Secure Configuration Manager 7.1 includes new features, improves usability, and resolves several previous issues.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure our products meet all your needs. You can post feedback in the Secure Configuration Manager forum, our community website that also includes product notifications, blogs, and product user groups.
For more information about Secure Configuration Manager, see the Secure Configuration Manager website.
For the latest version of this release notes document, see the Secure Configuration Manager 7.1 documentation website.
The following sections outline the key features and functions provided by this version, and issues resolved in this release.
To help you reduce the number of policy templates that you must run and review to assess your assets, the Web console includes a method for predicting vulnerability and compliance issues.
To invoke the prediction, you simply need to run a policy template then view its completed report. If the assessed endpoints fail one or more security checks, the report can include a list of other policy templates that the endpoints might fail. Many policy templates use the same security checks to assess an endpoint’s vulnerability to security breaches or compliance with a regulation, standard, or benchmark. If an endpoint fails security check instances in one policy template run, that endpoint will fail the same instances in another policy template.
The Web console enables you to create and apply exceptions that can include multiple policy templates. When you create one of these exceptions, Secure Configuration Manager checks whether a similar exception exists to prevent duplication.
NOTE:The Windows console and the Secure Configuration Manager Dashboard do not support this new functionality. Thus, reports and jobs in the Windows console and Dashboard cannot provide an indication that this type of exception has been applied to a relevant policy template run. However, the assessment results, such as risk scores, do take the exception into account.
You can create and apply a single exception that can include multiple policy templates. This batch method for creating exceptions still requires you to specify the combination of endpoints or groups of endpoints and security checks in the chosen policy templates. Secure Configuration Manager applies the exceptions every time that you run one of the specified policy templates against the specified endpoints.
You can choose to enable or disable batch-created exceptions. With this feature enabled, you do not have to run the policy templates against the relevant assets before creating the exceptions. However, Core Services might take longer to run a policy template because the service must first review all batch exceptions to determine if any need to be applied.
For more information about configuring batch exceptions in the Web console, see the following topics in the Web console Help:
Creating an Exception that Contains Multiple Policy Templates
Allowing Exceptions in the Web console
It is possible that, when you have multiple console users, those users might create exceptions that are similar to existing exceptions. With this release, Secure Configuration Manager can help you reduce the opportunity for creating duplicate or similar exceptions, thus also reducing the total number of exceptions that need to be managed.
When you use the batch method to create an exception in the Web console, Secure Configuration Manager reviews all current exceptions for the same policy template / endpoint combination. If a similar exception exists, the Web console prompts you to decide whether you want to continue with the new exception or edit the existing one. If a duplicate exists, you must edit the existing exception.
For more information, see “Excluding Data from Report Results” in the User's Guide for Secure Configuration Manager.
This release adds support for new security agents for UNIX and Windows:
This release adds support for Security Agent for UNIX 7.5.1 and 7.6. For more information about about the endpoints that you can manage with these agents, see the following documentation:
This release adds support for the Secure Configuration Manager Windows Agent 7.1 (Windows Agent 7.1), including updated objects and attributes in the Windows namespace.
For more information about the endpoints that you can manage with the new agent, see the Release Notes for Secure Configuration Manager Windows Agent.
This release introduces the following policy templates, which have been certified by the Center for Internet Security (CIS):
CIS Benchmark for Microsoft Windows Server 2012 R2 v2.2.1 for Level 1 - Domain Controller Profile
CIS Benchmark for Microsoft Windows Server 2012 R2 v2.2.1 for Level 1 - Member Server
CIS Benchmark for Microsoft Windows Server 2012 R2 v2.2.1 for Level 2 - Member Server
CIS Benchmark for Microsoft Windows Server 2012 R2 v2.2.1 for Level 2 - Domain Controller
CIS Benchmark for Microsoft Windows Server 2016 v1.0.0 for Level 1 - Member Server
CIS Benchmark for Microsoft Windows Server 2016 v1.0.0 for Level 2 - Member Server
CIS Benchmark for Microsoft Windows Server 2016 v1.0.0 for Level 1 - Domain Controller
CIS Benchmark for Microsoft Windows Server 2016 v1.0.0 for Level 2 - Domain Controller
CIS Benchmarks are best practices for ensuring the secure configuration of your endpoints. Available for more than 150 technologies, CIS Benchmarks are developed through a unique consensus-based process comprised of cybersecurity professionals and subject matter experts around the world.
