Updated Date: 06/28/2007
In addition to these release notes, the following user documentation is availablefor this release.
You can find the user guides and the solutions database on the AskF5 TechnicalSupport web site, http://tech.f5.com.
The supported browsers for the Enterprise Manager web interface are:
The 1.4 release applies only to the supported platforms listed below;each one provides all minimum system requirements. This release supports thefollowingplatforms:
If you are using a new Enterprise Manager system, the current softwareis loaded and configured. See Setting up a new system toget started using Enterprise Manager. If you are upgrading an existingEnterprise Manager system, see Upgrading an existingsystem for instructions on how to download and install Enterprise Managerversion 1.4.
The Enterprise Manager version 1.4 was shipped to you installed on theEnterprise Manager 500 or Enterprise Manager 3000 platform. You only needto set up the system in your network, license the system, and connect itto one or more devices that you want to manage.
The Enterprise Manager Quick Start Instructions, which isincluded with the hardware platform, provides basic instructions for aquick set up and initial configuration of the Enterprise Manager system.
For a more detailed explanation of networking options and setup instructions,see chapter 2, Installation and Setup, and chapter 3, Licensingand Configuring the System in the Enterprise Manager AdministratorGuide available at http://tech.f5.com.
Important: After you complete the licensing process,you must reboot the Enterprise Manager system in order for the user interfaceto function properly.
If you have an existing Enterprise Manager system, you can use the F5Electronic Software Distribution site to download a new software image.Then, you can use the Enterprise Manager software upgrade wizard to upgradeyour Enterprise Manager system. You can upgrade any previous version ofEnterprise Manager to version 1.4.
To download the software upgrade, you must create an account at http://downloads.f5.com.This site uses an F5 single sign-on account for technical support and downloads.After you create an account, you can log on and download the EnterpriseManager 1.4 software.
For further instructions on using the Software Upgrade wizard, seethe Managing Software Images chapter in the Enterprise ManagerAdministrator Guide available at http://tech.f5.com.
This release includes the following new features and fixes.
Device license renewalUsing Enterprise Manager, you can now renew device licenses for any devicein the network.
Device configuration templates
With the version 1.4 release, you can use configuration templates to extendyour control over managing device configurations with changesets. When youuse a template,you can set variables to create model device configurations while maintainingthe ability to substitute information unique to each device in the network.
You can now create staged changesets, which is a device configuration changethat is ready to be deployed. With staged changesets and user roles,you can create device configuration management work flows that matchyour enterprise.
Additional configuration viewing options
Enterprise Manager now features a configuration browser with which youcan view specific elements of any managed device's configuration. Additionally,you can use the configuration difference feature to compare differencesbetween two device configurations.
Enhanced user roles
We expanded the range of user roles to work with additional features, includingthe new staged changeset and templates features. This provides enhancedcontrol of user accounts on the Enterprise Manager system.
Audit logs are turned off by default (CR67610)
Previously, Enterprise Manager audit logs were disabled by default. Audit logsare now enabled by default.
Rebooting a device displays Pending in the Task List (CR68689)
If you use Enterprise Manager to reboot a device, the Device Reboot taskappears in the Task List. However, previously, in the Task List, the state ofthetaskwas Pending,even while the reboot is proceeding normally. Now, the Task List accurately displaysthe status of a device reboot.
Confirmation dialog box for rotating archive tasks corrected (CR68690)
If you attempt to remove a device group from a rotating archiveschedule, a dialog box appears to confirm the action. Previously, insteadof referring to the devicegroup, this dialog box referred to a device. The dialog box now correctlyrefers to a device group.
Confirmation dialog box for deleting a hotfix corrected (CR68704)
If you attempt to remove a hotfix image from the hotfix repository,a dialog box appears to confirm the action. Previously, instead of referringto the hotfix, thisdialog box referred to a generic image. The dialog box now correctlyrefers to the hotfix.
In Enterprise Manager 3000 system power supply failure, softwarenow indicates which power supply failed (CR69241)
The Enterprise Manager 3000 platform features redundant power supplies. If onepower supply fails, an audible alarm sounds. If you run the system_check -d or bpplatform command from the command line, the failed power supply is now correctlyidentified. Alternately, to determine which power supply has failed, lookatthe power supply LED indicator on the rear of the Enterprise Manager device.If the green LED on a power supply is lit, this indicates that the power supplyis working properly.
After upgrading device, device does not recognize Enterprise Manager (CR71800)
Previously, if you upgraded a managed device with Enterprise Manager, the newlyupgraded system did not allow connections from Enterprise Manager. In thisscenario, Enterprise Manager logged a Read Access Denied error for the manageddevice. We made changes to the iControl communications between EnterpriseManager and managed devices to correct this issue.
Uninstall packages conflict with hotfixes imported to thehotfix repository (CR71962)
Previously, if you imported certain hotfixes for BIG-IP 9.1.2, these hotfixesmaynot appear in the hotfix list. This occurred because you can import uninstall-hotfixpackagestothe hotfixrepository in Enterprise Manager, which could corrupt the hotfix list. When you imported an uninstall package for a hotfix, it replaced the original hotfixinthe list.This was only an issue for five hotfixes for BIG-IP 9.1.2. These hotfixes areno longer affected.
Upgrade status inaccurate when Enterprise Manager not connected directlyto a managed device (CR72473)
Previously, when you discovered and managed a device throughaNATorvirtual server instead of directly through the device's management interface,this affected the status report of an upgrade task for the device. Now, youcan discover and manage a device through a NAT and receive timely status reportsfor the device.
