Applies To:

Show Versions Show Versions

Release Note: Enterprise Manager version 2.3.0
Release Note

Original Publication Date: 08/30/2013

Summary:

This release note documents the version 2.3.0 release of Enterprise Manager.

Contents:

- Supported hardware
     - Managed Device compatibility
- User documentation for this release
- New in 2.3.0
- Installing the software
- Setting up a new system
- Upgrading from earlier versions
- To back up Enterprise Manager management data prior to upgrade and conversion to LVM
- To restore Enterprise Manager management data after upgrade and conversion to LVM
- To backup and restore the statistics database
- To download the upgrade
- To import and install the upgrade using the Software Upgrade wizard
- Fixes in 2.3.0
- Fixes in 2.2.0
- Fixes in 2.1.0
- Fixes in 2.0.0
- Known issues
- Contacting F5 Networks
- Legal notices

Supported hardware

You can apply the software upgrade to systems running software versions 2.x on systems running on the Enterprise Manager 4000, Enterprise Manager 3000, or Enterprise Manager Virtual Edition (VE) platforms.

Note: Enterprise Manager version 2.3 no longer supports the Enterprise Manager 500 platform.

Managed Device compatibility

Enterprise Manager version 2.3 supports the following software versions:

  • Enterprise Manager version 1.6 to version 1.8
  • Enterprise Manager version 2.x.x
  • Enterprise Manager Virtual Edition (VE) version 2.2.0 or later
  • BIG-IP version 11.x.x
  • BIG-IP version 10.0.1 and later in the BIG-IP version 10.x.x family
  • BIG-IP Local Traffic Manager Virtual Edition (VE) version 10.2.x or later
  • BIG-IP version 9.3.1 to BIG-IP version 9.4.x
  • BIG-IP Secure Access Manager version 8.0.x
  • WANJet version 5.0.x

User documentation for this release

For a comprehensive list of documentation that is relevant to this release, refer to the Enterprise Manager 2.3.0 Documentation page.

New in 2.3.0

SDK iControl Proxy

With this feature, you can configure any BIG-IP iControl client script or code to communicate with one instance of Enterprise Manager, instead of with several individual BIG-IP systems. This helps you manage the iControl traffic within your organization with integrated authentication, iControl call logging, and the ability to query Enterprise Manager’s device inventory through iControl. You can find the documentation for this feature on DevCentral with other iControl documentation.

Capacity Planning report

This report contains capacity details for your managed device for CPU, memory, and throughput usage. You can use this report to identify devices that are running near the edge of capacity, providing you the ability to plan ahead for any required upgrades or configuration changes.

GTM Object Activity report and statistics

In addition to providing statistics for Global Traffic Manager systems, a new report provides details about Global Traffic Manager (GTM) object activity. You can use this report to monitor GTM object performance, troubleshoot potential issues, and reallocate resources as needed.

Flapping LTM Pool Member report

This report provides you with a list of pool members that repeatedly restart, going from an up state to a down state and back again. You can use this report to identify potential connectivity issues to the pool members in your network.

Upgraded navigation

This release features a new, streamlined navigation scheme that enhances product usability and work flow.

Extended folder support for network objects

Enterprise Manager supports managing network objects in the context of folders to support the feature introduced in BIG-IP version 11.0.0.

Installing the software

If you are using a new Enterprise Manager system, the current software is loaded and configured. If you are upgrading an existing system, you must download and install the upgrade.

Setting up a new system

Enterprise Manager version 2.3 was shipped to you installed on the Enterprise Manager platform you selected. You only need to set up the system in your network, license the system, and connect it to one or more devices that you want to manage.

For an explanation of networking options and setup instructions, see the Initial Setup and Configuration chapter in the Enterprise Manager: Getting Started Guide available at http://support.f5.com.

Upgrading from earlier versions

If you have an existing Enterprise Manager system, you can use the F5 Electronic Software Distribution site to download a new software image. Then, you can use the Enterprise Manager Software Upgrade wizard to upgrade your Enterprise Manager system. You can upgrade Enterprise Manager to version 2.3 from version 2.x. If you need to upgrade from an earlier version, due to changes in disk management and database schema, we recommend upgrading first to version 2.0 prior to upgrading to version 2.3. See the release notes for Enterprise Manager version 2.0 for instructions on upgrading from version 1.8, including command line instructions.

