Applies To:

Show Versions Show Versions

Release Note: Enterprise Manager version 2.2.0
Release Note

Original Publication Date: 08/30/2013

Summary:

This release note documents the version 2.2.0 feature release of the Enterprise Manager™. To review the features introduced in this release, see New features and fixes in this release. For existing customers, you can apply the software upgrade to version 2.0 and later. For information about installing the software, please refer to Installing the software.

Contents:

- User documentation for this release
- Supported browsers
- Supported platforms
- Managed device compatibility
- Installing the software
     - Setting up a new system
     - Upgrading an existing system
- New features and fixes in this release
     - New features in this release
     - Fixes in this release
- Features and fixes introduced in prior releases
- Required configuration changes
- Known issues
- Workarounds for known issues
- Contacting F5 Networks

User documentation for this release

In addition to these release notes, the following user documentation is relevant to this release.

You can find the product documentation and the solutions database in the AskF5 Knowledge Base.


Supported browsers

The supported browsers for the Enterprise Manager web interface are:

  • Microsoft® Internet Explorer®, version 6.0x, and version 7.0x
  • Mozilla® Firefox® version 3.0x

Note that we recommend that you leave the browser cache options at the default settings, and disable popup blockers and other browser add-ons or plug-ins.

[ Top ]

Supported platforms

The version 2.2 release applies only to the supported platforms listed below; each one provides all minimum system requirements. This release supports the following platforms:

  • Enterprise Manager 500 - with 1 GB RAM
  • Enterprise Manager 3000
  • Enterprise Manager 4000

Important: The Object View feature and Reporting feature are not available on the Enterprise Manager 500 platform due to the greater CPU, memory, and hard drive requirements for these features.

[ Top ]

Managed device compatibility

Enterprise Manager version 2.2 supports the following software versions::

  • Enterprise Manager version 1.6 to version 1.8
  • Enterprise Manager version 2.x
  • Enterprise Manager Virtual Edition version 2.2
  • BIG-IP Local Traffic Manager Virtual Edition version 10.2.x
  • BIG-IP version 9.3.1 to BIG-IP version 9.4.x
  • BIG-IP version 10.0.1 and later in the BIG-IP version 10.x.x family
  • BIG-IP Secure Access Manager version 8.0.x
  • WANJet version 5.0.x
[ Top ]

Installing the software

If you are using a new Enterprise Manager system, the current software is loaded and configured. See Setting up a new system to get started using Enterprise Manager. If you are upgrading an existing Enterprise Manager system, see Upgrading an existing system for instructions on how to download and install Enterprise Manager version 2.2.

Important: We recommend that you download and verify the MD5 checksum on any ISO image or IM upgrade file you download to ensure the integrity of the installation file.

Setting up a new system

The Enterprise Manager version 2.2 was shipped to you installed on the Enterprise Manager platform you selected. You only need to set up the system in your network, license the system, and connect it to one or more devices that you want to manage.

For an explanation of networking options and setup instructions, see the chapters, Installation and Setup, and, Licensing and Configuring the System in the Enterprise Managerâ„¢ Administrator Guide available at http://support.f5.com.

Important: After you complete the licensing process, you must reboot the Enterprise Manager system in order for the user interface to function properly.

Upgrading an existing system

If you have an existing Enterprise Manager system, you can use the F5 Electronic Software Distribution site to download a new software image. Then, you can use the Enterprise Manager software upgrade wizard to upgrade your Enterprise Manager system. You can upgrade Enterprise Manager to version 2.2 from version 2.0. If you need to upgrade from an earlier version, due to changes in disk management and database schema, we recommend upgrading first to version 2.0 prior to upgrading to version 2.2. See the release notes for Enterprise Manager version 2.0 for instructions on upgrading from version 1.8, including command line instructions.

Note: If an Enterprise Manager system has a very large statistics database (for example, over 20GB), the upgrade to version 2.2 may require over an hour or more to convert the database to a new schema used in version 2.2. Our tests indicate that this conversion may take about six hours for a 20GB database. (You can determine the size of the statistics database by clicking System Information under Enterprise Management.) Additionally, the system truncates the database to 20GB maximum. We recommend backing up the database prior to upgrade. (ITEM 336256)

Important: If during the upgrade you choose to convert from a partitioned to the LVM disk management scheme, the system erases the software repository, archives, and other data stored in the Enterprise Manager database. You must re-import software and hotfix images on the upgraded system. However, you can back up and restore device data, archives. To retain these items, use the following procedure to back up important Enterprise Manager data.

To back up Enterprise Manager management data prior to upgrade and conversion to LVM

To perform these actions, you must log on to the Enterprise Manager command line as the root user.

  1. To back up the Enterprise Manager database and stored device archives, type the following command where <archive_name> is the path and file name for the archive file:
    em-backup <archive_name>.ucs
  2. When the process finishes, move the file to a remote location using scp, ftp, or some other method of file transfer.

To restore Enterprise Manager management data after upgrade and conversion to LVM

If you convert to LVM, use this procedure to restore management information such as device information, and device archives. To perform these actions, you must log on to the Enterprise Manager command line as the root user.