Newly created users not copied in Copy User Access configuration task (CR72503)
Previously, if you created a new user on a managed device, then immediately attemptedto copy that user and access settings to another device using the Copy UserAccessConfiguration task, the new user was not copied to the target device.
GnuPG affected by local vulnerabilities (CR72713,CR76325)
We included a new GnuPG package in Enterprise Manager 1.4 to fix the local vulnerabilitiesdescribed in CVE-2006-6169 and CVE-2007-1263.
Guest users can access configurationarchives (CR72729)
Users with the Guest role, which is the most-restricted user role on EnterpriseManager, can no longer access UCS archives stored on Enterprise Manager.
Duplicate objects appear in configuration viewer and configuration wizards (CR73090,CR77272)
Previously, when you used the Filter box to filter a list on the ConfigurationViewer screen, duplicate entries of the search occasionally appeared in the list.This also occurred on the class or object selection screens in the Changesetor Template wizards.
BIND remote vulnerability fixed (CR73531)
We included a new BIND package in version 1.4beta to fix the Denial of Servicevulnerability described in CVE-2007-0493 and CVE-2007-0494.
Copy User Access wizard now copies Shell access (CR73871)
Previously, when you used the Copy User Access wizard to replicate user accountpermissions from a remotely-authenticated Enterprise Manager system to a BIG-IPsystem,the user access settings for shell access were not copied correctly. The shellaccess settings are now copied correctly through the Copy User Access wizard.
clock skew now appears on General properties screen (CR74074)
On the device general properties screen you can now view the system clock difference between Enterprise Manager and a managed device if you view the Advanced view.
Translated address for a compact flash device as management interface (CR74120)
Previously, when the Enterprise Manager detected a compact flash-only devicemanagement address that appeared to not be the management interface, youcould not initiate software upgrades through Enterprise Manager, even ifthe interface was the correct management interface. This could occur whenyou were using NAT. On the device general properties screen, in the Advancedview, you can specify thatthemanagementaddress is translated to the management port for compact flash devices. Thisensures that you can perform software upgrades on these devices.
Discovery process with remote authenticated users (CR74432,CR74434)
We fixed an issue where a remote external RADIUS-authenticateduser initiated a discovery task for the same Enterprise Manager system, theuserreceivedaCommunicationsFailed message, and could not perform a self-discover task.
System now locks itself during software upgrade (CR74498)
Previously, when you started a software upgrade on the same Enterprise Managersystem, the system did not lock itself to prevent configuration changes duringthe software installation. Now, when you perform a self-upgrade task, EnterpriseManager prevents other tasks from running while the upgrade task runs.
SSL key and certificate name substitution with changesets (CR75132)
We corrected an issue that prevented you from changing the names of an SSLkey and certificate when creating a changeset.
Syntax errors in system script (CR75225)
Previously, in the em-tweak-syslog script, two syntax errors resultedin system errors when adding alerts to, or deleting alerts from the EnterpriseManagersystem. We corrected the syntax errors in the system script.
System no longer resets mount count for compact flash devices (CR75235)
Previously, when you started an upgrade task on a compact flash-only device,Enterprise Manager attempted to perform a disk mount related task becausethe compact flash device reported unexpected information about the mountedsystem drive. This prevented Enterprise Manager from upgrading a compactflash-only device.
SSL keys no longer stored when SSL key storage is disabled (CR75544)
We corrected an issue where SSL keys continued to appear in the DeviceConfiguration Browser even if you disabled the system from storing SSL keyinformation.
MySQL server no longer listens on port 3306 (CR75629)
Although MySQL does not allow remote connections through port 3306, it was listening on the port. We closed this port to everything but local connections.
Upgrade process and advanced disk integrity checks for latest manageddevices (CR76000)
Newer versions of BIG-IP software (9.3.x and 9.4.x) include enhanced disk integrityreporting features. When you configure a software or hotfix upgrade for thesetypes of devices in Enterprise Manager, the system now uses the enhanced integritychecks to determine whether an upgrade will succeed on the hard drives on thetarget devices.
Upgrade process improved to handle low disk space scenarios (CR76460, CR76461)
Previously, if you attempted to run an upgrade task on a managed device withlow disk space, the Enterprise Manager system did not properly warn of diskspace issues, and could report that the upgrade image was corrupt. EnterpriseManager now checks for available disk space on target devices when you configurean upgrade task. If a target device does not have adequate disk space todownload and install the upgrade, Enterprise Manager now warns of this conditionso that you can resolve the issue on the target device before you start anupgrade task. Additionally, if Enterprise Manager determines that an upgradeimage is corrupt, it attempts to download the image again so that the upgradeprocess can complete successfully.
Verifying and deploying changesets error details appear correctly (CR76977)
We corrected an issue where the Enterprise Manager system only displayedan error when you verified a changeset, but then not when you deployed achangeset. Instead, the system simply logged the deploy error. Now, whenthe system encounters a changeset deploy error, it displays detailed errorinformationin the task details.
Back button in Changeset wizard now functions properly (CR77253)
Previously, when you were using the Changeset wizard and you clicked the Back buttonnear the bottom of the screen, it did not always open the previous screen.We corrected this issue so that when you click the Back button on aChangeset wizard screen, it opens the previous screen.
