Altiris™ Out of Band Management Component 7.0 SP2 from Symantec Release Notes

Article:DOC1825  |  Created: 2009-05-19  |  Updated: 2010-03-03  |  Article URL http://www.symantec.com/docs/DOC1825
Article Type
Documentation



Description



Build number 7.0.1286

This document contains the following topics:

Introduction

Altiris™ Out of Band Management Component software lets you discover and configure computers with ASF, DASH, and Intel® AMT technologies for out-of-band management. Out-of-band management is the ability to manage computers regardless of the state of their power, operating system, or management agents and to perform management tasks that would normally require a visit to the client computer.

This product is part of the following suites:

  • Altiris™ Client Management Suite from Symantec
    For release notes, see knowledgebase article 48420.

Note: A new version of this product has been released. See knowledgebase article 49918.

Back to top

New features

The new features of this release are as follows:

Support for Symantec Management Platform 7.0 SP2

This product can be installed on Symantec Management Platform 7.0 SP2.

Intel SCS is updated

An updated version of Intel SCS is installed on the OOB site server computer (by default, the Notification Server computer).

Improved certificate management

Out of Band Management Component reports the status of the Remote Configuration certificate on the General page. A new Certificate Enrollment task makes it easier to enroll TLS mutual authentication certificates.

OOB Site Server Inventory task

The OOB Site Server Inventory task lets you check if the computer to which you want to install the OOB site server meets the requirements. You can view the inventory results in the Symantec Management Console, in the OOB Site Server Inventory Results report.

The report shows if the computer that you inventoried is supported (has IIS and .NET installed, and the SQL server can be reached from that computer), and if the required Remote Configuration and TLS Mutual Authentication certificates are installed.

You can double-click a computer in the report to view detailed information.

Back to top

Installation and upgrade

Prerequisites

Out of Band Management Component 7.0 SP2 requires the following:

  • Symantec Management Platform 7.0 SP2 Hot Fix 1. See knowledgebase article 46035.

If you are installing for the first time, Symantec Management Platform is installed automatically when you use Symantec Installation Manager to install this product.

New installation

You can install this product by using the Symantec Installation Manager. You can download the installation files directly to your server or you can create offline installation packages.
For more information, see the Symantec Management Platform Installation Guide (see knowledgebase article 45732).

Upgrade

You can upgrade this product from 6.x versions if you run the Symantec Installation Manager on a Notification Server 6.x computer. To upgrade from the 6.x version, you must first upgrade your 6.x Notification Server to Symantec Management Platform 7.0 or later. During the Notification Server upgrade process, you can select to upgrade to the latest version of this product.
For more information, see the Symantec Management Platform Installation Guide (see knowledgebase article 45732).

After you upgraded the product, you must upgrade the Altiris Agent and the Out of Band Task Agent that are installed on the target computers.

Installation and Upgrade issues

The following issues are known issues related to installing and upgrading this product. If additional information about an issue is available, click the Article ID link.

Issue Article ID
Product installation issues
 
Out of Band site server files are always installed to C:\Altiris OOB Configuration

Regardless of the location you chose for the Symantec Management Platform and Out of Band Management Component installation, some of the Out of Band site server components are always installed to C:\Altiris OOB Configuration. This is required for Intel SCS to function properly.

 
Client installation issues
 
Out of Band Task Agent installation issue (ASF only)

The Out of Band Task Agent package includes a vendor-specific ASF sub-agent. It may be that the computer has the sub-agent installed already. By default, the Out of Band Task Agent installation task will not overwrite the existing ASF sub-agent. If the Out of Band Task Agent does not function properly with the existing ASF sub-agent, you can change the default settings to allow the ASF sub-agent to be upgraded at the time of the Out of Band Task Agent installation.

To change the settings to allow an ASF sub-agent upgrade

  1. On your Notification Server, browse to 
    C:\Program Files\Altiris\Notification Server\NSCap\Bin\Win32\X86\Out of Band Management\Agent\.
  2. Open the ASFSetup.ini.
  3. Under [Options], change Upgrade=0 to Upgrade=1.
  4. Save the file.

    After the change, the section should look like this:
    [Options]
    Upgrade=1
    Downgrade=0
  5. In the Symantec Management Console, navigate to Settings > All Settings > Agents/Plug-ins > Remote Management > Out of Band Management > Out of Band Task Agent Package, and click the Save changes and Update Distribution Points buttons.
  6. Re-run the Out of Band Task Agent - Install policy on a schedule.
 
