Applies To:

Show Versions Show Versions

Release Note: Enterprise Manager version 1.6.0
Release Note

Updated Date: 10/23/2008


This release note documents the version 1.6 feature release of the Enterprise Manager™. To review the features introduced in this release, see New features and fixes in this release. For existing customers, you can apply the software upgrade to 1.0 and later. For information about installing the software, please refer to Installing the software.


- User documentation for this release
- Supported browsers
- Supported platforms
- Installing the software
     - Setting up a new system
     - Upgrading an existing system
- New features and fixes in this release
- Features and fixes introduced in prior releases
- Known issues
- Workarounds for known issues
- Contacting F5 Networks

User documentation for this release

In addition to these release notes, the following user documentation is relevant to this release.

You can find the user guides and the solutions database in the AskF5SM Knowledge Base,

Supported browsers

The supported browsers for the Enterprise Manager web interface are:

  • Microsoft® Internet Explorer®, version 6.x.
  • Mozilla® Firefox®, versions 1.5.x and later.
[ Top ]

Supported platforms

The 1.6 release applies only to the supported platforms listed below; each one provides all minimum system requirements. This release supports the following platforms:

  • Enterprise Manager 500
  • Enterprise Manager 3000
[ Top ]

Installing the software

If you are using a new Enterprise Manager system, the current software is loaded and configured. See Setting up a new system to get started using Enterprise Manager. If you are upgrading an existing Enterprise Manager system, see Upgrading an existing system for instructions on how to download and install Enterprise Manager version 1.6.

Setting up a new system

The Enterprise Manager version 1.6 was shipped to you installed on the Enterprise Manager 500 or Enterprise Manager 3000 platform. You only need to set up the system in your network, license the system, and connect it to one or more devices that you want to manage.

The Enterprise Manager Quick Start Instructions, which is included with the hardware platform, provides basic instructions for a quick set up and initial configuration of the Enterprise Manager system.

For a more detailed explanation of networking options and setup instructions, see chapter 2, Installation and Setup, and chapter 3, Licensing and Configuring the System in the Enterprise Manager™ Administrator Guide available at

Important: After you complete the licensing process, you must reboot the Enterprise Manager system in order for the user interface to function properly.

Upgrading an existing system

If you have an existing Enterprise Manager system, you can use the F5 Electronic Software Distribution site to download a new software image. Then, you can use the Enterprise Manager software upgrade wizard to upgrade your Enterprise Manager system. You can upgrade any previous version of Enterprise Manager to version 1.6.

To download the upgrade

To download the software upgrade, you must create an account at This site uses an F5 single sign-on account for technical support and downloads. After you create an account, you can log on and download the Enterprise Manager 1.6 software.

  1. Using a web browser connected to the internet, visit
    The F5 Sign-on screen opens.
  2. In the User Email box, type the email address associated with your F5 technical support account.
  3. In the Password box, type the password.
  4. Click the Login button.
    The Overview screen opens and provides notes about using the Downloads site.
  5. Click the Find a Download button.
    The Product Lines screen opens listing all F5 product families.
  6. Locate the Enterprise Manager product family and click the adjacent Enterprise Manager v1.x link.
    The Product Version screen opens, listing the available download containers for the current product version.
  7. Click the release link for version 1.6.
    The End User License Agreement screen opens.
  8. Read the license agreement, and click I Accept to agree to the terms of the agreement.
    The Select a Download screen opens.
  9. Click the EM- link to begin downloading the md5 checksum to your local system.
    The Select Download Method screen opens.
  10. Click an option depending on the method you want to use to download the file.
  11. Click the back button on the browser to return to the Select a Download screen.
  12. Click the EM- link to begin downloading the software image to your local system.
    The Select Download Method screen opens.
  13. Click an option depending on the method you want to use to download the file.

To install the upgrade

  1. Using a web browser connected to the same network as the Enterprise Manager system, visit https://<em_address>, where <em_address> is the IP address that you use to log onto the Enterprise Manager web interface.
  2. Sign on to Enterprise Manager as an administrator-level user.
  3. On the navigation pane, expand Enterprise Manager and click Software Images.
    The Software Images screen opens.
  4. Click the Import button.
    The New Image screen opens.
  5. For the File Name setting, click Browse.
    A dialog box opens.
  6. Using the dialog box, browse to the location where you downloaded the EM- file in step 12 of the previous section.
  7. Using the dialog box, click the EM- file name to select it, then click Open.
    The dialog box closes, and a path name appears in the File Name box.
  8. Click Import.
    The Import Progress box indicates the progress toward completing the software import.
  9. When the software import task finishes, click Finished.
    The Software Images screen opens.
  10. In the software image list, click EM v1.6.
    The general properties screen opens, displaying details about the software image.
  11. Click Install to start the Software Upgrade wizard.

For further instructions on using the Software Upgrade wizard, see the Managing Software Images chapter in the Enterprise Manager Administrator Guide available at

[ Top ]

New features and fixes in this release

This release includes the following new features and fixes.

New features in this release

Updated device licensing
The Licensing wizard now supports new and unlicensed devices.

Updated hotfix image support
The hotfix repository now supports hotfixes that apply to multiple product versions.

Updated image repository support for ASM attack signatures
The image repository supports the management and deployment of Application Security Manager attack signature definition files (for managed BIG-IP® Application Security Manager™ systems).

Scheduled Enterprise Manager ConfigSync
You can configure a regularly scheduled configuration synchronization for managed Enterprise Manager high availability systems.

Device replacement mode and checklist
A new device replacement mode assists you by providing a guideline of the processes required for replacing a device in the network.

Audit log searching
You can now search the audit log by user name, event text, or date.

Support information gathering
The Gather Support Information wizard assists you in gathering technical information from managed devices for use by F5 Technical Support to assist with your support cases.

Configuration searching
You can now search managed device configurations for specific parts of object names, and view specific elements of found configuration files on each managed device.

Fixes in this release

Back button on the Device Boot Location screen (CR55860)
Previously, if you performed a device reboot from the Device Boot Location screen and then encountered an error, the Back button on the screen may have quit working on Internet Explorer browsers. The Back button no longer exists on these screens. Use the navigation pane to navigate back to the Device List screen.

Redundant system configuration and problems with upgrading managed devices (CR75563)
Previously, when you configured Enterprise Manager to run as a High Availability pair, you may have encountered issues upgrading managed devices after you ran a ConfigSync process. This occurred because the system did not correctly update the database when you synchronized the configurations. Now, when you upgrade managed devices, the system no longer reports connectivity issues between the peers and their managed devices.

Device Group user list filter and Advanced Operator (CR81798)
Previously, the Advanced Operator user role did not always appear properly in the Device Groups: Users list for the All Devices group. The users list now accurately displays all users on the current device group and their roles.

Errors logged when rebooting managed devices (CR83494)
Previously, when you rebooted a managed device running BIG-IP version 9.4.0 or 9.3.0 through the Enterprise Manager device properties screen, the system logged iControl errors for loss of communications during the reboot in the Enterprise Manager log file, even though the device reboots properly. We corrected this issue to prevent this inaccurate log entries.

Incorrect platform information about chassis fan status (CR83599)
We corrected an issue where if you ran the platform command from the console to view information about the Enterprise Manager system, the system displayed the error chassis_fan_status_not_found. Although this error did not necessarily indicate a problem with the chassis fan (only that the system cannot retrieve the correct status of the fan), the system can now retrieve the correct fan status.

External link value is case-specific (CR83676)
Previously, on the device properties screen, when you typed a URL for the External Link value, the text for the protocol was case-specific and did not correct for incorrect case. We corrected this issue so that the protocol of external links you create are not case-specific. For example, if you type HTTP://, the system now resolves these characters to the lowercase http://.

Template errors affect staged changeset (CR83811)
Previously, if you created a configuration template that featured values for both editable and invisible in the @replace metadata line, this incorrect configuration caused an error when you create a staged changeset using this template as a source. We added additional validation checking to warn you if you attempt to set both of these values instead of only one.

UCS file restoring to incompatible version causes errors (CR84098)
Previously, on the UCS properties screen, if you attempted to restore a UCS file for one software version to a boot location running a different software version, errors could occur, and the device could be left in an inoperative state. This is an issue because certain elements of configuration files vary between product versions. To avoid this possibility, the UCS properties screen detects a version mismatch, and does not allow you to restore a different version of a UCS archive on the current managed device.

OpenSSL CPU cache RSA key reconstruction vulnerability fixed (CR84151)
In this release, we included updated versions of the openssl and tmm_turbossl packages to address the local vulnerabilities described in CVE-2007-3108.

Daylight Saving Time updated for New Zealand (CR84864)
We updated the software to support the new Daylight Saving Time changes for New Zealand.

Import file for discovery information (CR84885)
In the previous version of the Enterprise Manager Administrator Guide, in the Discovering Devices section, we did not describe the functionality of the Import button that appears on the Discover Devices screen. In the latest guide, we describe the functionality of the Import button and how you can use it to import a .csv file for discovering WANJet appliances.