Advanced Operator role copied to unsupported device receives No Access role (CR77654)
If you use the Copy User Access Configuration wizard to copy from a device that supports the Advanced Operator role to a device that does not support this role, users with that role on the source device receive the No Access role on the target device. In this case, you must assign new user roles to Advanced Operators if you copy those users to other devices that do not support that role.
Device refresh task properly restricted in task list (CR78012)
Previously, when you refreshed a device, a Device Refresh task appeared inthe task list, but the check box for the task was available, suggesting thatyou could remove the task from the list while it was running. We correctedthe issue so that the check box is unavailable in this scenario.
System service errors no longer stall tasks (CR78455, CR78468)
Previously, when the emfiled or emdeviced service was shutdownby another process, this could result in certain tasks failing to respond.In particular,if the emfiled serviceshut down during a reboot task, or emdeviced service shut down during a refreshtask, these tasks remained in the tasklist and locked the devices from further Enterprise Management tasks.
Audit log now only tracks user-initiated activities (CR78881)
Previously, the Enterprise Manager audit log tracked certain activities thatwere initiated by the system, including regularly scheduled device informationrefreshes. Because this could create a very large audit file, we restrictedauditing of system activities to only include user-initiated refresh actions.
Externally authenticated users no longer allowed in Change User Password task (CR79029)
Enterprise Manager cannot change a user password for an externally authenticateduser account. Previously, you could select these userswhen you configureda Change User Password task.
Time zone log entries may be inaccurate (CR77183)
We fixed an issue that could occur with any time zone affected by daylightsaving time during the extended daylight saving time enacted by the UnitedStatesin theEnergyPolicy Act of 2005. Previously, when you created a configuration template,the system created an entry in the audit log. However, the time zone abbreviationmay havebeen incorrect.For example, for Pacific Daylight Time, the entry may read PST whichactually represents Pacific Standard Time.
Staged changesets cannot deploy to version 9.3.0 system (CR79061)
We fixed an issue that occurred when you created a staged changeset and attemptedto deploy it to a BIG-IP 9.3.0 system. Previously, the deployed data may nothave appeared on thetargetsystemif thechangesetwas configured incorrectly. This occurred even if you verified and receivedconfirmationof a successful verification. You can now deploy staged changesets to a version9.3.0 system if you verify the changeset successfully.
Terminated task displays incorrect status (CR79133)
Previously, if you stopped a running task, the task continued to display an InProgress status. The status now indicates that the task has stopped.
Memory usage error not logged in alerts history (CR79154)
Now, when you configure an alert instance to warn for memory usage, the systemproperly triggers an alert and properly logs the alert in the alerthistory list.
Vague status message in task list after creating a template (CR79164)
Previously, when you created a template, an EM Maintenance task appearedin the task list. Usually, this indicates a quick system-initiated task.This occurred becausecertain tasks were not correctly mapped to tasklist status messages. Now, more helpful status messages appear in the task listwhen you start a task.
Operator users can view unpublished templates (CR79226)
We corrected an issue where certain non-Administrator users could use unpublishedconfiguration templates when creating a staged changeset.
Template text incorrect when using template as source for a new changeset (CR79401)
Previously , when you created a new changeset using a template as the sourcefor the changeset, the template text that appeared could have been incorrect.This only occurred when you had more than one template defined and when youselected templates other than the first one in the list on thesource screen. Although the text appeared incorrect, the system used thecorrecttemplate and the variable information that you specified on the screen. Thetemplate text now appears correctly.
ZebOS configuration file included in the default file comparison list (CR79403)
The file /config/ZebOS.conf is now one of the default files tocompare on the Task Options screen. When you perform an archive comparison,thesystem compares configuration files in this list.
Vixie-cron local vulnerabilities fixed (CR79973)
We included a new Vixie Cron package in version 1.4 to fix the localvulnerability described in CVE-2007-1856.
locked devices no longer generate unhelpful error messages (CR81068)
Previously when you attempted to view a screen for a managed device that waslocked by an Enterprise Manager process, the screen did not appear, but theerror message did not indicate why the screen was locked. Now, when you encountera lockedscreen,amessage informs you why the screen is locked.
[ Top ]
The current release includes the fixes and enhancements that were distributedin prior releases, as listed below. (Prior releases are listedwith the most recent first.)
The 1.2.2 release included the following fixes and enhancements.
Setting the Alert History default record display to over 500 records maycause errors (CR53731)
Non-descriptive error message appears when an unauthorized user attempts an upgrade (CR64224, CR69820)
If you log on to Enterprise Manager as a user who does not have administrator rights on a particular managed device, and then attempt to upgrade that device's software, you receive an error message. Previously, the message did not explain that the error resulted from the user having insufficient rights to upgrade the managed device. The new error message is more descriptive and provides steps to take to avoid this error.
External user authentication requires additional steps during configuration (CR67846)
Previously, if you used RADIUS authentication for external users, you needed to perform additional steps to correctly specify a user's roles. You can now use RADIUS authentication with Enterprise Manager without needing to perform additional steps.
Removing device groups from rotating archive schedule not permitted from the Devices: Archives screen (CR68691, CR69811)
On the Devices: Archives screen, the Rotating Archive Schedule table lists the rotating archives that are directly assigned to this device, and the rotating archives that are assigned to the device through a device group. Using the Select boxes, you can remove the current device from a rotating archive schedule. Previously you could not remove a device group from the rotating archive by checking a Select box. We corrected this issue so that you can delete a configuration archive associated with a device group from the Devices: Archives screen.
