AskF5 Knowledge Base
- Home
- Supported Products
- Enterprise Manager / VE
- Enterprise Manager version 2.3.0
Applies To:
Show Versions
Release Note: Enterprise Manager version 2.3.0
Original Publication Date: 02/03/2012
Summary:
This release note documents the version 2.3.0 release of Enterprise Manager.
Contents:
- Supported hardware
- Managed Device compatibility
- User documentation for this release
- New in 2.3.0
- Installing the software
- Setting up a new system
- Upgrading from earlier versions
- To back up Enterprise Manager management data prior to upgrade and conversion to LVM
- To restore Enterprise Manager management data after upgrade and conversion to LVM
- To backup and restore the statistics database
- To download the upgrade
- To import and install the upgrade using the Software Upgrade wizard
- Fixes in 2.3.0
- Fixes in 2.2.0
- Fixes in 2.1.0
- Fixes in 2.0.0
- Known issues
- Contacting F5 Networks
- Legal notices
- Managed Device compatibility
- User documentation for this release
- New in 2.3.0
- Installing the software
- Setting up a new system
- Upgrading from earlier versions
- To back up Enterprise Manager management data prior to upgrade and conversion to LVM
- To restore Enterprise Manager management data after upgrade and conversion to LVM
- To backup and restore the statistics database
- To download the upgrade
- To import and install the upgrade using the Software Upgrade wizard
- Fixes in 2.3.0
- Fixes in 2.2.0
- Fixes in 2.1.0
- Fixes in 2.0.0
- Known issues
- Contacting F5 Networks
- Legal notices
Supported hardware
You can apply the software upgrade to systems running software versions 2.x on systems running on the Enterprise Manager 4000, Enterprise Manager 3000, or Enterprise Manager Virtual Edition (VE) platforms.
Note: Enterprise Manager version 2.3 no longer supports the Enterprise Manager 500 platform.
Managed Device compatibility
Enterprise Manager version 2.3 supports the following software versions:
- Enterprise Manager version 1.6 to version 1.8
- Enterprise Manager version 2.x.x
- Enterprise Manager Virtual Edition (VE) version 2.2.0 or later
- BIG-IP version 11.x.x
- BIG-IP version 10.0.1 and later in the BIG-IP version 10.x.x family
- BIG-IP Local Traffic Manager Virtual Edition (VE) version 10.2.x or later
- BIG-IP version 9.3.1 to BIG-IP version 9.4.x
- BIG-IP Secure Access Manager version 8.0.x
- WANJet version 5.0.x
User documentation for this release
For a comprehensive list of documentation that is relevant to this release, refer to the Enterprise Manager 2.3.0 Documentation page.
New in 2.3.0
SDK iControl Proxy
With this feature, you can configure any BIG-IP iControl client script or code to communicate with one instance of Enterprise Manager, instead of with several individual BIG-IP systems. This helps you manage the iControl traffic within your organization with integrated authentication, iControl call logging, and the ability to query Enterprise Manager's device inventory through iControl. You can find the documentation for this feature on DevCentral with other iControl documentation.
Capacity Planning report
This report contains capacity details for your managed device for CPU, memory, and throughput usage. You can use this report to identify devices that are running near the edge of capacity, providing you the ability to plan ahead for any required upgrades or configuration changes.
GTM Object Activity report and statistics
In addition to providing statistics for Global Traffic Manager systems, a new report provides details about Global Traffic Manager (GTM) object activity. You can use this report to monitor GTM object performance, troubleshoot potential issues, and reallocate resources as needed.
Flapping LTM Pool Member report
This report provides you with a list of pool members that repeatedly restart, going from an up state to a down state and back again. You can use this report to identify potential connectivity issues to the pool members in your network.
Upgraded navigation
This release features a new, streamlined navigation scheme that enhances product usability and work flow.
Extended folder support for network objects
Enterprise Manager supports managing network objects in the context of folders to support the feature introduced in BIG-IP version 11.0.0.
Installing the software
If you are using a new Enterprise Manager system, the current software is loaded and configured. If you are upgrading an existing system, you must download and install the upgrade.
Setting up a new system
Enterprise Manager version 2.3 was shipped to you installed on the Enterprise Manager platform you selected. You only need to set up the system in your network, license the system, and connect it to one or more devices that you want to manage.