Object and certificate name length (CR84972, CR86448)
Previously, object and certificate values were restricted to 64 characters in length. These limits in Enterprise Manager caused issues in management because of a difference in limits between Enterprise Manager and those on managed devices. We extended these limits to 256 characters for object names, and 128 characters for certificate values.

EUD installation errors (CR86007)
We corrected an issue that occurred during installation. Previously, during a software installation, you may have received errors that indicated the End User Diagnostic (EUD) utility did not install correctly. The EUD package now installs without errors.

Error logged in file for ambiguous task (CR86515, CR92046)
If you manage a BIG-IP version 9.3.0 system and your managed devices continually report an Impaired state, you can install a hotfix to your Local Traffic Manager system to fix the communication issue between Enterprise Manager and the managed device. However, in certain cases, the error log indicates repeated errors associated with a process named EventNotificationMonitorTask, and the state does not change from Impaired, even after installing the hotfix to fix the configuration reporting issues. We corrected an issue where Enterprise Manager services did not initialize properly, which led to communications errors.

Device configuration viewer and user roles (CR86863)
Previously, when you configured an Advanced Operator user role, then attempted to use the Configuration Browser, you may have received different results depending on the managed device that you were viewing. We corrected an issue with remote authentication permitting different permissions than defined in Enterprise Manager.

Template names cause errors and cannot be changed (CR87296)
Previously, if you used Enterprise Manager version 1.4 to create a configuration template and the template name contained special characters (for example, the ampersand symbol), you may have encountered errors upon upgrade. When you upgraded a system with this template to version 1.4.1, then when you performed a task using the template, the task failed and you received an error indicating an invalid template name due to bad characters. Because Enterprise Manager version 1.4 does not support metadata, you cannot change the template name from either the web interface or command line. You can change the name of an invalid template using version 1.6 or using version 1.4.1 (with an engineering hotfix applied) though the empipe utility. See the workaround for instructions.

OpenSSL vulnerability fixed (CR87358)
We included an updated openssl package with Enterprise Manager version 1.6 to address the local vulnerabilities described in CVE-2007-5135.

Enterprise Manager ConfigSync time issues (CR88039)
We corrected two issues related to Enterprise Manager high availability systems. Previously, the system did not account for possible clock skew between Enterprise Manager peer devices, which could cause delays in reporting alerts. Additionally, we corrected an issue where alerts for managed Enterprise Manager systems would be triggered only when the device data refreshed, which could delay alerts triggered between the refresh intervals.

Archive configuration failure when not saving private keys (CR88097, CR88252)
Previously, if you created a rotating archive schedule that did not save private SSL keys in the archive, the task may have failed while saving the UCS file due to overloading the Enterprise Manager RAM disk with temporary key data. When you excluded private SSL key data from a UCS archive stored on Enterprise Manager, the system temporarily stored the key data to ensure that the UCS file was valid. We corrected this issue so that during the archiving task, the system temporarily writes key data to the Enterprise Manager hard disk instead of the RAM disk. Additionally, for systems that do not support the option to exclude private keys locally, this option results in an error so that you can correct it prior to running the task. Correcting the RAM disk and private key exclusion issues also solves a problem that could occur when you compared a UCS archive that does not support private key exclusion.

Deploying changeset with HTTP data could fail (CR88321)
We corrected an issue that caused a changeset deploy task to fail if the changeset contained HTTP data. This occurred because the Enterprise Manager system did not wait for the httpd service on the managed device to restart and cause an error. Now, the system waits until the httpd service on the managed device restarts before refreshing the data.

PCRE vulnerability fixed (CR88743)
We included an updated Perl-Compatible Regular Expression (PCRE) library to address the local vulnerabilities described in CVE-2007-1650 and CVE-2007-1660.

Perl vulnerability fixed (CR88744)
We included an updated Perl package to address the vulnerabilities described in CVE-2006-5116.

Net-SNMP vulnerability fixed (CR89290)
We included an updated net-snmp package to address the local vulnerabilities described in CVE-2007-5846.

Refreshing unlicensed device logs errors (CR90530)
Previously, when the system or a user refreshed device data for an unlicensed managed device, the emdeviced service logged an error upon each refresh. Refreshing unlicensed managed device data no longer logs an error.

Downgrading a managed device with different partitioning scheme fails (CR90559)
Previously, if you used Enterprise Manager to perform a software version rollback to an earlier version, you needed to manually ensure that the earlier software supported the administrative partitioning scheme used by the later software. Later versions of BIG-IP software (versions later than 9.3.1 or 9.4.3) support a new partitioning scheme that you can enable when you perform a fresh installation on the BIG-IP system. Enterprise Manager now checks for partitioning scheme incompatibilities and does not permit software downgrades if the partitioning scheme employed on the later software is incompatible with the earlier version.

Possible XSS exploits fixed (CR90700, CR90703)
We corrected issues where an attacker with authenticated access to the Configuration utility of a BIG-IP system or Enterprise Manager system could run cross-site scripting attacks on certain user-entry boxes on object list screens.

Issues managing high availability pairs with same peer addresses (CR91164)
Previously, if you used Enterprise Manager to manage multiple high availability systems, and these managed device pairs shared the same peer IP addresses between two pairs (that is, each pair used the same private IP addresses for failover, even on different private networks), you may have encountered issues. Previously, when two managed device pairs shared the same failover attributes, Enterprise Manager may not have made a correct peer association due to the fact that it stores failover attributes for multiple devices which could cause improperly reported configuration information, or prevent the ConfigSync operations using Enterprise Manager. We made changes so that Enterprise Manager gathers additional information about redundant peer systems (including MAC addresses, and self IP addresses) so that it can now differentiate device pairs that use the same IP addresses for failover.

Task details messages are now useful (CR91174, CR91602)
Previously, when a software or hotfix installation failed, the message in the Details box on the Task Details screen was vague. Now, if a installation task fails, the Details box displays an error code or message that can assist in diagnosing the problem.

Impaired state and false alerts (CR91929, CR91930)
Previously, Enterprise Manager could trigger and log inaccurate alerts while managing high availability systems in certain conditions. When one managed device in a high availability system was in an Impaired state, and the system failed over, Enterprise Manager triggered an alert for a device status change when it refreshed the device information. We corrected this issue so that Enterprise Manager can now collect accurate device information even when a managed device is in Impaired state. This can prevent inaccurate status change alerts.

Impaired device information refreshing (CR92273)
We corrected an issue where if you discovered a managed device in the Impaired state, Enterprise Manager attempted to refresh the device information each minute. Enterprise Manager no longer attempts to refresh devices that are Impaired each minute. The system continues to refresh information only after a system event on the managed device.

Inaccurate progress indicator for attack signature task (CR92915)
Previously, if you performed a task to update the Application Security Manager attack signature file stored in the Enterprise Manager image repository and there was no update, the task status changed to Failed, even though this is inaccurate. Additionally, if you configured an update task with the automatic download option for the signature file, then subsequently performed an update task using the same non-updated signature file, the progress indicators on the Task Properties screen did not accurately indicate a completed task. The task status and progress indicators are now accurate.

Incorrect error logging (CR93010)
Previously, the emeventd service logged certain messages as errors in the /var/log/em log file. We corrected this issue so that these messages are properly logged as notices.

256-character limit for Gather Support Information task (CR93191)
On the Step 1 screen of the Gather Support Information wizard, you can enter text in the Additional Information box. Previously, this box was limited is 256 characters. You can now enter a more useful number of characters to provide additional information.

Log errors for ARP entries (CR93557)
When Enterprise Manager attempts to gather information about managed devices, it attempts to determine the Media Access Control (MAC) address for each peer device. Enterprise Manager accesses this information using Address Resolution Protocol (ARP) so that it can differentiate device pairs that use the same IP addresses for failover. However, when you discover a managed device pair, the mcpd service may log errors in the /var/log/ltm file that indicate that the system cannot view ARP information. You may encounter these messages on managed devices running BIG-IP software version 9.4.2 or earlier.

Total hotfix value (CR93614)
We corrected an issue on the Task Properties screen for a software upgrade task that resulted in displaying incorrect value for total hotfixes installed with a software upgrade.

Devices not listed in compatible devices table (CR93794)
Previously, an issue with detecting different partitioning schemes on managed devices prevented certain devices from appearing in the list of compatible devices in a software upgrade task. We implemented changes that can properly detect all devices compatible with an upgrade image.

MIB files on Welcome screen (CR94110)
Previously, the Management Information Base (MIB) text file for Enterprise Manager (F5-EM-MIB.txt) was not included in the the F5 MIBs (mibs_f5.tar.gz) available on the Enterprise Manager Welcome screen. The Enterprise Manager MIBs text file is now included.

