This hotfix for the NetIQ Secure Configuration Manager resolves previous issues. This release notes document outlines why you should install this hotfix.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the Secure Configuration Manager forum, our community Web site that also includes product notifications, blogs, and product user groups.
For more information about this release and for the latest Release Notes, see the Secure Configuration Manager Documentation web site. To download this product, see the Secure Configuration Manager Hotfixes Web site.
This hotfix resolves the following issues. For the list of software fixes and enhancements in previous releases, see the Secure Configuration Manager Documentation page.
This hotfix resolves the following issues.
Issue: There is performance issue in the getCheckDataDetail API, that results in slow loading of the dashboard. (BUG 861926)
Fix: This hotfix resolves the API performance issue.
Issue: When you import a new version of the template, existing xccdf files are overwritten. This happens because the ThreatGuard either versions or renames the files based on the template. (BUG 862183)
Fix: When importing the template, the associated files of the template are now copied at C:\Program Files (x86)\NetIQ\Secure Configuration Manager\Core Services\web\webapps\root\ThreatGuard\<template_id>. When the SCAP template is run, Agents pick the files from the new location.
Issue: When you delete the template, xccdf files are deleted from the core server in a multi-core environment. (BUG 862186)
Fix: When deleting the template from a core server in a multi-core environment, the associated files of the template are now deleted from all the core servers.
Issue: The getCheckDataDetail API returns data that contains a dataset for each endpoint specified in the request. This dataset contains a field for the endpointName attribute. Data is not populated in this field, it needs to be populated with the endpointName value. (BUG 862418)
Fix: The endpoint settings are now included when the getCheckDataDetail API is called.
Issue: When the environment has many console users, the Console Permissions wizard takes a long time to start.(BUG 862436)
Fix: This issue is resolved through reduction of redundant calls to the SCM database.
Issue: In the Report Viewer console, endpoints are not available in the Windows group under IT Assets. (BUG 862598)
Fix: The issue is resolved by making changes in the stored procedures for SCM database.
Issue: When you import a template and run it against an endpoint, and apply an exception (after excepting one or more error checks), it is expected that the endpoint is in compliance with the specified exception. But some errors are not excepted. (BUG 864040)
Fix: This hotfix resolves by handling the creation of exceptions for error checks.
Issue: The getComputerInMetric API fails to retrieve the lastInComplianceJobID attribute details.(BUG 865102)
Fix: This hotfix adds the lastInComplianceJobID attribute to the getComputerInMetric API.
Issue: The getComputerInMetric API does not return error checks in unknownList element. (BUG 865428)
Fix: This hotfix resolves the issue. unknownList element is verified to have error checks data.
Issue: The compliance score needs to be adjusted to not count errored checks against compliance. (BUG 867462)
Fix: This issue is resolved, as the baseline and benchmark scores are now calculated by subtracting the missing score.
Issue: The getMetricSnapshot API returns the wrong checks for a particular policy. If the API is run with a Database Server policy, the checks are returned for the OS policy instead. (BUG 857908)
Fix: The getMetricSnapshot API now returns checks specific to the given template.
Issue: The getMetricSnapshot API returns the following error when the job is deleted: (BUG 860602)
Fault occurred while processing
Fix: With this hotfix, this exception is handled correctly while running the API.
Issue: The getMetricSnapshot API takes a long time to load SADR. (BUG 859209)
Fix: With this hotfix, the getMetricSnapshot API performance is improved.
Issue: The getMetricSnapshot API returns incorrect scanned date. Instead of displaying the date and time of the job run, the scanned date is shown as the date and time when the API was executed. (BUG 860194)
Fix: With this hotfix, the scanned date and time in the getMetricSnapshot API display the date and time when the job was run.
Issue: The calculateGroupMetricTrend API returns 0 for all values of outOfCompliantCount and inCompliantCount attributes. (BUG 854972)
Fix: With this hotfix, the calculateGroupMetricTrend API returns correct values for the outOfCompliantCount and inCompliantCount attributes.
Issue: When you open a report in the completed job queue, it takes a very long time to display the report.(BUG 855183)
Fix: With this hotfix, reports in the completed job queue open considerably faster.
Issue: In a multi- core environment, SCAP files are not copied to any other Core machines.(BUG 855033)
Fix: With this hotfix, in a multi-core environment, the SCAP files are copied to other Core machines successfully.
Issue: SCAP templates cannot re-imported. (BUG 858741)
Fix: With this hotfix, SCAP templates can be re-imported. The re-import of SCAP templates now results in replacing the older template successfully.
Issue: When you log into the SCM Core, a timeout operation is displayed. (BUG 849095)
Fix: This hotfix resolves this issue.
Issue: After upgrading to SCM 5.9.1, the check instances are not displayed within Aegis Namespace. (BUG 835077)
Fix: With this hotfix, the check instances are visible in the Aegis Namespace browser.