For an explanation of networking options and setup instructions, see the Initial Setup and Configuration chapter in the Enterprise Manager: Getting Started Guide available at http://support.f5.com.
Upgrading from earlier versions
If you have an existing Enterprise Manager system, you can use the F5 Electronic Software Distribution site to download a new software image. Then, you can use the Enterprise Manager Software Upgrade wizard to upgrade your Enterprise Manager system. You can upgrade Enterprise Manager to version 2.3 from version 2.x. If you need to upgrade from an earlier version, due to changes in disk management and database schema, we recommend upgrading first to version 2.0 prior to upgrading to version 2.3. See the release notes for Enterprise Manager version 2.0 for instructions on upgrading from version 1.8, including command line instructions.
Note: If an Enterprise Manager system has a very large statistics database (for example, over 20GB), the upgrade to version 2.3 may require over an hour or more to convert the database to a new schema used in version 2.3. Our tests indicate that this conversion may take about six hours for a 20GB database. (You can determine the size of the statistics database by clicking System Information under Enterprise Management.) Additionally, the system truncates the database to 20GB maximum. We recommend backing up the database prior to upgrade. (ID 336256) .
Important: If during the upgrade you choose to convert from a partitioned to the LVM disk management scheme, the system erases the software repository, archives, and other data stored in the Enterprise Manager database. You must re-import software and hotfix images on the upgraded system. However, you can back up and restore device data, archives. To retain these items, use the following procedure to back up important Enterprise Manager data.
To back up Enterprise Manager management data prior to upgrade and conversion to LVM
To perform these actions, you must log on to the Enterprise Manager command line as the root user.
- To back up the Enterprise Manager database and stored device archives, type the following command where <archive_name> is the path and file name for the archive file: em-backup <archive_name>.ucs
- When the process finishes, move the file to a remote location using scp, ftp, or some other method of file transfer.
To restore Enterprise Manager management data after upgrade and conversion to LVM
If you convert to LVM, use this procedure to restore management information such as device information, and device archives. To perform these actions, you must log on to the Enterprise Manager command line as the root user.
- Copy the <archive_name>.ucs file to the upgraded Enterprise Manager system.
- At the command prompt, type the following command, where <archive_name> is the path and file name for the archive file: em-restore <archive_name>.ucs
- When the process finishes, delete the <archive_name>.ucs file and reboot the device.
To backup and restore the statistics database
Use this procedure to restore a statistics archive if you encounter errors in the upgrade to version 2.3 and continue to use version 2.x.
- To back up the Enterprise Manager statistics database, type the following command where <user> is the user name on the remote system, <address> is the IP address of the remote system, and <remote_path> is the path on the remote system: em-backup-extern -u <user> -r <address> -l <remote_path> This stores the statistics database in the f5em_extern-MMDDYYHHMMSS directory (where MMDDYYHHMMSS represents the time stamp of the database backup) on the remote system at the path you specified.
- Perform the upgrade.
- If the upgrade fails, you can restore the Enterprise Manager statistics database by typing the following command where <user> is the user name on the remote system, <address> is the IP address of the remote system, <remote_path> is the path on the remote system : em-restore-extern <user>@<address>://<remote_path>/f5em_extern-YYYYMMDDHHMMSS
- Reboot the system.
To download the upgrade
To download the software upgrade, you must create an account at http://downloads.f5.com. This site uses an F5 single sign-on account for technical support and downloads. After you create an account, you can log on and download the Enterprise Manager 2.3 software.
- Using a web browser connected to the internet, visit http://downloads.f5.com.
- In the User Email box, type the email address associated with your F5 technical support account.
- In the Password box, type the password.
- Click the Login button.
- Click the Find a Download button.
- Locate the Enterprise Manager product family and click the adjacent Enterprise Manager v2.x link.
- Click the release link for version 2.3.
- Read the license agreement, and click I Accept to agree to the terms of the agreement.
- Click the EM-2.3.0.774.0.md5 link to begin downloading the md5 checksum to your local system.
- Click the appropriate option depending on the method you want to use to download the file.
- Click the back button on the browser to return to the Select a Download screen.
- Click the EM-2.3.0.774.0.iso link to begin downloading the software image to your local system. The Select Download Method screen opens.
- Click an option depending on the method you want to use to download the file.
- Use the .md5 file you downloaded to verify the integrity of the software image.
