Technical Articles ID: KB82675
Last Modified: 10/22/2015
Last Modified: 10/22/2015
Environment
McAfee ePolicy Orchestrator (ePO) 5.3.x
Summary
This article contains important information about known issues of high or medium rating that are outstanding with this product release. This article will be updated if new issues are identified post-release or if additional information becomes available. To read the Release Notes, see:
Known Issues
CRITICAL:
Non-critical:
ePO Version | Release to Support (RTS) | Release to World (RTW) | Release Notes |
5.3.1 | August 28, 2015 | September 28, 2015 | PD26103 |
5.3.0 | March 17, 2015 | May 19, 2015 | PD25505 |
Issue resolutions in patches and major releases are cumulative; therefore, Intel Security recommends that you install the latest version. To find the most recent release for your product, visit the Product Downloads site athttp://www.mcafee.com/us/downloads/downloads.aspx.
Known Issues
CRITICAL:
Reference Number | Related Article | Found ePO Version | Resolved ePO Version | Issue Description |
1097351 | 5.3.1 |
Issue: During upgrade to ePO 5.3.1, all permissions related to Host Intrusion Prevention (Host IPS) for the existing permission sets are lost. Host IPS settings are reset to No Permission for the existing permission sets, but other permissions are saved with existing settings.
Workaround: Use one of the following options:
| ||
1073038 | KB85055 | 5.3.0 | 5.3.1 | Issue: When modifying a multi-slot policy assignment on a single system, the following error displays in the ePO console, preventing modification of the multi-slot policy assignment:
An unexpected error occurred
Resolution: This issue is resolved in ePO 5.3.1. |
978603 | KB82557 | 5.1.1 | McAfee Agent Extension version 5.0.481 | Issue: You observe high CPU utilization for the Common Management Agent (CMA) process on non-Windows clients after upgrading to ePO 5.3 when you use All packages in a McAfee Agent update task. Resolution: Upgrading McAfee Agent Extension to version 5.0.481 resolves this issue with newly created tasks. See the Knowledge Base article for details. |
Non-critical:
Reference Number | Related Article | Found ePO Version | Resolved ePO Version | Issue Description |
5.1.0 | Issue: Rogue System Detection (RSD) 4.7.0 is not compatible with ePO 5.3. Workaround: To upgrade from a supported version of ePO, you must be running RSD 4.7.1 before upgrading to ePO 5.3. | |||
KB82814 | 5.1.1 | As designed |
Issue: The Product Deployment task option Run at every policy enforcement is not available in scheduler settings.
Workaround: This option has been removed by design. As of ePO 5.1.1 and the McAfee Agent 5.0.0 Extension, the option is no longer available in the Product Deployment task. See the Knowledge Base article for details.
| |
1088571 | 5.3.1 | Issue: After upgrading from ePO 5.1.x to ePO 5.3.1, the Help Extensions for older McAfee Agent versions (such as McAfee Agent 4.8 and 5.0) are still displayed. Workaround: After upgrading ePO, go to the Extensions page and remove the Help content of the older McAfee Agent versions. | ||
1087902 | 5.3.1 | Issue: When attempting to export an XML file using the Microsoft Edge browser with the option Open with Internet Explorer, the following error message displays after providing logon credentials:
An Unexpected error occurred
| ||
1084327 | 5.3.1 | Issue: After upgrading to ePO 5.3.1, the Apache service on Agent Handlers still shows the version as McAfee ePolicy Orchestrator 5.3.0 Server. | ||
1026564 | 5.3.0 | 5.3.1 | Issue: The Non-Windows agent version setting for the AD Sync task does not persist. Resolution: This issue is resolved in ePO 5.3.1. | |
1025314 | 5.3.0 | Issue: A client task may continue to report In Progress even after the client task has finished. | ||
1019351 | 5.3.0 | Issue: After you enable the Agent-Server Communication Secure Port (from non-secure to secure), agents still communicate over non-secure communication. Workaround: After changing the Agent-Server Communication Secure Port value, restart the Apache services for all Agent Handlers. | ||
1016670 | 5.3.0 | Issue: If using Software Manager to download a product component and it is either currently downloading or has an error on download, the following error displays on the next download attempt:
ERR_INVALID_RESPONSE
| ||
1012731 | 5.3.0 | Issue: After removing Endpoint Security from the master repository, it still shows up as checked in under Software Manager. | ||
1012270 | KB79561 | 5.3.0 |
Issue: Upgrading an ePO server with 180 million or more events fails, and the server is unusable afterwards (tempdb grows so large it exceeds the available 35 GB drive space).