Note: If an Enterprise Manager system has a very large statistics database (for example, over 20GB), the upgrade to version 2.3 may require over an hour or more to convert the database to a new schema used in version 2.3. Our tests indicate that this conversion may take about six hours for a 20GB database. (You can determine the size of the statistics database by clicking System Information under Enterprise Management.) Additionally, the system truncates the database to 20GB maximum. We recommend backing up the database prior to upgrade. (ID 336256) .
Important: If during the upgrade you choose to convert from a partitioned to the LVM disk management scheme, the system erases the software repository, archives, and other data stored in the Enterprise Manager database. You must re-import software and hotfix images on the upgraded system. However, you can back up and restore device data, archives. To retain these items, use the following procedure to back up important Enterprise Manager data.

To back up Enterprise Manager management data prior to upgrade and conversion to LVM

To perform these actions, you must log on to the Enterprise Manager command line as the root user.
  1. To back up the Enterprise Manager database and stored device archives, type the following command where <archive_name> is the path and file name for the archive file: em-backup <archive_name>.ucs
  2. When the process finishes, move the file to a remote location using scp, ftp, or some other method of file transfer.

To restore Enterprise Manager management data after upgrade and conversion to LVM

If you convert to LVM, use this procedure to restore management information such as device information, and device archives. To perform these actions, you must log on to the Enterprise Manager command line as the root user.
  1. Copy the <archive_name>.ucs file to the upgraded Enterprise Manager system.
  2. At the command prompt, type the following command, where <archive_name> is the path and file name for the archive file: em-restore <archive_name>.ucs
  3. When the process finishes, delete the <archive_name>.ucs file and reboot the device.

To backup and restore the statistics database

Use this procedure to restore a statistics archive if you encounter errors in the upgrade to version 2.3 and continue to use version 2.x.
  1. To back up the Enterprise Manager statistics database, type the following command where <user> is the user name on the remote system, <address> is the IP address of the remote system, and <remote_path> is the path on the remote system: em-backup-extern -u <user> -r <address> -l <remote_path> This stores the statistics database in the f5em_extern-MMDDYYHHMMSS directory (where MMDDYYHHMMSS represents the time stamp of the database backup) on the remote system at the path you specified.
  2. Perform the upgrade.
  3. If the upgrade fails, you can restore the Enterprise Manager statistics database by typing the following command where <user> is the user name on the remote system, <address> is the IP address of the remote system, <remote_path> is the path on the remote system : em-restore-extern <user>@<address>://<remote_path>/f5em_extern-YYYYMMDDHHMMSS
  4. Reboot the system.

To download the upgrade

To download the software upgrade, you must create an account at http://downloads.f5.com. This site uses an F5 single sign-on account for technical support and downloads. After you create an account, you can log on and download the Enterprise Manager 2.3 software.
  1. Using a web browser connected to the internet, visit http://downloads.f5.com.
  2. In the User Email box, type the email address associated with your F5 technical support account.
  3. In the Password box, type the password.
  4. Click the Login button.
  5. Click the Find a Download button.
  6. Locate the Enterprise Manager product family and click the adjacent Enterprise Manager v2.x link.
  7. Click the release link for version 2.3.
  8. Read the license agreement, and click I Accept to agree to the terms of the agreement.
  9. Click the EM-2.3.0.774.0.md5 link to begin downloading the md5 checksum to your local system.
  10. Click the appropriate option depending on the method you want to use to download the file.
  11. Click the back button on the browser to return to the Select a Download screen.
  12. Click the EM-2.3.0.774.0.iso link to begin downloading the software image to your local system. The Select Download Method screen opens.
  13. Click an option depending on the method you want to use to download the file.
  14. Use the .md5 file you downloaded to verify the integrity of the software image.

To import and install the upgrade using the Software Upgrade wizard

Use this procedure if you discovered and added Enterprise Manager as a managed device. When the system discovers an Enterprise Manager system, including itself, you can manage it in the same way as other managed devices.
  1. Using a web browser connected to the same network as the Enterprise Manager system, visit https://<em_address>, where <em_address> is the IP address that you use to log onto the Enterprise Manager web interface.
  2. Sign on to Enterprise Manager as an administrator-level user.
  3. On the navigation pane, expand Enterprise Manager and click Software Images. The Software Images screen opens.
  4. Click the Import button.
  5. For the File Name setting, click Browse.
  6. Using the dialog box, browse to the location where you downloaded the EM-2.3.0.774.0.iso file in step 12 of the previous section.
  7. Using the dialog box, click the EM-2.3.0.774.0.iso file name to select it, then click Open. The dialog box closes, and a path name appears in the File Name box.
  8. Click Import.
  9. When the software import task finishes, click Finished.
  10. In the software image list, click an earlier version of Enterprise Manager.
  11. Click Copy or Install to start the Software Upgrade wizard.