Issue: When scheduling a job, the scheduled job and the completed job do not have corresponding descriptions for cross-reference. (BUG 830944)
Fix: With this hotfix, descriptions are added in the completed job queues for schedule name and schedule description.
Issue: In an environment where there are many assets, displaying IT assets takes very long time.((BUG 855182)
Fix: With this hotfix, performance is improved.
Issue: A new web service API is required to get the top n number of failed checks. (BUG 857503)
Fix: An existing API, getGroupMetric, is modified to retrieve top n number of failed checks.
Issue: The getGroupMetric API does not populate errored checks in the unknownList element.(BUG 829803)
Fix: With this hotfix, the unknownList element shows the errored checks.
Issue: The SCM listGroup API needs to be enhanced in the following two ways:
To allow it to be executed by a normal SCM user that may only have rights to a single group.
To return only those groups the user has rights to see.
(BUG 834311)
Fix: In this hotfix, the SCM listGroup API is enhanced.
This hotfix requires NetIQ Secure Configuration Manager 5.9.1. For information about hardware requirements, supported operating systems and browsers, and other software requirements, see the Installation Guide for NetIQ Secure Configuration Manager.
This hotfix updates Secure Configuration Manager Core Services, console, and the database. You must install the hotfix on each Core Services computer.
To install this hotfix:
Log in to the Core Services computer with a local administrator account.
Run the SCM591_Hotfix7014445.exe file.
Follow the instructions in the wizard until you have finished installing the hotfix.
To verify that the hotfix installation was successful:
Log in to the Secure Configuration Manager console.
On the Help menu, click About NetIQ Secure Configuration Manager.
On the core services, console, and the database tabs, verify SCM 5.9.1 Hotfix 7014445.
This hotfix updates the following files:
In the C:\Program Files (x86)\NetIQ\Secure Configuration Manager\Core Services\bin folder:
ExportDomainKeys.bat
ImportDomainKeys.bat
In the C:\Program Files (x86)\NetIQ\Secure Configuration Manager\Core Services\etc folder:
capi.vdal
vdal.properties
Ticket.vdal
In the C:\Program Files (x86)\NetIQ\Secure Configuration Manager\Core Services\lib\ext folder:
capi.jar
coredb.jar
In the C:\Program Files (x86)\NetIQ\Secure Configuration Manager\Core Services\modules folder:
ticket.jar
gladiator.jar
coreagent.jar
tgscap.jar
In the C:\Program Files (x86)\NetIQ\Secure Configuration Manager\Core Services\web\webapps folder:
cws.war
In the Secure Configuration Manager database, the following stored procedures are updated:
sp_getCompletedRequest
sp_UpdateScheduleRefRequest
SPASADDPKGDETAIL
SPUPDATEDATABASEQUERY
SPUPDATETASKQUERY
SPUPSERTDICTIONARY
SPUpdateSavedList
spPropertyBagItemSave
sp_executeTask
sp_getReport2ForAppendixWithViolation
CanProxy
spGetCheckResults
sp_AgentsHost
sp_GetActionByID
sp_GetActionByName
sp_GetActionNameLike
sp_GetAgentGUID
sp_GetAgentOfEndpoint
sp_GetAgentProxy
sp_GetAgentsExact
sp_GetAgentsLike
sp_GetAllAction
sp_GetAllAgents
sp_GetAllCheckDefinitions
sp_GetAllEndpoints
sp_GetApplicable
sp_GetCheckData
sp_GetDetailDataError
sp_GetEndpointAttributeExists
sp_GetEndpointByHostname
sp_GetEndpointByHostnameAll
sp_GetEndpointByHostnameLike
sp_GetEndpointBySErverIDShort
sp_GetEndpointByServerID
sp_GetEndpointGroupID
sp_GetEndpointPolicy
sp_GetEndpointsInGroup
sp_GetEndpointsOnAgent
sp_GetEndpointsWithNoActivitySince
sp_GetFailedEndpoints
sp_GetGroupParent
sp_GetHiddenPolicyByName
sp_GetInCompliance
sp_GetLicenseGrouping
sp_GetListCheckDefinitionExact
sp_GetListCheckDefinitionExactByID
sp_GetListCheckDefinitionLike
sp_GetListEndPointExact
sp_GetListExceptAll
sp_GetListExceptExact
sp_GetListGroup
sp_GetLookupReportTask
sp_GetOutCompliance
sp_GetPSUsersLockOut
sp_GetPolicy
sp_GetPolicyByID
sp_GetPolicyByName
sp_GetPolicyByNameLike
sp_GetPolicySummary
sp_GetPolicyTemplateByID
sp_GetRoleAndUsers
sp_GetServerOS
sp_GetTaskAssessmentMaxVersion
sp_GetTaskOverviewList
sp_GetUnknownCompliance
sp_ListAllTaskDefinitionOverview
sp_ListEndpointLike
sp_NextDistributeGroup
sp_addHistory
sp_deleteTask
sp_getAgentAttributeValue
sp_getAgentDetails
sp_getAllTaskAssessmentOverview
sp_getAllTemplateChecks
sp_getChecksWithException