  1. Copy the <archive_name>.ucs file to the upgraded Enterprise Manager system.
  2. At the command prompt, type the following command, where <archive_name> is the path and file name for the archive file:.
    em-restore <archive_name>.ucs
     
  3. When the process finishes, delete the <archive_name>.ucs file and reboot the device.

To backup and restore the statistics database

Use this procedure to restore a statistics archive if you encounter errors in the upgrade to version 2.2 and continue to use version 2.0.

  1. To back up the Enterprise Manager statistics database, type the following command where <user> is the user name on the remote system, <address> is the IP address of the remote system, and <remote_path> is the path on the remote system:
    em-backup-extern -u <user> -r <address> -l <remote_path>
    This stores the statistics database in the f5em_extern-MMDDYYHHMMSS directory (where MMDDYYHHMMSS represents the time stamp of the database backup) on the remote system at the path you specified.
  2. Perform the upgrade.
  3. If the upgrade fails, you can restore the Enterprise Manager statistics database by typing the following command where <user> is the user name on the remote system, <address> is the IP address of the remote system, <remote_path> is the path on the remote system :
    em-restore-extern <user>@<address>://<remote_path>/f5em_extern-YYYYMMDDHHMMSS
     
  4. Reboot the system.

To download the upgrade

To download the software upgrade, you must create an account at http://downloads.f5.com. This site uses an F5 single sign-on account for technical support and downloads. After you create an account, you can log on and download the Enterprise Manager 2.1 software.

  1. Using a web browser connected to the internet, visit http://downloads.f5.com.
    The F5 Sign-on screen opens.
  2. In the User Email box, type the email address associated with your F5 technical support account.
  3. In the Password box, type the password.
  4. Click the Login button.
    The Overview screen opens and provides notes about using the Downloads site.
  5. Click the Find a Download button.
    The Product Lines screen opens listing all F5 product families.
  6. Locate the Enterprise Manager product family and click the adjacent Enterprise Manager v2.x link.
    The Product Version screen opens, listing the available download containers for the current product version.
  7. Click the release link for version 2.2.
    The End User License Agreement screen opens.
  8. Read the license agreement, and click I Accept to agree to the terms of the agreement.
    The Select a Download screen opens.
  9. Click the EM-2.2.0.397.0.md5 link to begin downloading the md5 checksum to your local system.
    The Select Download Method screen opens.
  10. Click the appropriate option depending on the method you want to use to download the file.
  11. Click the back button on the browser to return to the Select a Download screen.
  12. Click the EM-2.2.0.397.0.iso link to begin downloading the software image to your local system.
    The Select Download Method screen opens.
  13. Click an option depending on the method you want to use to download the file.

To import and install the upgrade using the software upgrade wizard

Use this procedure if you discovered and added Enterprise Manager as a managed device. When you self-discover Enterprise Manager, you can manage it in the same way as other managed devices.

Important: If you upgrade to version 2.2 and you choose to convert Enterprise Manager to Logical Volume Management, you cannot downgrade to a version that does not support LVM (version 1.x). If you want the ability to downgrade to version 1.x, you must maintain the partitioned disk scheme when you upgrade Enterprise Manager to version 2.2.

Important: The statistics database schema originally introduced in version 2.1 is incompatible with earlier versions. If you downgrade to version 2.0 or earlier, statistics collection is disabled until the system clears the database during the downgrade.

  1. Using a web browser connected to the same network as the Enterprise Manager system, visit https://<em_address>, where <em_address> is the IP address that you use to log onto the Enterprise Manager web interface.
  2. Sign on to Enterprise Manager as an administrator-level user.
  3. On the navigation pane, expand Enterprise Manager and click Software Images.
    The Software Images screen opens.
  4. Click the Import button.
    The New Image screen opens.
  5. For the File Name setting, click Browse.
    A dialog box opens.
  6. Using the dialog box, browse to the location where you downloaded the EM-2.2.0.397.0.iso file in step 12 of the previous section.
  7. Using the dialog box, click the EM-2.2.0.397.0.iso file name to select it, then click Open.
    The dialog box closes, and a path name appears in the File Name box.
  8. Click Import.
    The Import Progress box indicates the progress toward completing the software import.
  9. When the software import task finishes, click Finished.
    The Software Images screen opens.
  10. In the software image list, click EM v2.1
    The general properties screen opens, displaying details about the software image.
  11. Click Copy or Install to start the Software Upgrade wizard.
     

For further instructions on using the Software Upgrade wizard, see the Managing Software Images chapter in the Enterprise Manager Administrator Guide available at http://support.f5.com

[ Top ]


New features and fixes in this release

This release includes the following new features and fixes.

New features in this release

Enterprise Manager Virtual Edition
Enterprise Manager Virtual Edition (VE) is a version of the Enterprise Manager system that runs as a virtual machine, packaged to run in a VMware® hypervisor environment. Enterprise Manager VE includes all features of Enterprise Manager running on a standard Enterprise Manager platform.

Service Contract End Date monitoring
You can now check the status of the service contract end date for any managed devices in the network.