To import and install the upgrade using the Software Upgrade wizard
Use this procedure if you discovered and added Enterprise Manager as a managed device. When the system discovers an Enterprise Manager system, including itself, you can manage it in the same way as other managed devices.
- Using a web browser connected to the same network as the Enterprise Manager system, visit https://<em_address>, where <em_address> is the IP address that you use to log onto the Enterprise Manager web interface.
- Sign on to Enterprise Manager as an administrator-level user.
- On the navigation pane, expand Enterprise Manager and click Software Images. The Software Images screen opens.
- Click the Import button.
- For the File Name setting, click Browse.
- Using the dialog box, browse to the location where you downloaded the EM-2.3.0.774.0.iso file in step 12 of the previous section.
- Using the dialog box, click the EM-2.3.0.774.0.iso file name to select it, then click Open. The dialog box closes, and a path name appears in the File Name box.
- Click Import.
- When the software import task finishes, click Finished.
- In the software image list, click an earlier version of Enterprise Manager.
- Click Copy or Install to start the Software Upgrade wizard.
Fixes in 2.3.0
| Issue | Description |
|---|---|
| ID 332825 | If you are managing a system that uses Logical Volume Management, and you add a new volume to the managed device, the Enterprise Manager system may not detect the new volume immediately. |
| ID 336949 | The kerberos package included with Enterprise Manager is affected by the vulnerabilities described in CVE-2010-1321 and VU#233500. |
| ID 336952 | The perl package included with Enterprise Manager is affected by the vulnerabilities described in CVE-2008-5302, CVE-2008-5303, CVE-2010-1168, and CVE-2010-1447. |
| ID 352343 | If you use the Service Contract End Date wizard to assist in tracking the service contract end dates for managed devices, you may encounter an issue where the task fails if it cannot connect to the F5 licensing server. If you encounter this scenario, try the task again later. |
| ID 355713, ID 357838 | We corrected an issue where the system does not collect statistics from managed devices if you set the Enterprise Manager system time zone to a value other than America/Los Angeles. A workaround for this issue was described in SOL12845 on the AskF5 Knowledge Base. |
| ID 370059 | If you run the version 11.0.0 big3d agent on a version 9.x or version 10.x system, Enterprise Manager cannot collect statistics for these systems. |
Fixes in 2.2.0
| Issue | Description |
|---|---|
| ID 336950 | We included an updated MySQL package with Enterprise Manager to fix the local vulnerability described in RHSA-2010-1442. |
| ID 339203 | We corrected an issue where the system could not recognize a pool member if the port number was greater than 16384. |
| ID 339992 | Previously, if you added a new pool member and selected * (wildcard character) to represent "all ports", the system did not collect statistics for the port address you specified. We corrected this issue so that the system recognizes that the wildcard character means "all ports". |
| ID 342056 | Previously, when you configured certain managed devices as peer devices, the system did not recognize some platforms as identical, and displayed an erroneous warning upon discovery. We corrected this issue so that devices that function properly as peers are discovered as a High Availability system. |
| ID 342171 | We corrected an issue where Enterprise Manager could not discover a VIPRION system if the system did not use a management IP address. |
| ID 343734 | Enterprise Manager includes an updated freetype package to fix the issues described in CVE-2010-1797 and RHSA-2010-0737. |
| ID 343735 | Enterprise Manager includes an updated freetype package to fix the issues described in CVE-2010-1797 and RHSA-2010-0737. |
| ID 343736 | We included an updated version of PHP to address the vulnerabilities described in RHSA-2010-0040. |
| ID 343918 | We corrected issues with the emstatsd and swimd services to correct issues with the service restarting during ASM attack signature updates. |
| ID 343924 | We corrected issues with the emstatsd and swimd services to correct issues with the service restarting during ASM attack signature updates. |
| ID 344036 | If you use a remote database with Enterprise Manager, you must use either latin1 or UTF8 character sets. The system does not recognize other character sets, and may prevent a connection to the database. |
| ID 344562 | The updated glibc package included in this version of Enterprise Manager fixes the local vulnerability described in RHSA-2010-0793. |
| ID 344563 | We included an updated version of RPM to address the vulnerabilities described in RHSA-2010-0679. |
| ID 344567 | The updated bzip2 package included in this version of Enterprise Manager fixes the local vulnerability described in CVE-2010-0405. |
| ID 345257 | We corrected an issue with the dashboard that identified the Enterprise Manager 4000 platform as a BIG-IP 3900 platform. |
