Cumulative Pointfixes applicable to ITMS 7.6 HF7
This article contains cumulative point fixes provided to customers Post-7.6 HF7 for SMP, SMA, SMF, SWM ECV, TASK, RTSM, ULM, INV, AM, INVPACK, VMM, ND, PPA, RAC, WF, and DS issues.
Each section can be installed independently from the others. Apply any of the attached files that may apply to your issue.
In order to accommodate the introduction of Peer-to-Peer (P2P) download and Office 365 patching support features with the Symantec Management Agent (See DOC9473), fixes Post-HF7 for SMA, SMP and SMF has been combined in one single file. See attached "SMA_SMF_SMP_7.6_POST_HF7_P2P_v14.zip"
For a list of what is included besides the P2P and Office 365 patching support features for the SMA, SMP and SMF fixes, please refer to tables for the corresponding elements under "Legacy versions of SMA/SMF/SMP pointfixes" section.
Important! note based on recent observations on order of install:
1. Order of install between SMP/SMA cumulative PF and Task Server cumulative PF – SMP cumulative PF to be installed 1st, following Task Server cumulative PF.
2. In case Task Server cumulative PF was already installed prior to SMP cumulative PF – Task Server cumulative PF installation should be repeated after that.
Fixes added into "SMA_SMF_SMP_7.6_POST_HF7_P2P_v14.zip"
|Path Traversal Vulnerability in Software Management Framework||N/A|
|P2P should be used if no package server is designated for the site.||N/A|
|p2p: Please add Check box to targeted agent settings, that will control P2P behavior in CEM||N/A|
|Evt_AeX_SWD_Package table shows incorrect package name in the name column||N/A|
Blocked p2p in WiFi causes agents to fall into download retry
|p2p and throttling: It takes too long to download packages as the download process is affected by Targeted Agent Settings bandwidth control.||N/A|
|Customer has noticed "Operation 'Get File' failed" / "Download Package failed: Operation aborted" / "refreshPackageStatusVerbose(): Package does not exist for update" errors, when testing p2p v4||N/A|
|MDP: Execution of task doesn't continue after restart||N/A|
|Added the ability to replicate Resource History||N/A|
|6% of all machines stuck at package download in progress||N/A|
|User targeted Managed Delivery Policies disappear from users machines after about 2 days||TECH247416|
|CTAs cannot get the list of Task Servers caused by "The handler 'GetClientTaskServers' is failed to process request" and "all pooled connections were in use and max pool size was reached" error||TECH247922|
|NSEs are been saved under c:\windows\system32\inetsvr folder||TECH248162|
|AeXAgentUtil interaction with AeXNSAgent causing DCOM error when setting NS name on first boot to production after image deployment||N/A|
|Multiple duplicate records in ResourceTargetOwnerTrustees create problems during replication. Targets replication fails||N/A|
|Path Traversal Vulnerability in Software Management Framework||SYM17-013|
See ReadMe_v14.pdf included with the zip file for more details on what else this file contains regarding P2P fixes.
If you are not interested in this P2P functionality but still want the fixes on SMA, SMF, SMP created Post-HF7 PRIOR to releasing P2P download feature, please refer to the attached "SMA_7.6_POST_HF7_v11.zip", "SMP_7.6_POST_HF7_v8.zip", and "SMF_7.6_POST_HF7_v4.zip". However, you can’t apply any of these files if you have already applied "SMA_SMF_SMP_7.6_POST_HF7_P2P_v11.zip" on your environment.