Change User Password feature does not support mixed case user names (CR68749, CR69824)
You can use the Change User Password feature to change a user's password on multiple managed devices. Previously, if the user name featured mixed case (UserName) instead of a single case (username), the Change User Password task for that user failed. We corrected this issue so that you can use user names with mixed case.
Errors in scheduled and custom configuration archives when upgrading Enterprise Manager (CR69409, CR69546)
We fixed issues related to custom configuration archives and upgrading Enterprise Manager. Previously, when you upgraded Enterprise Manager from version 1.0 to version 1.2, configuration archive schedules that you previously configured quit working upon upgrade. Additionally, if you configured any custom configuration archive schedules on a version 1.0 system, you could not successfully copy the UCS file to the upgraded version 1.2 system. These errors occurred because we enhanced the management options for configuration archive schedules in Enterprise Manager 1.2.
Command line upgrade of Enterprise Manager causes errors (CR69416, CR70671)
The new release fixes an issue where the upgraded version 1.2.x system could not use the UCS file from the version 1.0 system. This error caused the upgrade to fail. With version 1.2.1, you can upgrade Enterprise Manager through the command line without encountering UCS errors.
Open SSL vulnerable to a forged RSA signature (CR69465, CR69825, CR70155)
We included a new OpenSSL package in version 1.2.1 to fix the forged RSA signature vulnerability described in CVE-2006-4339.
Enterprise Manager upgrade retains pending status when other upgrade tasks exist (CR69534)
Previously, if you used Enterprise Manager to perform a self-upgrade from version 1.0 to version 1.2, the task would not start if other upgrade tasks existed, even if the tasks were marked complete. By design, Enterprise Manager cannot start a self-upgrade process if other upgrades are running. In certain cases, some tasks were marked complete on the task list when they were not actually complete.
Local user accounts not transferred correctly after upgrading to version 1.2 (CR69637)
We corrected an issue where local Enterprise Manager user accounts were not properly carried over to the new system after upgrading Enterprise Manager from 1.0 to 1.2. When you upgrade Enterprise Manager, you no longer need to redefine local user accounts.
Enterprise Manager Administrator Guide incorrectly states managed device compatibility (CR69842)
Previously, in chapter 1 of the Enterprise Manager Administrator Guide, we incorrectly indicated that Enterprise Manager can manage BIG-IP version 9.1.2 and later. In fact, Enterprise Manager can manage BIG-IP version 9.1.1 and later. We updated the Administrator Guide to correctly indicate managed device support.
Cannot upgrade compact flash-only devices managed through self IP address (CR69845)
If you use Enterprise Manager to manage any compact flash-only devices (1000, 2400, and 5100 platforms), and you manage these devices through a self IP address configured on a TMM switch interface instead of through the management interface, you cannot upgrade these managed devices. This occurs because the managed devices do not recognize self IP addresses during the upgrade process, and therefore cannot connect to Enterprise Manager to complete the upgrade. To use Enterprise Manager to upgrade compact flash-only devices, you must manage the devices through the management interface on each managed device. Previously, Enterprise Manager indicated that you could upgrade these devices, even through a TMM switch interface. Now, Enterprise Manager does not include these devices in the list of devices compatible with an upgrade.
Enterprise Manager does not support certificate names that differ in case only (CR69945)
Previously, Enterprise Manager did not differentiate between certificate names that differed only in case. Enterprise Manager now supports certificate names that differ in case only. For example, you can now use both DEFAULT.crt and default.crt. as unique certificate names.
Communication failed error message does not indicate clock skew problem (CR69984, CR70647)
Previously, if there was a difference in system clocks between Enterprise Manager and a managed device, you could receive an error indicating communication failed during tasks such as device discovery. This error did not adequately indicate the nature of the communication problems between the devices. Now, if there is clock skew between Enterprise Manager and a managed device, the error indicates this problem so that you can take steps to synchronize system clocks.
SNMP agent does not support multiple sources per community (CR71411, CR71412, CR71413)
We updated the Enterprise Manager MIB to address SNMP issues. Enterprise Manager now supports sending multiple SNMP traps for the same community string. Additionally, we updated support for alerts specific to the Enterprise Manager 3000 platform.
System services continually restart on an unlicensed partition (CR71799)
Previously, if you installed a version of Enterprise Manager onto an unlicensed boot location, the system services such as emdeviced, swimd, emfiled, discoveryd, emreportd, and emalertd would continually restart, and affect the performance of the system on a licensed partition. This no longer occurs if you install to an unlicensed boot location.
iControl communication issues may affect licensing (CR71959, CR73156)
Previously, errors could occur within iControl that could cause license dossieror other errors on the Enterprise Manager system. The iControl licensingcommunications now work without errors.
Remote user automatically created during upgrade task (CR72810)
Previously, if you performed a self-upgrade of an Enterprise Manager system while using remote authentication, the process could create a new user on the Enterprise Manager device. This new user was a temporary user employed by the system during an authentication task to guard against losing communication with managed devices if an error occurred during the upgrade. Now, the system ensures that any temporary users created are deleted once the upgrade process completes.
Re-licensing Enterprise Manager may be required for successful upgrade (CR72922)
We corrected an issue with the license check date that could cause a range of errors during upgrade. Previously, if you originally generated an Enterprise Manager product license on a date prior to October 2, 2006, then upgraded to version 1.2.1 or later, the Web interface indicated that you must activate the license. Also, the console also indicated that the current license was invalid, and displayed status messages indicating that system services were restarting. Additionally, if you attempted to upgrade to version 1.2.1 or later from the command line, the installer displayed a licensing error and stopped.