This release does not include support for iSeries agents or endpoints. To monitor your iSeries assets using the latest release of Secure Configuration Manager, NetIQ recommends that you use TGAudit, which provides enhanced capabilities and reporting. If you are entitled to NetIQ Security Solutions for iSeries, you can use TGAudit at no extra cost. You can download TGAudit from the download page https://download.microfocus.com/Download?buildid=ZoH3ukkXcTc~. For more information about TGAudit or migrating your data, contact your Sales Representative or Technical Support.
If you want to continue monitoring your iSeries assets using your existing agents and endpoints, you will need to use a prior version of Secure Configuration Manager installed on a separate server. You must also maintain separate databases for each version.
Secure Configuration Manager 7.1 includes the following enhancements and software fixes that resolve several issues:
You can configure Secure Configuration Manager to log activity that occurs in the Web console. With logging enabled, Core Services stores information such as error messages and warnings in the event log.
In the Web console, select Your_ID > Settings > Logging, then enable the feature. You must configure Core Services to record events. For more information, see Enabling Event Logging
in the User's Guide for Secure Configuration Manager.
This release updates the Web console so you can export assessment results to a CSV file. The results include all security check data for each assessed endpoint. In the assessment report, click ... > Export to CSV.
The Web console already allowed you to export the full report as a PDF. (Bug 1099432)
This release resolves the issue where the Web console cannot generate dynamic reports when Secure Configuration Manager is in FIPS mode.
For more information about configuring FIPS mode, see “Enabling FIPS Communication” in the User's Guide for Secure Configuration Manager. (Bug 1073056)
This release resolves an issue where security checks that evaluate permissions for a specified policy fail to report accurate results if no user or group has been assigned permissions. For example, the security policy "Access credential manager as a trusted caller" determines who can access credential manager. To assess compliance with the policy, you might run the User rights security check. However, this check requires you to enter a value for the user or group to check for permissions but does not allow you to enter 'no one' or leave the value blank.
To resolve this issue, run the new User rights not assigned security check. This security check lists user rights, along with the user accounts that have each right, for the specified policy. If no user or group has rights to the setting, then this security check returns a correct value of "No one". (Bug 993726)
Issue: This release resolves an issue where a policy template run failed with following type of error:
An invalid XML character (Unicode: 0x8) was found in the element content of the document.
This issue occurred because the name of a group included one of the following character sets that must be escaped in XML: \a, \b, \f, or \v. For example, the group is Texas\balanced. Secure Configuration Manager could not parse the '\b' part of the name because the characters represent the backspace action in code. Alternatively, you might have encountered this issue when you ran a policy template that checks a group policy such as "Log on as a service" where the users might be similar to the following names:
Release 6.2 Patch Update 1 resolved the issue for the \b character set. This release resolves the issue the other characters that must be escaped. (Bug 1095349)
Ensure that you complete the following procedure:
To escape invalid characters:
In the Core Services Configuration Utility, select the Advanced tab.
For gladiator/securitycheckup/filter/EscapeInvalidChars, set the value to True.
Restart the NetIQ Core Services service.
This release includes support for the following new policy templates:
NetIQ CIS Microsoft SQL Server 2014 Benchmark v1.3.0
NetIQ CIS Microsoft SQL Server 2016 Benchmark v1.0.0
NetIQ CIS RHEL 7.5 Benchmark v2.2.0 - Level 1 Server
This release requires that the Secure Configuration Manager Dashboard (the Dashboard) be installed in your environment and connected to Core Services. The Web console requires the Analytics Database, which is installed with the Dashboard. For more information, see Section 4.1, Considerations for Installation and Upgrade.