| ID 345794 | We corrected an issue where previously, when you created a report that included a large number of objects, the formatting of the report in the PDF appeared distorted. |
| ID 347054 | Previously, you could encounter an error during upgrade due to the way Enterprise Manager sized disk partitions when upgrading and converting to the LVM disk management scheme. Now, the system can adjust the size of disk partitions to suit the data during an upgrade. |
| ID 348315 | We corrected an issue where the system did not send an SNMP trap for a device status change. |
| ID 348915 | Previously, if you enabled or disabled an object on a managed device, then started a ConfigSync task on that device, the task may not complete. Now, you can enable or disable an object, and the system waits for this task to complete before initiating the ConfigSync task. |
| ID 349843 | In certain instances, you may encounter access issues with an external performance monitoring database. If you restore a configuration archive from one device on another, both devices may maintain a connection to the same remote database. Also, if you associate an external database with the system on one boot location, then upgrade another boot location, the system may only associate the database with the initial boot location. These scenarios may occur as a result of Enterprise Manager using a unique identifier to work with external databases. In these specific scenarios, the unique identifier is not replaced, and can cause errors. To work around issues encountered in these scenarios, please see SOL12702 in the AskF5 Knowledge Base to reset the external database and the unique identifier for the external database. |
| ID 349978 | When you upgrade a managed device from a version that does not support LVM to version 10.2.0 or later, you can select the option to retain the partitioned disk scheme. However, selecting the partitioned scheme may cause the installation task to fail. |
| ID 350076 | The emstatsd service logs messages in /var/log/emstatsd.out in addition to the regular log location /var/log/em. |
| ID 350782 | Previously, if you reduced the allocated space for statistics on a remote database, the size of the remote database was not affected. The allocated space setting now properly adjusts database sizes regardless of whether they are hosted locally or remotely. |
| ID 350831 | Previously, if you performed a self-upgrade on the active member of an Enterprise Manager pair, the system may have reported that the task was cancelled when the target system reboots. The system now reports the correct task status. |
| ID 350999 | If you restore a local database with a database that is larger than the size allocated, the system does not groom the restored database to the size allocated. |
| ID 351014 | In certain instances, you may encounter access issues with an external performance monitoring database. If you restore a configuration archive from one device on another, both devices may maintain a connection to the same remote database. Also, if you associate an external database with the system on one boot location, then upgrade another boot location, the system may only associate the database with the initial boot location. These scenarios may occur as a result of Enterprise Manager using a unique identifier to work with external databases. In these specific scenarios, the unique identifier is not replaced, and can cause errors. To work around issues encountered in these scenarios, please see SOL12702 in the AskF5 Knowledge Base to reset the external database and the unique identifier for the external database. |
| ID 351828 | If you configure an HA pair of Enterprise Manager systems to use a remote statistics database, then later separate the devices into two unique active systems, both systems continue to use the same remote database. This can cause data corruption in the database. To avoid this scenario, you must re-configure the remote database connection on each device. |
| ID 352921 | When a corrupted Performance Monitoring database is detected, Enterprise Manager will prompt the administrator to run the em-repair-extern script. This will work for the local Performance Monitoring database. For a remote Performance Monitoring database a MySQL Database Administrator should repair the database manually. |
| ID 352943 | Managed devices that use strongbox licenses may not display the correct service contract end date due to the different way the system handles strongbox licenses. As a result, you cannot accurately monitor the service contract end date for these systems in Enterprise Manager. |
Fixes in 2.1.0
| Issue | Description |
|---|---|
| ID 301597 | Previously, if you used the Launch link on the device properties screen to open a new window to log into a managed device, you could not perform management tasks on the managed device. Additionally, you could not use the Logout link on the managed device's Configuration utility to log off of the system. We corrected this issue so that you do not have to clear cookies associated with the managed device before using the Launch link. |