Remote statistics database
You can now choose to store and access statistics data on a remote database.

License limit changes
To facilitate the introduction of Enterprise Manager Virtual edition, the system enforces device discovery limits during a device discovery task based on the number of managed devices for which the system is licensed. Any devices above the licensed limit are noted in a discovery task. If you previously discovered more devices than allowed the licensed limit, these devices will not be deleted upon upgrade to version 2.2.

Fixes in this release

MySQL vulnerability (ID 336950)
We included an updated MySQL package with Enterprise Manager to fix the local vulnerability described in RHSA-2010-1442.

Pool members with high port numbers (ID 339203)
We corrected an issue where the system could not recognize a pool member if the port number was greater than 16384.

HA pair not recognized as peers (ID 339685)
We corrected an issue where Enterprise Manager does not recognize the devices as peers if a High Availability (HA) device pair was configured so that the HA VLAN is in the Common partition.

Wildcard ports and statistics (ID 339992)
Previously, if you added a new pool member and selected * to represent "all ports", the system did not collect statistics for the port address you specified. We corrected this issue so that the system recognizes that the wildcard character means "all ports".

Services and memory issues (ID 343086)
We corrected an issue where the emstatsd and emdeviced services could use more memory than necessary over time.

Inaccurate platform mismatch message (ID 342056)
Previously, when you configured certain managed devices as peer devices, the system did not recognize some platforms as identical, and displayed an erroneous warning upon discovery. We corrected this issue so that devices that function properly as peers are discovered as a High Availability system.

VIPRION system and management address (ID 342171)
We corrected an issue where Enterprise Manager could not discover a VIPRION system if the system did not use a management IP address.

Freetype vulnerabilities fixed (ID 343734, ID 343735)
Enterprise Manager includes an updated freetype package to fix the issues described in CVE-2010-1797 and RHSA-2010-0737.

PHP vulnerabilities fixed (ID 343736)
We included an updated version of PHP to address the vulnerabilities described in RHSA-2010-0040.

Running tasks and service restarts (ID 343918, ID 343924)
We corrected issues with the emstatsd and swimd services to correct issues with the service restarting during ASM attack signature updates.

Glibc vulnerability fixed (ID 344562)
The updated glibc package included in this version of Enterprise Manager fixes the local vulnerability described in RHSA-2010-0793.

RPM vulnerabilities fixed (ID 344563)
We included an updated version of RPM to address the vulnerabilities described in RHSA-2010-0679.

bzip2 vulnerabilities fixed (ID 344567)
The updated bzip2 package included in this version of Enterprise Manager fixes the local vulnerability described in CVE-2010-0405.

Dashboard identification issues (ID 345257)
We corrected an issue with the dashboard that identified the Enterprise Manager 4000 platform as a BIG-IP 3900 platform.

PDF reports display improperly (ID 345794)
We corrected an issue where previously, when you created a report that included a large number of objects, the formatting of the report in the PDF appeared distorted.

Disk partition size issues (ID 347054)
Previously, you could encounter an error during upgrade due to the way Enterprise Manager sized disk partitions when upgrading and converting to the LVM disk management scheme. Now, the system can adjust the size of disk partitions to suit the data during an upgrade.

SNMP issues and device status alerts (ID 348315)
We corrected an issue where the system did not send an SNMP trap for a device status change.

ConfigSync and enable/disable tasks conflict (ID 348915)
Previously, if you enabled or disabled an object on a managed device, then started a ConfigSync task on that device, the task may not complete. Now, you can enable or disable an object, and the system waits for this task to complete before initiating the ConfigSync task.

Remote database size issues (ID 350782)
Previously, if you reduced the allocated space for statistics on a remote database, the size of the remote database was not affected. The allocated space setting now properly adjusts database sizes regardless of whether they are hosted locally or remotely.

Incorrect task status on installation (ID 350831)
Previously, if you performed a self-upgrade on the active member of an Enterprise Manager pair, the system may have reported that the task was cancelled when the target system reboots. The system now reports the correct task status.

[ Top ]

Features and fixes introduced in prior releases

The current release includes the fixes and enhancements that were distributed in prior releases. Please see the Enterprise Manager version 1.8 release notes to view fixes and enhancements introduced in version 1.x releases.

Version 2.1

Staged software upgrade
We added flexibility in the Software Upgrade wizard so that you shorten the maintenance window required to deliver and install software upgrades to managed devices.

Reporting feature
Basic reporting capabilities provide you the ability to schedule, view and email pre-defined reports to provide insight into the health of devices and objects in the enterprise. Reports include node state changes, unused LTM objects, certificate and device inventory reports among others.

Custom object views
You can create custom views of object groups such as virtual servers, pool members, nodes, and pools. These views can assist you in organizing objects in the enterprise.

Configurable security banner (CR48201-1)
You can now configure a security banner for Enterprise Manager users from the navigation pane by expanding System and clicking Preferences.