Device group selection in Gather Support Information wizard (CR95821)
Previously, when using the Gather Support Information wizard, on the Step 2 screen, if you selected a device group other than All Devices, the wizard advanced to the Step 4 screen and initiated the upload. We corrected this issue so that you can select other device groups and add the necessary information before starting the task.

[ Top ]

Features and fixes introduced in prior releases

The current release includes the fixes and enhancements that were distributed in prior releases, as listed below. (Prior releases are listed with the most recent first.)

Version 1.4.1

Column sorting does not work properly on boot locations screen (CR68313)
On the Devices: Boot Locations screen, a table details the software version installed, the number of hotfixes installed, and the state of the boot location. Previously, if you clicked a column heading to sort the information, the system did not re-sort the information. The information now sorts correctly.

Current OpenSSH subject vulnerabilities (CR70316)
The current version of Enterprise Manager includes updated OpenSSH packages to fix the vulnerabilities described in CVE-2006-4924.

Shadow-utils package affected by local vulnerabilities (CR81165)
We included a new shadow-utils package in Enterprise Manager 1.4.1 to fix the local vulnerabilities described in CVE-2006-1174.

Pam_console local vulnerabilities fixed (CR81176)
We included new pam_console package in Enterprise Manager 1.4.1 to fix the vulnerabilities described in CVE-2004-0813 and CVE-2007-1716.

Hotfix wizard shows unreachable devices (CR81843)
Previously, in the Hotfix Installation wizard, on the target device selection screen, the available devices list displayed unreachable devices. Because Enterprise Manager cannot communicate with these devices, targeting a hotfix installation to an unreachable device failed. We corrected this issue so that the wizard does not display unreachable devices on the target device selection screen.

Install button on hotfix details screen may cause errors (CR81926)
When the system is installing a hotfix, the hotfix installation status screen opens. From this screen, you can view the details of any hotfix in the task. Previously, the hyperlink to the hotfix properties screen did not send the proper keys to identify the hotfix. If this happened, and you clicked the Install button, a page error occurred. We corrected the hotfix links so that the hotfix properties screen function properly, and so you can install a hotfix without receiving an error.

Online help for License Renewal wizard contains inaccurate step numbers (CR82072)
In the License Renewal wizard, several screens assist you in renewing managed device licenses. Although these screens appear as steps in a wizard, the number of steps varies depending on the number and type of devices you select for license renewal. Because the step number of a screen may vary, the online help no longer refers to step numbers when describing screen names.

Online help screen missing for staged changeset list (CR82145)
The online help for the staged changeset list now appears correctly when you click the Help tab.

Manual refresh may be required after upgrade (CR82257)
Previously, when you upgraded Enterprise Manager using the Software Upgrade wizard, the device details for the Enterprise Manager could report Awaiting Device Refresh until the first user-initiated or automatic system information refresh. The system now refreshes the device information to clear this message.

Certain tasks available on locked devices (CR82728, CR82730, CR82979)
When Enterprise Manager performs management tasks on a device, the system locks the device so that you cannot start a management task while another is running. Previously, the Restore button was available on the device archives screen. Additionally, users could select locked devices in the Copy User Configuration wizard, Change User Password wizard, and Configuration Comparison wizard. Now, the Restore button is unavailable when the device is locked, and users cannot select locked devices when starting a task with a wizard.

Dependency handling errors (CR82827)
We corrected a dependency handling issue with the Create Changeset wizard. Previously, if you selected certain objects for the changeset, then for the Dependency Handling option, chose to skip resource objects, certain objects that might not be dependencies were removed from the changeset. Now, when you select the skip resource objects option, the system correctly identifies dependent objects.

Connection used incorrect user account for connectivity test (CR83113)
We corrected an issue where Enterprise Manager sent the wrong account name to a managed device during a connectivity test. This error only occurred on the device properties screen when a user was logged into Enterprise Manager as a user other than admin. This error prevented Enterprise Manager from completing a connectivity test with a managed device, and displayed this error on the device list. Now, the system correctly transmits user names to managed devices.

Upgrade to 9.3.0 causes errors (CR83299)
Previously if you used Enterprise Manager to upgrade a managed device to BIG-IP version 9.3.0, in certain cases, the upgrade appeared to fail and cause a timeout error when refreshing device information. When Enterprise Manager could not retrieve certain information about device configuration objects, this causes an error. Now, when the system cannot properly retrieve information about configuration objects for a managed device, Enterprise Manager assigns the managed device an Impaired status. If a device is Impaired, you can still perform management tasks on the device.

New BIND package fixes vulnerability (CR83397)
We included an upgraded version of BIND with Enterprise Manager 1.4.1 to fix the vulnerabilities described in CVE-2007-2926.

Mod_jk2 updated to fix vulnerability (CR83564)
We included an updated mod_jk2 package with Enterprise Manager 1.4.1 to address vulnerabilities.

Impaired device with errors can cause installation errors (CR84087)
Previously, when a device in the managed device list was in an Impaired state and the device had an iControl error, and you attempted a software upgrade, this resulted in errors. Now, this scenario does not cause an error.

Version 1.4

The 1.4 release included the following fixes and enhancements.

Audit logs are turned off by default (CR67610)
Previously, Enterprise Manager audit logs were disabled by default. Audit logs are now enabled by default.

Rebooting a device displays Pending in the Task List (CR68689)
If you use Enterprise Manager to reboot a device, the Device Reboot task appears in the Task List. However, previously, in the Task List, the state of the task was Pending, even while the reboot is proceeding normally. Now, the Task List accurately displays the status of a device reboot.

Confirmation dialog box for rotating archive tasks corrected (CR68690)
If you attempt to remove a device group from a rotating archive schedule, a dialog box appears to confirm the action. Previously, instead of referring to the device group, this dialog box referred to a device. The dialog box now correctly refers to a device group.

Confirmation dialog box for deleting a hotfix corrected (CR68704)
If you attempt to remove a hotfix image from the hotfix repository, a dialog box appears to confirm the action. Previously, instead of referring to the hotfix, this dialog box referred to a generic image. The dialog box now correctly refers to the hotfix.

In Enterprise Manager 3000 system power supply failure, software now indicates which power supply failed (CR69241)
The Enterprise Manager 3000 platform features redundant power supplies. If one power supply fails, an audible alarm sounds. If you run the system_check -d or bp platform command from the command line, the failed power supply is now correctly identified. Alternately, to determine which power supply has failed, look at the power supply LED indicator on the rear of the Enterprise Manager device. If the green LED on a power supply is lit, this indicates that the power supply is working properly.

After upgrading device, device does not recognize Enterprise Manager (CR71800)
Previously, if you upgraded a managed device with Enterprise Manager, the newly upgraded system did not allow connections from Enterprise Manager. In this scenario, Enterprise Manager logged a Read Access Denied error for the managed device. We made changes to the iControl communications between Enterprise Manager and managed devices to correct this issue.

Uninstall packages conflict with hotfixes imported to the hotfix repository (CR71962)
Previously, if you imported certain hotfixes for BIG-IP 9.1.2, these hotfixes may not appear in the hotfix list. This occurred because you can import uninstall-hotfix packages to the hotfix repository in Enterprise Manager, which could corrupt the hotfix list. When you imported an uninstall package for a hotfix, it replaced the original hotfix in the list. This was only an issue for five hotfixes for BIG-IP 9.1.2. These hotfixes are no longer affected.

Upgrade status inaccurate when Enterprise Manager not connected directly to a managed device (CR72473)
Previously, when you discovered and managed a device through a NAT or virtual server instead of directly through the device's management interface, this affected the status report of an upgrade task for the device. Now, you can discover and manage a device through a NAT and receive timely status reports for the device.

Newly created users not copied in Copy User Access configuration task (CR72503)
Previously, if you created a new user on a managed device, then immediately attempted to copy that user and access settings to another device using the Copy User Access Configuration task, the new user was not copied to the target device.

GnuPG affected by local vulnerabilities (CR72713,CR76325)
We included a new GnuPG package in Enterprise Manager 1.4 to fix the local vulnerabilities described in CVE-2006-6169 and CVE-2007-1263.

Guest users can access configuration archives (CR72729)
Users with the Guest role, which is the most-restricted user role on Enterprise Manager, can no longer access UCS archives stored on Enterprise Manager.

Duplicate objects appear in configuration viewer and configuration wizards (CR73090, CR77272)
Previously, when you used the Filter box to filter a list on the Configuration Viewer screen, duplicate entries of the search occasionally appeared in the list. This also occurred on the class or object selection screens in the Changeset or Template wizards.

BIND remote vulnerability fixed (CR73531)
We included a new BIND package in version 1.4beta to fix the Denial of Service vulnerability described in CVE-2007-0493 and CVE-2007-0494.