SMA (Symantec Management Agent) fixes:
|"After upgrading CEM machines to Windows 10 CEM agent stop working and errors with the following error: Unable to retrieve NS Agent certificate from store, error: Cannot find object or property (0x80092004)"||N/A|
|"SMA with PS and 31K packages has committed 800MB of memory"||N/A|
|"When using Skype for business or Microsoft Link to connect to desktops remotely, various tabs in the Symantec Management Agent GUI do not work."||TECH233941|
|"Windows 7 Package servers download hangs and causes the OS to not be able to be shut down."||N/A|
|"SMA seems to hold onto old and outdated information in the secure store"||TECH234647|
|"Tasks do not execute if system is at the login screen and the NS has not resumed the boot to production task."||N/A|
|"HKEY_USER Detection Rules Registry Value are always evaluated as Not Detected even if the reg value exists, and no remediation ever occurs."||TECH234816|
|"DS 7.6 HF7 : Reboot to production randomly fails"||N/A|
|"AppID account lockout - storage corruption and agent redirection scenarios"||N/A|
|"Boot to production task fails to complete once the system is back in production"||TECH235438|
"Multicast"="Merged multicast logging changes from 8.1 branch"
|"Stopping SMA agent which is negotiation for a multicast session causes package to be downloaded immediately via HTTP or UNC"||N/A|
|"Unable to push software to users imported via AD Import using Managed Software Delivery policies."||TECH232204|
|"Error when gathering Software inventory: An exception caught in m_pSMFAgent->InventoryScan2(bQuickScan,bSendFullNSE)"||N/A|
|"Detection checks are creating 3 NSE files for every check on repeat policy executions."||N/A|
|"Package download is looping every second or so on clients when a package has been updated with edited or new content"||N/A|
|"Agent provides invalid package name in NSE for Evt_AeX_SWD_Package dataclass"|
|"Managed Delivery not processing all Tasks when started manually, but runs correctly via scheduled run"|
SMP (Symantec Management Platform) fixes:
|"Targeting using expressions in a CMDB rule causes Symantec Management Server Error"||TECH234047|
|"The data could not be loaded. error When attempting to add a filter to a rule. Legacy target builder"||TECH234047|
|"Custom Data Classes with an attribute defined as a String less than or equal to 7 displays NULL incorrectly"||TECH234047|
|"Users that are members of multiple security groups in multiple OU sites are not showing up on AD Filters"||TECH234484|
|"AD Import: import from * groups (ALL) is broken since 7.6 / 8.0"||N/A|
|"Create New Database failed on ITMS setup with 7.6.HF7."||N/A|
|"DAL Generator failed for: Altiris.NS.StandardItems.Collection.DataAccessLayer.NSResourceCollectionDAL".||TECH234254|
|"AD import computers rule: Removing OU from import and adding it back later only adds 30% of computers in corresponding".||TECH234772|
|"Error Spamming logs There was no endpoint listening at pipe that could accept the message"||N/A|
|"Delta Resource Membership is taking around two hours on average but only 15-20 immediately after maintenance is done"||N/A|
|"Windows update KB3154070 affects iframe loading, preventing Altiris web portals and some views from loading".||TECH234957|
|"Active Directory Computer Import Rule Importing Data for Managed Computers When Rule is Configured for Unmanaged computers".||TECH235482|
|Parent SMP clears the Client Date on certain replicated computers when AD Import runs.||N/A|
|It doesn't auto replicate assigned resource target(s) for Site during replication of Sites via Resource stand-alone replication rule||N/A|
|Data Connector import/export rule doesn't replicate custom resource target in it via Item stand-alone replication rule||N/A|
|It doesn't show all Data Class for Basic Inventory in Resources stand-alone replication rule||N/A|
|It doesn't show all available Data Classes for Computer Events in Resource stand-alone replication rule||N/A|
|It doesn't allow to choose any of DC from Notification Server Events in Resource stand-alone replication rule||N/A|
|Standalone resource replication rule does not allow to select hidden data classes||N/A|
|Standalone replication rule allow to migrate advertisements from policies||N/A|
|Server Replication report doesn't show data of executed stand-alone replication rule on source||N/A|
|Settings from General and Events tabs of Global Agent Settings aren't replicated by Item stand-alone replication rule||N/A|
|Check-boxes settings from Package Service Settings page aren't replicated by Item stand-alone replication rule||N/A|
|Failed to update last login time for Account because Invalid object name dbo.InvHist_Account_Details||N/A|
|Computer Resources replicated down to all children in hierarchy after applying HF4||N/A|
SMF (Software Management Framework) fixes:
|Add or Edit Package: Unable to delete package files||TECH235096|
|Software component association to a file is not restored if a component was inventoried on a child's client, then deleted on parent, and re-inventoried (Full mode) on the same client again.||N/A|
|Adding file to nested folder in package builder adds file to root.||TECH235096|
|Data Migration: replication of Software Product should automatically replicate records of associated data classes||N/A|
Now, regarding fixes on SWM, ECV, RTSM, TASK, ULM, Monitor, INV, AM, INVPACK, VMM, ND, PPA, RAC, WF, and DS components, those are not part of the updated P2P feature (update covers only for SMP+SMA+SMF components). Meaning fixes for all the rest components are still to be applied as previously – via separate packages listed in their respective sections of this article. Those fixes can be installed on top of the combined SMP+SMA+SMF components for P2P feature.