ConfigSync indicator may be inaccurate for Enterprise Manager pairs (CR56666)
We corrected an issue where if you ran a configuration synchronization on a pair of Enterprise Manager devices from the Device Properties screen, the ConfigSync status indicated in the top left of the screen did not update properly until you clicked an option on the navigation pane. The indicator now updates without requiring additional interaction.

Tomcat vulnerabilities (CR85197)
The updated tomcat package included in this version addresses vulnerabilities described in CVE-2007-3382, CVE-2007-3385, and CVE-2007-5333.

DHCP vulnerability (CR123866)
The updated DHCP client included in this release addresses the vulnerabilities described in CVE-2009-0692.

NTP vulnerability (CR131466)
Although the ntp package included with Enterprise Manager was not affected by the vulnerabilities described in CVE-2009-3563 because the system incorporates a read-only configuration so that the system is not vulnerable in this instance, the updated ntp package included in this release fixes this issue.

Samba vulnerabilities (CR131547)
The samba packages included with Enterprise Manager fix the vulnerabilities described in CVE-2009-1888, CVE-2009-2813, CVE-2009-2906, and CVE-2009-2948.

Kernel vulnerabilities (CR131958, CR134268)
The updated kernel includes fixes to address vulnerabilities described in CVE-2009-2695, CVE-2009-2908, CVE-2009-3228, CVE-2009-3286, CVE-2009-3547, CVE-2009-3613, and RHSA-2009-1670.

Issues when logging into devices with Launch link (CR132455, CR132933)
Previously, if you used the Launch link on the device properties screen to open a new window to log into a managed device, you could not perform management tasks on the managed device. Additionally, you could not use the Logout link on the managed device's Configuration utility to log off of the system. We corrected this issue so that you do not have to clear cookies associated with the managed device before using the Launch link.

Copied Guest user role has no access (CR132696)
Previously, if you used Enterprise Manager to copy a Guest user account from a version 9.x managed device to a version 10.x managed device, the Guest user's access level was changed to No Access, and it required manual intervention to change the user role permissions on the managed device. We corrected this issue so that you can copy a Guest user account without encountering this issue.

JRE issues (CR132697)
The updated JRE package included in this release fixes issues described in http://java.sun.com/javase/6/webnotes/6u17.html.

libtool vulnerability (CR132698)
We no longer include the libtool programming tool in this release as it is not necessary to the functionality of Enterprise Manager. The libtool tool was affected by the vulnerabilities described in RHSA-2009-1646.

DNSSEC vulnerability (CR133100, CR135735)
The new version of bind included with this release fixes DNSSEC vulnerabilities.

emsnmpd service errors (CR133464)
Previously, you may have encountered errors in the emsnmpd service when using the snmpwalk command at the command line that caused the emsnmpd service to restart. We corrected this issue to prevent both the errors and the service restart.

Show All link issues (CR133680)
Previously, on the Device Statistics configuration screen, if you clicked the Show All link to display more than two pages of objects, the link did not appear to work and you had to click Show All again to view all objects. The link now works correctly.

Local vulnerability in expat (CR133696)
The updated expat package included in this release addresses the vulnerabilities described in CVE-2009-3560, and CVE-2009-3720.

Incorrect alert name in log (CR133808)
Previously, if you configured multiple alert instances and these alerts were triggered, the system did not log these alerts properly in the alert log. The system now logs all alert names in the history log.

Administrator permissions errors (CR133835)
Previously, when you configured a user on the Enterprise Manager system with an administrator user role, this user was not be able to perform certain tasks that the administrator user can perform. The permissions available to an administrator user now work correctly.

Delete button error on Archive Properties screen (CR133954)
We corrected an issue where if you disabled role permissions by changing the Archive Device Configuration setting for Operator or Application Editor user roles, then a user with one of these roles deleted a configuration archive from the Archive Properties screen, this caused an error. The Delete button on this screen is no longer available after disabling permissions.

Statistics database corruption and repair (CR133956)
We corrected an issue where in rare cases, the statistics database could become corrupted after a power failure and you needed to use an included script from the command line to repair it. However, when you used the em-repair-extern command from the command line, you likely encountered a disk full error. SOL10736 in the AskF5 Knowledge Base corrected this issue in the previous version, but it should no longer apply to the current release.

ConfigSync version compatibility issues fixed (CR134773, CR134774)
Enterprise Manager no longer permits a ConfigSync operation between Enterprise Manager pairs unless the software versions on each system are identical.

Kerberos vulnerabilities (CR135281)
The updated kerberos packages included in this release address the vulnerabilities described in CVE-2009-4212.

OpenSSL vulnerabilities (CR135686. CR139154)
This release corrects the OpenSSL vulnerabilities described in CVE-2009-2409, CVE-2009-4355, and CVE-2010-0740.

Errors logged when staging ASM policies (CR135998)
Previously, if you opened the Stage ASM Policy wizard, but had no compatible Application Security Manager systems as managed devices, the system logged an error in /var/log/em. The system no longer logs this scenario as an error.

Management address change issues (CR136278)
We corrected an issue where when you changed the management IP address of an Enterprise Manager system, and rediscovered devices, unnecessary change notifications were sent to the old Enterprise Manager IP address.