Installing Out of Band Task Agent on Windows Vista (Intel ASF only)

The default firewall settings on a Microsoft Windows Vista computer prevents the Intel ASF Agent (that is installed with Out of Band Task Agent) from pinging the traps destination address. Because of this, the management console cannot be contacted, and the Intel ASF Agent goes into safe mode. It is not possible to manage this computer remotely using the ASF technology.

To make Intel ASF Agent work, configure the firewall to accept incoming Internet Control Message Protocol (ICMP) connections.

  1. On a Windows Vista computer, open the Control Panel.
  2. Click Administrative Tools > Windows Firewall with Advanced Security.
  3. Click Inbound Rules, and click Action > New Rule.
  4. In the wizard, select Custom rule, and click Next.
  5. Select All programs, and click Next.
  6. On the Protocol and Ports page, select ICMPv4 protocol type, and click Customize.
  7. On the Customize ICMP Settings page, click Specific ICMP types, select Type 0, select Code 0, click Add, and click OK.
  8. Click Next, and skip to the last page.
  9. On the last page, enter a name for this rule (Example: ICMP ASF Agent), and click Finish

Broadcom ASF does not have this problem.

 
Product upgrade issues
 
Upgrading from 6.x
 
Saved 6.x reports are not available after upgrade

The reports that you saved in the 6.x version of Out of Band Management Solution are not migrated to 7.x.

 
Intel SCS database with a custom name is not migrated

In the 7.x version of Out of Band Management Component, the default name of the Intel SCS database is "Symantec_CMDB_IntelAMT". When upgrading, the Out of Band Management Component software can detect if the previous version of the Intel SCS database (called "IntelAMT") is present on the SQL server and configure Intel SCS to use this database instead of creating a new one. If you used a custom database with the 6.x version of the product, the database cannot be detected automatically.

If you want to reuse the custom Intel SCS database, after you upgraded Out of Band Management Component from 6.x to 7.x, do the following:

  1. In the Symantec Management Console, on the Settings menu, click All Settings.
  2. In the left pane, click Notification Server > Site Server Settings > OOB Service > OOB Service Configuration.
  3. On the OOB Site Service page, in the Database Name box, enter the name of the Intel SCS database used by the previous version of Out-of-Band Management Component.
  4. Make sure Re-use database if exist is checked.
  5. Click Save changes.

The Intel SCS reinstalls and starts using the database you specified.

 
Intel SCS database migration in off-box upgrade scenario

When you perform an off-box upgrade, you install Symantec Management Platform 7.0 SP1 and Out of Band Management Component 7.x on a clean computer. Then, you use the Migration Wizard to migrate data from the 6.x version of the product to the new database.

However, the IntelAMT database cannot be migrated using the Migration Wizard. Depending on the environment that you have, you must do the following to reuse the IntelAMT database in the 7.0 version of Out of Band Management Component:

  • If you use the same SQL server for your 6.x and 7.0 installations, you can keep the IntelAMT database. When you install Out of Band Management Component, the solution detects the IntelAMT database and starts using it.
  • If you use a new SQL server for your 7.0 installation, you must move the IntelAMT database manually to the new SQL server. We recommend that you move the database before installing Out of Band Management Component. The solution detects the IntelAMT database and starts using it. To move the database, do the following:
    1. Using the SQL server management software, detach the IntelAMT database from the older SQL server.
    2. Copy the IntelAMT database files to the new SQL server computer.
      By default, the location of the database files is C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data
    3. On the new SQL server computer, use the SQL server management software to attach the IntelAMT database that you copied.
    4. Install Out of Band Management Component.
  • If you use a new SQL server for your 7.0 installation, and you already installed Out of Band Management Component, do the following to migrate the IntelAMT database:
    1. Using the SQL server management software, detach the IntelAMT database from the older SQL server.
    2. Copy the IntelAMT database files to the new SQL server computer.
      By default, the location of the database files is C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Data
    3. If the Application Identity user on Notification Server 6.0 is not the same as the Application Identity user of Symantec Management Platform 7.0, do the following:
      1. In the Symantec Management Console 7.0, on the Settings menu, click All Settings.
      2. In the left pane, click Notification Server > Security Roles > Symantec Administrators.
      3. On the Symantec Administrators page, click the Membership tab.
      4. On the toolbar, click the Add new member symbol, and then add the user account that was used as the Notification Server 6.0 Application Identity.
    4. On the new SQL server computer, use the SQL server management software to attach the IntelAMT database that you copied.
    5. In the Symantec Management Console 7.0, on the Settings menu, click All Settings.
    6. In the left pane, click Notification Server > Site Server Settings > OOB Service > OOB Service Configuration.
    7. On the OOB Site Service page, in the Database Name box, enter the name of the Intel SCS database you copied.
      By default, the name is "IntelAMT".
    8. Make sure Re-use database if exist is checked.
    9. Click Save changes.
      Intel SCS starts using the database you copied.
 