NOTE:If you installed the Dashboard with a previous version of Secure Configuration Manager, you are not required to upgrade the Dashboard.
For more information about hardware requirements, supported operating systems, and browsers, see the following resources:
For more information about the security agents that you can use with this release, see Section 3.0, Security Agent Requirements.
This release supports the following security agent versions:
7.6
7.5.1
7.1
7.0
You can upgrade to Secure Configuration Manager 7.1 from version 7.0.
For more information, see Installing
and Upgrading
in the Secure Configuration Manager Installation Guide.
Before installing or upgrading to this version, review the considerations for the following components and features:
If Secure Configuration Manager 7.0 is installed with Microsoft SQL Server 2008, 2012, or 2016 or their service packs, upgrading to Secure Configuration Manager 7.1 might fail to import security checks and policy templates. Perform the steps mentioned in the NetIQ Knowledgebase Article 7023551. (Bug 1116496)
You can install Secure Configuration Manager components as a member of the computer’s Administrator group. However, if you plan to log in as a domain user that’s part of the Administrator group, you must use the setup.exe file to install the product. (Bug 1098523)
To perform a silent installation (use the .msi file) while logged in as a domain user, complete the following steps:
Press Shift, then right-click the file.
Select Run as different user.
Provide credentials for a local administrator, then continue with the installation process.
This release includes some improvements to the way Core Services builds the dynamic reports for the Web console. In this release, you can still see the report definitions that were created in version 7.0, but the Web console cannot display the dynamic reports.
After you upgrade to this release, you must create new definitions for your existing dynamic reports, then delete the original definitions.
Security settings on Windows 10 computers might prevent you from launching the Secure Configuration Manager installation program. The launch might either fail with an error indicating that another user canceled the operation or fail without displaying an error.
To install on Windows 10, complete one of the following steps:
Have your system administrator enable Do not preserve zone information in file attachments in the gpedit.msc group policy on the desired computer. Then download and run the installation program.
Manually modify the installation files.
Right-click the file, then select Properties.
In the General tab, select Unblock.
For more information, see the following explanations of this Microsoft issue:
This version requires .NET Framework 4.7.1. When you upgrade or install the Windows console for Secure Configuration Manager, the setup.exe program automatically installs the .NET software if it doesn’t already exist on the computer.
If necessary, you can find the .NET 4.7.1 installation program in the \CDImage\CDImage\Intel\redist directory of the Secure Configuration Manager installation package.
For more information, see Section 4.2, Installing or Upgrading to .NET 4.7.1.
The Analytics Database has always been a component of and installed with the Dashboard. The Web console also requires this database. However, you might not have installed the Dashboard with a previous version of Secure Configuration Manager.
When you run the setup.exe file to install or upgrade Core Services, the program asks you whether the Dashboard is already installed. The process wants the IP address and port for the Analytics Database. You can proceed in one of the following ways:
Dashboard is not installed, so you do not specify values for the Analytics Database.
In this case, install the Dashboard after you upgrade Secure Configuration Manager. To specify the settings for the Analytics Database, log in to the Web console. Then go to Settings > Analytics Database.
Dashboard is not installed but you know the IP address and port where you plan to install the Analytics Database.
In this case, specify the values. Then install the Dashboard after you upgrade Secure Configuration Manager.
Dashboard is installed, so you can specify the values for the Analytics Database.
You can continue using your existing Dashboard if you installed it with Secure Configuration Manager 6.1 or later. Otherwise, upgrade the Dashboard to this release.
For more information about the Dashboard requirements, see ”Planning to Install the Dashboard” in the Secure Configuration Manager Installation Guide.
For more information about updating the Dashboard settings in the Web console, see “Configuring the Web Console” in the Web console Help.
The NetIQ Secure Configuration Manager Windows Agent (Windows agent) gathers data about Windows endpoints and network devices.