Enterprise Manager bits metric (CR136388)
When collecting and viewing statistics data, Enterprise Manager now uses the metric bits instead of bytes in order to match metrics on BIG-IP systems.

Changeset level error reporting (CR137885)
Enterprise Manager now reports accurate staged changeset errors for a staged changeset instead of at the device level for each device in a staged changeset task.

MySQL vulnerabilities (CR137887)
The updated MySQL package included in this release addresses the vulnerabilities described in RHSA-2010-0109.

Devices and device groups not displayed (CR138096,CR55044)
We corrected an issue that caused certain devices and device groups to not appear in the list of devices that to which you can apply the alert, when you created an alert. Now, all available devices and device groups appear properly.

Statistics database name (CR138926)
In the Enterprise Manager Administrator Guide, in the Backing Up Statistics Data section, the name of the external database is now correctly identified as f5em_extern.

Copy user account errors (CR139174)
Previously, when you used the Copy User Access wizard to copy an administrator user who had advanced shell terminal access to another device, the task failed. You can now copy these user accounts.

Archiving issues (CR140256)
We corrected an issue where previously, when you scheduled a backup of a managed BIG-IP Global Traffic Manager system, Enterprise Manager did not always create the UCS archive and store it in the Enterprise Manager database. Now, when you schedule backups for a Global Traffic Manager system, Enterprise Manager creates and stores the archive correctly.

Pools and virtual server status (CR140344)
We corrected a status reporting issue that occurred when you discovered a managed device with pools and virtual servers. Now, when you discover a device, the status of these network objects appears correctly in Enterprise Manager.

Users on different partitions encounter errors (CR140690)
Previously, if a user on a partition other than Common performed an action on an object that existed in another partition, the first user might have encountered a HTTP Status 500 error, and the action failed. We corrected this issue so that users with permissions on one administrative partition cannot perform actions on objects in the Common partition.

Case sensitivity errors (CR140858)
Previously, Enterprise Manager systems did not recognize two unique objects whose names were identical but differed only in case. Now, if you have two objects with the same name, but differ in case, the system recognizes their uniqueness.

User account creation errors (CR141232)
We corrected an error that occurred when you attempted to change a user role's terminal access level.

Truncated address column in report (CR141381)
We corrected an issue where the address field was not visible when you created a flapping node report.

SSL proxy available to managed devices (CR141554)
You can now configure Enterprise Manager to communicate with managed devices through an SSL proxy.

Errors after downgrade (CR142625)
We corrected an issue that occurred when you downgraded from Enterprise Manager version 2.1 to version 2.0. Previously, this could have caused web interface errors with menu tabs or could have prevented you from accessing the statistics database.

Version 2.0

Tomcat vulnerabilities fixed (CR85197, CR104935, CR126259)
We included a new tomcat package to address the vulnerabilities described in CVE-2007-3382, CVE-3385, CVE-5333, CVE-2008-2370, CVE-2008-5515, and CVE-2009-0783.
 

Cross-site scripting vulnerabilities fixed (CR89622, CR96144, CR96889)
We changed certain screens to prevent local cross-site scripting vulnerabilities.

libbind vulnerability fixed (CR92595)
We included an updated libbind package to address the vulnerabilities described in CVE-2008-0122 and CVE-2007-6251.
 

Local vulnerability in HTTP GET parameters (CR94040)
Previously, if a user had accessed the Configuration utility of an Enterprise Manager system, and then browsed to an untrusted site and clicked on a malicious link, the system may have been vulnerable to cross-site scripting attacks. We corrected this issue in the new version of Enterprise Manager.

Forms-based authentication (CR99322)
With the introduction of forms-based authentication, users will now be able to log out of an Enterprise Manager session without needing to close the browser window.

Command line utilities added (CR107898, CR107904)
With the new version of Enterprise Manager, the system now supports the following command line tools commonly available in BIG-IP systems: b daemon <daemon> audit, b cli audit, and b remote users.

TACACS+ now supported (CR107905)
This version of Enterprise Manager now supports TACACS+ user authentication.

Tcpdump vulnerabilities fixed (CR108858)
We updated the tcpdump package included with Enterprise Manager to address the local vulnerabilities described in CVE-2004-0055.

Bind DSA key vulnerability (CR115215)
The included version of bind included with Enterprise Manager fixes the DSA key vulnerabilities described in CVE-2009-0025.

NTP vulnerabilities fixed (CR115608)
This version of Enterprise Manager includes an updated ntp package to address the vulnerabilities described in CVE-2009-0021.

Secure FTP option available (CR120785)
In the Support Data Collection wizard, you can now select an SFTP option for a secure connection when sending information to the F5 support site.

http-security webapp appears in list (CR121030)
Previously, in the Deploy Security Policy wizard, you could select the http-security web application although it should not have appeared in this list. The system now correctly excludes it from the list.

Failover states for 10.x devices not supported (CR121730)
Enterprise Manager did not previously display offline and forced offline states for managed devices running BIG-IP version 10.0.x. The system can now display all possible states of a managed device.

