IBM Support

IBM Endpoint Manager for Remote Control Interim Fix 9.0.1-TIV-IEMRC901-IF0002

Downloadable files


Abstract

IBM Endpoint Manager for Remote Control 9.0.1 (9.0.1-TIV-IEMRC901-IF0002) Fixes related to APARs and other minor code updates.

Download Description


*************************************************************************************************************************
The installation files included in this interim fix pack have been removed because they are vulnerable to the Flexera InstallAnywhere and Flexera Installshield security exposures described in the following documents:
http://www-01.ibm.com/support/docview.wss?uid=swg21978076
http://www-01.ibm.com/support/docview.wss?uid=swg21984654

For the latest IBM BigFix Remote Control fixpack V9.1.2 IF0002, refer to:
http://www-01.ibm.com/support/docview.wss?uid=swg24042225

**************************************************************************************************************************


**************************************************************************************************************************
This Interim fix pack is no longer available. Please see APAR IV61533 for a description of the problem(s) and corrective action(s).
Upgrade to the interim fix pack that is referenced in the following download document http://www-01.ibm.com/support/docview.wss?uid=swg24037729
All of the APARs in this interim fix pack are included in the new interim fix pack.
For more information about the issue, see the following technote, http://www-01.ibm.com/support/docview.wss?uid=swg21676461

**************************************************************************************************************************



APARs fixed in IF0002

IV53432 UNABLE TO LAUNCH CONTROLLER APPLICATION
Fixed an issue where launching the Controller by using Java Web Start fails if the user name for the user in the remote control server has blank first and last names.


IV55023 LONG WORD WRAPPED MESSAGE IN THE TARGET CHAT WINDOW IS NOT CORRECTLY DISPLAYED
Fixed an issue where long, word wrapped messages in the target chat window are not displayed correctly. Messages of more than 120 characters.


IV57343 THE ACTIONS MENU INTERMITTENTLY DOES NOT POPULATE WHEN WE SELECT TARGET
Fixed an issue where the actions menu intermittently fails to populate after selecting a target. This issue does not appear to be browser specific although some versions are more affected than others.



IV55996 AUDIT EVENTS FOR ENDING THE SESSION MIGHT BE MISSING IN SOME SESSION MODES
Fixed an issue where end of session audit messages might be missing from target's audit messages when the session is ended. This affects both local audits as well as the audit entries stored in the server's session history.



IV58147 BROKER MEMORY LEAK
Fixed an issue where a memory leak in the broker component caused the process to run out of memory after a certain number of sessions. The actual number of sessions depends on many variables to do with the session itself but 500 sessions can be taken as an estimate.


IV58158 SECURITY APAR, CVE-2014-0050 APACHE COMMONS FILE UPLOAD VULNERABILITY.IBM ENDPOINT MANAGER FOR REMOTE CONTROL
IBM Endpoint Manager for Remote Control versions 9.1.0, 9.0.1, and 9.0.0 are shipped with the Apache Commons File Upload library which contains a security vulnerability that could potentially be exploited to cause denial of service attack against IBM Endpoint Manager for Remote Control Server.


IV58315 SECURITY APAR CVE-2013-5461, INSECURE STORAGE OF PASSWORDS IN IBM ENDPOINT MANAGER FOR REMOTE CONTROL
IBM Endpoint Manager for Remote Control versions 9.0.1 and 9.0.0 are affected by a security vulnerability through the insecure storage of user's passwords. The application stores multiple hashes of partial passwords. If a malicious user is able to retrieve the information the user might be able to decrypt the password.


IV58782 BROKER UNABLE TO HANDLE MORE THAN 16 SIMULTANEOUS CONNECTION ATTEMPTS
Fixed an issue where the broker might be unable to handle 16 simultaneous.


IV58733 SECURITY APAR, MULTIPLE JAVA VULNERABILITIES IN IBM ENDPOINT MANAGER FOR REMOTE CONTROL
IBM Endpoint Manager for Remote Control versions 9.1.0, 9.0.1, and 9.0.0 are affected by security vulnerabilities in the Java Runtime Environment that is included in IBM Endpoint Manager for Remote Control.


IV58891 SECURITY APAR,MULTIPLE OPENSSL VULNERABILITIES IN IBM ENDPOINT MANAGER FOR REMOTE CONTROL
IBM Endpoint Manager for Remote Control 9.1.0, 9.0.1 and 9.0.0 are affected by security vulnerabilities in the OpenSSL libraries that are included with IBM Endpoint Manager for Remote Control.


IV59254 MAX SEQUENTIAL CHARACTER OFF-BY-ONE ERROR IN THE SERVER
Fixed an issue where the code in the server that checks for the matching sequential characters in the user password was searching for the incorrect number of matching sequential characters. For example, if the password.max.matching.sequential.chars property is set to 2, the new password could have 5 matching sequential characters before an error is reported.