To deploy a Windows agent version 7.1 to Windows agents already registered with Secure Configuration Manager, you must locally upgrade at least one agent in each domain. Secure Configuration Manager uses the first upgraded agent as a Deployment Agent for the domain. Once an agent is upgraded, Secure Configuration Manager can automatically assign it as a Deployment Agent. For more information about deployment and Deployment Agents, see the Secure Configuration Manager Windows Agent Installation and Configuration Guide and the User’s Guide for Secure Configuration Manager.
The setup program automatically adds a Windows agent to the Core Services computer, if no agent previously existed on the computer. If a Windows agent exists on the computer, the setup program upgrades the agent to version 7.1. Secure Configuration Manager assigns this agent as the default Deployment Agent. During installation, you should ensure that the run-as account specified for the NetIQ Security Agent for Windows service has the credentials to deploy to remote computers. For example, specify a domain administrator account.
To immediately upgrade your Windows agents to version 7.1, you might need to re-register the agents before using the Deployment feature in the console. Secure Configuration Manager requires that the Properties window for each agent specifies a fully qualified host name (FQHN) for the agent computer. Secure Configuration Manager needs to know in which domain each agent resides so that Core Services can assign a Deployment Agent to use for deploying version 7.1 to the agents.
However, if you upgrade your Windows agents more than 30 days after upgrading the Secure Configuration Manager infrastructure to version 7.1, you might not need to re-register your Windows agents. The Asset Details and Discovery job might collect the FQHN during a regularly scheduled run since this job enables Core Services to update agent and endpoint properties. You can also run this job manually from the Scheduled Jobs queue.
When the upgraded agent registers with Core Services, the default communication port changes from 1626 to 1627. If you upgrade an agent that communicates with Core Services on a port other than the default ports, you must manually re-register the upgraded agent.
If you want to re-deploy an agent that has already been successfully deployed to a remote computer, you must uninstall the agent first. For example, you might want to change the credentials of the NetIQ Security Agent for Windows service or resolve issues with the agent. The Deployment wizard does not change the settings for a previously installed agent, even though you modify the settings as part of the deployment process. The Windows agent setup program prevents you from installing an agent when the same version already exists on the computer, but the Deployment wizard does not.
The upgrade process removes all existing records from the Discovered Host table in the database. This means that the upgrade also removes all systems from the Discovered Systems content pane.
After you successfully upgrade or install Secure Configuration Manager and register your agents, the Asset Details and Discovery job automatically adds application endpoints discovered on currently registered Windows and UNIX systems.
To manually repopulate Discovered Systems with unmanaged systems, update the Discovery settings in the Core Services Configuration Utility, and then initiate the discovery process. For more information about discovery, see the Help and the User’s Guide for Secure Configuration Manager.
To discover systems in Active Directory, you must update the settings on the Discovery tab of the Core Services Configuration Utility.
The Windows console for this release requires .NET Framework 4.7.1, which the setup.exe program for Secure Configuration Manager automatically installs. However, the installation process for .NET might stall or end unexpectedly. The remediation process differs, depending on the operating system for the computer where you install Secure Configuration Manager:
If necessary, you can find the .NET 4.7.1 installation program in the \CDImage\CDImage\Intel\redist directory of the Secure Configuration Manager installation package.
Applies only to the Windows 7 operating system
On some Windows 7 systems, the installation process for .NET might fail with the following error:
A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider or end unexpectedly.
To mitigate this issue, ensure that you apply Microsoft KB2813430, and any related KBs, in the order described in the installation instructions for the KB articles. Also, after installing the KBs, restart the computer, then install Secure Configuration Manager.
Applies to Windows 8.1 and Windows Server 2012 R2, or later, operating systems
To prevent failures when installing .NET, ensure that you apply Microsoft KB2919442 and KB2919355, and any related KBs, in the order described in the installation instructions for the KB articles. Also, after installing .NET with the setup.exe program, you might need to restart the computer then install Secure Configuration Manager.