Apache vulnerabilities fixed (CR123537)
We included an updated httpd package to address the vulnerabilities described in CVE-2008-1678, and CVE-2009-1195.

OpenSSL vulnerabilities fixed (CR123875)
Enterprise Manager contains an updated OpenSSL package to address the vulnerabilities described in CVE-2009-1387.

Warning messages for qkview (CR125417, CR125418, CR130403)
Previously, if you ran the qkview command from the command line, you may have received a warning message indicating that qkview was out of date. As we have updated the qkview package to include Enterprise Manager-specific data, these warnings no longer appear.

Kernel vulnerabilities fixed (CR121197, CR126252)
The updated kernel included in Enterprise Manager fixes vulnerabilities described in CVE-2008-4307, CVE-2009-0787, CVE-2009-1336, CVE-2009-1337, CVE-2007-5966, CVE-2009-1385, CVE-2009-1389, CVE-2009-1895, CVE-2009-2407, and CVE-2009-1388.

Apr-util local vulnerabilities fixed (CR125223)
We included an updated apr-util packages to address local vulnerabilities described in CVE-2009-0023, CVE-2009-1955, and CVE-2009-1956.

Bind DoS vulnerability fixed (CR125853)
The updated bind package included with Enterprise Manager fixes the vulnerability described in CVE-2009-0696.

MySQL vulnerability fixed (CR125982)
The updated MySQL package included with Enterprise Manager fixes the vulnerability described in CVE-2009-2446.

NSS/NSPR vulnerabilities fixed (CR126055)
Enterprise Manager includes updated NSS/NSPR libraries to address the vulnerabilities described in CVE-2009-2404, CVE-2009-2408, and CVE-2009-2409.

Java local vulnerabilities fixed (CR126476)
The updated Java Runtime Environment included with Enterprise Manager addresses the local vulnerabilities described in CVE-2009-0217, CVE-2009-2745, CVE-2009-2746, CVE-2009-2625, CVE-2009-2670 though 2675, and CVE-2009-2690.

Libmxl2 vulnerabilities fixed (CR126813)
We included an updated libxml2 library to address vulnerabilities described in CVE-2009-2414, CVE-2009-2416.

Curl vulnerabilities fixed (CR126907)
The updated curl package included with Enterprise Manager addresses the vulnerabilities described in CVE-2009-2417.

Cyrus-sasl vulnerabilities fixed (CR127190)
We included updated cyrus-sasl libraries to address the vulnerabilities described in CVE-2009-0688.

Version information updated correctly (CR127363)
Previously, when you used the software upgrade wizard to update a system using Software Volume Management, the version did not properly update on the device list. Now, the correct version appears on the device list after an upgrade.

Launch link authentication for Operator and Application Editor users (CR127470)
Previously, the system did not always properly authenticate Enterprise Manager users with Operator or Advanced Operator (now Application Editor) roles when you clicked a Launch link from a device properties screen. We corrected this issue so users with these user roles are authenticated.

Auto refresh updated (CR128695)
We enhanced the auto refresh control on the task properties screen.

Power failure corrupts statistics database (CR129712)
If the system encounters a power failure, the statistics monitoring database can become corrupted. You can follow the instructions in SOL10736 in the Solutions database in the AskF5 Knowledge Base to use the proper parameters with this script to repair the database.

Failover and peer management address issues (CR129733)
When you configure Enterprise Manager version 2.0 as a high availability system, initially, both peers are set to an offline state. Additionally, when you upgrade a managed pair of Enterprise Manager systems, upon upgrade, both systems are set to offline. For failover to work properly, you must specify a peer management address.

OpenSSH vulnerabilities fixed (CR129920)
We included updated OpenSSH packages with the new version of Enterprise Manager to address vulnerabilities described in CVE-2009-2904.

Discovery tasks do not time out (CR130883)
If a discovery task encounters an error, the status page may continually refresh instead of timing out.

TCP metrics inaccurate (CR130308)
We corrected an issue were certain device-level TCP metrics were inaccurate. TCP metrics reported in statistical data are now correct.

File names not preserved for support upload (CR131446)
If you configure a Gather Support Information task and attach a file, the file names may not be preserved when you send the information to the F5 support site. 

Software images not included in advanced archives (CR131764)
Previously, when you created an advanced archive of an Enterprise Manager configuration, this included images stored the software repository. This often resulted in very large backup files. To provide more useful backup files, the advanced archive script no longer includes images stored in the Enterprise Manager software repository. If you need to recover these images, you can download the images from the F5 downloads site, https://downloads.f5.com/.

[ Top ]

Required configuration changes

If you upgraded the Enterprise Manager to version 2.2 from a version earlier than version 1.7, you must re-license the system before you can use the performance monitoring feature.

Note: The performance monitoring features originally introduced in version 1.7 are only available on the Enterprise Manager 3000 and Enterprise Manager 4000 platforms due to the greater CPU, memory, and hard drive requirements for this feature.

[ Top ]

Known issues

The following items are known issues in the current release. Known issues are cumulative, and include all known issues for a release. Please see the Enterprise Manager version 1.8 release notes to view known issues documented in version 1.x releases.

