands do not allow for name change.
· Deployment Manager will report an error when creating a local user on a HPUX machine in trusted mode. This is because it cannot set the password for the new user. The newly created user also cannot login since the password is not set.
· On some platforms such as Red Hat, you cannot change a local user's password when the user name is the same as an AD user.
· The Reset Password feature is disabled for a local user on a HPUX machine running in trusted mode. This feature is not allowed in trusted mode.
· On a HPUX machine, it is possible that some actions to add, edit or map local users may fail due to the length of the command that Deployment Manager sends to HPUX to perform the action. For examples, a user may have long GECOS or home directory paths; using sudo instead of root to execute the command may also lengthen it.
· If you have both pre v5.0 Centrify DirectControl Administrator console and Deployment Manager installed, and then un-install the DirectControl Administrator console, the welcome page of the Deployment Manager is no longer accessible. This does not happen if the Centrify DirectControl Administrator console is v5.0 0 and above or you are using Centrify DirectManage Access Manager.
· We recommend that you DO NOT launch multiple instances of Deployment Manager. If you run multiple instances at the same time you may experience the following problems:
- The UI between the consoles is not synchronized.
- There will be a chance of database conflicts. For example, analyzing computers would have a greater chance of failing as it may not be able to update the database.
· History records contain non-printing characters
There may be some non-printing characters displayed in the history records after running analysis; these are usually control characters captured while capturing the history and may be ignored.
· Special user accounts on AIX
UIDs imported for special user accounts on AIX will be displayed as negative numbers. The UIDs are correct, it is just the display that is incorrect, and this may be ignored.
· System.AccessViolationException shown
Occasionally Deployment Manager will show an error dialog box reporting a System.AccessViolationException due to an attempt to read or write protected memory due to a problem with SQL CE. You should restart Deployment Manager if you encounter this.
· Can discover a computer but cannot deploy software if SSH service is not functioning.
Deployment Manager relies on the SSH service on a discovered computer for information gathering and software deployment. If the SSH service is running but not functioning correctly, Deployment Manager cannot retrieve additional information nor deploy software to it.
· Access violations occur when run under heavy load
This is a known issue with Microsoft SQLCE. You can find more information about this, including a patch to fix it, at:
· Deployment Manager will report that there is no software on the local system even though it successfully downloaded to a VMware Shared Folder. VMware Shared Folders do not trigger file system notifications so Deployment Manager is not notified.
· MMC crash after switching from UNIX name filter to History Node (Ref: 23122/CS-37045)
This is how it may happen:
- “Users” node is selected and some characters are typed into “UNIX Name” filter
- Then select “History” node as soon as possible after deleting the characters in previous filter
· Deployment Manager does not work on computers by using accounts that require multi-factor authentication when login or execute commands (Ref: CS-38698)
· You cannot deploy the Suite 2016 Mac agent using the Deployment Manager in Suite 2015.1 or older. This is due to system file changes introduced in Mac 10.11 OS, and old Deployment Managers prior to the Mac 10.11 release cannot handle this change. The new Deployment Manager in Suite 2016 will handle the upgrade correctly. (Ref: CS-39320)
For the most up to date list of known issues, please login to the Customer Support Portal at http://www.centrify.com/support and refer to Knowledge Base articles for any known issues with the release.
In addition to the documentation provided with this package, you can find the answers to common questions and information about any general or platform-specific known limitations as well as tips and suggestions from the Centrify Knowledge Base.
You can also contact Centrify Support directly with your questions through the Centrify Web site, by email, or by telephone. To contact Centrify Support or to get help with installing or using this software, send email to firstname.lastname@example.org or call 1-669-444-5200, option 2. For information about purchasing or evaluating Centrify products, send email to email@example.com.