For more information about these issues, see .Net 4.6 will not install on Server 2012 R2
.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Section 5.4, Core Services Log Lists Erroneous Windows Version after Installation
Section 5.5, Issues with Security Agent for UNIX and Change Guardian
Section 5.6, Exporting Full Delta Reports to Microsoft Excel Format Fails
Section 5.7, Problem with Clicking the Back Button While Upgrading in Distributed Setup
Section 5.9, Cannot Create, Install, or View Security Certificates Using the sslkey.bat File
Section 5.11, Endpoint Registration Fails after Regenerating Crypto Keys
Section 5.13, Issues with Check Output View when the Data is High
The following issues apply only to the Web console, which this release introduces:
Displays an Erroneous Time for the Most Recent Change to a Batch-created Exception
Web Console Runs Out of Memory when Processing Large PDF Files
Getting Started Tour Fails to Respond to Keyboard Arrow Keys
Internet Explorer 11 Might Fail to Display Icons in the Web Console
Cannot Use the Keyboard to View Charts in the Vulnerability & Compliance Prediction Tab
Navigation Issues When Using a Screen Reader or the Keyboard
Cannot Start Web Console while Core Services is Initializing
As with all exceptions, batch-created exceptions can have an expiration date and time. Whenever you run a policy template or refresh the Exceptions Management page, Core Services automatically checks for and disables exceptions that have expired.
However, when you view the details for a batch-created exception that has expired, the Web console erroneously updates the Date last modified. The time should reflect when the exception expired, which is midnight on the expiration date. Instead, the time corresponds with the moment that you refresh the page to view the details or run a policy template. All other details for the exception, including the date of the last modification, are correct. (Bug 1099937)
Issue: Microsoft Internet Explorer 11 does not support the underlying code that the Web console uses to display the Vulnerability and Compliance Prediction content in an assessment report. (Bug 1097429)
Workaround: To view the prediction content in an assessment report, use one of the other supported browsers, such as Google Chrome, Microsoft Edge, or Mozilla Firefox.
Issue: If you run a policy template that contains a large number of security checks against a large number of endpoints, the report in PDF format might contain hundreds of pages. For example, if you run the policy template CIS Microsoft Windows Server 2008 R2 Benchmark v2.1.0 for Level 1 - Domain Controller against more than 10 endpoints, the PDF file might be more than 1,000 pages.
The Web console cannot process or download such a large PDF file. (Bug 1087584)
Workaround: If the Web console fails to proces or download the PDF file and reports an Out of Memory error, open the report or download the PDF file from the Windows console.
Issue: In the Web console, the following security checks erroneously require you to specify an integer instead of alpha-numeric characters to indicate an enabled/disabled value for a parameter:
|
Platform |
Security Check |
|---|---|
|
IIS |
FTP logging enabled |
|
UNIX |
Ownership and permissions of files under /etc Minimum Password length restrictions |
|
Windows |
Service status User list by status |
(Bug 1068913)
Workaround: When you run these security checks, enter 1 to represent enabled and 0 for disabled.
Alternatively, you can use the Windows console to run the security checks.
The Web console might display the following anomalous behavior when you view a job that is in progress:
Some jobs might take longer than others to complete due to the number of security checks or endpoints being assessed. You can select a job that is still in progress to view its progress. However, the Web console might fail to display the status for one or more endpoints within the job. (Bug 1051613)
If you open a job that is in progress, the Web console might display an erroneous number of endpoints associated with the job. To determine the appropriate number of endpoints, check the value listed in the Name & Endpoints column of the Jobs > In Progress list. (Bug 1067395)
Although the Web console can display all jobs in the jobs queue for Secure Configuration Manager, the console cannot generate a report for tasks or delta reports. To view those reports, use the Windows console.
The Web console does provide enhanced views of assessment reports, as well as dynamic reporting. For more information, see the Help for the Web console and the User’s Guide for Secure Configuration Manager. (Bug 1069002)
The Web console provides a Getting Started tour to help you explore new features in the product. To move from one page in the tour to the next, you must click the left or right arrows in the interface. The tour does not respond to presses of the keyboard arrows. (Bug 1069547)
Issue: When you click View Report for a desired report, the Web console might display the following message:
Cannot display the report because it does not exist.