"unable to lookup the name of the account associated with the specified SID" error displayed after upgrade

If, after you upgraded the solution, you see the "unable to lookup the name of the account associated with the specified SID" error on the Out of Band Management Component pages in the Symantec Management Console, restart the Notification Server computer.

 
Client upgrade issues
 
Upgrading the Altiris Agent and the Out of Band Management Agent

After you upgraded the product, you must upgrade the Altiris Agent and the Out of Band Task Agent that are installed on the target computers. To upgrade the agents, turn on the Altiris Agent for Windows - Upgrade and Out of Band Task Agent - Upgrade policies.

We recommend that you configure the upgrade policies to run on a schedule. If the policy is configured to run Once ASAP (this is the default setting), it does not run twice on the same computer. Because of this limitation, if an agent had already been upgraded earlier, the same policy cannot upgrade the agent to a newer version.

 

Back to top

Things to know

The following are things to know about in this release. If additional information about an issue is available, click the Article ID link.

Things to know Article ID
Hierarchy is not supported

This product does not support hierarchy and replication.

 

Back to top

Known Issues in this Release

The following are known issues for this release. If additional information about an issue is available, click the Article ID link.

Known Issue Article ID
Changing the "worker threads" value

When you change the Worker threads value on the General page, the settings are saved successfully, but the new number does not take effect until the Intel SCS service is restarted.

 
Changing Intel AMT administrator name and password with Altiris Real-Time System Manager

With the Altiris™ Real-Time System Manager software, you can change the Intel AMT administrator name and password. If you change the password, Intel SCS tasks will fail on that computer because Out of Band Management Component will try to connect to the computer using the old credentials that are stored in the database.

To resolve this issue, you can either create a new connection credentials profile with the new password (using Credentials Manager), change the password back. You can also reset the password by fully unconfiguring the computer. You can do that manually from the MEBx or using the Real-Time Console Infrastructure Update Intel® AMT Network Settings task. After you unconfigure the computer, run the setup and configuration process again.

 
Chinese or Japanese cannot be used to name a profile

Double-byte characters are not supported and cannot be used to name a profile. Use English characters instead.

 
Client Task returns incorrect status if the ASF Management Application is not installed

Normally, if the ASF Management Application is not present on a client computer, the application gets installed when you run the Out of Band Task Agent - Install policy. If the ASF Management Application was manually uninstalled from the client computer after the Out of Band Task Agent installation, the Get ASF Inventory and Update ASF Settings out-of-band tasks fail to run, but they are reported as successful.

 
AMT Idle Timeout value cannot be changed

When creating a configuration profile, on the Power Policy tab, you can set the Idle timeout value. However, due to a bug in the Intel SCS software, the AMT idle timeout value stored on the client computer will not be changed during setup and configuration of Intel AMT systems.

 
The "Switch to AMT" option does not work if computer is in "ASF" state

The Delayed Setup and Configuration policy includes the Switch to AMT option that allows for the automatic switching of an AMT system from "None" or "ASF" state to "AMT" . This works if the current state is set to "None" but does not work if the state is set to "ASF".  A HeciWin error appears in the DBwin log when this occurs. You can access the MEBx and manually set the Manageability Feature to "AMT".

 
Initializing Intel AMT computers with a USB key

To initialize the Intel AMT computers using a USB key, make sure the key is formatted to FAT16 and the exported setup.bin file is the only file on the key. We recommend that you use USB keys no larger than 512MB.