| ID 301599 | Previously, if you used Enterprise Manager to copy a Guest user account from a version 9.x managed device to a version 10.x managed device, the Guest user's access level was changed to No Access, and it required manual intervention to change the user role permissions on the managed device. We corrected this issue so that you can copy a Guest user account without encountering this issue. |
| ID 301603 | Previously, if you used the Launch link on the device properties screen to open a new window to log into a managed device, you could not perform management tasks on the managed device. Additionally, you could not use the Logout link on the managed device's Configuration utility to log off of the system. We corrected this issue so that you do not have to clear cookies associated with the managed device before using the Launch link. |
| ID 301607 | Previously, you may have encountered errors in the emsnmpd service when using the snmpwalk command at the command line that caused the emsnmpd service to restart. We corrected this issue to prevent both the errors and the service restart. |
| ID 301608 | Previously, on the Device Statistics configuration screen, if you clicked the Show All link to display more than two pages of objects, the link did not appear to work and you had to click Show All again to view all objects. The link now works correctly. |
| ID 301612 | Previously, if you configured multiple alert instances and these alerts were triggered, the system did not log these alerts properly in the alert log. The system now logs all alert names in the history log. |
| ID 301613 | Previously, when you configured a user on the Enterprise Manager system with an administrator user role, this user was not be able to perform certain tasks that the administrator user can perform. The permissions available to an administrator user now work correctly. |
| ID 301615 | We corrected an issue where if you disabled role permissions by changing the Archive Device Configuration setting for Operator or Application Editor user roles, then a user with one of these roles deleted a configuration archive from the Archive Properties screen, this caused an error. The Delete button on this screen is no longer available after disabling permissions. |
| ID 301616 | We corrected an issue where in rare cases, the statistics database could become corrupted after a power failure and you needed to use an included script from the command line to repair it. However, when you used the em-repair-extern command from the command line, you likely encountered a disk full error. SOL10736 in the AskF5 Knowledge Base corrected this issue in the previous version, but it should no longer apply to the current release. |
| ID 301632 | To prevent ConfigSync compatibility issues, Enterprise Manager no longer permits a ConfigSync operation between Enterprise Manager pairs unless the software versions on each system are identical. |
| ID 301633 | To prevent ConfigSync compatibility issues, Enterprise Manager no longer permits a ConfigSync operation between Enterprise Manager pairs unless the software versions on each system are identical. |
| ID 301665 | Previously, if you opened the Stage ASM Policy wizard, but had no compatible Application Security Manager systems as managed devices, the system logged an error in /var/log/em. The system no longer logs this scenario as an error. |
| ID 301672 | We corrected an issue where when you changed the management IP address of an Enterprise Manager system, and rediscovered devices, unnecessary change notifications were sent to the old Enterprise Manager IP address. |
| ID 301675 | When collecting and viewing statistics data, Enterprise Manager now uses the metric bits instead of bytes in order to match metrics on BIG-IP systems. |
| ID 301709 | Enterprise Manager now reports accurate staged changeset errors for a staged changeset instead of at the device level for each device in a staged changeset task. |
| ID 301710 | The updated MySQL package included in this release addresses the vulnerabilities described in RHSA-2010-0109. |
| ID 301713 | We corrected an issue that caused certain devices and device groups to not appear in the list of devices that to which you can apply the alert, when you created an alert. Now, all available devices and device groups appear properly. |
| ID 301827 | We corrected an issue where previously, when you scheduled a backup of a managed BIG-IP Global Traffic Manager system, Enterprise Manager did not always create the UCS archive and store it in the Enterprise Manager database. Now, when you schedule backups for a Global Traffic Manager system, Enterprise Manager creates and stores the archive correctly. |
| ID 301835 | We corrected a status reporting issue that occurred when you discovered a managed device with pools and virtual servers. Now, when you discover a device, the status of these network objects appears correctly in Enterprise Manager. |
| ID 301875 | Previously, if a user on a partition other than Common performed an action on an object that existed in another partition, the first user might have encountered a HTTP Status 500 error, and the action failed. We corrected this issue so that users with permissions on one administrative partition cannot perform actions on objects in the Common partition. |