Installation Instructions

Prior to installation


Installing the fix pack after installing the GA Level (9.0.1.0035)

If you are installing the fix pack immediately after installing the GA Level (9.0.1.0035), log-on to the GA Level application after it has installed to ensure that the database initialisation has completed before applying the fix pack.

Backup your properties and recordings files

If you have the server component installed and running you should backup your existing property files before installing the fix pack and also backup any recordings files that you have.

Backup the following property files:-

common.properties
ldap.properties
trc.properties
controller.properties
log4j.properties

The properties files are found in the following directory

For Windows based systems:

[TRCInstallDir]\wlp\usr\servers\trcserver\apps\TRCAPP.ear\trc.war\WEB-INF\classes\


For UNIX based systems

[TRCInstallDir]/wlp/usr/servers/trcserver/apps/TRCAPP.ear/trc.war/WEB-INF/classes/

Where TRCInstallDir is the IBM Endpoint Manager for Remote Control server installation directory.


The video recordings folder is defined in the rc.recording.directory property in the trc.properties file.


in manual installations

Windows:
C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\rc_recordings


in automated installations

In Linux:
[TRCInstallDir]/wlp/usr/servers/trcserver/rc_recordings


In Windows:
[TRCInstallDir]\wlp\usr\servers\trcserver\rc_recordings



Backup any certificate files

Note: This section should only be carried out if you have previously manually installed a certificate. It also only applies to an automated server installation.

The certificates are stored by default in a keystore file key.jks in the following paths:

Windows

[TRCInstallDir]\wlp\usr\servers\trcserver\resources\security\key.jks


Linux

[TRCInstallDir]/wlp/usr/servers/trcserver/resources/security/key.jks



If the default keystore file location or keystore password, are changed, you must also back up the memory.xml file.

Windows:
[TRCInstallDir]\wlp\usr\servers\trcserver\memory.xml

Linux:
[TRCInstallDir]/wlp/usr/servers/trcserver/memory.xml



Installing

Although it is not required, it is suggested that when you apply a fix pack that you upgrade all of your components to the latest level.

IBM Endpoint Manager for Remote Control 9.0.1 Windows Server Installation with a Websphere Application Server 8.5 Liberty Profile and Derby database.

  1. Unzip 9.0.1-TIV-IEMRC901-WIN-IF0002.zip and navigate to trc_server_setup.exe.
  2. Run trc_server_setup.exe.
  3. Follow the on screen instructions to install the fix pack.
  4. If more detailed information is required, refer to the IBM Endpoint Manager for Remote Control Installation Guide and the chapter that describes installing the server using the server installer


http://pic.dhe.ibm.com/infocenter/tivihelp/v26r1/topic/com.ibm.tem.doc_9.0/Remote_Control/RC_Install_Guide/rcinst_server_installer.html


IBM Endpoint Manager for Remote Control 9.0.1 LINUX Server Installation with a Websphere Application Server 8.5 Liberty Profile and Derby database.
  1. Untar 9.0.1-TIV-IEMRC901-LINUX-IF0002.tar and navigate to trc_server_setup.bin.
  2. Run trc_server_setup.bin.
  3. Follow on the screen instructions to install the fix pack.
  4. If more detailed information is required, refer to the IBM Endpoint Manager for Remote Control Installation Guide and the chapter that describes installing the server using the server installer:

http://pic.dhe.ibm.com/infocenter/tivihelp/v26r1/topic/com.ibm.tem.doc_9.0/Remote_Control/RC_Install_Guide/rcinst_server_installer.html


Manual Installation

If you are using 9.0.1-TIV-IEMRC901-MULTI-IF0002.tar to perform a manual installation of this release, please note:-

A manual installation can only be performed on a system that has the previous release of IBM Endpoint Manager for Remote Control already installed.


IBM Endpoint Manager for Remote Control 9.0.1 Websphere Application Server (WAS), AIX, Linux, Solaris and Windows Server Installation

IMPORTANT
***********************************************************************************
Please back up your video recordings and customised properties files
***********************************************************************************

Untar 9.0.1-TIV-IEMRC901-MULTI-IF0002.tar and navigate to \Disk1\InstData\[platform]\VM where [platform] is relevant to your operating system:

For example: \Disk1\InstData\windows\VM

AIX : Run trc_additional_setup.bin
Linux : Run trc_additional_setup.bin
Solaris: Run trc_additional_setup.bin
Windows: Run trc_additional_setup.exe


AIX/Linux and Solaris

1. Run trc_additional_setup.bin.
2. Follow the instructions in the IBM Endpoint Manager for Remote Control Installation Guide in the chapter that describes how to extract the component installation files.
http://pic.dhe.ibm.com/infocenter/tivihelp/v26r1/topic/com.ibm.tem.doc_9.0/Remote_Control/RC_Install_Guide/rcinst-addiitional_install.html

The new war file will be saved to a place of your choice or the InstallAnywhere default location.
3. Use the WAS Administrative Console to update the war file.
4. Follow the steps in Performing necessary tasks after installation.