Fixes in 2.3.0

Issue Description
ID 332825 If you are managing a system that uses Logical Volume Management, and you add a new volume to the managed device, the Enterprise Manager system may not detect the new volume immediately.
ID 336949 The kerberos package included with Enterprise Manager is affected by the vulnerabilities described in CVE-2010-1321 and VU#233500.
ID 336952 The perl package included with Enterprise Manager is affected by the vulnerabilities described in CVE-2008-5302, CVE-2008-5303, CVE-2010-1168, and CVE-2010-1447.
ID 352343 If you use the Service Contract End Date wizard to assist in tracking the service contract end dates for managed devices, you may encounter an issue where the task fails if it cannot connect to the F5 licensing server. If you encounter this scenario, try the task again later.
ID 370059 If you run the version 11.0.0 big3d agent on a version 9.x or version 10.x system, Enterprise Manager cannot collect statistics for these systems.

Fixes in 2.2.0

Issue Description
ID 336950 We included an updated MySQL package with Enterprise Manager to fix the local vulnerability described in RHSA-2010-1442.
ID 339203 We corrected an issue where the system could not recognize a pool member if the port number was greater than 16384.
ID 339992 Previously, if you added a new pool member and selected * (wildcard character) to represent "all ports", the system did not collect statistics for the port address you specified. We corrected this issue so that the system recognizes that the wildcard character means "all ports".
ID 342056 Previously, when you configured certain managed devices as peer devices, the system did not recognize some platforms as identical, and displayed an erroneous warning upon discovery. We corrected this issue so that devices that function properly as peers are discovered as a High Availability system.
ID 342171 We corrected an issue where Enterprise Manager could not discover a VIPRION system if the system did not use a management IP address.
ID 343734 Enterprise Manager includes an updated freetype package to fix the issues described in CVE-2010-1797 and RHSA-2010-0737.
ID 343735 Enterprise Manager includes an updated freetype package to fix the issues described in CVE-2010-1797 and RHSA-2010-0737.
ID 343736 We included an updated version of PHP to address the vulnerabilities described in RHSA-2010-0040.
ID 343918 We corrected issues with the emstatsd and swimd services to correct issues with the service restarting during ASM attack signature updates.
ID 343924 We corrected issues with the emstatsd and swimd services to correct issues with the service restarting during ASM attack signature updates.
ID 344036 If you use a remote database with Enterprise Manager, you must use either latin1 or UTF8 character sets. The system does not recognize other character sets, and may prevent a connection to the database.
ID 344562 The updated glibc package included in this version of Enterprise Manager fixes the local vulnerability described in RHSA-2010-0793.
ID 344563 We included an updated version of RPM to address the vulnerabilities described in RHSA-2010-0679.
ID 344567 The updated bzip2 package included in this version of Enterprise Manager fixes the local vulnerability described in CVE-2010-0405.
ID 345257 We corrected an issue with the dashboard that identified the Enterprise Manager 4000 platform as a BIG-IP 3900 platform.
ID 345794 We corrected an issue where previously, when you created a report that included a large number of objects, the formatting of the report in the PDF appeared distorted.
ID 347054 Previously, you could encounter an error during upgrade due to the way Enterprise Manager sized disk partitions when upgrading and converting to the LVM disk management scheme. Now, the system can adjust the size of disk partitions to suit the data during an upgrade.
ID 348315 We corrected an issue where the system did not send an SNMP trap for a device status change.
ID 348915 Previously, if you enabled or disabled an object on a managed device, then started a ConfigSync task on that device, the task may not complete. Now, you can enable or disable an object, and the system waits for this task to complete before initiating the ConfigSync task.
ID 349843 In certain instances, you may encounter access issues with an external performance monitoring database. If you restore a configuration archive from one device on another, both devices may maintain a connection to the same remote database. Also, if you associate an external database with the system on one boot location, then upgrade another boot location, the system may only associate the database with the initial boot location. These scenarios may occur as a result of Enterprise Manager using a unique identifier to work with external databases. In these specific scenarios, the unique identifier is not replaced, and can cause errors. To work around issues encountered in these scenarios, please see SOL12702 in the AskF5 Knowledge Base to reset the external database and the unique identifier for the external database.
ID 349978 When you upgrade a managed device from a version that does not support LVM to version 10.2.0 or later, you can select the option to retain the partitioned disk scheme. However, selecting the partitioned scheme may cause the installation task to fail.
ID 350076 The emstatsd service logs messages in /var/log/emstatsd.out in addition to the regular log location /var/log/em.
ID 350782 Previously, if you reduced the allocated space for statistics on a remote database, the size of the remote database was not affected. The allocated space setting now properly adjusts database sizes regardless of whether they are hosted locally or remotely.
ID 350831 Previously, if you performed a self-upgrade on the active member of an Enterprise Manager pair, the system may have reported that the task was cancelled when the target system reboots. The system now reports the correct task status.
ID 350999 If you restore a local database with a database that is larger than the size allocated, the system does not groom the restored database to the size allocated.
ID 351014 In certain instances, you may encounter access issues with an external performance monitoring database. If you restore a configuration archive from one device on another, both devices may maintain a connection to the same remote database. Also, if you associate an external database with the system on one boot location, then upgrade another boot location, the system may only associate the database with the initial boot location. These scenarios may occur as a result of Enterprise Manager using a unique identifier to work with external databases. In these specific scenarios, the unique identifier is not replaced, and can cause errors. To work around issues encountered in these scenarios, please see SOL12702 in the AskF5 Knowledge Base to reset the external database and the unique identifier for the external database.
ID 351828 If you configure an HA pair of Enterprise Manager systems to use a remote statistics database, then later separate the devices into two unique active systems, both systems continue to use the same remote database. This can cause data corruption in the database. To avoid this scenario, you must re-configure the remote database connection on each device.
ID 352921 When a corrupted Performance Monitoring database is detected, Enterprise Manager will prompt the administrator to run the em-repair-extern script. This will work for the local Performance Monitoring database. For a remote Performance Monitoring database a MySQL Database Administrator should repair the database manually.
ID 352943 Managed devices that use strongbox licenses may not display the correct service contract end date due to the different way the system handles strongbox licenses. As a result, you cannot accurately monitor the service contract end date for these systems in Enterprise Manager.