Determining disk space availability for upgrades if managed device does not support iControl call (CR72959, CR73275)
Previously, if a managed device did not support direct communication to test for available disk space to install a software or hotfix upgrade, Enterprise Manager started the upgrade anyway. Now, Enterprise Manager tests for available disk space for all managed devices prior to starting a software or hotfix upgrade task, and warns if there is not enough disk space to perform an upgrade.
Non-SCCP devices hang after hotfix install (CR73104)
Previously, if you used Enterprise Manager to install a hotfix on a system without a Switch Card Control Processor (SCCP), the hotfix process caused the non-SCCP device (such as systems that contain Compact Flash cards) to hang after installation. This problem resulted when Enterprise Manager created the /.sccp_hard_reboot file on the managed device. Now, Enterprise Manager correctly identifies SCCP and non-SCCP devices during the hotfix install task.
Changeset wizard does not immediately indicate when all objects of a class are deleted (CR73129)
Previously, if you deleted all the objects of a certain class (for example, pools) on a managed device, this information was not immediately visible in the Enterprise Manager Changeset wizard. Now, when you delete all objects of a certain class, the class name is removed from the Changeset wizard after a device refresh, ensuring that you do not add an empty class definition to a changeset.
Devices that cannot communicate back to Enterprise Manager flagged (CR73257)
Enterprise Manager can discover devices in the network that do not have a direct connection back to Enterprise Manager. This situation can occur through the use of NATs or because of configurations that send communications from a managed device to Enterprise Manager through a route other than the default management route. Now, during the discovery process, Enterprise Manager tests for a direct route from a BIG-IP version 9.4 or later managed device to Enterprise Manager, and warns if the configuration does not provide a direct connection to the Enterprise Manager system. The device list now notes which devices do not have a direct connection back to Enterprise Manager. These flagged devices are not compatible with upgrade tasks that you can configure in Enterprise Manager. To use Enterprise Manager to upgrade these devices, you must ensure that there is a direct route between a managed device and Enterprise Manager.
Compact flash-only devices not managed through the management interface flagged (CR73259)
Enterprise Manager can discover compact-flash only devices managed through TMM switch interfaces. Because these interfaces cannot function during an Enterprise Manager-initiated upgrade task, Enterprise Manager now flags these compact-flash only devices in the device list and on the device properties screen. These flagged devices are not compatible with upgrade tasks that you can configure in Enterprise Manager. To use Enterprise Manager to upgrade these devices, you must manage the devices through each device's management interface.
Time zone may be inaccurate after managed device upgrade (CR73272)
Previously, if you upgraded a managed device from BIG-IP version 9.1.1 to 9.1.2, or from BIG-IP version 9.1.1 to 9.2.4, and the device had a time zone setting other than Pacific Standard Time (PST), the time zone setting reverted to PST upon upgrade. Now, when you use Enterprise Manager to upgrade managed devices, Enterprise Manager maintains the correct time zone settings on managed devices.
Users can change Enterprise Manager address to an invalid address on device property screen (CR73601)
In previous version, users could arbitrarily change the address that a manageddevice used to communicate with Enterprise Manager (from the device's generalproperties screen). Users can still make changes to the address, but EnterpriseManager now checks to confirm that any changes to the Enterprise Manageraddress are valid.
Unnecessary partition information added to Enterprise Manager database (CR73702)
Previously, Enterprise Manager version 1.2.0 created an entry in its database for an additional Common administrative partition each time it refreshed certain managed devices running BIG-IP software earlier than version 9.4. Although Enterprise Manager did not actually create new partitions on these managed devices, the additional entries in the database would cause Enterprise Manager to take too long to refresh the device information, and could result in an automatic reboot of the managed device. This was an issue only on BIG-IP systems that did not support administrative partitions. BIG-IP version 9.4.0 is the earliest version that supports administrative partitions. This version of Enterprise Manager fixes this issue and removes any extraneous partition information from the Enterprise Manager database to alleviate the symptoms caused by this issue.
The 1.2 release included the following fixes.
EM Maintenance Task message in the task list when a managed device reboots (CR55042)
When a software upgrade task completes, a managed device reboots. On the taskdetails screen for the upgrade task, Enterprise Manager correctly indicatesthata device is rebooting. Previously,adevicerebootresultedin an EM Maintenance Task message appearing in the task list. This messageno longer appears in the task list when a device reboots.
Certificate expiration dates affected by time zone discrepancies (CR55157)
Previously, the certificate expiration dates reported on certificate list screensmight have been inaccurate, due to complexities in time related calculationsinvolving daylight saving time. Daylight saving time no longer affects timezone calculations when checking certificate expiration dates.
BIOS warning message no longer appears during startup (CR57741)
Previously, a benign BIOS warning message Award Preboot Agent InstallationFailed appeared when you initially powered up the system. We correctedthe BIOS so that this message no longer appears.
Progress indicator for software image imports may be inaccurate (CR59085)
Previously, when the system imported a software image, the progress baroccasionally continued to indicate 0% progress. When this occurred, you neededto cancel the process and re-importthe software image.
