Date:2017-03-07 OS: Windows/Linux Etrack Incidents: DI-1619, DI-3133, DI-3163, DI-3285, DI-3432, DI-3602, DI-3643, DI-3689, 3901145, 3903491, 3907878 Errors/Problems Fixed: DI-1619 - When editing a report, in the User Selection tab, if all the data sources are selected, then the edit page becomes unresponsive. DI-3133 - The idxwriter.exe process fails to create a tags database due to a blank tag name and tag value provided in the CSV file. DI-3163 - The scanner job abruptly stops when scanning a Box resource. DI-3285 - The permission view takes longer to display information for Box resources. DI-3432 - The security of Data Insight has been enhanced to defend the Cross-Site Scripting (XSS) vulnerability. DI-3602 - On the left-hand side (LHS) tree view, the Activity, Files, and other numerical slider filters display incorrect values. DI-3643 - In the Permissions report output, the user incorrectly inherits the permissions that are assigned to the built-in groups. DI-3689 - The Social Network Map fails to render for the shares that have a large number of active users. 3901145 - On migrating from EMC Celerra to EMC Isilon, Data Insight fails to receive the sensitive files report from DLP. This issue is observed due to a case mismatch in the access zone names. 3903491 - Data Insight ignores audit events from Isilon cluster due to case mismatch in the filer name and the name configured in the Isilon Management console. 3907878 - The Management Console displays incorrect run-time for the Data Insight job. Install/Uninstall Instructions: Apply this rolling patch on all Data Insight servers with version 5.2 NOTE: Please keep a backup of the Data Insight files in the installation directory. This will be required in case you want to manually rollback the patch. High Level Steps: 1. Apply the rolling patch on Management Server first, followed by all worker nodes. 2. Next, apply patch to Windows File Server agents (if applicable). 3. Next, apply patch to Microsoft SharePoint agents (if applicable). Patching Data Insight Management Server and worker nodes: 1. Log onto each server with Administrative privileges. 2. Unzip the patch files to a temporary folder. In this folder, locate the rolling patch installer for the appropriate OS architecture. The installer is called Veritas_DataInsight_windows_52RP1_5_2_1_9009_x64.exe for 64 bit Windows OS, Veritas_DataInsight_linux_52RP1_5_2_1_9009_RHEL6_x64.sh for 64 bit Linux RHEL6 OS and Veritas_DataInsight_linux_52RP1_5_2_1_9009_RHEL7_x64.sh for 64 bit Linux RHEL7. 3. Launch the installer executable to install the rolling patch. Patching Data Insight Windows File Server agents: 1. Unzip the patch files to a temporary folder. In this folder, locate the rolling patch installer bundles for Windows File Server agents. The agent bundle is called Veritas_DataInsight_windows_winnas_52RP1_5_2_1_9009_x64.zip for 64 bit OS. 2. Log into the Data Insight Management Console with Server Administrator privilege and upload the agent bundles to the appropriate Collector worker nodes using "Upload Manager" page on the Settings tab. 3. Navigate to Filer details page for each configured Windows File Server from the Settings tab, and click on "Upgrade Agent" button available on the top of the page. This option is only visible if you have enabled the option to let Data Insight install/upgrade agent for this filer. 4. Alternately, to manually patch a Windows File Server agent, log onto the Windows File Server machine with Administrative privileges, unzip the agent installer bundle in a temporary location, and launch the patch installer. The patch installer is called Veritas_DataInsight_windows_winnas_52RP1_5_2_1_9009_x64.exe for 64 bit OS. Patching Data Insight Microsoft SharePoint agent: 1. Log onto the SharePoint farm machine where the SharePoint agent has been previously installed. 2. Uninstall the old agent using the "Add/Remove Programs" applet in Control Panel. 3. Unzip the patch files to a temporary folder. In this folder, locate the SharePoint agent installer. The installer is called Veritas_DataInsight_sharepoint2007_52RP1_5_2_1_9009.exe for SharePoint 2007, Veritas_DataInsight_sharepoint2010_52RP1_5_2_1_9009.exe for SharePoint 2010, Veritas_DataInsight_sharepoint2013_52RP1_5_2_1_9009.exe for SharePoint 2013, and Veritas_DataInsight_sharepoint2016_52RP1_5_2_1_9009.exe for SharePoint 2016. 4. Launch the installer to install the new agent. Additional Notes: 1. At this time, automated rollback of patch is not supported. To roll back the patch manually: a. Remember to take a backup of original files before you install the rolling patch. b. To roll back the patch, stop all Data Insight services, overwrite the patched files with original files from backup, and restart the services. 2. To confirm if a system has been patched, check the version of Data Insight using the Add/Remove Programs applet in the Control Panel. 3. Note that due to security vulnerabilities, Data Insight 5.2 has turned off SSL and TLSv1 protocols. However, Windows File Server agents version 4.5 are not compatible with TLSv1.1 and TLSv1.2 protocols. Thus, Windows File Server agents stop communicating with the collectors that are upgraded to Data Insight 5.2RP1. To resume this communication, perform the following on each Windows File Server agent node before or after upgrading the collectors to 5.2RP1: a> Obtain the latest 32-bit Java Runtime Environment (JRE) binaries from the Windows File Server agent version 5.2. Typically, they are located in the jre folder of the agent version 5.2 installation. The default location is C:\Program Files\DataInsight\jre. b> Log on to the Windows File Server agent version 4.5 computer with the Administrator privileges. c> Stop the DataInsightComm and DataInsightWatchdog services on the agent. d> Replace the old jre binaries on the agent with the ones obtained from the Windows File Server agent node version 4.5. By default, the agent version 4.5 JRE is located at C:\Program Files\Symantec\DataInsight\jre. e> Start the DataInsightComm and DataInsightWatchdog services. f> After few minutes, verify that the node's status is ONLINE on the Data Insight console. The status is displayed at Settings > Data Insight Servers page.