Known Issues in IBM Endpoint Manager 9.1
Known issues in IEM 9.1
NOTE: Once Enhanced Security is enabled, any agents or relays with versions earlier than 9.1 will drop out of the deployment and will not be manageable, since they do not support the new SHA-256 signature scheme.
- After enabling Enhanced Security, any relays set to authenticating mode must be restarted (issue 62173)
- Actions created before enabling Enhanced Security and disabling SHA-1 downloads will fail, unless they have SHA-256 hashes added to their download prefetch statements. This is by design, but is important to be aware of.
- After disabling Enhanced Security, Web Reports and the Console will no longer trust the root server's certificate.
- For Console users, simply accept the new certificate.
- For Web Reports, remove the existing datasource and add it again as a new one.
- Adding a space bar character at the end of login name (example "user1 ") causes: error message on Console, successful login on Web Reports. (issue 61225)
- AD login syntax accepted on Web Reports.
- On IEM Console the AD login syntax is accepted with domain extension (Example: "email@example.com", "tem\user1", "tem.test.com\user1") or without domain extension
- On Web Reports when Role is assigned to AD user, the user can login only with domain syntax, when WR Role is assigned to an AD group, the group can login with or without the domain extension. (issue 61319)
- LDAP Directory Server defined on Console with same name:
If two different LDAP Directories are defined in the Console with the same name, Web Reports will display both as a single LDAP Directory with merged users and groups. To avoid this problem, be sure that every LDAP Directory in the Console has a unique name. (issue 61408)
LDAP Integration After Windows Upgrade
If you upgrade IBM Endpoint Manager Web Reports on Windows to V9.1, the Endpoint Manager V9.0 Active Directory configuration is kept for compatibility with the existing environment. To switch to the new Web Reports and LDAP integration functionality, perform the following steps:
- Log in to Web Reports.
- From User Management remove all the Active Directory users.
- Change the BES Web Report Server service from Active Directory account to Local System account.
- Set UseLegacyADLogin value in HKLM\Software\BigFix\Enterprise Server\BESReports from 1 to 0.
- Restart the BES Web Report Server service.
- From the console, add Active Directory or LDAP by selecting Tool -> Add LDAP Directory.
- Log in to Web Reports and from User Management assign Web Reports roles to LDAP users and groups. For more information see Assigning a Web Reports role to LDAP users or groups.