License device issue (ID 332848)
When you use the License Device wizard to manage the license of a managed device, the system may not report the correct progress if it encounters difficulty when contacting the license server. Specifically, the error message may indicate that the system cannot retrieve the license key from the device.

Unrecognized character sets prevent remote database connection (ID 344036)
If you use a remote database with Enterprise Manager, you must use either latin1 or UTF8 character sets. The system does not recognize other character sets, and may prevent a connection to the database.

External database access issues (ID 349843, ID 351014)
In certain instances, you may encounter access issues with an external performance monitoring database. If you restore a configuration archive from one device on another, both devices may maintain a connection to the same remote database. Also, if you associate an external database with the system on one boot location, then upgrade another boot location, the system may only associate the database with the initial boot location. These scenarios may occur as a result of Enterprise Manager using a unique identifier to work with external databases. In these specific scenarios, the unique identifier is not replaced, and can cause errors. To work around issues encountered in these scenarios, please see SOL12702 in the AskF5 Knowledge Base to reset the external database and the unique identifier for the external database.

Upgrade to 10.2.x and LVM support (ID 349978)
When you upgrade a managed device from a version that does not support LVM to version 10.2.0 or later, you can select the option to retain the partitioned disk scheme. However, selecting the partitioned scheme may cause the installation task to fail.

Duplicate logging (ID 3500076)
The emstatsd service logs messages in /var/log/emstatsd.out in addition to the regular log location /var/log/em.

Remote database errors not reported (ID 350146)
If you use a remote database and that database encounters errors, the Enterprise Manager system does not report that remote database errors can prevent statistics collection.

Grooming errors (ID 350999)
If you restore a local database with a database that is larger than the size allocated, the system does not groom the restored database to the size allocated.

External database association (ID 351014)
In some instances, if you associate an external database with the system on one boot location, then upgrade another boot location, the system may only associate the database with the initial boot location.

Remote database and HA pairs (ID 351828)
If you configure an HA pair of Enterprise Manager systems to use a remote statistics database, then later separate the devices into two unique active systems, both systems continue to use the same remote database. This can cause data corruption in the database. To avoid this scenario, you must re-configure the remote database connection on each device.

Service contract end date task failures (ID 352343)
If you use the Service Contract End Date wizard to assist in tracking the service contract end dates for managed devices, you may encounter an issue where the task fails if it cannot connect to the F5 licensing server. If you encounter this scenario, try the task again later.

Database repair script and external database (ID 352921)
When the system detects a corrupted performance monitoring database, it prompts the administrator to run the em-repair-extern script. Although this script works for the local performance monitoring database, it does not work if you configured Enterprise Manager to use a remote performance monitoring database. If your system uses a remote performance monitoring database, then a MySQL database administrator should repair the database manually.

Service Contract End Date and strongbox licenses (ID 352943)
Managed devices that use strongbox licenses may not display the correct service contract end date due to the different way the system handles strongbox licenses. As a result, you cannot accurately monitor the service contract end date for these systems in Enterprise Manager.

SFTP Proxy not supported (ID 336886)
Enterprise Manager does not support SFTP through a proxy server for a Support Data Collection Task. Although the Enterprise Manager Administrator Guide indicates that this is possible, it is incorrect.

Version 2.1

Upgrade errors to version 2.1 (CR139891)
When using the image2disk command to upgrade to an LVM system, you will not be able to monitor the installation. In order to monitor the installation, you must use the Software Installation wizard from the Enterprise Manager web interface.

Reports collection may require a lot of time (CR140859)
Depending on the size of your statistics database, and the range of dates for your report, you may encounter significant delays (up to several hours for extremely large databases and wide ranges of time) while Enterprise Manager collects the necessary data.

User list errors (CR142272)
If you navigate to the System section and click Users, the list includes all users in the Common partition even though some users may not be in the Common partition.

System startup error 01070994:3 (ITEM 225331)
Occasionally during system startup, you might see multiple instances of error message similar to the following:

    err mcpd[3682]: 01070994:3: tmstat_request: tmstat_subscribe failed: Unknown error 4126537205.

Once the system fully initializes, the message disappears and the system runs as expected, so you can safely ignore this message.

Platform issues with EM4000 (CR 289742)
You may encounter minor issues when using the EM4000 platform. These issues do not affect the performance of the system or the Enterprise Manager software, and include the following: Ltm log file displays "The requested BIGdb variable (platform.diskmonitor.growthalert.shared) was not found". Because the system does not run the BIG-IP Local Traffic Manager software, you can ignore this message.

Overhead in database size (ITEM 336189, ITEM 336548)
If you adjust the statistics database to be over 5GB in size, the actual space used on the disk may be greater than what you specified due to additional files written for databases. While this is true for databases of any size, for databases over 5GB, the overhead may be more pronounced.

Discovery and NAT issues (ITEM 336443)
In certain cases, when you discover a device through a NAT, Enterprise Manager may time out while waiting for a license check due to the target system not having a route to the Enterprise Manager server address.
 