Workaround: See the Knowledge Base article for details.
| |
1009559 | 5.3.0 |
Issue: If a pull task is running and you attempt an extension installation, the extension installation fails with the following error:
Unable to install extension. com.mcafee.orion.core.cmd.CommandException:Site in use | ||
1009153 | 5.3.0 | Issue: Software Manager check in will not allow branch selection when the master repository has a licensed product checked in and you are trying to check in an updated evaluation version of the same product. Workaround: Only use Software Manager to check in items with the same license type for upgrade. | ||
1009087 | 5.3.0 | Issue: Software Manager lists a product as Up to Date if just one portion of a set of components for a product are checked in to ePO. Workaround: Ensure that you check in all desired components for products using the Software Manager when you are initially adding the new or updated software to ePO. | ||
996130 | 5.3.0 | Issue: When editing the Rollup Data (Local ePO Server) server task, removing the first available action (which is a duplicate) will not allow you to add further actions in its place. Workaround: Refresh the UI. | ||
991383 | 5.3.0 | Issue: Importing an exported sitelist file (SiteMgr.xml) does not keep the chosen exclusions of the distributed repository. Workaround: After import, set the exclusions desired for that distributed repository. | ||
991040 | 5.3.0 | Issue: The Data Exchange Layer client package checked into your master repository may not have the Checked In Version available for review when viewed in Software Manager. Workaround: You can determine the version of the Data Exchange Layer client package checked into your master repository by viewing it directly in the master repository. | ||
974028 | KB77920 | 5.1.1 | Issue: ePO pages are blank after upgrading from ePO 5.0 to ePO 5.3. Workaround: This is a browser caching problem. See the Knowledge Base article for details. | |
971289 | 5.1.1 | Issue: Deployment tags will not be Read only if you import the tag list. Resolution: This issue will be resolved in ePO 5.4. | ||
968675 | 5.1.1 | Issue: The client task object structure changed in ePO 5.1.1, so that the EPOTaskObject table in the ePO database now has a different set of columns from all previous versions to support newly added parameters for the new architecture. As a result, Intel Security cannot support client task sharing from ePO 5.1.1 (or later) to any earlier version of ePO (for example, 5.1.x, 5.0.x, 4.x). Client task sharing will work between ePO 5.1.1 servers and later. Workaround: Disable client task sharing until all ePO servers have been migrated to ePO 5.1.1 (or later), and then re-enable sharing. | ||
966124 | 5.1.1 | Issue: Agent URL creation does not allow you to savemcafeesmartinstaller.exe with Microsoft Internet Explorer (IE) 9. Workaround: Turn off IE Enhanced Security configuration. | ||
961436 | 4.6 | As designed | Issue: Deleting a node from Active Directory does not delete the System Tree entry that was created by NT Domain Synchronization. Workaround: Manually delete systems that have been added using NT Domain Synchronization. | |
957203 | 5.1.0 | Issue: Using the Quick Find functionality to find a specific system disables the use of Actions on that system. Workaround: Refresh the system page manually to enable Actions. | ||
927995 | 5.1.1 | Issue: If you experienced the issue “System Tree displays a blank screen after upgrading to ePO 5.1” as described in KB79827, and installed the proof of concept (POC) build (EPO510_927995_POC.zip), you will not be able to use an existing custom filter to filter out unmanaged systems on the System Tree page after upgrading to ePO 5.3. Workaround: Edit and update the custom filter or create a new one. | ||
924186 | 5.1.0 |
Issue: After upgrading to ePO 5.3, certain parts of the UI may behave improperly (for example, buttons are located in incorrect places and System Tree groups and systems are not displayed or are duplicated).
Workaround: To correct the problem, perform a hard refresh by pressing CTRL+F5. | ||
919451 | 5.1.0 | Issue: Agent deployment URLs appear to be invalid after you move the agent deployment package to another branch in the master repository. Workaround: After changing the agent deployment package location in the master repository, it will take 5‑30 seconds for agent deployment URLs to be updated to the correct location. This timing may increase with the number of deployment URLs that you have. | ||
918639 | KB81971 | 5.1.0 |
Issue: After upgrading ePO from version 4.6.6 or earlier, the LDAP Sync server task may fail. The message Failed to sync all registered LDAP servers: [[No LDAP Servers registered.]] is displayed in the failed task’s details.
Workaround: Re-register the LDAP servers in ePO to make the LDAP Sync server task complete successfully. See the Knowledge Base article for details. | |
917943 | KB77920 | 5.1.0 | Issue: You see page buttons in the ePO 5.x System Tree after upgrading from ePO 4.6.4 or later. Workaround: Clear the browser cache. See the Knowledge Base article for details. | |
917335 | 5.1.1 |
Issue: For ePO 5.1.1/5.3, the Upgrade Compatibility Utility supports upgrades from 4.5.7, 4.6.4, 4.6.6, and 4.6.7. However, you cannot use the utility to migrate an ePO 5.0 server.
If you run the utility on a version of ePO that is not supported for upgrade, the error message does not list the correct versions supported for upgrade by the utility. | ||
916136 | 5.1.0 |
Limitation: Agent installation via the deployment URL is broken.