Downgrading managed device may prevent browser accessto the device through Enterprise Manager (CR60512)
Previously, if you used Enterprise Manager to install an earlier software versionon a managed device, and then attempted to open that device's Configurationutility using the Launch linkon the device properties screen, the web browser could not connectto the device. The Launch link now works with devices on which you installedan earlier software version.
Internet Explorer Security window bypassed when downloading device exportdata (CR64842)
We corrected an issue where if you attempted to download device export data inCSVformat,youmust manually permit the browser to download the CSV file to your local system.WhenusingInternet Explorer version 6.x, if you opt not to download the file when you receivethe Security Alert window, the Enterprise Manager system sent the file to yourlocal system anyway. The system now adheres to browser security warnings.
System can exceed the maximum pinned archives setting in a deploy changesettask (CR65109)
When you deploy a changeset, you can choose to create a rollback UCS archivefor target systems. Previously, Enterprise Manager saved UCS archives createdduring a changeset deploy task as pinned archives, which previously could exceedthelimitsyousetonpinnedarchives on the Rotating Archives Options screen. The system now saves UCS archivesas rotating archives during a deploy task.
Enterprise Manager 3000 system rebuilds the RAID configuration after anunclean shutdown (CR65451)
Previously, if an Enterprise Manager 3000 system completely lost power or wasotherwiseabruptlyrestarted (as opposed to a normal, clean system restart), the RAID controllerrebuilt the RAID array when the system is booted up next. An abrupt shutdownno longer starts the RAID rebuild process.
Back button quits working after UCS restore (CR65464)
Previously, if you used Enterprise Manager to restore a UCS archive to a singledevice, the Back buttonon the device properties screen no longer opened the device list screen. TheBack button now functions properly after a UCS archive restore.
Two or more unique sets of managed device pairs cannot share the same IPaddress (CR67607)
Although Enterprise Manager can manage redundant systems, it previously couldnot properly manage two unique redundant systems if these pairs use the sameIPaddressforpeer communication. To manage redundant systems with Enterprise Manager version1.2,you must ensure that each redundant system uses a unique IP address for peercommunication. The version 1.2.1 upgrade fixes this issue.
Command line upgrade of Enterprise Manager causes errors (CR69416)
We updated the Enterprise Manager version 1.2 release image to EM-188.8.131.52.3.iso.The new release fixes an issue where the upgraded version 1.2 system couldnot use the UCS file from the version 1.0 system. This error caused the upgradeto fail. If you want to upgrade an Enterprise Manager system to version 1.2,ensure that you download the latest version from http://downloads.f5.com.Enterprise Manager 1.2.1 also fixes this issue.
The following items are known issues in the current release. Known issuesare cumulative, and include all known issues for a release.
Change user password on managed device using remote authentication (CR71757)
When you configure a managed device with local authentication, then switch itto remote authentication, Enterprise Manager can no longer successfully changeuser passwords through the Change User Password wizard for this device.
uninstall hotfix packages not supported (CR71948)
For certain hotfixes, you be able to import uninstall hotfix images.Normally, you can use uninstall images to uninstall a hotfix that you recentlyinstalledon a managed device. However, if you import and attempt to install an uninstallhotfix image, the process will fail.
DNS resolution issues on managed device affects management communication (CR74910)
If the DNS settings on a managed device are configured to access an unavailableDNS server, this adversely affects communication between Enterprise Managerand a managed device due to DNS lookup timeouts on the managed device. Simplecommunication commands may time out and cause tasks such as device discoveryor a device refresh to fail in Enterprise Manager. If you encounter unexpectedtime out warnings when performing management tasks, ensure that the DNS serverspecified in the managed device's DNS settings is accessible and functioningproperly. When this scenario occurs, affected managed device status icons onEnterprise Manager change to Impaired.
Lastlog command not supported (CR75156)
If you use the lastlog command from the command line, the processfails because it is not supported on the Enterprise Manager system.From thecommand line, you can use the last command for similar functionality.
User role permissions limited (CR75431)
Enterprise Manager provides a limited set of permissions that you can grantnon-Administrator users. Currently, you cannot assign software managementtasks to restricted user roles such as Advanced Operator orOperator. Only Administrators can perform these tasks.
Redundant system configuration may cause problems with upgrading manageddevices (CR75563)
When you configure Enterprise Manager to run as a High Availability pair, youmay encounter issues upgrading managed devices after you run a ConfigSync process.This occurs because the system does not correctly update the database whenyou synchronize the configurations. As a result, you may notice incorrectlyreportedconnectivityissues between the peers and their managed devices.
Verify staged changeset status screen continues refreshing after verification (CR79272)
If you start a Verify Staged Changeset task to verify a staged changeset, thenimmediately deploy the staged changeset after the verification completes, thedeploy status may be Pending. This happens because the device refreshes itsinformation with Enterprise Manager after it reports verification status. Afterthe refresh process stops, the deploy task starts normally.
Filtering on Staged Changeset list screen is case-sensitive (CR79440)
The Filter box above the list on the Staged Changeset screen is case-sensitive.If you type a value and received unexpected results, check the case of thevalues you entered.
Extraneous user roles on system (CR81034)
In Enterprise Manager, when you create user accounts, you can set user roles.Because you can only grant a set of permissions for Advanced Operator and Operatorroles, the Application Editor and Manager roles are unneeded. Assigning usersto these roles grants them only Guest accessto the system.
Deploying changeset to change time zone (CR81091)
If you create a staged changeset to change the timezone setting on adevice, then deploy it to the device, the process completes successfully, butthe systemserviceson the managed device do not restart. To avoid this issue, you can change thetime zoneon the managed device on the device itself, or you can log on to the manageddevice to restart the system services.
