NetIQ Secure Configuration Manager 5.9.1 Hotfix 7014445 Release Notes

May 2014

This hotfix for the NetIQ Secure Configuration Manager resolves previous issues. This release notes document outlines why you should install this hotfix.

Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the Secure Configuration Manager forum, our community Web site that also includes product notifications, blogs, and product user groups.

For more information about this release and for the latest Release Notes, see the Secure Configuration Manager Documentation web site. To download this product, see the Secure Configuration Manager Hotfixes Web site.

1.0 What’s New?

This hotfix resolves the following issues. For the list of software fixes and enhancements in previous releases, see the Secure Configuration Manager Documentation page.

1.1 Software Fixes

This hotfix resolves the following issues.

Performance Issue in the getCheckDataDetail API

Issue: There is performance issue in the getCheckDataDetail API, that results in slow loading of the dashboard. (BUG 861926)

Fix: This hotfix resolves the API performance issue.

Importing a New Version of the Template Overwrites the xccdf Files

Issue: When you import a new version of the template, existing xccdf files are overwritten. This happens because the ThreatGuard either versions or renames the files based on the template. (BUG 862183)

Fix: When importing the template, the associated files of the template are now copied at C:\Program Files (x86)\NetIQ\Secure Configuration Manager\Core Services\web\webapps\root\ThreatGuard\<template_id>. When the SCAP template is run, Agents pick the files from the new location.

When the Template is Deleted, xccdf Files are Deleted from the Core Server

Issue: When you delete the template, xccdf files are deleted from the core server in a multi-core environment. (BUG 862186)

Fix: When deleting the template from a core server in a multi-core environment, the associated files of the template are now deleted from all the core servers.

The getCheckDataDetail API Does Not Populate the endpointName Field

Issue: The getCheckDataDetail API returns data that contains a dataset for each endpoint specified in the request. This dataset contains a field for the endpointName attribute. Data is not populated in this field, it needs to be populated with the endpointName value. (BUG 862418)

Fix: The endpoint settings are now included when the getCheckDataDetail API is called.

Delay in Starting The Console Permissions Wizard

Issue: When the environment has many console users, the Console Permissions wizard takes a long time to start.(BUG 862436)

Fix: This issue is resolved through reduction of redundant calls to the SCM database.

Missing Windows Group Endpoints

Issue: In the Report Viewer console, endpoints are not available in the Windows group under IT Assets. (BUG 862598)

Fix: The issue is resolved by making changes in the stored procedures for SCM database.

Some Error Checks Cannot be Excepted

Issue: When you import a template and run it against an endpoint, and apply an exception (after excepting one or more error checks), it is expected that the endpoint is in compliance with the specified exception. But some errors are not excepted. (BUG 864040)

Fix: This hotfix resolves by handling the creation of exceptions for error checks.

The lastInComplianceJobID Attribute is Not Retrieved by the getComputerInMetric API

Issue: The getComputerInMetric API fails to retrieve the lastInComplianceJobID attribute details.(BUG 865102)

Fix: This hotfix adds the lastInComplianceJobID attribute to the getComputerInMetric API.

The getComputerInMetric API Does Not Return Error Checks in the unknownList Element

Issue: The getComputerInMetric API does not return error checks in unknownList element. (BUG 865428)

Fix: This hotfix resolves the issue. unknownList element is verified to have error checks data.

Compliance Score to be Adjusted to Not Count Errored Checks Against Compliance

Issue: The compliance score needs to be adjusted to not count errored checks against compliance. (BUG 867462)

Fix: This issue is resolved, as the baseline and benchmark scores are now calculated by subtracting the missing score.

The getMetricSnapshot API Returns Wrong Checks

Issue: The getMetricSnapshot API returns the wrong checks for a particular policy. If the API is run with a Database Server policy, the checks are returned for the OS policy instead. (BUG 857908)

Fix: The getMetricSnapshot API now returns checks specific to the given template.

The getMetricSnapshot API Returns an Error

Issue: The getMetricSnapshot API returns the following error when the job is deleted: (BUG 860602)

Fault occurred while processing

Fix: With this hotfix, this exception is handled correctly while running the API.

The getMetricSnapshot API Takes Long Time to Load SADR

Issue: The getMetricSnapshot API takes a long time to load SADR. (BUG 859209)

Fix: With this hotfix, the getMetricSnapshot API performance is improved.

The getMetricSnapshot API Returns Incorrect Scanned Date

Issue: The getMetricSnapshot API returns incorrect scanned date. Instead of displaying the date and time of the job run, the scanned date is shown as the date and time when the API was executed. (BUG 860194)

Fix: With this hotfix, the scanned date and time in the getMetricSnapshot API display the date and time when the job was run.

The calculateGroupMetricTrend API Returns 0 for All Values of outOfCompliantCount and inCompliantCount Attributes

Issue: The calculateGroupMetricTrend API returns 0 for all values of outOfCompliantCount and inCompliantCount attributes. (BUG 854972)

Fix: With this hotfix, the calculateGroupMetricTrend API returns correct values for the outOfCompliantCount and inCompliantCount attributes.