Windows

1. Run trc_additional_setup.exe.
2. Follow the instructions in the IBM Endpoint Manager for Remote Control Installation Guide in the chapter that describes how to extract the component installation files.

http://pic.dhe.ibm.com/infocenter/tivihelp/v26r1/topic/com.ibm.tem.doc_9.0/Remote_Control/RC_Install_Guide/rcinst-addiitional_install.html

The new war file will be saved to a place of your choice or the InstallAnywhere default location.
3. Use the WAS Administrative Console to update the war file.
4. Follow the steps in 4.3 Performing necessary tasks after installation.


Component installation
For more information about installing the components, see
http://pic.dhe.ibm.com/infocenter/tivihelp/v26r1/topic/com.ibm.tem.doc_9.0/Remote_Control/RC_Install_Guide/rcinst_comp_install.html


Windows components

1) Unzip 9.0.1-TIV-IEMRC910-WIN-IF0002.zip

2) Use the relevant installation files to install the components.

Target trc_target_setup.exe or trc_target.msi
Controller trc_controller_setup.exe or trc_controller.msi
Gateway trc_gateway_setup.exe or trc_gateway.msi
Broker trc_broker_setup.exe or trc_broker.msi
CLI trc_cli_setup.exe or trc_cli.msi


Linux components

1) Extract the additional setup utility file from 9.0.1-TIV-IEMRC901-MULTI-IF0002.tar
2) Run the file that is relevant to the operating system that you will run the utility on.


Windows operating system - trc_additional_setup.exe
Linux operating system - trc_additional_setup.bin

3) Follow the instructions in the IBM Endpoint Manager for Remote Control Installation Guide in the chapter that describes how to extract the component installation files.
http://pic.dhe.ibm.com/infocenter/tivihelp/v26r1/topic/com.ibm.tem.doc_9.0/Remote_Control/RC_Install_Guide/rcinst-addiitional_install.html

4) Use the following files to install the components.


Target ibm-trc-target-9.0.1.i386.rpm or ibm-trc-target-9.0.1.src.rpm
Controller ibm-trc-controller-9.0.1.noarch.rpm and ibm-trc-controller-jre-9.0.1.i386.rpm
Gateway ibm-trc-gateway-9.0.1.i386.rpm or ibm-trc-gateway-9.0.1.src.rpm
Broker ibm-trc-broker9.0.1.i386.rpm or ibm-trc-broker-9.0.1.src.rpm
CLI ibm-trc-cli-9.0.1.i386.rpm or ibm-trc-cli-9.0.1.src.rpm




5) Restart the component service for the component that you upgraded. For more information about restarting the component services, see the IBM Endpoint Manager for Remote Control Installation Guide.
http://pic.dhe.ibm.com/infocenter/tivihelp/v26r1/topic/com.ibm.tem.doc_9.1/Remote_Control/RC_Install_Guide/rcinst_manage_linux_comps.html




Performing necessary tasks after installation

Edit the properties files
After completing the update and confirming that 9.0.1.0202 is installed, edit the new trc.properties and ldap.properties files and update them with the values in your saved files.

Restore your other saved properties files and video recordings.


Target requirements

Detailed Hardware and Software requirements can be found at:

http://pic.dhe.ibm.com/infocenter/tivihelp/v26r1/topic/com.ibm.tem.doc_9.0/Remote_Control/RC_Install_Guide/rcinsttgtreqs.html


Admin id for manual AIX install

For a manual installation of the IBM Endpoint Manager for
Remote Control Server on an AIX system, the default admin id
and password are case sensitive and should be typed as follows



id = Admin password = password



Restore certificate files

Note: This section should only be carried out if you have previously manually installed a certificate. It also only applies to an automated IBM Endpoint Manager for Remote Control server installation.

Restore the saved keystore file key.jks. If using the default keystore, it must be restored to:

Windows :

[TRCInstallDir]\wlp\usr\servers\trcserver\resources\security\key.jks


Linux:

[TRCInstallDir]/wlp/usr/servers/trcserver/resources/security/key.jks


If the password or the location of the keystore were changed, modify the file memory.xml and set the parameters of the element <keyStore> with the same values as the memory.xml file that was backed up as instructed previously.

The memory.xml file can be found at:

Windows:
[TRCInstallDir]\wlp\usr\servers\trcserver

Linux:
[TRCInstallDir]/wlp/usr/servers/trcserver



Problems (APARS) fixed
IV53432 IV55023 IV57343 IV55996 IV58147 IV58158 IV58315 IV58782 IV58733 IV58891 IV59254

Document information

More support for: IBM BigFix family

Software version: Version Independent

Operating system(s): Platform Independent

Reference #: 4037189

Modified date: 03 March 2017