 
Installing Out of Band Management Component when SQL is in Windows Authentication mode

Intel SCS requires that Microsoft SQL Server be configured in mixed (Windows Authentication and SQL Server Authentication) mode. If Out of Band Management Component detects that SQL is not in the mixed authentication mode, an error will be displayed in the Altiris log and Intel SCS pages in the Symantec Management Console will not be accessible.

You must change the authentication mode and restart the SQL Server.

 
Intel SCS configuration pages inaccessible in HTTP mode

It can happen that after installation or upgrade, Intel SCS configuration pages (Intel AMT Systems, Profile Assignments, etc.) are not accessible from the Symantec Management Console. The following error is displayed in the console: "The request failed with HTTP status 403: Forbidden."

This issue can occur when the Web site that is hosting the Symantec Management Console is not configured to use SSL. This is because Intel SCS mistakenly sets the AMTSCS directory of the Web site into secure mode. To fix this problem, do the following:

  1. Open the IIS manager, and open properties for the AMTSCS virtual directory.
  2. On the Directory Security tab, click Edit, and then uncheck Require secure channel (SSL).
 
A free VeriSign Remote Configuration certificate is not supported (Intel AMT 3.0 and later)

A free VeriSign SSL trial certificate cannot be used for Remote Configuration. You must purchase a commercial certificate.

 
Send Hello Message task returns incorrect result

Sometimes the Send Hello Message task can be incorrectly reported as failed.

 
Incorrect number of requests shown

On the Intel AMT Systems page, when you click a symbol on the toolbar (for example, the Synchronize clock symbol), the number of requests queued is always displayed as 1, regardless of the number of systems selected.

 
"The connection with the server Database has been lost" error

If you see the "The connection with the server Database has been lost" error on the Out of Band Management Component pages in the Symantec Management Console, check that the SQL server is running and the Intel SCS database (with "_IntelAMT" in its name) is created on the SQL server. If the database is not created, see the Intel SCS database name limitation issue below for instructions on how to re-create the database.

 
Intel SCS database name limitation

Only alphanumeric characters and the underscore "_" character can be used to name the Intel SCS database. Out of Band Management Component creates the Intel SCS database by appending "_IntelAMT" to the name of the Symantec CMDB (for example, Symantec_CMDB_IntelAMT). If, at the time of Symantec Management Platform installation, you created a database with special characters in its name (for example, the dash character "-"), the creation of the Intel SCS database will fail. The "The connection with the server Database has been lost" error appears on the Out of Band Management Component pages.

If you see that the Intel SCS database was not created during the installation, create a new database by doing the following:

  1. In the Symantec Management Console, on the Settings menu, click Notification Server > Site Server Settings.
  2. In the left pane, click Site Management > Settings > OOB Service > OOB Service Configuration.
  3. On the OOB Site Service page, in the Database Name box, type a new name for the Intel SCS database. You can use only alphanumeric characters and the underscore character.
  4. Click Save changes.
  5. In the dialog box, click Yes.

The Intel SCS is reinstalled using the new database settings. If the database does not exist, it is created automatically.

 
"Delete by current filter" does not work

In the Action Status log, when you click the Delete symbol on the toolbar, you have an option to Delete all entries or Delete by current filter. The Delete by current filter option does not work. All entries will be deleted if you select this option.

 
Using the "All systems" option when managing Intel AMT systems

On the Intel AMT Systems page, it is possible to do a search and display the results in the grid. Note that if you click a symbol on the toolbar (for example, the Synchronize clock symbol) and then select All systems, the action you selected will be performed on all systems, not just on the systems displayed in the search results.

 
Purge dbo.csti_log manually

Currently, there is no automated way to purge the contents of the dbo.csti_log table in the Intel SCS database. This log can become very large. You have to clean the log manually.

 
The DASH Configuration Settings report shows incorrect information

The Session Timeout value is not shown correctly in the DASH Configuration Settings report. You can view the correct value in the Resource Manager. To view the value, in the Resource Manager, on the View menu, click Inventory. Then, in the tree view pane, click Out of Band Management > OOB Broadcom DASH General Settings.

 
Data that is not collected by the Get ASF/DASH Configuration Inventory task
  • The ASF 1.0 Compatibility value is always displayed as "false".
  • ASF version not collected from the Broadcom ASF computers with DASH 1.14 firmware.
  • OOB Broadcom DASH Settings node displays the Operator account in the Administrator account username field. Administrator account data is not collected.
 