Device Group user list filter doesnot show Advanced Operator (CR81798)
An Advanced Operator user may not appear properly in the Device Groups: Userslist for the All Devices group. The list displays all users on the currentdevice group, including their Group Web Role. For Group Web Role, the AdvancedOperatorrole may be inaccurate.
Archive encryption pass phrase not supported by rotating archives (CR81834)
On a managed device, if you enable archive encryption, and the device is partof a scheduled rotating archive task, Enterprise Manager cannot create anarchive of the system. In this scenario, Enterprise Manager logs a messagein /var/log/em indicating that a pass phrase is required. To avoid this error,exclude devices that have archive encryption enabled from a rotating archiveschedule.
Hotfix wizard shows unreachable devices (CR81843)
In the Hotfix Installation wizard, on the target device selection screen, theavailable devices list shows unreachable devices. Because Enterprise Managercannot communicate with these devices, targeting a hotfix installation toan unreachable device will fail. By contrast, the Software Upgrade wizarddoes not display unreachable devices on the target device selection screen.
Install button available on hotfix details screen during installation (CR81926)
When the system is installing a hotfix, the hotfix installation status screenopens. From this screen, you can view the details of any hotfix in the task.However, when you view a hotfix while the installation task is running, theInstall button is available on the details screen. If you click theInstall button while a task is running, a page error occurs.
Online help for License Renewal wizard contains inaccurate step numbers (CR82072)
In the License Renewal wizard, several screens assist you in renewing manageddevice licenses. Although these screens appear as steps in a wizard, the numberof steps varies depending on the number and type of devices you select for licenserenewal. The online help inaccurately names certain screens with a non-dynamicstep number.
Online help screen missing for staged changeset list (CR82145)
The online help for the staged changeset list is missing. The staged changeset list screen appears when you start a Deploy Staged Changeset task from the New Task screen, or when you choose to save a staged changeset from the New Staged Changeset wizard. The missing online help is identical to the online help for the Staged Changeset list screen; to view this screen, on the main navigation pane, click Staged Changesets.
Mixing configuration versions may cause errors (CR82255)
When you create device changesets, or templates for one version ofa managed device, ensure that when you deploy a staged changeset, that thetarget device is the same version as the source for the changesets or templates.In many cases, the configuration data may copy to the target without errors,but it is possible that the configuration data from one managed device versionto the next could cause unexpected behavior, or cause the target device toencounter errors.
Manual refresh may be required for upgrade (CR82257)
When you upgrade Enterprise Manager to version 1.4 using the Software Upgradewizard, the device details for the target device may report Awaiting DeviceRefresh continually. To clear this message, perform a manual refresh forthe device.
The following items are known issues in version 1.2.x releases, and they still apply to the current release.
Hourglass cursor does not always appear when system is busy (CR55043,CR64461)
Usually, the cursor on the web interface changes to an hourglass to indicatethat the system is busy. This may not always occur on certain screens. Seethe status banner at the top of the screen to determine the state of systemactivity.
Managing externally authenticated devices requires additional steps (CR62513)
If managed devices in your network use an external authentication protocol (RADIUS,LDAP, or Active Directory), you must follow certain rules when discoveringand managing these devices. If you use an external user name for device discovery,this user must exist on the managed device. Once you discover this device,you can manage this device by logging on as admin to Enterprise Manager.If you log on to Enterprise Manager with any other user name, you must ensurethat this user name exists on the managed device (in the external authenticationuser list) in order to avoid authentication errors. This is currently an issueonly with BIG-IP versions 9.1.1, 9.2.0, 9.2.2, 9.2.3. To fix the issue, youcan apply hotfix HF68471 to version 9.2.3 managed devices, or upgrade manageddevices to version 9.2.4.
Changeset modification options are limited (CR66262)
If you open the changeset properties screen, and then make changes to the changeset,you must save the changeset before verifying your changes. If the verificationsubsequently fails, you cannot revert to the previously valid changeset.Because of this limitation, we recommend that you create a duplicate of avalid changesetbefore you modify it. Additionally, because no Cancel button existson the changeset properties screen, if you want to cancel changesfrom the changeset properties screen, youmust openthe changeset list by clicking Changesets in the navigation pane.
Communications interval with managed devices changedafterupgrade (CR67510)
When you upgrade Enterprise Manager from version 1.0 to 1.2, the default refreshinterval that controls how often Enterprise Manager communicates with each manageddevice resets to the 60 minute default. After you upgrade, you may want to checkor change the default refresh interval on the Device Options screen.
Upgrading Enterprise Manager resets remote authentication settings (CR67521)
If you upgrade Enterprise Manager from version 1.0 to version 1.2, the userauthentication settings are reset. If you upgrade Enterprise Manager, ensurethat you re-configure user authentication settings.
Single sign-on for Launch Pad feature is only compatible with BIG-IP9.4 or later or Enterprise Manager 1.2 or later (CR67769)
If you use the Launch link on the Launch Pad screen to open a manageddevice's Configuration utility, Enterprise Manager can use a single sign-on toautomaticallyauthenticate your user ID to managed devices running BIG-IP version 9.4 or later,or Enterprise Manager version 1.2. or later. If you use the Launch linkto open managed devices running earlier software versions, you must re-enteryour username and password to open a managed device's Configuration utility.