Fixes in 2.1.0

Issue Description
ID 301597 Previously, if you used the Launch link on the device properties screen to open a new window to log into a managed device, you could not perform management tasks on the managed device. Additionally, you could not use the Logout link on the managed device's Configuration utility to log off of the system. We corrected this issue so that you do not have to clear cookies associated with the managed device before using the Launch link.
ID 301599 Previously, if you used Enterprise Manager to copy a Guest user account from a version 9.x managed device to a version 10.x managed device, the Guest user's access level was changed to No Access, and it required manual intervention to change the user role permissions on the managed device. We corrected this issue so that you can copy a Guest user account without encountering this issue.
ID 301603 Previously, if you used the Launch link on the device properties screen to open a new window to log into a managed device, you could not perform management tasks on the managed device. Additionally, you could not use the Logout link on the managed device's Configuration utility to log off of the system. We corrected this issue so that you do not have to clear cookies associated with the managed device before using the Launch link.
ID 301607 Previously, you may have encountered errors in the emsnmpd service when using the snmpwalk command at the command line that caused the emsnmpd service to restart. We corrected this issue to prevent both the errors and the service restart.
ID 301608 Previously, on the Device Statistics configuration screen, if you clicked the Show All link to display more than two pages of objects, the link did not appear to work and you had to click Show All again to view all objects. The link now works correctly.
ID 301612 Previously, if you configured multiple alert instances and these alerts were triggered, the system did not log these alerts properly in the alert log. The system now logs all alert names in the history log.
ID 301613 Previously, when you configured a user on the Enterprise Manager system with an administrator user role, this user was not be able to perform certain tasks that the administrator user can perform. The permissions available to an administrator user now work correctly.
ID 301615 We corrected an issue where if you disabled role permissions by changing the Archive Device Configuration setting for Operator or Application Editor user roles, then a user with one of these roles deleted a configuration archive from the Archive Properties screen, this caused an error. The Delete button on this screen is no longer available after disabling permissions.
ID 301616 We corrected an issue where in rare cases, the statistics database could become corrupted after a power failure and you needed to use an included script from the command line to repair it. However, when you used the em-repair-extern command from the command line, you likely encountered a disk full error. SOL10736 in the AskF5 Knowledge Base corrected this issue in the previous version, but it should no longer apply to the current release.
ID 301632 To prevent ConfigSync compatibility issues, Enterprise Manager no longer permits a ConfigSync operation between Enterprise Manager pairs unless the software versions on each system are identical.
ID 301633 To prevent ConfigSync compatibility issues, Enterprise Manager no longer permits a ConfigSync operation between Enterprise Manager pairs unless the software versions on each system are identical.
ID 301665 Previously, if you opened the Stage ASM Policy wizard, but had no compatible Application Security Manager systems as managed devices, the system logged an error in /var/log/em. The system no longer logs this scenario as an error.
ID 301672 We corrected an issue where when you changed the management IP address of an Enterprise Manager system, and rediscovered devices, unnecessary change notifications were sent to the old Enterprise Manager IP address.
