Date:2013-04-26 OS: Windows/Linux Etrack Incidents: 3072022, 3076812, 3078446, 3101281, 3111401, 3114437, 3115058, 3119461, 3121006, 3013350, 3065549, 3093587, 3093594, 3115329, 3120448, 3123611, 3069879, 3105649, 3017850, 3117384, 3118904, 3122301, 3125490, 3130301, 3067090, 3107241, 3145930, 3145847, 3149276, 3157936, 2981486 Errors/Problems Fixed: 3072022 - Data Insight UI not displaying properly in IE 9 in Compatibility mode. 3076812 - Entitlement report does not generate correct output when custom attributes are selected. 3078446 - NEVER scan status not displayed in the UI. 3101281 - Cannot assign custodians to sharepoint paths using mxcustodian command. 3111401 - Fully exclude share-level permission when requested. 3114437 - Fix basic permission mask for effective permissions. 3115058 - ACEs within an ACL are being reordered while displaying in GUI. Order gets changed while displaying it under Workspace-->Permissions. 3119461 - Properly handle FSACL for owner. 3121006 - Everyone is not part of authenticated users. 3013350 - Scans fail on winnas agent. 3065549 - Report for file type EXE on NetApp is EMPTY. The filter works fine for Wndows agents. 3093587 - Column Header to change for User/Group & Path permissions report. 3093594 - Dont show ACES in console & reports if effective access mask for the ACE is zero. 3115329 - Stats library to support a timeout for inserting into lstats.dll. 3120448 - Path column under Scan errors page should show complete path on which scan is failing. 3123611 - Permission report has memory leak. 3069879 - Remove certain files from $data/updates folder after config is updated. 3105649 - Changes needed to the pause scanner default setting to display two integers behind the colon in the time value. 3017850 - Error generating audit log data for extracts. 3117384 - When we don't include share level permissions for effective permissions view, advanced permissions map should not show share level trustees and share level path. 3118904 - Reduce severity level to warning for error:UNKNOWN_LINK(257). 3122301 - Capture all credential requirements for scanning. 3125490 - Workspace permissions verification for winnas/nfs/sharepoint. 3130301 - Unable to add LDAP and NIS users as custodians using mxcustodian command. 3067090 - Removed custom attributes from Data Insight, still there. Reports & report config still slow. 3107241 - Custom NetApp filer scan schedule not applying with proper saved time and display in console. 3145930 - Cannot manage Windows filer agent automatically from Data Insight console if agent was installed manually. 3145847 - Completed successful scans with non-zero return code showing as failed in Data Insight console. 3149276 - Queryd consuming memory and CPU until Host out of memory. 3157936 - Dashboard Summary report failing. 2981486 - Path Permission/User Permission report: Saved changes do not persist. Install/Uninstall Instructions: Apply this rolling patch on all Data Insight servers with version 3.0.1 with or without earlier rolling patches applied. Windows File Server will also neeed to be patched, if you are facing following issue. Otherwise, the Windows File Server need not be patched. Reduce severity level to warning for error:UNKNOWN_LINK NOTE: Please keep a backup of the Data Insight files in the installation directory. This backup is required in case you want to manually roll back the patch. High-level Steps: 1. Apply the rolling patch on the Management Server first, followed by all worker nodes. 2. Next, apply the patch to Windows File Server agents (if applicable). Patching Data Insight Management Server and worker nodes: 1. Log in to each server with administrative privileges. 2. Unzip the patch files to a temporary folder. In this folder, locate the rolling patch installer for the appropriate OS architecture. The installer is called Symantec_DataInsight_windows_301RP5_3_0_1_3419_x64.exe for 64 bit Windows OS, Symantec_DataInsight_windows_301RP5_3_0_1_3419.exe for 32 bit Windows OS, and Symantec_DataInsight_linux_301RP5_3_0_1_3419_x64.sh for 64 bit Linux OS. 3. Launch the installer executable to install the rolling patch. Patching Data Insight Windows File Server agents: 1. Unzip the patch files to a temporary folder. In this folder, locate the rolling patch installer bundles for Windows File Server agents. The agent bundle is called Symantec_DataInsight_windows_winnas_301RP5_3_0_1_3419_x64.zip for 64 bit OS and Symantec_DataInsight_windows_winnas_301RP5_3_0_1_3419_x86.zip for 32 bit OS. 2. Log in to the Management Console with Server Administrator privilege and upload the agent bundles to the appropriate collector worker nodes using "Agent Uploader" page in the Settings tab. 3. Navigate to the Filer details page for each configured Windows File Server in the Settings tab, and click on "Upgrade Agent" button available on the top of the page. This option is only visible if you have enabled the option to let Data Insight install/upgrade agent for this filer. 4. Alternately, to manually patch a Windows File Server agent, log onto the Windows File Server machine with Administrative privileges, unzip the agent installer bundle in a temporary location, and launch the patch installer. The patch installer is called Symantec_DataInsight_windows_winnas_301RP5_3_0_1_3419_x64.exe for 64 bit OS, and Symantec_DataInsight_windows_winnas_301RP5_3_0_1_3419_x86.exe for 32 bit OS. Patching Data Insight Microsoft SharePoint agent: SharePoint Agent needs to be patched if you are upgrading from following versions. 3.0.1 3.0.1 RP1 3.0.1 RP2 3.0.1 RP3 1. Log onto the SharePoint farm machine where the SharePoint agent has been previously installed. 