Copy User Access wizard now copies Shell access (CR73871)
Previously, when you used the Copy User Access wizard to replicate user account permissions from a remotely-authenticated Enterprise Manager system to a BIG-IP system, the user access settings for shell access were not copied correctly. The shell access settings are now copied correctly through the Copy User Access wizard.

clock skew now appears on General properties screen (CR74074)
On the device general properties screen you can now view the system clock difference between Enterprise Manager and a managed device if you view the Advanced view.

Translated address for a compact flash device as management interface (CR74120)
Previously, when the Enterprise Manager detected a compact flash-only device management address that appeared to not be the management interface, you could not initiate software upgrades through Enterprise Manager, even if the interface was the correct management interface. This could occur when you were using NAT. On the device general properties screen, in the Advanced view, you can specify that the management address is translated to the management port for compact flash devices. This ensures that you can perform software upgrades on these devices.

Discovery process with remote authenticated users (CR74432, CR74434)
We fixed an issue where a remote external RADIUS-authenticated user initiated a discovery task for the same Enterprise Manager system, the user received a Communications Failed message, and could not perform a self-discover task.

System now locks itself during software upgrade (CR74498)
Previously, when you started a software upgrade on the same Enterprise Manager system, the system did not lock itself to prevent configuration changes during the software installation. Now, when you perform a self-upgrade task, Enterprise Manager prevents other tasks from running while the upgrade task runs.

SSL key and certificate name substitution with changesets (CR75132)
We corrected an issue that prevented you from changing the names of an SSL key and certificate when creating a changeset.

Syntax errors in system script (CR75225)
Previously, in the em-tweak-syslog script, two syntax errors resulted in system errors when adding alerts to, or deleting alerts from the Enterprise Manager system. We corrected the syntax errors in the system script.

System no longer resets mount count for compact flash devices (CR75235)
Previously, when you started an upgrade task on a compact flash-only device, Enterprise Manager attempted to perform a disk mount related task because the compact flash device reported unexpected information about the mounted system drive. This prevented Enterprise Manager from upgrading a compact flash-only device.

SSL keys no longer stored when SSL key storage is disabled (CR75544)
We corrected an issue where SSL keys continued to appear in the Device Configuration Browser even if you disabled the system from storing SSL key information.

MySQL server no longer listens on port 3306 (CR75629)
Although MySQL does not allow remote connections through port 3306, it was listening on the port. We closed this port to everything but local connections.

Upgrade process and advanced disk integrity checks for latest managed devices (CR76000)
Newer versions of BIG-IP software (9.3.x and 9.4.x) include enhanced disk integrity reporting features. When you configure a software or hotfix upgrade for these types of devices in Enterprise Manager, the system now uses the enhanced integrity checks to determine whether an upgrade will succeed on the hard drives on the target devices.

Upgrade process improved to handle low disk space scenarios (CR76460, CR76461)
Previously, if you attempted to run an upgrade task on a managed device with low disk space, the Enterprise Manager system did not properly warn of disk space issues, and could report that the upgrade image was corrupt. Enterprise Manager now checks for available disk space on target devices when you configure an upgrade task. If a target device does not have adequate disk space to download and install the upgrade, Enterprise Manager now warns of this condition so that you can resolve the issue on the target device before you start an upgrade task. Additionally, if Enterprise Manager determines that an upgrade image is corrupt, it attempts to download the image again so that the upgrade process can complete successfully.

Verifying and deploying changesets error details appear correctly (CR76977)
We corrected an issue where the Enterprise Manager system only displayed an error when you verified a changeset, but then not when you deployed a changeset. Instead, the system simply logged the deploy error. Now, when the system encounters a changeset deploy error, it displays detailed error information in the task details.

Back button in Changeset wizard now functions properly (CR77253)
Previously, when you were using the Changeset wizard and you clicked the Back button near the bottom of the screen, it did not always open the previous screen. We corrected this issue so that when you click the Back button on a Changeset wizard screen, it opens the previous screen.

Advanced Operator role copied to unsupported device receives No Access role (CR77654)
If you use the Copy User Access Configuration wizard to copy from a device that supports the Advanced Operator role to a device that does not support this role, users with that role on the source device receive the No Access role on the target device. In this case, you must assign new user roles to Advanced Operators if you copy those users to other devices that do not support that role.

Device refresh task properly restricted in task list (CR78012)
Previously, when you refreshed a device, a Device Refresh task appeared in the task list, but the check box for the task was available, suggesting that you could remove the task from the list while it was running. We corrected the issue so that the check box is unavailable in this scenario.

System service errors no longer stall tasks (CR78455, CR78468)
Previously, when the emfiled or emdeviced service was shutdown by another process, this could result in certain tasks failing to respond. In particular, if the emfiled service shut down during a reboot task, or emdeviced service shut down during a refresh task, these tasks remained in the task list and locked the devices from further Enterprise Management tasks.

Audit log now only tracks user-initiated activities (CR78881)
Previously, the Enterprise Manager audit log tracked certain activities that were initiated by the system, including regularly scheduled device information refreshes. Because this could create a very large audit file, we restricted auditing of system activities to only include user-initiated refresh actions.

Externally authenticated users no longer allowed in Change User Password task (CR79029)
Enterprise Manager cannot change a user password for an externally authenticated user account. Previously, you could select these users when you configured a Change User Password task.

Time zone log entries may be inaccurate (CR77183)
We fixed an issue that could occur with any time zone affected by daylight saving time during the extended daylight saving time enacted by the United States in the Energy Policy Act of 2005. Previously, when you created a configuration template, the system created an entry in the audit log. However, the time zone abbreviation may have been incorrect. For example, for Pacific Daylight Time, the entry may read PST which actually represents Pacific Standard Time.

Staged changesets cannot deploy to version 9.3.0 system (CR79061)
We fixed an issue that occurred when you created a staged changeset and attempted to deploy it to a BIG-IP 9.3.0 system. Previously, the deployed data may not have appeared on the target system if the changeset was configured incorrectly. This occurred even if you verified and received confirmation of a successful verification. You can now deploy staged changesets to a version 9.3.0 system if you verify the changeset successfully.

Terminated task displays incorrect status (CR79133)
Previously, if you stopped a running task, the task continued to display an In Progress status. The status now indicates that the task has stopped.

Memory usage error not logged in alerts history (CR79154)
Now, when you configure an alert instance to warn for memory usage, the system properly triggers an alert and properly logs the alert in the alert history list.

Vague status message in task list after creating a template (CR79164)
Previously, when you created a template, an EM Maintenance task appeared in the task list. Usually, this indicates a quick system-initiated task. This occurred because certain tasks were not correctly mapped to task list status messages. Now, more helpful status messages appear in the task list when you start a task.

Operator users can view unpublished templates (CR79226)
We corrected an issue where certain non-Administrator users could use unpublished configuration templates when creating a staged changeset.

Template text incorrect when using template as source for a new changeset (CR79401)
Previously , when you created a new changeset using a template as the source for the changeset, the template text that appeared could have been incorrect. This only occurred when you had more than one template defined and when you selected templates other than the first one in the list on the source screen. Although the text appeared incorrect, the system used the correct template and the variable information that you specified on the screen. The template text now appears correctly.

ZebOS configuration file included in the default file comparison list (CR79403)
The file /config/ZebOS.conf is now one of the default files to compare on the Task Options screen. When you perform an archive comparison, the system compares configuration files in this list.

Vixie-cron local vulnerabilities fixed (CR79973)
We included a new Vixie Cron package in version 1.4 to fix the local vulnerability described in CVE-2007-1856.

locked devices no longer generate unhelpful error messages (CR81068)
Previously when you attempted to view a screen for a managed device that was locked by an Enterprise Manager process, the screen did not appear, but the error message did not indicate why the screen was locked. Now, when you encounter a locked screen, a message informs you why the screen is locked.

Version 1.2.2

The 1.2.2 release included the following fixes and enhancements.

Setting the Alert History default record display to over 500 records may cause errors (CR53731)
Previously, when you set the alert defaults, if you set the alert history list to display over a maximum of 500 records, JavaScript errors could result (due to memory errors on the system where the browser is running) when you viewed the Alert History list. You can now view record lists of over 500 records without errors.

Non-descriptive error message appears when an unauthorized user attempts an upgrade (CR64224, CR69820)
If you log on to Enterprise Manager as a user who does not have administrator rights on a particular managed device, and then attempt to upgrade that device's software, you receive an error message. Previously, the message did not explain that the error resulted from the user having insufficient rights to upgrade the managed device. The new error message is more descriptive and provides steps to take to avoid this error.

External user authentication requires additional steps during configuration (CR67846)
Previously, if you used RADIUS authentication for external users, you needed to perform additional steps to correctly specify a user's roles. You can now use RADIUS authentication with Enterprise Manager without needing to perform additional steps.

Removing device groups from rotating archive schedule not permitted from the Devices: Archives screen (CR68691, CR69811)
On the Devices: Archives screen, the Rotating Archive Schedule table lists the rotating archives that are directly assigned to this device, and the rotating archives that are assigned to the device through a device group. Using the Select boxes, you can remove the current device from a rotating archive schedule. Previously you could not remove a device group from the rotating archive by checking a Select box. We corrected this issue so that you can delete a configuration archive associated with a device group from the Devices: Archives screen.