Intel Security has determined the cause of this issue is because Microsoft Internet Explorer (IE) 8 file downloads over SSL do not work with cache control headers, as documented in Microsoft articleKB323308 (http://support.microsoft.com/kb/323308). Because Cache-Control: no-store was added to the header of the file download, it does not allow IE8 to download the file. Workarounds: The following are possible workarounds for this issue:
| ||
915790 | 5.1.0 |
Issue: Automatic Product Configuration does not download content based on Locale.
Workaround: Manually download the needed Locale-specific files from the Software Manager. | ||
913379 | 5.1.0 |
Issue: When configuring NT Domain Synchronization in the System Tree, if you perform a Synchronize Now action, the Save button is disabled.
Workaround: Retyping the domain name will enable the Save button. | ||
913365 | 5.1.0 |
Issue: It is not explicitly stated in the Custom URL Viewer monitor dialog that only input that contains the full URL is acceptable.
Workaround: Type the full URL into the Custom URL Viewer monitor dialog. | ||
883211 | 5.1.0 | Issue: Imported permission sets containing specific product permissions do not allow access to product policies and product client tasks, even if the permission set imported included them. Workaround: When importing permission sets, review the imported permission sets to determine whether you will also need to enable access to specific product policies or specific product client tasks. | ||
849016 | 5.1.0 | Issue: The Select All check box on the Detected Systems page, and any page that contains a table and a search filter, does not respect the search filter. Workaround: This issue is being evaluated for consideration in a future release or patched version of the product. | ||
848248 | 5.1.0 |
Issue: VSE Access Protection blocks the functionality of the Upgrade Compatibility Utility.
Workaround: If you have VSE on your source or target systems, disable the Access Protection feature during the installation. | ||
842459 | 5.1.0 |
Issue: You see query migration errors (similar to the following) in the Orion.log when you upgrade to or install ePO 5.3:
2013-02-21 09:32:01,838 ERROR [pool-2-thread-1] query.DefaultOrionQueryService - Could not migrate the query ( id = 7, name = Duplicate Systems Names ) due to an unexpected error
com.mcafee.orion.core.query.sexp.UnknownSexpTypeException: parser encountered unknown S-expression type: duplicatedComputerName Workaround: This is a timing issue with Extensions loading during the upgrade/installation. There is no actual effect when all extensions are properly loaded because the installation completes successfully. | ||
823342 | 5.1.0 | Issue: The Software Manager check in all feature and the newAutomatic Product Download feature do not support point product extension packages containing multiple ZIP components (for example, Host IPS and MRA). This might lead you to believe all your extensions are up-to-date when they are not. Workaround: Download the extensions for Host IPS and MRA and check them in manually. | ||
817898 | 5.1.0 |
Issue: User-based Policy Assignment Rules do not get enforced for users in child domains.
| ||
816475 | 5.1.0 |
Issue: The ePO server Snapshot status does not change to orangeSnapshot is Out of Date when removing an Agent Handler from a remote system.
Workaround: The issue resolves itself within five minutes. | ||
813461 | 5.1.0 |
Issue: When canceling the migration utility partway through migration, the Program Files (x86)\ePolicy Orchestrator folder and some registry keys are left behind on the target system.
Workaround: Delete the ePO installation folder and the registry keys from the target system. | ||
804833 | 5.0.0 | Issue: When you remove a policy from ePO by unsharing a shared policy, the removal of that policy is not found in the Audit Log. | ||
780095 | 5.1.0 |
Issue: When using a web browser to access the Web API directly, the browser caches credentials, potentially leading to a privilege escalation. If this were to occur, users would be granted access to data or commands for which they are not authorized.
Workaround: The purpose of the Web API is for the programmatic automation of tasks. If you choose to use a web browser to access the Web API directly (for example, https://servername:port/remote/core.help), close your browser window after you have finished; this clears your cached credentials. | ||
763783 | 5.1.0 |
Issue: Checking in a different product major version (with an existing product and hotfix checked in) to ePO 5.3 deletes the hotfix.
Workaround: Move the hotfix to a different branch before checking in a new package. Alternatively, you could check the hotfix back into the repository afterwards. | ||
720228 | 5.1.0 |
Issue: ePO's default document mode causes dragged items in the Edit Priority page to disappear when using Microsoft Internet Explorer (IE) 8.0 with ePO 5.3.
Workaround: The following are possible workarounds for this issue:
| ||
660635 | 5.1.0 |
Issue: If you have replication permission (but not pull permission), you see the following error after replication:
You are not authorized for this operation.
| ||
637829 | 5.1.0 |
Issue: On Microsoft Internet Explorer (IE) 8, using the Shift + Click feature to select more than 1,500 rows in a table simultaneously might cause a spike in CPU utilization and/or trigger an error message describing a Script error.
Workaround: Limit the number of table rows you select using Shift + Click. |
- wong chee tat :)
No comments:
Post a Comment