ID 301675 When collecting and viewing statistics data, Enterprise Manager now uses the metric bits instead of bytes in order to match metrics on BIG-IP systems.
ID 301709 Enterprise Manager now reports accurate staged changeset errors for a staged changeset instead of at the device level for each device in a staged changeset task.
ID 301710 The updated MySQL package included in this release addresses the vulnerabilities described in RHSA-2010-0109.
ID 301713 We corrected an issue that caused certain devices and device groups to not appear in the list of devices that to which you can apply the alert, when you created an alert. Now, all available devices and device groups appear properly.
ID 301827 We corrected an issue where previously, when you scheduled a backup of a managed BIG-IP Global Traffic Manager system, Enterprise Manager did not always create the UCS archive and store it in the Enterprise Manager database. Now, when you schedule backups for a Global Traffic Manager system, Enterprise Manager creates and stores the archive correctly.
ID 301835 We corrected a status reporting issue that occurred when you discovered a managed device with pools and virtual servers. Now, when you discover a device, the status of these network objects appears correctly in Enterprise Manager.
ID 301875 Previously, if a user on a partition other than Common performed an action on an object that existed in another partition, the first user might have encountered a HTTP Status 500 error, and the action failed. We corrected this issue so that users with permissions on one administrative partition cannot perform actions on objects in the Common partition.
ID 301886 Previously, Enterprise Manager systems did not recognize two unique objects whose names were identical but differed only in case. Now, if you have two objects with the same name, but differ in case, the system recognizes their uniqueness.
ID 301887 Depending on the size of your statistics database, and the range of dates for your report, you may encounter significant delays (up to several hours for extremely large databases and wide ranges of time) while Enterprise Manager collects the necessary data.
ID 301918 We corrected an issue where the address field was not visible when you created a flapping node report.
ID 301924 You can now configure Enterprise Manager to communicate with managed devices through an SSL proxy.
ID 301975 We corrected an issue that occurred when you downgraded from Enterprise Manager version 2.1 to version 2.0. Previously, this could have caused web interface errors with menu tabs or could have prevented you from accessing the statistics database.
ID 301999 We corrected an issue that caused certain devices and device groups to not appear in the list of devices that to which you can apply the alert, when you created an alert. Now, all available devices and device groups appear properly.
ID 302001 We corrected an issue where if you ran a configuration synchronization on a pair of Enterprise Manager devices from the Device Properties screen, the ConfigSync status indicated in the top left of the screen did not update properly until you clicked an option on the navigation pane. The indicator now updates without requiring additional interaction.
ID 302002 We included a new tomcat package to address the vulnerabilities described in CVE-2007-3382, CVE-3385, CVE-5333, CVE-2008-2370, CVE-2008-5515, and CVE-2009-0783.
ID 302003 We included an updated libbind package to address the vulnerabilities described in CVE-2008-0122 and CVE-2007-6251.
ID 336947 This release corrects the OpenSSL vulnerabilities described in CVE-2009-2409, CVE-2009-4355, and CVE-2010-0740.
ID 337060 If you upgrade to version 2.1, and you system uses a statistics database greater than 20GB, the Allocated Storage Space value displayed on the upgraded system may be inaccurate. Although the database size is the same as in version 2.0, to view the correct size, you must change the value to the same setting on the version 2.0 system.