Change User Password feature does not support mixed case user names (CR68749, CR69824)
You can use the Change User Password feature to change a user's password on multiple managed devices. Previously, if the user name featured mixed case (UserName) instead of a single case (username), the Change User Password task for that user failed. We corrected this issue so that you can use user names with mixed case.

Errors in scheduled and custom configuration archives when upgrading Enterprise Manager (CR69409, CR69546)
We fixed issues related to custom configuration archives and upgrading Enterprise Manager. Previously, when you upgraded Enterprise Manager from version 1.0 to version 1.2, configuration archive schedules that you previously configured quit working upon upgrade. Additionally, if you configured any custom configuration archive schedules on a version 1.0 system, you could not successfully copy the UCS file to the upgraded version 1.2 system. These errors occurred because we enhanced the management options for configuration archive schedules in Enterprise Manager 1.2.

Command line upgrade of Enterprise Manager causes errors (CR69416, CR70671)
The new release fixes an issue where the upgraded version 1.2.x system could not use the UCS file from the version 1.0 system. This error caused the upgrade to fail. With version 1.2.1, you can upgrade Enterprise Manager through the command line without encountering UCS errors.

Open SSL vulnerable to a forged RSA signature (CR69465, CR69825, CR70155)
We included a new OpenSSL package in version 1.2.1 to fix the forged RSA signature vulnerability described in CVE-2006-4339.

Enterprise Manager upgrade retains pending status when other upgrade tasks exist (CR69534)
Previously, if you used Enterprise Manager to perform a self-upgrade from version 1.0 to version 1.2, the task would not start if other upgrade tasks existed, even if the tasks were marked complete. By design, Enterprise Manager cannot start a self-upgrade process if other upgrades are running. In certain cases, some tasks were marked complete on the task list when they were not actually complete.

Local user accounts not transferred correctly after upgrading to version 1.2 (CR69637)
We corrected an issue where local Enterprise Manager user accounts were not properly carried over to the new system after upgrading Enterprise Manager from 1.0 to 1.2. When you upgrade Enterprise Manager, you no longer need to redefine local user accounts.

Enterprise Manager Administrator Guide incorrectly states managed device compatibility (CR69842)
Previously, in chapter 1 of the Enterprise Manager Administrator Guide, we incorrectly indicated that Enterprise Manager can manage BIG-IP version 9.1.2 and later. In fact, Enterprise Manager can manage BIG-IP version 9.1.1 and later. We updated the Administrator Guide to correctly indicate managed device support.

Cannot upgrade compact flash-only devices managed through self IP address (CR69845)
If you use Enterprise Manager to manage any compact flash-only devices (1000, 2400, and 5100 platforms), and you manage these devices through a self IP address configured on a TMM switch interface instead of through the management interface, you cannot upgrade these managed devices. This occurs because the managed devices do not recognize self IP addresses during the upgrade process, and therefore cannot connect to Enterprise Manager to complete the upgrade. To use Enterprise Manager to upgrade compact flash-only devices, you must manage the devices through the management interface on each managed device. Previously, Enterprise Manager indicated that you could upgrade these devices, even through a TMM switch interface. Now, Enterprise Manager does not include these devices in the list of devices compatible with an upgrade.

Enterprise Manager does not support certificate names that differ in case only (CR69945)
Previously, Enterprise Manager did not differentiate between certificate names that differed only in case. Enterprise Manager now supports certificate names that differ in case only. For example, you can now use both DEFAULT.crt and default.crt. as unique certificate names.

Communication failed error message does not indicate clock skew problem (CR69984, CR70647)
Previously, if there was a difference in system clocks between Enterprise Manager and a managed device, you could receive an error indicating communication failed during tasks such as device discovery. This error did not adequately indicate the nature of the communication problems between the devices. Now, if there is clock skew between Enterprise Manager and a managed device, the error indicates this problem so that you can take steps to synchronize system clocks.

SNMP agent does not support multiple sources per community (CR71411, CR71412, CR71413)
We updated the Enterprise Manager MIB to address SNMP issues. Enterprise Manager now supports sending multiple SNMP traps for the same community string. Additionally, we updated support for alerts specific to the Enterprise Manager 3000 platform.

System services continually restart on an unlicensed partition (CR71799)
Previously, if you installed a version of Enterprise Manager onto an unlicensed boot location, the system services such as emdeviced, swimd, emfiled, discoveryd, emreportd, and emalertd would continually restart, and affect the performance of the system on a licensed partition. This no longer occurs if you install to an unlicensed boot location.

iControl communication issues may affect licensing (CR71959, CR73156)
Previously, errors could occur within iControl that could cause license dossier or other errors on the Enterprise Manager system. The iControl licensing communications now work without errors.

Remote user automatically created during upgrade task (CR72810)
Previously, if you performed a self-upgrade of an Enterprise Manager system while using remote authentication, the process could create a new user on the Enterprise Manager device. This new user was a temporary user employed by the system during an authentication task to guard against losing communication with managed devices if an error occurred during the upgrade. Now, the system ensures that any temporary users created are deleted once the upgrade process completes.

Re-licensing Enterprise Manager may be required for successful upgrade (CR72922)
We corrected an issue with the license check date that could cause a range of errors during upgrade. Previously, if you originally generated an Enterprise Manager product license on a date prior to October 2, 2006, then upgraded to version 1.2.1 or later, the Web interface indicated that you must activate the license. Also, the console also indicated that the current license was invalid, and displayed status messages indicating that system services were restarting. Additionally, if you attempted to upgrade to version 1.2.1 or later from the command line, the installer displayed a licensing error and stopped.

Determining disk space availability for upgrades if managed device does not support iControl call (CR72959, CR73275)
Previously, if a managed device did not support direct communication to test for available disk space to install a software or hotfix upgrade, Enterprise Manager started the upgrade anyway. Now, Enterprise Manager tests for available disk space for all managed devices prior to starting a software or hotfix upgrade task, and warns if there is not enough disk space to perform an upgrade.

Non-SCCP devices hang after hotfix install (CR73104)
Previously, if you used Enterprise Manager to install a hotfix on a system without a Switch Card Control Processor (SCCP), the hotfix process caused the non-SCCP device (such as systems that contain Compact Flash cards) to hang after installation. This problem resulted when Enterprise Manager created the /.sccp_hard_reboot file on the managed device. Now, Enterprise Manager correctly identifies SCCP and non-SCCP devices during the hotfix install task.

Changeset wizard does not immediately indicate when all objects of a class are deleted (CR73129)
Previously, if you deleted all the objects of a certain class (for example, pools) on a managed device, this information was not immediately visible in the Enterprise Manager Changeset wizard. Now, when you delete all objects of a certain class, the class name is removed from the Changeset wizard after a device refresh, ensuring that you do not add an empty class definition to a changeset.

Devices that cannot communicate back to Enterprise Manager flagged (CR73257)
Enterprise Manager can discover devices in the network that do not have a direct connection back to Enterprise Manager. This situation can occur through the use of NATs or because of configurations that send communications from a managed device to Enterprise Manager through a route other than the default management route. Now, during the discovery process, Enterprise Manager tests for a direct route from a BIG-IP version 9.4 or later managed device to Enterprise Manager, and warns if the configuration does not provide a direct connection to the Enterprise Manager system. The device list now notes which devices do not have a direct connection back to Enterprise Manager. These flagged devices are not compatible with upgrade tasks that you can configure in Enterprise Manager. To use Enterprise Manager to upgrade these devices, you must ensure that there is a direct route between a managed device and Enterprise Manager.

Compact flash-only devices not managed through the management interface flagged (CR73259)
Enterprise Manager can discover compact-flash only devices managed through TMM switch interfaces. Because these interfaces cannot function during an Enterprise Manager-initiated upgrade task, Enterprise Manager now flags these compact-flash only devices in the device list and on the device properties screen. These flagged devices are not compatible with upgrade tasks that you can configure in Enterprise Manager. To use Enterprise Manager to upgrade these devices, you must manage the devices through each device's management interface.

Time zone may be inaccurate after managed device upgrade (CR73272)
Previously, if you upgraded a managed device from BIG-IP version 9.1.1 to 9.1.2, or from BIG-IP version 9.1.1 to 9.2.4, and the device had a time zone setting other than Pacific Standard Time (PST), the time zone setting reverted to PST upon upgrade. Now, when you use Enterprise Manager to upgrade managed devices, Enterprise Manager maintains the correct time zone settings on managed devices.

Users can change Enterprise Manager address to an invalid address on device property screen (CR73601)
In previous version, users could arbitrarily change the address that a managed device used to communicate with Enterprise Manager (from the device's general properties screen). Users can still make changes to the address, but Enterprise Manager now checks to confirm that any changes to the Enterprise Manager address are valid.