This message occurs in the following circumstances:
Someone deleted the report in the Web console. For example, a different user deleted the report, and your browser had not refreshed the list of reports.
The report existed in a previous version of Secure Configuration Manager. However, either no one had opened the report in that version or the report’s schedule expired before you upgraded to this release.
(Bug 1071856)
Workaround: Try opening the report in the Windows console. Once Secure Configuration Manager generates the report in the Windows console, you can view it in the Web console.
Issue: When you use Internet Explorer 11, the Web Console occasionally might fail to display icons or images. For example, the images that indicate Online and Offline endpoints might disappear. However, the text indicating the status of the endpoints continues to be visible. (Bug 1070011)
Workaround: If this issue occurs, clear the cache in Internet Explorer. Alternatively, use one of the other supported Web browsers, such as Firefox, Edge, or Chrome.
When you use the keyboard for navigation, the Vulnerability & Compliance Prediction tab in the assessment report fails to display the prediction chart and table for the selected endpoint. The console responds appropriately when you use the mouse to select the content. (Bug 1100180)
To support accessibility, you can use a screen reader or keyboard to navigate the Web console. However, some fields in the Web console might not behave as expected for your chosen navigation method:
To activate a dropdown menu, you might need to use the enter key rather than the spacebar key.
To select items in a dropdown menu, you might need to use the tab key, even though the screen reader prompts you to use the arrow key.
The screen reader cannot provide information about the contents of charts and graphs. However, it can read the legends associated with each chart or graph, which provide the same information in text format.
When you run a policy template or security check, you cannot use the keyboard to modify the Time Range value under Run Options.
(Bug 1069370, Bug 1068850)
When you install Core Services, the initialization process for Core Services continues in the background even though you have completed and closed the installation program. A shorter initialization period occurs after you restart the NetIQ Core Services service.
If you attempt to launch the Web console before the initialization process completes, the console displays an error. You can refresh the page to establish a connection to Core Services. (Bug 1073053)
NOTE:The console can display some content without communication with Core Services. However, most content requires Core Services. For example, endpoint status.
Issue: In the In Progress job queue, you can select multiple jobs then click Cancel to cancel the jobs. However, the Web console cancels only the most recent job. (Bug 1054179)
Workaround: To cancel jobs that are in progress, select only one job, then click Cancel. Then repeat the process for each job that you want to cancel.
This release enables you to apply a batch-created exception that includes multiple policy templates for a particular set of endpoints or groups. This functionality works only in the Web console. In other Secure Configuration Manager components, the following issues might occur:
Issue: The Windows console does not support batch-created exceptions. Therefore, the Admin Report Exceptions, which you run in the Windows console, does not provide data about this type of exceptions.
NOTE:In the Web console, you can also create an exception within an assessment report. This exception applies only to the endpoints and security checks associated with that policy template run, which is similar behavior as creating an exception in the Windows console. The Exceptions report does include data for this type of exception, regardless of the console that created the exception.
Workaround: The Web console lists all exceptions, regardless of the console that created the exception. In the Web console, go to Utilities > Exceptions. Select all exceptions in the current tab, then click Export to CSV.
Issue: If you enable batch-created exceptions in the Web console, the Dashboard does not provide an indication that these exceptions exist. When you review an assessment report in the Dashboard, the GroupCheckExceptions field equals zero, rather than accurately reporting the number of exceptions that have been applied to the results.
Workaround: Disable batch-created exceptions. For more information, see Allowing Exceptions in the Web console
in the Web console Help.
Sentinel fails to retrieve the data when you configure Secure Configuration Manager to send events only. This issue occurs only when both Sentinel and Secure Configuration Manager are in FIPS mode.