Fixes in 2.0.0

Issue Description
ID 308398 We included a new tomcat package to address the vulnerabilities described in CVE-2007-3382, CVE-3385, CVE-5333, CVE-2008-2370, CVE-2008-5515, and CVE-2009-0783.
ID 308399, ID 308400 With the new version of Enterprise Manager, the system now supports the following command line tools commonly available in BIG-IP systems: b daemon audit, b cli audit, and b remote users.
ID 308401 This version of Enterprise Manager now supports TACACS+ user authentication.
ID 308403 We updated the tcpdump package included with Enterprise Manager to address the local vulnerabilities described in CVE-2004-0055.
ID 308405 The version of bind included with Enterprise Manager fixes the DSA key vulnerabilities described in CVE-2009-0025.
ID 308406 This version of Enterprise Manager includes an updated ntp package to address the vulnerabilities described in CVE-2009-0021.
ID 308411 In the Support Data Collection wizard, you can now select an SFTP option for a secure connection when sending information to the F5 support site.
ID 308413 The updated kernel included in Enterprise Manager fixes vulnerabilities described in CVE-2008-4307, CVE-2009-0787, CVE-2009-1336, CVE-2009-1337, CVE-2007-5966, CVE-2009-1385, CVE-2009-1389, CVE-2009-1895, CVE-2009-2407, and CVE-2009-1388.
ID 308414 Enterprise Manager did not previously display offline and forced offline states for managed devices running BIG-IP version 10.0.x. The system can now display all possible states of a managed device.
ID 308421 We included an updated httpd package to address the vulnerabilities described in CVE-2008-1678, and CVE-2009-1195.
ID 308428 Enterprise Manager contains an updated OpenSSL package to address the vulnerabilities described in CVE-2009-1387.
ID 308444 We included an updated apr-util packages to address local vulnerabilities described in CVE-2009-0023, CVE-2009-1955, and CVE-2009-1956.
ID 308452 The updated MySQL package included with Enterprise Manager fixes the vulnerability described in CVE-2009-2446.
ID 308453 Enterprise Manager includes updated NSS/NSPR libraries to address the vulnerabilities described in CVE-2009-2404, CVE-2009-2408, and CVE-2009-2409.
ID 308457 The updated kernel included in Enterprise Manager fixes vulnerabilities described in CVE-2008-4307, CVE-2009-0787, CVE-2009-1336, CVE-2009-1337, CVE-2007-5966, CVE-2009-1385, CVE-2009-1389, CVE-2009-1895, CVE-2009-2407, and CVE-2009-1388.
ID 308459 We included a new tomcat package to address the vulnerabilities described in CVE-2007-3382, CVE-3385, CVE-5333, CVE-2008-2370, CVE-2008-5515, and CVE-2009-0783.
ID 308471 The updated Java Runtime Environment included with Enterprise Manager addresses the local vulnerabilities described in CVE-2009-0217, CVE-2009-2745, CVE-2009-2746, CVE-2009-2625, CVE-2009-2670 through 2675, and CVE-2009-2690.
ID 308491 We included an updated libxml2 library to address vulnerabilities described in CVE-2009-2414, CVE-2009-2416.
ID 308496 The updated curl package included with Enterprise Manager addresses the vulnerabilities described in CVE-2009-2417.
ID 308512 We included updated cyrus-sasl libraries to address the vulnerabilities described in CVE-2009-0688.
ID 308520 Previously, when you used the software upgrade wizard to update a system using Software Volume Management, the version did not properly update on the device list. Now, the correct version appears on the device list after an upgrade.
ID 308558 We enhanced the auto refresh control on the task properties screen.
ID 308579 If the system encounters a power failure, the statistics monitoring database can become corrupted. You can follow the instructions in SOL10736 in the Solutions database in the AskF5 Knowledge Base to use the proper parameters with this script to repair the database.
ID 308580 When you configure Enterprise Manager version 2.0 as a high availability system, initially, both peers are set to an offline state. Additionally, when you upgrade a managed pair of Enterprise Manager systems, upon upgrade, both systems are set to offline. For failover to work properly, you must specify a peer management address.
ID 308586 We included updated OpenSSH packages with the new version of Enterprise Manager to address vulnerabilities described in CVE-2009-2904.
ID 308590 We corrected an issue were certain device-level TCP metrics were inaccurate. TCP metrics reported in statistical data are now correct.
ID 308593 Previously, if you ran the qkview command from the command line, you may have received a warning message indicating that qkview was out of date. As we have updated the qkview package to include Enterprise Manager-specific data, these warnings no longer appear.
ID 308605 If a discovery task encounters an error, the status page may continually refresh instead of timing out.
ID 308632 If you configure a Gather Support Information task and attach a file, the file names may not be preserved when you send the information to the F5 support site.
ID 308648 Previously, when you created an advanced archive of an Enterprise Manager configuration, this included images stored the software repository. This often resulted in very large backup files. To provide more useful backup files, the advanced archive script no longer includes images stored in the Enterprise Manager software repository. If you need to recover these images, you can download the images from the F5 downloads site, https://downloads.f5.com/.
ID 308697, ID 308699, ID 308700 We changed certain screens to prevent local cross-site scripting vulnerabilities.
ID 308698 Previously, if a user had accessed the Configuration utility of an Enterprise Manager system, and then browsed to an untrusted site and clicked on a malicious link, the system may have been vulnerable to cross-site scripting attacks. We corrected this issue in the new version of Enterprise Manager.
ID 308701 With the introduction of forms-based authentication, users will now be able to log out of an Enterprise Manager session without needing to close the browser window.