2. Use Symantec_DataInsight_sharepoint2010_301RP5_3_0_1_3419.exe for SharePoint farm version 2010, else use Symantec_DataInsight_sharepoint_301RP5_3_0_1_3419.exe. 3. Uninstall the old agent using the "Add/Remove Programs" applet in Control Panel. 4. Unzip the patch files to a temporary folder. In this folder, locate the SharePoint agent installer. The installer is called either Symantec_DataInsight_sharepoint_3_0_1_3419.exe or Symantec_DataInsight_sharepoint_301RP5_3_0_1_3419.exe. 5. Launch the installer to install the new agent. Additional Notes: 1. At this time, automated roll back of patch is not supported. To roll back the patch manually: a. Remember to take a backup of the original files before you install the rolling patch. b. To roll back the patch, stop all Data Insight services, overwrite the patched files with the original files from backup, and restart services. 2. To confirm if a system has been patched, check the version of Data Insight using the "Add/Remove Programs" applet in the Control Panel. ************************************************************************************************* Incidents fixed on 3.0.1RP4: ************************************************************************************************* 2989545 - Error 209 when importing custom user attributes using csv file where file format is UTF8. 3006155 - It appears the user selection filter setting is not saved when report is saved. 3009783 - mergedb.exe is causing 90% CPU usage for long periods. 3013462 - Users cannot open output of their created reports in certain scenarios. 3013712 - Wrap all sharepoint web service API calls to deliver exception stack traces to the clients. 3015445 - Fix spurious log message in fpolicyd.log which confuses user about filer connectivity. 3019830 - Path Permission report shows incorrect permissions. 3020696 - After adding several hundred Windows agents, the event processor job appears to be hung and events don't appear to be processing correctly. Inbox full of node events are not getting processed. 3027426 - Invalid user gets set in master report run thread. 3021954 - DataInsightConfig seems to slow down the UI with a large number of servers & shares. 3033697 - SyncScansJob throws exceptions for large deployments. 3049995 - Give the Logon user of DataInsightFpolicy permissions to write to the data/collector folder. 3043730 - Enhance testuser utility to support more options. 3051105 - SharePoint client logs do not roll over. 3053172 - netapp_util.exe crashes if no user is specified. 3054269 - Several CIFS files from Windows server agents are not getting consumed and are dropped in the indexer\err folder. ************************************************************************************************* Incidents fixed on 3.0.1RP3 ************************************************************************************************* 3002878 - configdb process crashes during log rollover. ************************************************************************************************* Incidents fixed on 3.0.1RP2: ************************************************************************************************* 2924502 - Data Inventory report is crashing with invalid pointer read in owner index. 2934630 - Issues while deleting winnas server with the option of "uninstall agent". 2937368 - Download Logs throws OutOfMemoryError for large data set. 2937805 - Enable/Disable site collection auditing on sharepoint server when Enabling/Disabling site collection in DI. 2937960 - Use custom chunk size for sqlite3 via reports (sensitive_summary.dll). 2941639 - While merging report outputs, move intermediate output db's rather than copy and delete the intermediate ones after merge is complete. 2941806 - Dashboard: Save filter table does not save all filtered data. 2944336 - localuser.exe not picking up the local groups from Netapp filer. 2944616 - Implement a central place in LogServlet to change log level on any node, for any service. 2944814 - Dashboard does not consider absense of share level permission while evaluating open shares. 2945765 - Download logs should try and capture security policies for a collector/winnas ndoe. 2946060 - ConfigUtils.isWindows fails on Turkish locale. 2952484 - Automatically add DFS mapping for winnas cluster after share discovery. 2952809 - queryd should truncate the sharelist file so that old entries are purged. 2955756 - Automatically set security options for fpolicy in registry. 2957316 - Workspace--->Users, BU attribute query not working for NOT EQUAL operator. 2957680 - Optimize Disk Space and speed for intermediate files for reports by transferring those with in memory compression. 2968233 - Fixed Notify custodian shows wrong info. 2972341 - Large file download via File Transfer Job causes exception in StatsManager.publishStat. 2976643 - Time taken for directory scan shown on Uber dashboard appears to be incorrect. 2982141 - HA setting : 'Number of files in err folders' is not working. 2982453 - For Exclude Rule, exclude access for a particular user on a particular path doesn't work. It excludes access for all the users on that path. 2875273 - Error generating audit log data for extracts. Added retry logic if sqlite db is locked. This is for a small db which holds the generation number. Parallel collector processes run by DataInsight commd service may encounter a db locked and all input files are moved to collector/err folder. 2953188 - Getting warning show run out of disk space after new install. 2959957 - Indexer collector is reporting errors. 2963072 - When installing multiple Winnas agents with installcli, configdb uses 100% of CPU. 2973172 - fpolicy crashes since upgrade to DI 3.0.1: SEVERE: #{10} [ReportsDBUpgrade.upgradeReportsDB] HSQL DB path is invalid. 