Unnecessary partition information added to Enterprise Manager database (CR73702)
Previously, Enterprise Manager version 1.2.0 created an entry in its database for an additional Common administrative partition each time it refreshed certain managed devices running BIG-IP software earlier than version 9.4. Although Enterprise Manager did not actually create new partitions on these managed devices, the additional entries in the database would cause Enterprise Manager to take too long to refresh the device information, and could result in an automatic reboot of the managed device. This was an issue only on BIG-IP systems that did not support administrative partitions. BIG-IP version 9.4.0 is the earliest version that supports administrative partitions. This version of Enterprise Manager fixes this issue and removes any extraneous partition information from the Enterprise Manager database to alleviate the symptoms caused by this issue.

Version 1.2

The 1.2 release included the following fixes.

EM Maintenance Task message in the task list when a managed device reboots (CR55042)
When a software upgrade task completes, a managed device reboots. On the task details screen for the upgrade task, Enterprise Manager correctly indicates that a device is rebooting. Previously, a device reboot resulted in an EM Maintenance Task message appearing in the task list. This message no longer appears in the task list when a device reboots.

Certificate expiration dates affected by time zone discrepancies (CR55157)
Previously, the certificate expiration dates reported on certificate list screens might have been inaccurate, due to complexities in time related calculations involving daylight saving time. Daylight saving time no longer affects time zone calculations when checking certificate expiration dates.

BIOS warning message no longer appears during startup (CR57741)
Previously, a benign BIOS warning message Award Preboot Agent Installation Failed appeared when you initially powered up the system. We corrected the BIOS so that this message no longer appears.

Progress indicator for software image imports may be inaccurate (CR59085)
Previously, when the system imported a software image, the progress bar occasionally continued to indicate 0% progress. When this occurred, you needed to cancel the process and re-import the software image.

Downgrading managed device may prevent browser access to the device through Enterprise Manager (CR60512)
Previously, if you used Enterprise Manager to install an earlier software version on a managed device, and then attempted to open that device's Configuration utility using the Launch link on the device properties screen, the web browser could not connect to the device. The Launch link now works with devices on which you installed an earlier software version.

Internet Explorer Security window bypassed when downloading device export data (CR64842)
We corrected an issue where if you attempted to download device export data in CSV format, you must manually permit the browser to download the CSV file to your local system. When using Internet Explorer version 6.x, if you opt not to download the file when you receive the Security Alert window, the Enterprise Manager system sent the file to your local system anyway. The system now adheres to browser security warnings.

System can exceed the maximum pinned archives setting in a deploy changeset task (CR65109)
When you deploy a changeset, you can choose to create a rollback UCS archive for target systems. Previously, Enterprise Manager saved UCS archives created during a changeset deploy task as pinned archives, which previously could exceed the limits you set on pinned archives on the Rotating Archives Options screen. The system now saves UCS archives as rotating archives during a deploy task.

Enterprise Manager 3000 system rebuilds the RAID configuration after an unclean shutdown (CR65451)
Previously, if an Enterprise Manager 3000 system completely lost power or was otherwise abruptly restarted (as opposed to a normal, clean system restart), the RAID controller rebuilt the RAID array when the system is booted up next. An abrupt shutdown no longer starts the RAID rebuild process.

Back button quits working after UCS restore (CR65464)
Previously, if you used Enterprise Manager to restore a UCS archive to a single device, the Back button on the device properties screen no longer opened the device list screen. The Back button now functions properly after a UCS archive restore.

Two or more unique sets of managed device pairs cannot share the same IP address (CR67607)
Although Enterprise Manager can manage redundant systems, it previously could not properly manage two unique redundant systems if these pairs use the same IP address for peer communication. To manage redundant systems with Enterprise Manager version 1.2, you must ensure that each redundant system uses a unique IP address for peer communication. The version 1.2.1 upgrade fixes this issue.

Command line upgrade of Enterprise Manager causes errors (CR69416)
We updated the Enterprise Manager version 1.2 release image to EM- The new release fixes an issue where the upgraded version 1.2 system could not use the UCS file from the version 1.0 system. This error caused the upgrade to fail. If you want to upgrade an Enterprise Manager system to version 1.2, ensure that you download the latest version from Enterprise Manager 1.2.1 also fixes this issue.

[ Top ]

Known issues

The following items are known issues in the current release. Known issues are cumulative, and include all known issues for a release.

NTP and time zone changes not detected (CR86351, CR91619)
If you add or change NTP server information for a managed device running BIG-IP version 9.4.2 or later software, Enterprise Manager may not recognize this change when you view the configuration in the device configuration viewer, or when you create a changeset containing the NTP information. Additionally, if you change the time zone on a managed device, Enterprise Manager may not recognize the time change when you create a changeset containing the time zone information.

Errors with persistence profiles (CR91787)
When you assign a persistence profile to a virtual server on a managed device running BIG-IP version 9.4.3 or earlier software, this can cause discovery and refresh issues for that managed device on Enterprise Manager.

Image deployment issues (CR93909)
For managed devices running BIG-IP software versions earlier than 9.4.0, and devices using certain routing configurations, you may encounter errors during managed device software upgrades. During a software upgrade, Enterprise Manager requires a defined route from the managed device. If routing on the managed device is configured so that the route is not the default route or a defined route, Enterprise Manager flags an issue when it does a routing configuration test. Enterprise Manager does not perform routing configuration tests on managed devices running BIG-IP software earlier than version 9.4.0. If you attempt to install software to a managed device running BIG-IP software versions 9.1.x, 9.2.x, or 9.3.x, the software upgrade may stall at five percent complete during the upgrade, because Enterprise Manager does not perform routing checks for these managed devices.

Access errors logged by mcpd (CR93985)
An iControl communications issue between Enterprise Manager and managed devices may cause the mcpd service to periodically log Access Denied errors for user f5emsvr in the /var/log/ltm file.

Local vulnerability in HTTP GET parameters (CR94040)
If a user has accessed the Configuration utility of an Enterprise Manager system, and the user browses to an untrusted site and clicks on a malicious link, the system may be vulnerable to cross-site scripting attacks. To avoid this possibility, shut down the browser for the Enterprise Manager Configuration utility before you open a separate browser session.

Tcl affected by local vulnerabilities (CR94762)
A Tcl expression included with Enterprise Manager is affected by the local vulnerabilities described in CVE-2007-4772.

Apache mod_autoindex affected by local vulnerabilities (CR95409, CR96045)
The Apache mod_autoindex module included with Enterprise Manager is affected by the local vulnerabilities described in CVE-2007-4465. Enterprise Manager does not use the mod_autoindex modules, but it is included with other Apache modules.

Cancel Pending button missing (CR95417)
After starting a task using the Gather Support Information wizard, if you return to the task list before the task completes, then open the task status screen, the Cancel Pending button that was previously visible is no longer available. If you want to cancel supporting jobs in a gather support information task, do not navigate away from the initial task status screen.

Bracket special character in file attachment causes errors (CR95700)
While using the Gather Support Information wizard, you can add file attachments. However, if the file name of any attachment contains bracket characters ( [ ] ), the system cannot import the file, and will hang on the Step 2 wizard screen during the file importation. If you need to import a file that contains the bracket special character in the file name, change the name of the file.

Cannot enable maintenance mode for Unreachable device (CR95701)
If a managed device is in the Unreachable state, you cannot enable Maintenance mode for this device.

Inaccurate status for licensing task (CR95881)
If you use the Licensing Wizard, and select the reboot device option, the progress bar on the Task Properties screen may not be accurate immediately after the device is licensed. In this scenario, while the device has been licensed, the progress bar indicates 100% complete even though the task specifies a device reboot. The status remains at 100% until the screen refreshes after the default 10 second interval. After the first refresh, the progress bar is accurate while the managed device reboots.

Special characters cause errors in Gather Support Information wizard (CR96032)
When you use the Gather Support Information wizard, you can provide textual information about the task in the Additional Information box. If you use characters other than standard alphanumeric characters, the wizard may encounter errors. Depending on your client browser, you may receive a form error after entering the characters or the browser may quit responding. If you use Internet Explorer, and receive a form error, edit out the invalid characters and proceed. If you use Firefox, navigate out of the task, then from the task list screen, open the task properties and cancel the task.

Attack signature tasks appear the same (CR96351)
In the task list, the task name for manual importation of Application Security Manager attack signatures is indistinguishable from the task name for scheduled importation of attack signatures.

Large configurations cause timeout errors (CR96662)
If you use Enterprise Manager to manage a device with a very large configuration (for example, over 3000 objects, including virtual servers, pools, and nodes), you may encounter communication timeout errors when discovering a device, or refreshing device information. Additionally, Enterprise Manager may report the managed device's state as Impaired. Because the system requires more time to retrieve device information for very large configurations than the default 90 second communications timeout, you may not be able to manage devices with very large configurations.