Known issues

Issue Description
ID 301793 When using the image2disk command to upgrade Enterprise Manager to an LVM system, you will not be able to monitor the installation. In order to monitor the installation, you must use the Software Installation wizard from the Enterprise Manager web interface.
ID 301957 If you navigate to the System section and click Users, the list includes all users in the Common partition even though some users may not be in the Common partition.
ID 332826 On the Device Platform screen, if you view the platform information for an EM 4000, inaccurate details about the boot location appear. The details indicate available Compact Flash boot locations where there are none.
ID 332848 When you use the License Device wizard to manage the license of a managed device, the system may not report the correct progress if it encounters difficulty when contacting the license server. Specifically, the error message may indicate that the system cannot retrieve the license key from the device.
ID 335741 When you install Enterprise Manager version 2.0, and view installation messages the console, you may see an error indicating a missing /usr/bin/rpmgraph directory. The system upgrade installs successfully, and you can ignore this message.
ID 335743 If you use Enterprise Manager to upgrade devices that use a Compact Flash drive, the upgrade may not complete.
ID 336256 If an Enterprise Manager system has a very large statistics database (for example, over 20GB), the upgrade from to version 2.1 may require up to several hours to convert the database to a new schema used in version 2.1. Our tests indicate that this conversion may take about six hours for a 20GB database. While the upgrade is in progress, the web interface of the updated device is responsive but you cannot discover new devices, nor create any tasks for existing managed devices. Additionally, if you reboot the system during the upgrade, this could corrupt the data in the database. The system warns of the database upgrade, but does not notify when the process completes. You can check to see if the task is marked finished in the /var/tmp/em_setup_log.txt file.
ID 336953 The kernel included in Enterprise Manager is affected by the vulnerabilities described in CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1088, CVE-2010-1173, CVE-2010-1187, CVE-2010-1436, CVE-2010-1437, and CVE-2010-1641.
ID 349454 In certain instances, on an Enterprise Manager Virtual edition deployment, you may encounter TMM errors due to the way Enterprise Manager uses its database.
ID 356462 Starting in Enterprise Manager version 2.1, you can create custom lists for network objects. Note that only network objects for which you have the rights to view directly on the associated device are available. If you do not have permission to view certain objects on the associated device, they do not display on Enterprise Manager.
ID 354580 When you reboot a licensed partition, you receive an message that the emstatsd service restarted upon reboot. After emstatsd restarts, the system continues to function normally.
ID 359760 Some of the standard templates may not be compatible with 11.x devices.
ID 365648 If you configure a remote statistics database, then later switch to an internal stats database, you cannot continue to use the remote database if you upgrade to version 2.3. This occurs because version 2.3 uses a different database schema.
ID 365903 After booting from version 2.0 to version 2.3, some pages in the configuration utility may not work correctly unless you clear the browser cache.
ID 367648 Enterprise Manager does not support all statistics for Global Traffic Manager version 11.0.0 systems.
ID 367866 To use the iControl proxy feature, the Enterprise Manager topology must be configured so that the system manages devices through the internal VLAN instead of through the management network.
ID 368169 When performing a self upgrade from Enterprise Manager version 2.2 to version 2.3, the swimd service may log an error in var/log/em. This occurs due to certain services not being available in expected order after a self installation task. You can ignore this error as the upgraded system functions normally.
ID 368202 If you discover and manage device through the management port, and the management network is not routable from the internal traffic network, you cannot use the iControl Proxy feature to manage these devices. If you discover and manage devices through the devices' TMM port, you can use iControl Proxy successfully.
ID 369031 On the Custom Lists screen, if you resize a column in the object list, the Details column temporarily disappears as you resize the column.
ID 369446 If you manage a large number of devices, you may encounter errors if you open the statistics screen. The system may become unresponsive as it attempts to collect data from managed devices. Additionally, a "too many connections" error is logged as a tomcat error.
ID 369573 If you upgrade to version 2.3 from version 2.2, then switchboot to a version 2.2 installation on another boot location, the emstatsd service restarts, and logs a restart message every 15 to 20 seconds. This results from the new database schema introduced in version 2.3 not being compatible with the schema used in version 2.2.
ID 370142 Enterprise Manager will still proxy iControl requests to devices that are in Maintenance Mode or Device Replacement Mode. Also, when an Enterprise Manager High Availability pair is used, the Standby/Forced Offline unit will still serve iControl proxy requests if accessed directly, through a non-floating Self IP (e.g. management IP or any Self IP on the external VLAN that permits traffic on port 443).
ID 370278 The Enterprise Manager 500 platform is not supported by version 2.3.
ID 371652 For certain network objects, Enterprise Manager does not correctly update the status to display the unavailable state.
ID 372331 If you configure Enterprise Manager to use the SSL Proxy feature to manage devices, you cannot use iControl Proxy to manage those devices.
ID 372971 On the Access Control User List screen, the online help documents List Web Role and List Shell Role, which are no longer applicable.
ID 405736 Alerts for device configuration synchronization may not function as expected for managed BIG-IP devices running version 11.x. To verify the configuration synchronization status, log on to the managed device and view the Device Group properties screen for version 11.x-11.2.0 or the Overview screen for version 11.2.1 and later.
ID 416432 This version of Enterprise Manager cannot discover or refresh managed devices running BIG-IP version 11.3.0 and later. To work around this issue and manage devices running version 11.3.0 and later, upgrade to Enterprise Manager version 3.0 or later.