SWM (Software Management Solution) fixes:
|"Software portal requests for approved software are being saved as Pending for a single user (Turkish Language UI)."||N/A|
|"Software Portal UI (client side): Software list may contain records with blank Software Names"||TECH236745|
"After removing Apply to Resource Targets permission from Managed delivery policy, user is still able to modify targets in this policy"
"SWM 7.6 Post HF7 v3 introduces a problem when a policy status cannot be changed".
|"Software Portal requests remain in "open" and "approved" state until denied from Administrator Portal"||N/A|
See attached "SWM_7.6_POST_HF7_v5.zip"
ECV (Enhanced Console Views) fixes:
|"When selecting multiple machines under Manage>Computers, the 'Computer Summary Multiple' blade doesn't come back to the 'General' blade when selecting back one machine."||TECH234249|
|"Getting error 'Failed to get computers xml '', hexadecimal value 0x02, is an invalid character' When trying to load the information for First Time Setup page left frames."||TECH233949|
|"Getting error: Failed to resolve resource query from the xml configuration. This join source does not have a dataField 'Guid'."||TECH229137|
|"Manage>Computers>Computers Views and Groups" on any of their both Child SMPs, the main frame don't load any of the computers from those groups selected. It shows a spinning icon.||N/A|
|"Computers with software installed view shows 2 computers, however should show 164 as per database queries and other views."||N/A|
|"Different number of components to meter can be seen in Meter / track usage when switching between Identify Inventory and Delivery tabs."||N/A|
|"Different numbers when comparing Installed Products Computers with software installed view vs Installed but unused' in Software Product License and Usage."||N/A|
|"'Software Product License and Usage' flip book in Activity Center, usage graph is not correct."||N/A|
|"Managed Software Delivery Policies Enhanced View Not Populating Correctly"||N/A|
See attached "ECV_7.6_POST_HF7_v8.zip"
Task Management fixes:
|"When scheduling an initial deployment task, the instance created lists the task server as the SMP, and the client registers to a remote task server, causing no task to execute on the client."||N/A|
|"Task server on SMP allows more client connections to exceed limit even when that option to exceed is disabled"||N/A|
|"Boot to production task fails to complete once the system is back in production"||N/A|
|"Tasks that queued up (on inactive client) are not timing out per task timeout settings"||N/A|
|"After TS(AtrsHost) restart it does not release socket in timely fashion, thus will fail with Error: Only one usage of each socket address (protocol/network address/port) is normally permitted"||N/A|
|Updating Task servers to post pointfix v5 fails task registration on all site servers||N/A|
|Cleanup task data is removing inventory policy data before row limit is hit.||N/A|
See attached "TASK_7.6_POST_HF7_v6.zip"
RTSM (Real-Time Systems Management) fixes:
|"TS 7.6 HF6 - AtrsHost crashing occasionally."||N/A|
|"When running the Agent Health Trace Route feature, it fails."||TECH234163|