| ID 301886 | Previously, Enterprise Manager systems did not recognize two unique objects whose names were identical but differed only in case. Now, if you have two objects with the same name, but differ in case, the system recognizes their uniqueness. |
| ID 301887 | Depending on the size of your statistics database, and the range of dates for your report, you may encounter significant delays (up to several hours for extremely large databases and wide ranges of time) while Enterprise Manager collects the necessary data. |
| ID 301918 | We corrected an issue where the address field was not visible when you created a flapping node report. |
| ID 301924 | You can now configure Enterprise Manager to communicate with managed devices through an SSL proxy. |
| ID 301975 | We corrected an issue that occurred when you downgraded from Enterprise Manager version 2.1 to version 2.0. Previously, this could have caused web interface errors with menu tabs or could have prevented you from accessing the statistics database. |
| ID 301999 | We corrected an issue that caused certain devices and device groups to not appear in the list of devices that to which you can apply the alert, when you created an alert. Now, all available devices and device groups appear properly. |
| ID 302001 | We corrected an issue where if you ran a configuration synchronization on a pair of Enterprise Manager devices from the Device Properties screen, the ConfigSync status indicated in the top left of the screen did not update properly until you clicked an option on the navigation pane. The indicator now updates without requiring additional interaction. |
| ID 302002 | We included a new tomcat package to address the vulnerabilities described in CVE-2007-3382, CVE-3385, CVE-5333, CVE-2008-2370, CVE-2008-5515, and CVE-2009-0783. |
| ID 302003 | We included an updated libbind package to address the vulnerabilities described in CVE-2008-0122 and CVE-2007-6251. |
| ID 336947 | This release corrects the OpenSSL vulnerabilities described in CVE-2009-2409, CVE-2009-4355, and CVE-2010-0740. |
| ID 337060 | If you upgrade to version 2.1, and you system uses a statistics database greater than 20GB, the Allocated Storage Space value displayed on the upgraded system may be inaccurate. Although the database size is the same as in version 2.0, to view the correct size, you must change the value to the same setting on the version 2.0 system. |
Fixes in 2.0.0
| Issue | Description |
|---|---|
| ID 308398 | We included a new tomcat package to address the vulnerabilities described in CVE-2007-3382, CVE-3385, CVE-5333, CVE-2008-2370, CVE-2008-5515, and CVE-2009-0783. |
| ID 308399, ID 308400 | With the new version of Enterprise Manager, the system now supports the following command line tools commonly available in BIG-IP systems: b daemon audit, b cli audit, and b remote users. |
| ID 308401 | This version of Enterprise Manager now supports TACACS+ user authentication. |
| ID 308403 | We updated the tcpdump package included with Enterprise Manager to address the local vulnerabilities described in CVE-2004-0055. |
| ID 308405 | The version of bind included with Enterprise Manager fixes the DSA key vulnerabilities described in CVE-2009-0025. |
| ID 308406 | This version of Enterprise Manager includes an updated ntp package to address the vulnerabilities described in CVE-2009-0021. |
| ID 308411 | In the Support Data Collection wizard, you can now select an SFTP option for a secure connection when sending information to the F5 support site. |
| ID 308413 | The updated kernel included in Enterprise Manager fixes vulnerabilities described in CVE-2008-4307, CVE-2009-0787, CVE-2009-1336, CVE-2009-1337, CVE-2007-5966, CVE-2009-1385, CVE-2009-1389, CVE-2009-1895, CVE-2009-2407, and CVE-2009-1388. |
| ID 308414 | Enterprise Manager did not previously display offline and forced offline states for managed devices running BIG-IP version 10.0.x. The system can now display all possible states of a managed device. |
| ID 308421 | We included an updated httpd package to address the vulnerabilities described in CVE-2008-1678, and CVE-2009-1195. |
| ID 308428 | Enterprise Manager contains an updated OpenSSL package to address the vulnerabilities described in CVE-2009-1387. |
| ID 308444 | We included an updated apr-util packages to address local vulnerabilities described in CVE-2009-0023, CVE-2009-1955, and CVE-2009-1956. |
| ID 308452 | The updated MySQL package included with Enterprise Manager fixes the vulnerability described in CVE-2009-2446. |
| ID 308453 | Enterprise Manager includes updated NSS/NSPR libraries to address the vulnerabilities described in CVE-2009-2404, CVE-2009-2408, and CVE-2009-2409. |
| ID 308457 | The updated kernel included in Enterprise Manager fixes vulnerabilities described in CVE-2008-4307, CVE-2009-0787, CVE-2009-1336, CVE-2009-1337, CVE-2007-5966, CVE-2009-1385, CVE-2009-1389, CVE-2009-1895, CVE-2009-2407, and CVE-2009-1388. |
| ID 308459 | We included a new tomcat package to address the vulnerabilities described in CVE-2007-3382, CVE-3385, CVE-5333, CVE-2008-2370, CVE-2008-5515, and CVE-2009-0783. |