For more information about configuring FIPS mode, see Enabling FIPS Communication
in the User’s Guide for Secure Configuration Manager. (Bug 1068366)
If you install a Secure Configuration Manager component on a computer running Windows Server 2016, the Core Services log lists an erroneous version for the Windows platform:
System: Windows NT (unknown)
Secure Configuration Manager does know that the platform is Windows Server 2016. The log simply lists the incorrect version. (Bug 1065829)
The following issues occur if you use the Security Agent for UNIX 7.5 SP1 (UNIX agent) with both Change Guardian 5.0 and Secure Configuration Manager on the same server, and you use Change Guardian AM to upgrade or install the UNIX agent:
When you install Security Agent for UNIX 7.5 SP1 as part of a new installation of Change Guardian 5.0 on the same computer as Secure Configuration Manager, the agent registration fails in Secure Configuration Manager because of the dynamic certificate changes. (Bug 1045613)
Issue: Secure Configuration Manager fails to register the UNIX agent if you upgrade the agent from version 7.5 to 7.5 SP1 using Change Guardian AM. (Bug 1001599)
Workaround: Perform the following steps from UAM to re-register the UNIX agent in Secure Configuration Manager:
Go to Configure > SCM Options.
Click Configure.
In the SCM Configuration window, ensure that the Core Services Address is same as the SCM Core IP Address, then click Save.
Restart the agent service by selecting Stop and Start in the Agent Controls panel.
OR
You can manually register the UNIX agent:
Navigate to the /usr/netiq/bin file.
Run the following command:
#./wcRegister
To restart Secure Configuration Manager services, run the following command:
#/etc/init.d/uvserv restart
Issue: Secure Configuration Manager does not export full delta reports to Microsoft Excel format. (Bug 1001599)
Workaround: You can export delta reports in any other file formats such as .pdf, .tsv, .rtf, or .xml.
Issue: While upgrading Secure Configuration Manager to version 7.0 or later in the distributed setup in a computer where Core Services and the console are installed, the installation wizard displays incorrect screens if you click Back after the License Agreement screen. (Bug 994646)
Workaround: Cancel the upgrade process by closing the wizard, and start upgrading again.
Issue: If the computer on which you are installing contains a Microsoft .NET framework version higher than version 3.5 plus Microsoft .NET framework version 3.5 is not enabled, Secure Configuration Manager installation fails. (Bug 921158)
Workaround: Perform the steps specified in NetIQ Knowledgebase Article 7017878 before installing Secure Configuration Manager.
Issue: You cannot create, install, or view security certificates in your Core Services computer by running the sslkey tool. Secure Configuration Manager displays an error when you run the sslkey.bat file. (Bug 971532)
Workaround: You can use any third-party tool to create, install, or view security certificates.
Issue: When you edit an existing weekly or daily scheduled job for recurrence time schedule and save it, Secure Configuration Manager does not save and apply the updated recurrence schedule. The next run date is not updated as per the updated recurrence schedule. (Bug 971902)
Workaround: Delete the scheduled job you intend to update and create a new schedule job with the same parameters but with the new, intended recurrence time schedule.
Issue: While registering or reregistering an endpoint, if you regenerate the crypto key for SSH, the registration fails. This occurs because the key is not replaced in the .ssh/known_hosts file. (Bug 860552)
Workaround: Delete the .ssh/known_hosts file and register the endpoint again.
Issue: When you try to uninstall a Secure Configuration Manager component using the installation program on a computer that has Windows 7 or Windows Server 2008 R2, and if some files that belong to the component are in use, the installation program displays a File in Use dialog box. If you click Retry in that dialog box, ideally uninstallation should not continue and the error message should persist, but uninstallation resumes. (Bug 893069)
Workaround: Install the Microsoft KB 2649868.
Issue: The check output view in Secure Configuration Manager reports has the following issues when the amount of the data is high:
The output view is incomplete.
The scroll bar function is not supported.
(Bug 852044)
Workaround: There is no workaround at this time.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information Web site.
For general corporate and product information, see the NetIQ Corporate Web site.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
For information about NetIQ legal notices, disclaimers, warranties, export and other use restrictions, U.S. Government restricted rights, patent policy, and FIPS compliance, see http://www.netiq.com/company/legal/.
Copyright © 2018 Micro Focus Corporation or its affiliates.
For information about Micro Focus and NetIQ trademarks, see http://www.netiq.com/company/legal/. All third-party trademarks are the property of their respective owners.