|"Real-Time System Manager Event log view never populates anything, even when adjusting the filters"|
|"Altiris.RTCI.Tasks.Result ... is not marked as serializable."|
|"No supported protocols enabled message in Real Time tab, ProtocolNotEnabledException for functioning AMT computers."|
|"Boot Redirection fails on AMT 9.1 computers."|
|"Get Out of Band inventory fails on AMT 9.1 computers."||TECH234702|
|"Redirection and remote control via power control errors out, remote control does not work: TypeError: xmlHttp. Open is not a function"||TECH234942|
|"RTSM Power Control via AMT KVM times out after 20 seconds of no activity - cannot find how to change this"|
|"AMT SOL is not working on any 5.x AMT system - [AMT] SendCommand (RedirectionServiceWrapper.ReceiveSOLData/) took 6003 milliseconds and finished with failure"||TECH235115|
|"AMT SOL session with AMT 7.x is unusable, remote control does not appear to function - some of the screen is visible"|
See attached "RTSM_7.6_POST_HF7_v7.zip"
|SSG16-044 Multiple DLL Loading Remote Code Execution Vulnerabilities in ITMS||Security Advisory|
See attached "Monitor_7.6_POST_HF7_v2.zip"
ULM (Unix, Linux, Mac Agent) fixes:
|"SEP for Mac install using Managed Software Delivery policy reinstalls and is always out of compliance"||N/A|
|"Prefix 'Info.plist' with '/' to allocate Info.plist during package detection"||N/A|
|"Hostname of managed Linux client switches to MAC address when rebooted into PreOS"||N/A|
|"Double packages under ULM being downloaded and sometimes run"||N/A|
|"Macs losing IP Address information through Basic Inventory"|
|"OpenSSL vulnerabilities, and upgrading to OpenSSL 1.01t"||TECH235068|
|"Agent won't start in case opt was installed as a separate file system"||N/A|
|Consistent high CPU on aex-pluginmanager for RHEL||N/A|
|Package permissions have world writable flag||N/A|
INV (Inventory Solution) fixes:
|SVM18-025: CRITICAL Zero Day Vulnerability in the Altiris Management Agent||Fixed|
NS.Nightly schedule to associate Software component to software product
|Newer systems do not report the Model correctly for Hardware Inventory||TECH247185|
AM (Application Metering) fixes:
|"Symantec Management Console/Altiris management agent application blacklisting bypass"||N/A|
|"SMA memory consumption is increased when SAMDriver approach is used and blocked process is invoked in loop and without any delay"||N/A|
"BSOD occurring due to AM Agent with SAMDriver installation"
|SAMDriver.sys error - the digital signature is not valid, driver does not start||TECH248973|
"SAMDriver signed by Microsoft certificate for Win 10 anniversary (1607)"
See attached "AM_7.6_POST_HF7_v3.zip"
INVPACK (Inventory Pack for Servers) fixes:
"Linux Server Inventory does not gather inventory for Oracle Databases
|”Inventory Pack for Servers: How to collect installed instances of Oracle 12 from Windows Servers?”.||TECH237275|
|Inventory execution crashes Faulting application name InvSoln exe version 7 6 1655 0||TECH250333|
VMM (Virtual Machine Management) , ND (Network Discovery) and PPA (Pluggable Protocols) fixes:
"Host summary report's OS Name column for ESX server is not informative".