| ID 308471 | The updated Java Runtime Environment included with Enterprise Manager addresses the local vulnerabilities described in CVE-2009-0217, CVE-2009-2745, CVE-2009-2746, CVE-2009-2625, CVE-2009-2670 through 2675, and CVE-2009-2690. |
| ID 308491 | We included an updated libxml2 library to address vulnerabilities described in CVE-2009-2414, CVE-2009-2416. |
| ID 308496 | The updated curl package included with Enterprise Manager addresses the vulnerabilities described in CVE-2009-2417. |
| ID 308512 | We included updated cyrus-sasl libraries to address the vulnerabilities described in CVE-2009-0688. |
| ID 308520 | Previously, when you used the software upgrade wizard to update a system using Software Volume Management, the version did not properly update on the device list. Now, the correct version appears on the device list after an upgrade. |
| ID 308558 | We enhanced the auto refresh control on the task properties screen. |
| ID 308579 | If the system encounters a power failure, the statistics monitoring database can become corrupted. You can follow the instructions in SOL10736 in the Solutions database in the AskF5 Knowledge Base to use the proper parameters with this script to repair the database. |
| ID 308580 | When you configure Enterprise Manager version 2.0 as a high availability system, initially, both peers are set to an offline state. Additionally, when you upgrade a managed pair of Enterprise Manager systems, upon upgrade, both systems are set to offline. For failover to work properly, you must specify a peer management address. |
| ID 308586 | We included updated OpenSSH packages with the new version of Enterprise Manager to address vulnerabilities described in CVE-2009-2904. |
| ID 308590 | We corrected an issue were certain device-level TCP metrics were inaccurate. TCP metrics reported in statistical data are now correct. |
| ID 308593 | Previously, if you ran the qkview command from the command line, you may have received a warning message indicating that qkview was out of date. As we have updated the qkview package to include Enterprise Manager-specific data, these warnings no longer appear. |
| ID 308605 | If a discovery task encounters an error, the status page may continually refresh instead of timing out. |
| ID 308632 | If you configure a Gather Support Information task and attach a file, the file names may not be preserved when you send the information to the F5 support site. |
| ID 308648 | Previously, when you created an advanced archive of an Enterprise Manager configuration, this included images stored the software repository. This often resulted in very large backup files. To provide more useful backup files, the advanced archive script no longer includes images stored in the Enterprise Manager software repository. If you need to recover these images, you can download the images from the F5 downloads site, https://downloads.f5.com/. |
| ID 308697, ID 308699, ID 308700 | We changed certain screens to prevent local cross-site scripting vulnerabilities. |
| ID 308698 | Previously, if a user had accessed the Configuration utility of an Enterprise Manager system, and then browsed to an untrusted site and clicked on a malicious link, the system may have been vulnerable to cross-site scripting attacks. We corrected this issue in the new version of Enterprise Manager. |
| ID 308701 | With the introduction of forms-based authentication, users will now be able to log out of an Enterprise Manager session without needing to close the browser window. |
Known issues
| Issue | Description |
|---|---|
| ID 301793 | When using the image2disk command to upgrade Enterprise Manager to an LVM system, you will not be able to monitor the installation. In order to monitor the installation, you must use the Software Installation wizard from the Enterprise Manager web interface. |
| ID 301957 | If you navigate to the System section and click Users, the list includes all users in the Common partition even though some users may not be in the Common partition. |
| ID 332826 | On the Device Platform screen, if you view the platform information for an EM 4000, inaccurate details about the boot location appear. The details indicate available Compact Flash boot locations where there are none. |
| ID 332848 | When you use the License Device wizard to manage the license of a managed device, the system may not report the correct progress if it encounters difficulty when contacting the license server. Specifically, the error message may indicate that the system cannot retrieve the license key from the device. |
| ID 335741 | When you install Enterprise Manager version 2.0, and view installation messages the console, you may see an error indicating a missing /usr/bin/rpmgraph directory. The system upgrade installs successfully, and you can ignore this message. |
| ID 335743 | If you use Enterprise Manager to upgrade devices that use a Compact Flash drive, the upgrade may not complete. |