Contacting F5 Networks

Phone: (206) 272-6888
Fax: (206) 272-6802
Web: http://support.f5.com
Email: support@f5.com

For additional information, please visit http://www.f5.com.

Additional resources

You can find additional support resources and technical documentation through a variety of sources.

F5 Networks Technical Support

Free self-service tools give you 24x7 access to a wealth of knowledge and technical support. Whether it is providing quick answers to questions, training your staff, or handling entire implementations from design to deployment, F5 services teams are ready to ensure that you get the most from your F5 technology.

AskF5

AskF5 is your storehouse for thousands of solutions to help you manage your F5 products more effectively. Whether you want to search the knowledge base periodically to research a solution, or you need the most recent news about your F5 products, AskF5 is your source.

F5 DevCentral

The F5 DevCentral community helps you get more from F5 products and technologies. You can connect with user groups, learn about the latest F5 tools, and discuss F5 products and technology.

AskF5 TechNews

Weekly HTML TechNews
The weekly TechNews HTML email includes timely information about known issues, product releases, hotfix releases, updated and new solutions, and new feature notices. To subscribe, click TechNews Subscription, fill out the required fields, and click the Subscribe button. You will receive a confirmation. Unsubscribe at any time by clicking the Unsubscribe link at the bottom of the TechNews email.
Periodic plain text TechNews
F5 Networks sends a timely TechNews email any time a product or hotfix is released. (This information is always included in the next weekly HTML TechNews email). To subscribe, send a blank email to technews-subscribe@lists.f5.com from the email address you would like to subscribe with. Unsubscribe by sending a blank email to technews-unsubscribe@lists.f5.com.

Legal notices

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)