Changeset with network route requires self IP addresses on targetdevices (CR67773)
Using the changeset feature, you can deploy device configuration data fromone managed device to another. Although this configuration data can includenetwork routing information, routes typically require that you configure selfIP address in order to work properly. Enterprise Manager can successfullydeploy achangeset with network routes to a target device only if the self IP addressesrequired by the network route already exist on the target device. Because selfIP addressesare uniqueto each device, they are not usually deployed using a changeset. If you needto deploy a changeset with network route information, we recommend that youdeploy VLANs to the target device, then manually configure the appropriateself IP addresses on the target device. Once you configure the self IP addresses,you can then deploy routes to the target device using changesets.
Reboot and Install locations can appear incorrectly on the Task Detailsscreen (CR67833)
On the Task Review screen of the Software Upgrade Wizard you can select adifferent Boot Location or Install Location for devices in the upgrade task.However,if you select a new location for either setting, then click the View linkto see the details for a device, the new settings do not appear on the TaskDetailsscreen. If you return to the Task Review screen, the settings you selectedappear correctly.
Column sorting does not work properly on boot locations screen (CR68313)
On the Devices: Boot Locations screen, a table details the software versioninstalled, the number of hotfixes installed, and the state of the boot location.However, if you click a column heading to sort the information, the systemmaynot re-sort the information.
Install Log does not appear for a self upgrade task (CR68642)
When you use Enterprise Manager to perform an upgrade on itself, the InstallLog (which normally displays entries logged on the managed device duringthe install task) appears empty on the Task Details screen for the EnterpriseManager upgrade task.
Administrative partitions not supported by Enterprise Manager system (CR69024)
With this release, Enterprise Manager introduces support of administrativepartitions. Administrative partitions are logical containers containing adefined set of BIG-IP system objects, and are used for access control purposes. This feature was introduced in BIG-IP version 9.4.0. The accesscontrol features are compatible only with BIG-IP network objectclasses,and not Enterprise Manager object classes. Although you can create an administrativepartition in Enterprise Manager, the access control properties are not availablefor Enterprise Manager object classes.
Incorrect peer IP configuration and discovery or refresh errors forredundant systems (CR75066)
When managing BIG-IP redundant systems, Enterprise Manager may not correctlydiscover or refresh a device in the redundant system if the manageddevice is incorrectly configured so that the peer IP address (primary orsecondary)is actually a self IP address. If this occurs, a DaemonException errorindicating a duplicate entry appears in the log file. If you encounterthis error or cannot discover a device (or refresh information for a device)in a redundant system, ensure that the peer IP addresses on the managed devicesare correctly configured.
The following items are known issues in the version 1.0 release, and theystill apply to the current release.
Device Address box on the Device Detail screen changes colors (CR55060)
On the Device Detail screen, the Device Address box that indicates theIP address may appear yellow or white if you view it using some Mozilla-basedbrowsers. The color of the box does not affect the functionality, nor indicateany specific state.
Modifying devices that are currently involved in a running task may causeincorrect banner displays (CR55464)
When a device is involved in a task, Enterprise Manager locks the device toprevent a user from making changes to a device while it is being updated. Ifyou attempt to make changes to this device, a status banner may appear andhide the device locked warning at the top of the screen. To restore the devicelocked warning, refresh the screen.
Back button may not work properly on the Device Boot Location screen (CR55860)
If you perform a device reboot from the Device Boot Location screen and thenencounter an error, the Back button on the screen may quit working onInternet Explorer browsers. If you encounter this error, use the navigationpane to navigate back to the Device List screen.
Deleting a large list of devices takes a long time and provides no deletionstatus (CR56478)
When you delete several devices from the device list screen, the screen doesnot immediately refresh if one or more of the devices is unreachable. The systemdoes not display any status messages while Enterprise Manager attempts to communicatewith these devices. Although the system may appear unresponsive for a long time,you can navigate to other screens to perform management tasks.
Changing an Enterprise Manager system from a redundant pair to a singledevice forces a standby state (CR56543)
If you use the System Platform screen to configure the Enterprise Manager systemas a redundant pair, then change the system back to a single device, the devicechanges to standby mode which prevents further configuration tasks. To correctthis issue, reboot the device.
ConfigSync operations fail if there is a clock skew of over 600 secondsbetween peer systems (CR56619)
If the clock skew between the peer devices in a managed device pair is greaterthan 600 seconds (10 minutes), any ConfigSync operations initiated though EnterpriseManager fail. To prevent this, ensure that the system clocks of the redundantpair arewithin 600 seconds of each other. See the workaround forinstructions on how to check the system time on managed devices.
ConfigSync indicator in the top left corner of the screen may be inaccuratefor Enterprise Manager redundant pairs (CR56666)
If you run a configuration synchronization on a pair of Enterprise Manager devicesfrom the Device Properties screen, the ConfigSync status indicated in the topleft of the screen does not update properly until you click an option on thenavigation pane.
Task List screen may feature incorrect status reports for tasks runningduring an Enterprise Manager system reboot (CR56814)
If the Enterprise Manager system reboots during a software installation task,the task is cancelled, but the progress bar on the Task List screen may not properlyreflect the cancelled status. Although the task is marked Finished, thestatus bar displays the percentage complete at the time of the Enterprise Managerreboot.
[ Top ]
The following section describes the workarounds for the corresponding knownissues listed in the previous section.
This workaround describes how to check the system clock of a device ina redundant system.