Device database requires additional time for upgrade (ITEM 336256, ITEM 336445)
If an Enterprise Manager system has a very large statistics database (for example, over 20GB), the upgrade from to version 2.1 may require up to several hours to convert the database to a new schema used in version 2.1. Our tests indicate that this conversion may take about six hours for a 20GB database. While the upgrade is in progress, the web interface of the updated device is responsive but you cannot discover new devices, nor create any tasks for existing managed devices. Additionally, if you reboot the system during the upgrade, this could corrupt the data in the database. The system warns of the database upgrade, but does not notify when the process completes. You can check to see if the task is marked finished in the /var/tmp/em_setup_log.txt file.

Kerberos vulnerabilities (ITEM 336949)
The kerberos package included with Enterprise Manager is affected by the vulnerabilities described in CVE-2010-1321 and VU#233500.

Perl vulnerability (ITEM 336952)
The perl package included with Enterprise Manager is affected by the vulnerabilities described in CVE-2008-5302, CVE-2008-5303, CVE-2010-1168, and CVE-2010-1447.

Kernel vulnerability (ITEM 336953)
The kernel included in Enterprise Manager is affected by the vulnerabilities described in CVE-2010-0291, CVE-2010-0622, CVE-2010-1087, CVE-2010-1088, CVE-2010-1173, CVE-2010-1187, CVE-2010-1436, CVE-2010-1437, and CVE-2010-1641.

Allocated storage space incorrect after upgrade (ITEM 337060)
If you upgrade to version 2.1, and you system uses a statistics database greater than 20GB, the Allocated Storage Space value displayed on the upgraded system may be inaccurate. Although the database size is the same as in version 2.0, to view the correct size, you must change the value to the same setting on the version 2.0 system.

System errors logged on startup (ITEM 337853)
Occasionally, during system startup, you may see errors logged in /var/log/em by the emadmind process. After time, these messages disappear and the system runs as expected. You can ignore these error messages.
 

Version 2.0

Installation warning (CR105166)
When you install Enterprise Manager version 2.0, and view installation messages the console, you may see an error indicating a missing /usr/bin/rpmgraph directory. The system upgrade installs successfully, and you can ignore this message.

Statistics screen does not time out (CR105234)
If you are viewing a statistics screen, the user session logged in to the system does not time out as it does when viewing other screens. If you need to maintain the regular timeout interval for logged in users, then navigate away from a statistics screen.

OpenSSH vulnerability in old SSH clients (CR112411)
This release contains the new OpenSSH client and server, which addresses the vulnerability Plaintext Recovery Attack Against SSH, reported as CPNI-957037. When an older client connects to the new server, however, a vulnerability exists. If you are still using old SSH clients, you should manually set those client's cipher list to only include CTR ciphers. To use only CTR ciphers for the OpenSSH client, the command line must include the following option: -c aes128-ctr,aes192-ctr,aes256-ctr.

New volumes do not appear (CR123430)
If you are managing a system that uses Logical Volume Management, and you add a new volume to the managed device, the Enterprise Manager system may not detect the new volume immediately.

Inaccurate list of boot locations on EM 4000 platform (CR126805)
On the Device Platform screen, if you view the platform information for an EM 4000, inaccurate details about the boot location appear. The details indicate available Compact Flash boot locations where there are none.

Upgrading to version 2.0 and possible errors (CR131966)
If you use the software upgrade wizard to perform a self-installation upgrade from Enterprise Manager 1.8 to version 2.0, it is possible that you may encounter errors during the upgrade process. In certain instances, the system may mark the task Cancelled, but the task will continue to run in the background to upgrade the system. If this occurs, you can check the image_install.log file to confirm that the installation completed, then manually reboot the system. As an alternative to the software upgrade wizard, you can perform an installation from the command line of the Enterprise Manager system. See the Upgrading an existing system section of the release note for instructions.

Upgrades may fail for CF devices (CR133590)
If you use Enterprise Manager to upgrade devices that user a Compact Flash drive, the upgrade may not complete.
 

Statistics collection errors (CR133964)
While collecting statistical data with Enterprise Manager, if you disable collection of certain metrics individually so that the system collects no statistical data, the system may still continue to collect data for the last metric you disable. To avoid this scenario, if you plan to disable statistics collection entirely, set the Collect Statistics Data setting to Disabled on the Statistics: Options screen.

Enterprise Manager 3000 platform does not support LACP (CR137579)
Because the Enterprise Manager 3000 platform is not switch-based like the 500 or 4000 platforms, it does not support Link Aggregation Control Protocol (LACP).

[ Top ]


Workarounds for known issues

Please see the Enterprise Manager release notes for previous versions to view workarounds described for known issues documented in earlier releases.

[ Top ]

Contacting F5 Networks

  Phone: (206) 272-6888
Fax: (206) 272-6802
Web: http://support.f5.com
Email: support@f5.com

For additional information, please visit http://www.f5.com.

[ Top ]

Was this resource helpful in solving your issue?




NOTE: Please do not provide personal information.



Incorrect answer. Please try again: Please enter the words to the right: Please enter the numbers you hear:

Additional Comments (optional)