Out of Band Site Server issues
 
64-bit operating systems are not supported

Do not use computers with a 64-bit operating system for the Out of Band Site Server installation.

 
Application identity user must be an administrator on the site server computer

If you want to install the Out of Band Site Server to a computer in another domain or sub domain, make sure the application identity account (the account that you used to install Symantec Management Platform) is registered on the Out of Band Site Server candidate computer as a local administrator. Not doing so will result in the AMTConfig service not being able to start.

 
Reinstalling the Out of Band Site Server

By default, the Out of Band Site Server rollout policies (Out of Band Site Service Agent - Install and Intel SCS - Install) are configured to Run once ASAP. The Altiris Agent does not normally run such policies if they have already run once on the same computer. Because of this feature, it is not possible to use the default settings to reinstall the service on the same computer. If you want to remove and then reinstall the Out of Band Site Service, you must configure these rollout policies to run on a schedule.

 
Intel SCS not started sometimes

When you change the Out of Band Site Service settings (for example, you want to configure the service to use another database), the Intel SCS reconfiguration process starts. Sometimes, after reconfiguration, the AMTConfig service fails to start. If this happens, you can start the AMTConfig service manually or restart the computer on which Intel SCS is installed.

 
Uninstalling Out of Band Management Component and Out of Band site servers

When you uninstall Out of Band Management Component, only the default Out of Band site server that is located on the Notification Server computer is uninstalled automatically. You must uninstall other Out of Band site servers manually.

 
Installing Out of Band site server on a custom web site

Out of Band site server installation does not support IIS Web sites other than the default "Default Web Site". If you want to install Out of Band site server on a computer with a custom Web site or with an internationalized operating system, you must install Intel SCS manually.

 
Real-Time Console Infrastructure known issues in this release

This product installs Real-Time Console Infrastructure 7.0 SP2.

For the list of Real-Time Console Infrastructure known issues in this release, see article 47197.

47197

Back to top

Where to get more information

The product installation includes the following documentation:

Document Description Location
Implementation Guide

Information about how to install, configure,
and implement this product.

This information is available in PDF format.

The Product Support page, which is available at the following URL:

http://www.symantec.com/business/support/all_products.jsp

When you open your product’s support page, look for the Documentation link on the right side of the page.

User's Guide

Information about how to use this product, including detailed technical information and instructions for performing common tasks.

This information is available in PDF format.

Help

Information about how to use this product. This information is the same as in the User's Guide.

Help is available at the solution level and at the suite level.

This information is available in HTML help format.

The Documentation Library, which is available in the Symantec Management Console on the Help menu.

Context-sensitive help is available for most screens in the Symantec Management Console.

You can open context-sensitive help in the following ways:

  • The F1 key.
  • The Context command, which is available in the Symantec Management Console on the Help menu.

For more information, you can use the following resources:

Resource Description Location

Implementation Guide

Information about how to install, configure, and implement this product.

This information is available in PDF format.

Symantec Management Platform Release Notes

Information about new features and important issues in the Symantec Management Platform.

This information is available as an article in the knowledgebase.

https://kb.altiris.com/article.asp?article=45141&p=1

You can also search for the product name under Release Notes.

Installing the Symantec Management Platform products

Information about using Symantec Installation Manager to install the Symantec Management Platform products.

This information is available as an article in the knowledgebase.

https://kb.altiris.com/article.asp?article=45732&p=1

Altiris 7 Planning and Implementation Guide

Information about capacity recommendations, design models, scenarios, test results, and optimization best practices to consider when planning or customizing an Altiris 7 Infrastructure for your organization.

This information is available as an article in the knowledgebase.

https://kb.altiris.com/article.asp?article=45803&p=1

Knowledge Base

Articles, incidents, and issues about this product.

http://kb.altiris.com/

Symantec Connect (formerly the Altiris Juice)

An online magazine that contains best practices, tips, tricks, and articles for users of this product.

http://www.symantec.com/connect/endpoint-management-virtualization

Online Forums

Forums for users of this product.

http://forums.altiris.com/

Back to top


Legacy ID



47199


Article URL http://www.symantec.com/docs/DOC1825


Terms of use for this information are found in Legal Notices