| ID 336256 | If an Enterprise Manager system has a very large statistics database (for example, over 20GB), the upgrade from to version 2.1 may require up to several hours to convert the database to a new schema used in version 2.1. Our tests indicate that this conversion may take about six hours for a 20GB database. While the upgrade is in progress, the web interface of the updated device is responsive but you cannot discover new devices, nor create any tasks for existing managed devices. Additionally, if you reboot the system during the upgrade, this could corrupt the data in the database. The system warns of the database upgrade, but does not notify when the process completes. You can check to see if the task is marked finished in the /var/tmp/em_setup_log.txt file. |
| ID 336953 | The kernel included in Enterprise Manager is affected by the vulnerabilities described in CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1088, CVE-2010-1173, CVE-2010-1187, CVE-2010-1436, CVE-2010-1437, and CVE-2010-1641. |
| ID 349454 | In certain instances, on an Enterprise Manager Virtual edition deployment, you may encounter TMM errors due to the way Enterprise Manager uses its database. |
| ID 356462 | Starting in Enterprise Manager version 2.1, you can create custom lists for network objects. Note that only network objects for which you have the rights to view directly on the associated device are available. If you do not have permission to view certain objects on the associated device, they do not display on Enterprise Manager. |
| ID 354580 | When you reboot a licensed partition, you receive an message that the emstatsd service restarted upon reboot. After emstatsd restarts, the system continues to function normally. |
| ID 359760 | Some of the standard templates may not be compatible with 11.x devices. |
| ID 365648 | If you configure a remote statistics database, then later switch to an internal stats database, you cannot continue to use the remote database if you upgrade to version 2.3. This occurs because version 2.3 uses a different database schema. |
| ID 365903 | After booting from version 2.0 to version 2.3, some pages in the configuration utility may not work correctly unless you clear the browser cache. |
| ID 367648 | Enterprise Manager does not support all statistics for Global Traffic Manager version 11.0.0 systems. |
| ID 367866 | To use the iControl proxy feature, the Enterprise Manager topology must be configured so that the system manages devices through the internal VLAN instead of through the management network. |
| ID 368169 | When performing a self upgrade from Enterprise Manager version 2.2 to version 2.3, the swimd service may log an error in var/log/em. This occurs due to certain services not being available in expected order after a self installation task. You can ignore this error as the upgraded system functions normally. |
| ID 368202 | If you discover and manage device through the management port, and the management network is not routable from the internal traffic network, you cannot use the iControl Proxy feature to manage these devices. If you discover and manage devices through the devices' TMM port, you can use iControl Proxy successfully. |
| ID 369031 | On the Custom Lists screen, if you resize a column in the object list, the Details column temporarily disappears as you resize the column. |
| ID 369446 | If you manage a large number of devices, you may encounter errors if you open the statistics screen. The system may become unresponsive as it attempts to collect data from managed devices. Additionally, a "too many connections" error is logged as a tomcat error. |
| ID 369573 | If you upgrade to version 2.3 from version 2.2, then switchboot to a version 2.2 installation on another boot location, the emstatsd service restarts, and logs a restart message every 15 to 20 seconds. This results from the new database schema introduced in version 2.3 not being compatible with the schema used in version 2.2. |
| ID 370142 | Enterprise Manager will still proxy iControl requests to devices that are in Maintenance Mode or Device Replacement Mode. Also, when an Enterprise Manager High Availability pair is used, the Standby/Forced Offline unit will still serve iControl proxy requests if accessed directly, through a non-floating Self IP (e.g. management IP or any Self IP on the external VLAN that permits traffic on port 443). |
| ID 370278 | The Enterprise Manager 500 platform is not supported by version 2.3. |
| ID 371652 | For certain network objects, Enterprise Manager does not correctly update the status to display the unavailable state. |
| ID 372331 | If you configure Enterprise Manager to use the SSL Proxy feature to manage devices, you cannot use iControl Proxy to manage those devices. |
| ID 372971 | On the Access Control User List screen, the online help documents List Web Role and List Shell Role, which are no longer applicable. |
| ID 373708 | Device List certificate collection settings may be disabled after upgrading to 2.3.0. This can cause pre-existing certificate expiration alerts to not work as expected. |
Contacting F5 Networks
| Phone: | (206) 272-6888 |
| Fax: | (206) 272-6802 |
| Web: | http://support.f5.com |
| Email: | support@f5.com |
For additional information, please visit http://www.f5.com.