Deleted software images persist on peer devices (CR97695)
When running Enterprise Manager in a high availability configuration, if you delete a software image from the image repository on the active system, the system does not completely remove the corresponding image from the standby system until you reboot. Although the Configuration utility shows the image as deleted, from the command line, you can verify that the deleted image is still mounted on the standby system. The deleted images remain mounted on the standby system until you reboot the system.

Inaccurate error message for device properties (CR97874)
On a device properties screen, if you enter a host name in a field that requires an IP address, an error message indicates Invalid IP or Hostname. As noted in the online help, certain fields require that you enter an IP address, even though the error message is not entirely accurate.

Scheduled ConfigSync details ambiguous (CR98346)
Although you can schedule a configuration synchronization for an Enterprise Manager high availability system, the user documentation and user interface do not indicate the source and destination of a ConfigSync process. When you configure a scheduled Enterprise Manager ConfigSync, the system synchronizes the active system's current configuration to the standby peer system.

WANJet version 5.0.2 device cannot be discovered (CR100278)
When a user running Enterprise Manager version 1.6 attempts to discover a WANJet appliance running version 5.0.2, an iControl communications issue causes discovery to fail. When this discovery failure occurs, Enterprise Manager logs a message in the /var/log/em file indicating that the requested VLAN was not found. Additionally, the user receives a Communications Failed message.

Installing hotfix on 1600 or 3600 platform disables system (CR110227)
If you use Enterprise Manager to install a hotfix on a BIG-IP system running on a 1600 or 3600 platform, this could cause the managed device to quit responding. To avoid this scenario, ensure that you do not use Enterprise Manager to install a hotfix for a BIG-IP system that is running on a 1600 or 3600 platform. If you already installed a hotfix and the managed device is unresponsive, you must shut down the system, and cycle the power on the managed device to initiate a cold reboot.

Version 1.4.1 Known Issues

Build number not updated after hotfix (CR65654)
If you apply a hotfix to BIG-IP version 9.3.0 HF1, Enterprise Manager does not correctly indicate the updated hotfix number in the device list or device properties.

Large descriptions cause errors (CR83104)
On a managed device, if you create a very large partition description (over 128 characters), this could cause a Database update failure error message in Enterprise Manager, and change the device status to Unreachable. To avoid this error, ensure that partition descriptions on managed devices are under 128 characters in length.

Low disk space causes upgrade failure (CR83416)
If you use Enterprise Manager to upgrade a managed Enterprise Manager system and that system has low disk space, the upgrade can fail without warning, and the upgrade status stops responding. Additionally, the target boot location may become unresponsive after encountering this error.

Comparing wideip.conf file may result in errors (CR84363)
If you perform an Archive Comparison task to compare differences between /config/gtm/wideip.conf files, the task summary reports that the file was not found. Enterprise Manager is unable to locate the /config/gtm/wideip.conf file because the file is stored using a different path in the UCS archive file. The UCS archive file actually stores the file as the /var/tmp/gtm_tmp/gtm/wideip.conf file. When configuring the file names to compare for the Archive Comparison task, you will need to use the file name as it is saved in the UCS archive file. See SOL7821 in the AskF5 Knowledge base for more information.

500 platform connected to managed devices through management port (CR86424)
In the Enterprise Manager Administrator Guide, we recommend that you connect an Enterprise Manager system to managed devices through the Management port on each device. Although this works well on the Enterprise Manager 3000 platform, the limitations of the Management port on the 500 platform may adversely affect performance during device discovery or other management tasks. To avoid encountering possible performance degradation on the 500 platform, we recommend using the TMM switch ports on the Enterprise Manager system to connect to managed devices.

Running ConfigSync on 9.4.2 system causes errors (CR86565)
When managing a BIG-IP system version 9.4.2, if you attempt to initiate a ConfigSync process from the device properties screen, the operation fails and the system logs an exception with the emdeviced service. To avoid this error and to synchronize a high availability BIG-IP system version 9.4.2, log on to the managed device's Configuration utility to perform the ConfigSync operation directly on the managed device. See the workaround for information on how to perform a ConfigSync operation.

FIPS-enabled device reported as Impaired (CR86517)
Although Enterprise Manager can discover devices that use a FIPS hardware security module, it cannot store the information contained in the FIPS key. Because this designed behavior prevents Enterprise Manager from gathering a complete set of configuration data from the managed device, the system indicates that the status for any FIPS-enabled managed device is Impaired. You can still perform management tasks on these devices.

Abandoning task wizard cancels task (CR90794)
If you use the task wizard to configure a task (such as creating a changeset, or installing software), and while in the process of configuring the task options you abandon the task prior to completing the configuration options, Enterprise Manager does not save the information after a default 10 minutes of inactivity. This occurs even if you do not navigate away from the task wizard screens. In most cases, after 10 minutes of inactivity, the system removes the task from its database, and any of your subsequent attempts to finish configuring the task may cause an error. For software and hotfix installation tasks, the system may time out after 50 minutes to allow for communication between Enterprise Manager and managed devices.

Version 1.4 Known Issues

Change user password on managed device using remote authentication (CR71757)
When you configure a managed device with local authentication, then switch it to remote authentication, Enterprise Manager can no longer successfully change user passwords through the Change User Password wizard for this device.

uninstall hotfix packages not supported (CR71948)
For certain hotfixes, you be able to import uninstall hotfix images. Normally, you can use uninstall images to uninstall a hotfix that you recently installed on a managed device. However, if you import and attempt to install an uninstall hotfix image, the process will fail.

DNS resolution issues on managed device affects management communication (CR74910)
If the DNS settings on a managed device are configured to access an unavailable DNS server, this adversely affects communication between Enterprise Manager and a managed device due to DNS lookup timeouts on the managed device. Simple communication commands may time out and cause tasks such as device discovery or a device refresh to fail in Enterprise Manager. If you encounter unexpected time out warnings when performing management tasks, ensure that the DNS server specified in the managed device's DNS settings is accessible and functioning properly. When this scenario occurs, affected managed device status icons on Enterprise Manager change to Impaired.

Lastlog command not supported (CR75156)
If you use the lastlog command from the command line, the process fails because it is not supported on the Enterprise Manager system. From the command line, you can use the last command for similar functionality.

User role permissions limited (CR75431)
Enterprise Manager provides a limited set of permissions that you can grant non-Administrator users. Currently, you cannot assign software management tasks to restricted user roles such as Advanced Operator or Operator. Only Administrators can perform these tasks.

Verify staged changeset status screen continues refreshing after verification (CR79272)
If you start a Verify Staged Changeset task to verify a staged changeset, then immediately deploy the staged changeset after the verification completes, the deploy status may be Pending. This happens because the device refreshes its information with Enterprise Manager after it reports verification status. After the refresh process stops, the deploy task starts normally.

Filtering on Staged Changeset list screen is case-sensitive (CR79440)
The Filter box above the list on the Staged Changeset screen is case-sensitive. If you type a value and received unexpected results, check the case of the values you entered.

Multiple pools using same monitor causes error in Enterprise Manager (CR80046)
On a managed device running BIG-IP version 9.3.0, if you configure four or more pools to reference the same monitor, this causes an iControl error when Enterprise Manager attempts to gather configuration information from the managed device. You can avoid this error if you apply hotfix 1 (HF1) to the 9.3.0 release.

Extraneous user roles on system (CR81034)
In Enterprise Manager, when you create user accounts, you can set user roles. Because you can only grant a set of permissions for Advanced Operator and Operator roles, the Application Editor and Manager roles are unneeded. Assigning users to these roles grants them only Guest access to the system.

Deploying changeset to change time zone (CR81091)
If you create a staged changeset to change the timezone setting on a device, then deploy it to the device, the process completes successfully, but the system services on the managed device do not restart. To avoid this issue, you can change the time zone on the managed device on the device itself, or you can log on to the managed device to restart the system services.

Archive encryption pass phrase not supported by rotating archives (CR81834)
On a managed device, if you enable archive encryption, and the device is part of a scheduled rotating archive task, Enterprise Manager cannot create an archive of the system. In this scenario, Enterprise Manager logs a message in /var/log/em indicating that a pass phrase is required. To avoid this error, exclude devices that have archive encryption enabled from a rotating archive schedule.

Mixing configuration versions may cause errors (CR82255)
When you create device changesets, or templates for one version of a managed device, ensure that when you deploy a staged changeset, that the target device is the same version as the source for the changesets or templates. In many cases, the configuration data may copy to the target without errors, but it is possible that the configuration data from one managed device version to the next could cause unexpected behavior, or cause the target device to encounter errors.

Version 1.2.x Known Issues

The following items are known issues in version 1.2.x releases, and they still apply to the current release.

Hourglass cursor does not always appear when system is busy (CR55043, CR64461)
Usually, the cursor on the web interface changes to an hourglass to indicate that the system is busy. This may not always occur on certain screens. See the status banner at the top of the screen to determine the state of system activity.