sp_getDRDetails
sp_getDefinedAuthorities
sp_getDefinedPlatforms
sp_getDiscoveryFindManagedHosts
sp_getDiscoveryLookupLikeyEndpoint
sp_getDiscoveryLookupLikeyEndpointWithOracleInstance
sp_getDiscoveryLookupLikeyEndpointWithSQLInstance
sp_getDiscoveryLookupLikeyPlatformEndpoint
sp_getEndPointDetails
sp_getExceptionInSnaphot
sp_getFailedChecks
sp_getFailedChecksForGroup
sp_getGetTaskMaxMasterID
sp_getGroupListAE
sp_getLastStatusIsFailed
sp_getLookupReportTaskByRequestID
sp_getOrphanEndpoints
sp_getPendingCoreTasks
sp_getPendingRequests
sp_getPendingTasks
sp_getPolicyCheckDetails
sp_getRequestInfoBySerialID
sp_getServerIDForSpecificServer
sp_getSessionDetails
sp_getSessionToken
sp_getTaskAssessmentExists
sp_getTaskAssessmentVersion
sp_getTaskExistsStatus
sp_getTaskMaxVersion
sp_getEndPoint
sp_getUpdatesByDate
spGetAttributePivotCols
spGetSnapshotCheck
In the installation folder, by default C:\Program Files\NetIQ\Secure Configuration Manager\VSOC:
NetIQ.VM.CustomCheckTemplate.dll
NetIQ.VM.Permissions.dll
NetIQ.VM.PSE.dll
NetIQ.VM.Util.dll
NetIQ.VM.SavedList.dll
NetIQ.VM.ReportViewer.dll
NetIQ.VM.ProviderPRP.dll
NetIQ.VM.DAL.dll
NetIQ.VM.CheckExemption.dll
VSOC.EXE
In the C:\Program Files\NetIQ\Secure Configuration Manager\VSOC\prp folder:
iSeries.xml
windows.xml
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information Web site.
For general corporate and product information, see the NetIQ Corporate Web site.
For interactive conversations with your peers and NetIQ experts, become an active member of Qmunity, our community Web site that offers product forums, product notifications, blogs, and product user groups.
THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT ARE FURNISHED UNDER AND ARE SUBJECT TO THE TERMS OF A LICENSE AGREEMENT OR A NON-DISCLOSURE AGREEMENT. EXCEPT AS EXPRESSLY SET FORTH IN SUCH LICENSE AGREEMENT OR NON-DISCLOSURE AGREEMENT, NETIQ CORPORATION PROVIDES THIS DOCUMENT AND THE SOFTWARE DESCRIBED IN THIS DOCUMENT "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. SOME STATES DO NOT ALLOW DISCLAIMERS OF EXPRESS OR IMPLIED WARRANTIES IN CERTAIN TRANSACTIONS; THEREFORE, THIS STATEMENT MAY NOT APPLY TO YOU.
For purposes of clarity, any module, adapter or other similar material (“Module”) is licensed under the terms and conditions of the End User License Agreement for the applicable version of the NetIQ product or software to which it relates or interoperates with, and by accessing, copying or using a Module you agree to be bound by such terms. If you do not agree to the terms of the End User License Agreement you are not authorized to use, access or copy a Module and you must destroy all copies of the Module and contact NetIQ for further instructions.
This document and the software described in this document may not be lent, sold, or given away without the prior written permission of NetIQ Corporation, except as otherwise permitted by law. Except as expressly set forth in such license agreement or non-disclosure agreement, no part of this document or the software described in this document may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, electronic, mechanical, or otherwise, without the prior written consent of NetIQ Corporation. Some companies, names, and data in this document are used for illustration purposes and may not represent real companies, individuals, or data.
This document could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein. These changes may be incorporated in new editions of this document. NetIQ Corporation may make improvements in or changes to the software described in this document at any time.
U.S. Government Restricted Rights: If the software and documentation are being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor (at any tier), in accordance with 48 C.F.R. 227.7202-4 (for Department of Defense (DOD) acquisitions) and 48 C.F.R. 2.101 and 12.212 (for non-DOD acquisitions), the government's rights in the software and documentation, including its rights to use, modify, reproduce, release, perform, display or disclose the software or documentation, will be subject in all respects to the commercial license rights and restrictions provided in the license agreement.
© 2014 NetIQ Corporation. All Rights Reserved.
For information about NetIQ trademarks, see http://www.netiq.com/company/legal/.