2982513 - Add a node property for fpolicyd called fpolicyd.rulefilter to exclude rules at fopolicy level Please refer to point 3 in addtional notes / Impact setion below for more details. 2990530 - ConfigServlet does not update cache after config updates. Collector node does not update its list of associated WinNas nodes and forwards update config requests to MS. ************************************************************************************************* Incidents fixed on 3.0.1 RP1 ************************************************************************************************* 2656072 - User selection panel in the report creation wizard is enhanced to allow selection of all filtered users. 2664129 - Issue with scan resync in case a file is deleted when the DataInsightFpolicy service is stopped. 2679017 - The path for the report files for a specific report run is now shown\ in the View Report Progress window. For example, if the report files for report run ID 5 are located in C:\DataInsight\data\console\reports\reportruns\5, this path is displayed in the View Report Progress window. 2683790 - Issue with purging of segments using indexcli.exe. 2766065 - Typographic errors in log files in case of error V-378-1301-1. 2807744 - Disk space issues on the Collector node as a result of a large number of policy.db files. 2809769 - Job that sends alert emails quits if it encounters an invalid email address. 2818315 - Statistics for utilization of resources, such as CPU and memory, are now available for Linux Indexer nodes. 2829567 - Share selection on the Audit Logs page is now cached and is used when a user revisits the page. 2833689 - Filehash and dirhash files keep getting generated if query and index update occur simultaneously to the same index. 2848554 - The Define Open Share Policy popup is now replaced with the Edit Open Share Policy tab for better usability. 2848602 - Validations added for the values entered on the Edit Open Share Policy tab. 2854788 - Meaningful scan error messages are now printed for Windows System Error codes up to 2000 except error codes between 200 and 300. 2854796 - The user interface now shows meaningful scan error messages for final scan error code as well as for intermediate paths. 2859628 - At times, server state for a Data Insight node is shown as Unknown despite all services running properly and nodes communicating properly with the Management Server. 2860299 - Memory consumption is high during dashboard report creation. 2865459 - Issues with filter functionality on the Shares/Site Collections page under Dashboard tab. 2865844 - "Fpolicy connected" event now resets the status of "fpolicy_safeguard" signal in the filer health database. 2869114 - If a share is disabled then audit events for the last added share is not getting captured. 2869555 - In user-centric views, the Select Resource popup now allows selection of the "Devices with Permissions" option, which results in displaying only those shares on which user has access permissions. 2881044 - If the \scanner\err folder contains files for a failed scan of shares on a filer, the filer health is now shown as "At Risk". 2881064 - Issue with indexing voldb files in case of existence of a zero byte voldb file in the \inbox folder. 2898161 - On a multi-processor Data Insight node, if multiple idxwriter.exe processes are running, the next batch does not start until the last idxwriter.exe process in the first batch ends. 2898975 - DLPSensitiveFilesJob is failing for a report with 5.5M incidents. NOTE: To get around this problem, use jdbc to directly query oracle database instead of using Web APIs. For details, refer to the section "dlp_db.conf File Content" in this document. 2898991 - Last Known Good State is shown as "never scanned" in case of successful FULL scan followed by failed INCREMENTAL scans, followed by failed full scan, follwed by successful INCREMENTAL scan. 2899001 - FPolicyd.exe now grants WRITE permission to the logon user for the DataInsightFpolicy service on the \data\stats folder. 2898995 - NullPointerException in populating dashboard stats for a share. 2899029 - Fixed an issue where if a path is opened by copy-pasting UNC into the GOTO bar, the synchronization of navigation pane works only partially. 2899070 - Issue with computing health status of DLP Sensitive files pull. 2899083 - Data Insight node is shown as "At Risk" if there.s a pre-upgrade event for err files exceeding threshold. 2899085 - The actions available from Filers, SharePoint Web Applications, and Data Insight Servers list pages are now also available from the respective details pages. 2900255 - DlpSensitiveFilesJob performance improvement. 2906109 - An additional report, Data Inventory Report, is now available under the Ownership Reports category. This report lists an inventory of files/documents with attributes such as ownership, sensitivity, age and activity. 2913843 - Scan Errors popup shows incorrect SharePoint path. 2914640 - File counts shown on dashboard don't match those shown in Data Inventory Report. Incorrect file count shown on dashboard. 2919668 - Access time and creation time are set incorrectly for root folder in index database. 2919730 - When full scan exits with error code 32768, which indicates that scanning of some paths failed, the last known good state is updated with the time of full scan. This behavior can be changed by using the global property update_last_known_good_state_for_partial_scans to false by using the configdb command. 2922577 - Fixed the custom attribute display issue in edit report view. 2922899 - DataInsightWinnas service now excludes all activity from the user used for scanning local shares. 2925848 - Scan errors do not get processed when the collector for a Windows File Server is also the indexer for the server.