Managing externally authenticated devices requires additional steps (CR62513)
If managed devices in your network use an external authentication protocol (RADIUS, LDAP, or Active Directory), you must follow certain rules when discovering and managing these devices. If you use an external user name for device discovery, this user must exist on the managed device. Once you discover this device, you can manage this device by logging on as admin to Enterprise Manager. If you log on to Enterprise Manager with any other user name, you must ensure that this user name exists on the managed device (in the external authentication user list) in order to avoid authentication errors. This is currently an issue only with BIG-IP versions 9.1.1, 9.2.0, 9.2.2, 9.2.3. To fix the issue, you can apply hotfix HF68471 to version 9.2.3 managed devices, or upgrade managed devices to version 9.2.4.

Changeset modification options are limited (CR66262)
If you open the changeset properties screen, and then make changes to the changeset, you must save the changeset before verifying your changes. If the verification subsequently fails, you cannot revert to the previously valid changeset. Because of this limitation, we recommend that you create a duplicate of a valid changeset before you modify it. Additionally, because no Cancel button exists on the changeset properties screen, if you want to cancel changes from the changeset properties screen, you must open the changeset list by clicking Changesets in the navigation pane.

Communications interval with managed devices changed after upgrade (CR67510)
When you upgrade Enterprise Manager from version 1.0 to 1.2, the default refresh interval that controls how often Enterprise Manager communicates with each managed device resets to the 60 minute default. After you upgrade, you may want to check or change the default refresh interval on the Device Options screen.

Upgrading Enterprise Manager resets remote authentication settings (CR67521)
If you upgrade Enterprise Manager from version 1.0 to version 1.2, the user authentication settings are reset. If you upgrade Enterprise Manager, ensure that you re-configure user authentication settings.

Single sign-on for Launch Pad feature is only compatible with BIG-IP 9.4 or later or Enterprise Manager 1.2 or later (CR67769)
If you use the Launch link on the Launch Pad screen to open a managed device's Configuration utility, Enterprise Manager can use a single sign-on to automatically authenticate your user ID to managed devices running BIG-IP version 9.4 or later, or Enterprise Manager version 1.2. or later. If you use the Launch link to open managed devices running earlier software versions, you must re-enter your user name and password to open a managed device's Configuration utility.

Changeset with network route requires self IP addresses on target devices (CR67773)
Using the changeset feature, you can deploy device configuration data from one managed device to another. Although this configuration data can include network routing information, routes typically require that you configure self IP address in order to work properly. Enterprise Manager can successfully deploy a changeset with network routes to a target device only if the self IP addresses required by the network route already exist on the target device. Because self IP addresses are unique to each device, they are not usually deployed using a changeset. If you need to deploy a changeset with network route information, we recommend that you deploy VLANs to the target device, then manually configure the appropriate self IP addresses on the target device. Once you configure the self IP addresses, you can then deploy routes to the target device using changesets.

Reboot and Install locations can appear incorrectly on the Task Details screen (CR67833)
On the Task Review screen of the Software Upgrade Wizard you can select a different Boot Location or Install Location for devices in the upgrade task. However, if you select a new location for either setting, then click the View link to see the details for a device, the new settings do not appear on the Task Details screen. If you return to the Task Review screen, the settings you selected appear correctly.

Install Log does not appear for a self upgrade task (CR68642)
When you use Enterprise Manager to perform an upgrade on itself, the Install Log (which normally displays entries logged on the managed device during the install task) appears empty on the Task Details screen for the Enterprise Manager upgrade task.

Administrative partitions not supported by Enterprise Manager system (CR69024)
With this release, Enterprise Manager introduces support of administrative partitions. Administrative partitions are logical containers containing a defined set of BIG-IP system objects, and are used for access control purposes. This feature was introduced in BIG-IP version 9.4.0. The access control features are compatible only with BIG-IP network object classes, and not Enterprise Manager object classes. Although you can create an administrative partition in Enterprise Manager, the access control properties are not available for Enterprise Manager object classes.

Incorrect peer IP configuration and discovery or refresh errors for redundant systems (CR75066)
When managing BIG-IP redundant systems, Enterprise Manager may not correctly discover or refresh a device in the redundant system if the managed device is incorrectly configured so that the peer IP address (primary or secondary) is actually a self IP address. If this occurs, a DaemonException error indicating a duplicate entry appears in the log file. If you encounter this error or cannot discover a device (or refresh information for a device) in a redundant system, ensure that the peer IP addresses on the managed devices are correctly configured.

Version 1.0 Known Issues

The following items are known issues in the version 1.0 release, and they still apply to the current release.

Device Address box on the Device Detail screen changes colors (CR55060)
On the Device Detail screen, the Device Address box that indicates the IP address may appear yellow or white if you view it using some Mozilla-based browsers. The color of the box does not affect the functionality, nor indicate any specific state.

Modifying devices that are currently involved in a running task may cause incorrect banner displays (CR55464)
When a device is involved in a task, Enterprise Manager locks the device to prevent a user from making changes to a device while it is being updated. If you attempt to make changes to this device, a status banner may appear and hide the device locked warning at the top of the screen. To restore the device locked warning, refresh the screen.

Deleting a large list of devices takes a long time and provides no deletion status (CR56478)
When you delete several devices from the device list screen, the screen does not immediately refresh if one or more of the devices is unreachable. The system does not display any status messages while Enterprise Manager attempts to communicate with these devices. Although the system may appear unresponsive for a long time, you can navigate to other screens to perform management tasks.

Changing an Enterprise Manager system from a redundant pair to a single device forces a standby state (CR56543)
If you use the System Platform screen to configure the Enterprise Manager system as a redundant pair, then change the system back to a single device, the device changes to standby mode which prevents further configuration tasks. To correct this issue, reboot the device.

ConfigSync operations fail if there is a clock skew of over 600 seconds between peer systems (CR56619)
If the clock skew between the peer devices in a managed device pair is greater than 600 seconds (10 minutes), any ConfigSync operations initiated though Enterprise Manager fail. To prevent this, ensure that the system clocks of the redundant pair are within 600 seconds of each other. See the workaround for instructions on how to check the system time on managed devices.

ConfigSync indicator in the top left corner of the screen may be inaccurate for Enterprise Manager redundant pairs (CR56666)
If you run a configuration synchronization on a pair of Enterprise Manager devices from the Device Properties screen, the ConfigSync status indicated in the top left of the screen does not update properly until you click an option on the navigation pane.

Task List screen may feature incorrect status reports for tasks running during an Enterprise Manager system reboot (CR56814)
If the Enterprise Manager system reboots during a software installation task, the task is cancelled, but the progress bar on the Task List screen may not properly reflect the cancelled status. Although the task is marked Finished, the status bar displays the percentage complete at the time of the Enterprise Manager reboot.

[ Top ]

Workarounds for known issues

The following section describes the workarounds for the corresponding known issues listed in the previous section.

Checking the system clock of a managed device pair (CR56619)

This workaround describes how to check the system clock of a device in a redundant system.

  1. Log on to the command console of the BIG-IP system.
  2. At the command prompt, type date and press Enter.
    The system clock information appears.
  3. Note the system clock information and repeat these steps on the device's peer.

Initiating a ConfigSync for a 9.4.2 system (CR86565)

This workaround describes how to open the Configuration utility of a BIG-IP version 9.4.2 system from Enterprise Manager to perform a ConfigSync operation.

  1. On the Main tab of the navigation pane, expand Enterprise Management and click Devices.
  2. Click the name of the device for which you want to run a ConfigSync operation.
    The device properties screen opens.
  3. In the Configuration Utility box, click the Launch link.
    A new browser window opens, displaying the Configuration utility for the device that you selected.
  4. On the Main tab of the navigation pane, expand System and click High Availability.
    The Redundancy Properties screen opens.
  5. On the menu bar, click ConfigSync.
    The ConfigSync screen opens.
  6. For Synchronize, click either Synchronize TO Peer or Synchronize FROM Peer.

Changing template names though the empipe utility (CR87296)

This workaround describes how to change template names using the empipe utility on an Enterprise Manager 1.4.1 system with an engineering hotfix (or an Enterprise Manager 1.6 system).

  1. Log on to the command line of the Enterprise Manager system using the administrator user name and password.
  2. At the command prompt, type empipe template list and press Enter.
    A list of templates and associated ID numbers appears.
  3. At the command prompt, type empipe template edit setName <ID> "<name>" where <ID> is the identification number associated with the template in the list and <name> is the new template name.
  4. To verify the new name, type empipe template list prop <ID> where <ID> is the identification number of the template that you just edited.
[ Top ]

Contacting F5 Networks

  Phone: (206) 272-6888
Fax: (206) 272-6802

For additional information, please visit

Was this resource helpful in solving your issue?

NOTE: Please do not provide personal information.

Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)