|”ESX/ Hyper-v host resource's Description data is missing for some hosts”.||TECH237275|
|"VMM Inventory is incomplete"||N/A|
|"System Type is blank for ESX in Host Summary Report for Virtual Machine Management"||N/A|
|"OS value is blank on VMM page when Virtual Machine under host is booted after ND and Inventory is done"||N/A|
|"Inconsistent VM Discovery task behavior in context of AeX AC Identification and VM Guest data classes"||N/A|
SUITE PORTALS fixes:
RAC (Remote Access Connector) fixes:
WF (Workflow Server) fix
AMS (Asset Management Solution) fixes:
|Generating Purchase Orders or receiving any items is taking a long time||N/A|
|Bulk Edit functionality is broken after changes in 7.6 HF5.||N/A|
|When OS is set to Portuguese, receiving invoices causes the received item prices to be increased by a few decimal places||N/A|
|When creating a Software License it ignores the default value for Contract's Assigned User and instead always populates the field with the logged in use||N/A
|The Update Network Resource Location task is not respecting the Ignore values if there is more than one defined||N/A|
|When receiving a purchase order that was modified it appears to create 2 invoices||N/A|
|Merging process leaves computers in multiple sub OUs within the same Organizational View||N/A|
|Changed logics during 'Update Network Resource Location' task execution to get TCP/IP information from different data tables. If some IPs information for the same resource in discovery data has multiple rows, then getting latest by 'id' field.||N/A|
DS (Deployment Solution) fixes:
Click here to read Instructions on how to install pointfix
|"Blank packages being created after import of Netboot image"||TECH234320|
|"ResourceImportTool cannot import Images into remote site servers' package shares as an external package"||TECH234374|
|"GetNearestPackageServerInfo.aspx taking longer than 2 minutes to send a result to the client, resulting in timeout"||TECH234368|
|"The task server PFX certificate fails to install to the SSLStore"||TECH234365|
|"SbsServer.exe service stops responding after running for a while"||TECH234372|
"BStrap.efi needs to be digitally signed for SecureBoot"
"ISOs created from Boot Disk Creator do not boot on EFI systems"
"DA exception thrown when DA runs on the customer system"
"Please add version numbers back to the pectagent log"
"MacOS ElCaptain NetInstall - require ULM agent restart after setup is finished"
|"dpinst.exe needs to be called twice in run_dpinst1.bat to install the second part of USB 3.0 drivers"||N/A|
|"Windows Server 2012 Scripted OS install, fails to copy down a custom unattand file for windows 12"||N/A|
|"Drivermanager.exe cannot load the chipset drivers into driversdb because of an empty string in the INF file"||N/A|
|"DeployAnywhere is not creating 'deployanywhere_unattend.xml' and merging it into the unattend.xml in the windows panther directory when deploying a win10 image"||N/A|
|"DeployAnywhere is not creating the \drivers\symantec folder when retargeting the drivers"||N/A|
|"Computer continuously reboots to PXE if 'boot to pxe' task is sent to a system already in PXE"||N/A|
|"AutoUtil is not handling the output of the C:\boot\altiris\iso\bcdedit.exe', sParam=' /enum osloader /v' for large BCD stores"||N/A|
|"DeployAnywhere process needs to be able to handle compressed drivers (sy_, dl_, ca_ without a customer having to manually decompress the files"||N/A|
|"Hostname of managed Linux client switches to MAC address when rebooted into PreOS"||N/A|
|"Sysprep image create fail on windows 10 systems that have been updated to windows 10 build 1511"||N/A|
|"DeployAnywhere is not creating 'deployanywhere_unattend.xml' and merging it into the unattend.xml when deploying a win10 image"||N/A|
|"Password for Ghostuser needs to be more complex"||N/A|
|"OpenSSL vulnerabilities, and upgrading to OpenSSL 1.01t"||N/A|
|"DeployAnywhere is not matching on the broadcom.bcmnfcusb.126.96.36.1991 but on a driver that it should not match on"||N/A|
|"Resource Import tool runs but never finishes the SOI Source import"||N/A|
|"Error CDR00001.GHO is not a Symantec Ghost file restoring Ghost image from DVD"||N/A|
|"Make SBS Service not to modify DHCP Scope Options"||N/A|
|"DLL-Loading Vulnerability fix"|
"The certificate on DS CopyFolderFile.jar file has expired"
|"Importing Predefined computers using ASDK with Name and Serial number causing all computers imported to use the same GUID"||N/A|
|"Uninstall of DSPS should remove all entries added to web.config file by the DSPS install"||N/A|
|" /NoRestart /Quiet needs added to the pkgmgr.exe command line to properly install certs"||N/A|
WinPE10 1607 & 1703 initial support
AeXAgentUtil interaction with AeXNSAgent causing DCOM error when setting NS name on first boot to production after image deployment location.
|Path Traversal Vulnerability in Deployment Solution||N/A|