Delay in Opening Reports in Completed Job Queue

Issue: When you open a report in the completed job queue, it takes a very long time to display the report.(BUG 855183)

Fix: With this hotfix, reports in the completed job queue open considerably faster.

SCAP Files are Not Copied to Any Other Core Machines in a Multi-core Environment

Issue: In a multi- core environment, SCAP files are not copied to any other Core machines.(BUG 855033)

Fix: With this hotfix, in a multi-core environment, the SCAP files are copied to other Core machines successfully.

SCAP Templates Cannot Re-Imported

Issue: SCAP templates cannot re-imported. (BUG 858741)

Fix: With this hotfix, SCAP templates can be re-imported. The re-import of SCAP templates now results in replacing the older template successfully.

Timeout Operation Error in Core When Logging in

Issue: When you log into the SCM Core, a timeout operation is displayed. (BUG 849095)

Fix: This hotfix resolves this issue.

After Upgrading to SCM 5.9.1, Check Instances Are Not Displayed in Aegis

Issue: After upgrading to SCM 5.9.1, the check instances are not displayed within Aegis Namespace. (BUG 835077)

Fix: With this hotfix, the check instances are visible in the Aegis Namespace browser.

The Scheduled Job and the Completed Job Do Not Have Corresponding Descriptions for Cross-Reference

Issue: When scheduling a job, the scheduled job and the completed job do not have corresponding descriptions for cross-reference. (BUG 830944)

Fix: With this hotfix, descriptions are added in the completed job queues for schedule name and schedule description.

Displaying Assets from IT Assets Takes Long Time

Issue: In an environment where there are many assets, displaying IT assets takes very long time.((BUG 855182)

Fix: With this hotfix, performance is improved.

New Web Service API is Required to Get the Top n Number of Failed Checks

Issue: A new web service API is required to get the top n number of failed checks. (BUG 857503)

Fix: An existing API, getGroupMetric, is modified to retrieve top n number of failed checks.

The getGroupMetric API Does Not Populate Error Checks

Issue: The getGroupMetric API does not populate errored checks in the unknownList element.(BUG 829803)

Fix: With this hotfix, the unknownList element shows the errored checks.

SCM listGroup API to be Enhanced

Issue: The SCM listGroup API needs to be enhanced in the following two ways:

  1. To allow it to be executed by a normal SCM user that may only have rights to a single group.

  2. To return only those groups the user has rights to see.

(BUG 834311)

Fix: In this hotfix, the SCM listGroup API is enhanced.

2.0 System Requirements

This hotfix requires NetIQ Secure Configuration Manager 5.9.1. For information about hardware requirements, supported operating systems and browsers, and other software requirements, see the Installation Guide for NetIQ Secure Configuration Manager.

3.0 Installing This Hotfix

This hotfix updates Secure Configuration Manager Core Services, console, and the database. You must install the hotfix on each Core Services computer.

To install this hotfix:

  1. Log in to the Core Services computer with a local administrator account.

  2. Run the SCM591_Hotfix7014445.exe file.

  3. Follow the instructions in the wizard until you have finished installing the hotfix.

4.0 Verifying the Installation

To verify that the hotfix installation was successful:

  1. Log in to the Secure Configuration Manager console.

  2. On the Help menu, click About NetIQ Secure Configuration Manager.

  3. On the core services, console, and the database tabs, verify SCM 5.9.1 Hotfix 7014445.

5.0 Modified Files

This hotfix updates the following files:

In the C:\Program Files (x86)\NetIQ\Secure Configuration Manager\Core Services\bin folder:

  • ExportDomainKeys.bat

  • ImportDomainKeys.bat

In the C:\Program Files (x86)\NetIQ\Secure Configuration Manager\Core Services\etc folder:

  • capi.vdal

  • vdal.properties

  • Ticket.vdal

In the C:\Program Files (x86)\NetIQ\Secure Configuration Manager\Core Services\lib\ext folder:

  • capi.jar

  • coredb.jar

In the C:\Program Files (x86)\NetIQ\Secure Configuration Manager\Core Services\modules folder:

  • ticket.jar

  • gladiator.jar

  • coreagent.jar

  • tgscap.jar

In the C:\Program Files (x86)\NetIQ\Secure Configuration Manager\Core Services\web\webapps folder:

  • cws.war

In the Secure Configuration Manager database, the following stored procedures are updated:

  • sp_getCompletedRequest

  • sp_UpdateScheduleRefRequest

  • SPASADDPKGDETAIL

  • SPUPDATEDATABASEQUERY

  • SPUPDATETASKQUERY

  • SPUPSERTDICTIONARY

  • SPUpdateSavedList

  • spPropertyBagItemSave

  • sp_executeTask

  • sp_getReport2ForAppendixWithViolation

  • CanProxy

  • spGetCheckResults

  • sp_AgentsHost

  • sp_GetActionByID

  • sp_GetActionByName

  • sp_GetActionNameLike

  • sp_GetAgentGUID

  • sp_GetAgentOfEndpoint

  • sp_GetAgentProxy

  • sp_GetAgentsExact

  • sp_GetAgentsLike

  • sp_GetAllAction

  • sp_GetAllAgents

  • sp_GetAllCheckDefinitions

  • sp_GetAllEndpoints

  • sp_GetApplicable

  • sp_GetCheckData

  • sp_GetDetailDataError

  • sp_GetEndpointAttributeExists

  • sp_GetEndpointByHostname

  • sp_GetEndpointByHostnameAll

  • sp_GetEndpointByHostnameLike

  • sp_GetEndpointBySErverIDShort

  • sp_GetEndpointByServerID

  • sp_GetEndpointGroupID

  • sp_GetEndpointPolicy

  • sp_GetEndpointsInGroup

  • sp_GetEndpointsOnAgent

  • sp_GetEndpointsWithNoActivitySince

  • sp_GetFailedEndpoints

  • sp_GetGroupParent

  • sp_GetHiddenPolicyByName

  • sp_GetInCompliance

  • sp_GetLicenseGrouping

  • sp_GetListCheckDefinitionExact

  • sp_GetListCheckDefinitionExactByID

  • sp_GetListCheckDefinitionLike

  • sp_GetListEndPointExact

  • sp_GetListExceptAll

  • sp_GetListExceptExact

  • sp_GetListGroup

  • sp_GetLookupReportTask

  • sp_GetOutCompliance

  • sp_GetPSUsersLockOut

  • sp_GetPolicy

  • sp_GetPolicyByID

  • sp_GetPolicyByName

  • sp_GetPolicyByNameLike

  • sp_GetPolicySummary

  • sp_GetPolicyTemplateByID

  • sp_GetRoleAndUsers

  • sp_GetServerOS

  • sp_GetTaskAssessmentMaxVersion

  • sp_GetTaskOverviewList

  • sp_GetUnknownCompliance

  • sp_ListAllTaskDefinitionOverview

  • sp_ListEndpointLike

  • sp_NextDistributeGroup

  • sp_addHistory

  • sp_deleteTask

  • sp_getAgentAttributeValue

  • sp_getAgentDetails

  • sp_getAllTaskAssessmentOverview

  • sp_getAllTemplateChecks

  • sp_getChecksWithException

  • sp_getDRDetails

  • sp_getDefinedAuthorities

  • sp_getDefinedPlatforms

  • sp_getDiscoveryFindManagedHosts

  • sp_getDiscoveryLookupLikeyEndpoint

  • sp_getDiscoveryLookupLikeyEndpointWithOracleInstance

  • sp_getDiscoveryLookupLikeyEndpointWithSQLInstance

  • sp_getDiscoveryLookupLikeyPlatformEndpoint

  • sp_getEndPointDetails

  • sp_getExceptionInSnaphot

  • sp_getFailedChecks

  • sp_getFailedChecksForGroup

  • sp_getGetTaskMaxMasterID

  • sp_getGroupListAE

  • sp_getLastStatusIsFailed

  • sp_getLookupReportTaskByRequestID

  • sp_getOrphanEndpoints

  • sp_getPendingCoreTasks

  • sp_getPendingRequests

  • sp_getPendingTasks

  • sp_getPolicyCheckDetails

  • sp_getRequestInfoBySerialID

  • sp_getServerIDForSpecificServer

  • sp_getSessionDetails

  • sp_getSessionToken

  • sp_getTaskAssessmentExists

  • sp_getTaskAssessmentVersion

  • sp_getTaskExistsStatus

  • sp_getTaskMaxVersion

  • sp_getEndPoint

  • sp_getUpdatesByDate

  • spGetAttributePivotCols

  • spGetSnapshotCheck

In the installation folder, by default C:\Program Files\NetIQ\Secure Configuration Manager\VSOC:

  • NetIQ.VM.CustomCheckTemplate.dll

  • NetIQ.VM.Permissions.dll

  • NetIQ.VM.PSE.dll

  • NetIQ.VM.Util.dll

  • NetIQ.VM.SavedList.dll

  • NetIQ.VM.ReportViewer.dll

  • NetIQ.VM.ProviderPRP.dll

  • NetIQ.VM.DAL.dll

  • NetIQ.VM.CheckExemption.dll

  • VSOC.EXE

In the C:\Program Files\NetIQ\Secure Configuration Manager\VSOC\prp folder:

  • iSeries.xml

  • windows.xml

6.0 Contact Information

Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.

For detailed contact information, see the Support Contact Information Web site.

For general corporate and product information, see the NetIQ Corporate Web site.

For interactive conversations with your peers and NetIQ experts, become an active member of Qmunity, our community Web site that offers product forums, product notifications, blogs, and product user groups.