Date:2013-11-19 OS: Windows/Linux Etrack Incidents: 3227528, 3262328, 3269419, 3277708, 3297644, 3319182, 3321057, 3321261, 3325463, 3327753, 3301097, 3309369, 3302067, 3303597, 3301634, 3298394, 3297199, 3281039, 3286173, 3338997, 3331082, 3346845, 3340974, 3021782, 3340195, 3331064, 3355475, 3357530, 3366462. Errors/Problems Fixed: 3227528 - Entitlement Review report comes back with no data for a number of shares in case of NetApp local users. 3262328 - Data Insight does not display files recreated after delete operation. 3269419 - Data Insight GUI does not work in IE8 browsers that have Chrome Frame Add-On installed. Fails with error "Message: Object doesn't support this property or method". 3277708 - Scanning shows "Application error" if exclude rules caused some paths to get excluded. 3297644 - In workspace view, permissions tab takes 15 minutes to load. 3319182 - Ability to ignore disabled shares and filers in report output. 3321057 - DiscoverSharesJob never completes in certain scenarios. 3321261 - Collector misses a few exclude rules. 3325463 - Don't push corrupted DB when report.exe has crashed on Indexer. 3327753 - Celerrad crashes if the average length of share names is more than 32 characters. 3301097 - Enhancement for showing information about unresolved SIDs. 3309369 - Support for Local Administrators groups being expanded in the permissions reports where all local groups have the same SID when presented by the Operating System. 3302067 - Reducing severity for error code 241 to warning. 3303597 - scanner.exe crashes for unsupported file system types. 3301634 - Merge for entitlement report is slow for insertion of custom attributes records in merged output database. 3298394 - Fetch local users from Netapp filers. 3297199 - Suppress audit events on Home.aspx files coming from SharePoint. 3281039 - Support for parallelism in report execution. 3286173 - Discovery of SharePoint webapp with 10000 site collection times out. 3338997 - Performance improvements for Indexer. 3331082 - Discover site collections fails for an extended AD-authenticated SharePoint webapp URL when the default webapp has claims based authentication. 3346845 - Mark disabled shares and filers in workspace with special icon. 3340974 - Display status of most recent Share/Site-Collection discovery for filers/web-applications to help disabling decommissioned devices in Data Insight. 3021782 - Fix performance of CSV Path upload in report configuration wizard for large number of paths. 3340195 - Incorrect membership shown for SharePoint local groups. 3331064 - Indexers not deleting older filehash & dirhash files. 3355475 - Indexer can crash if it needs to reopen the index while processing scan files. 3357530 - Deleted folders are not being properly marked deleted after scan resync. 3366462 - Allow specifying "sIDHistory" attribute as a custom attribute to be fetched from Active Directory. Install/Uninstall Instructions: Apply this rolling patch on all Data Insight servers with version 3.0.1 with or without earlier rolling patches applied. NOTE: Please keep a backup of the Data Insight files in the installation directory. This backup is required in case you want to manually roll back the patch. High-level Steps: 1. Apply the rolling patch on the Management Server first, followed by all worker nodes. 2. Next, apply the patch to Windows File Server agents (if applicable). 3. Apply the patch to SharePoint servers. SharePoint Agent needs to be reinstalled as part of Data Insight 3.0.1 RP8. Patching Data Insight Management Server and worker nodes: 1. Log in to each server with administrative privileges. 2. Unzip the patch files to a temporary folder. In this folder, locate the rolling patch installer for the appropriate OS architecture. The installer is called Symantec_DataInsight_windows_301RP8_3_0_1_8010_x64.exe for 64 bit Windows OS, Symantec_DataInsight_windows_301RP8_3_0_1_8010_x86.exe for 32 bit Windows OS, and Symantec_DataInsight_linux_301RP8_3_0_1_8010_x64.sh for 64 bit Linux OS. 3. Launch the installer executable to install the rolling patch. Patching Data Insight Windows File Server agents: 1. Unzip the patch files to a temporary folder. In this folder, locate the rolling patch installer bundles for Windows File Server agents. The agent bundle is called Symantec_DataInsight_windows_winnas_301RP8_3_0_1_8010_x64.zip for 64 bit OS and Symantec_DataInsight_windows_winnas_301RP8_3_0_1_8010_x86.zip for 32 bit OS. 2. Log in to the Management Console with Server Administrator privilege and upload the agent bundles to the appropriate collector worker nodes using the "Agent Uploader" option on the Settings tab. 3. Navigate to the Filer details page for each configured Windows File Server in the Settings tab, and click on "Upgrade Agent" button available on the top of the page. This option is only visible if you have enabled the option to let Data Insight install/upgrade agent for this filer. 4. Alternately, to manually patch a Windows File Server agent, log onto the Windows File Server machine with Administrative privileges, unzip the agent installer bundle in a temporary location, and launch the patch installer. The patch installer is called Symantec_DataInsight_windows_winnas_301RP8_3_0_1_8010_x64.exe for 64 bit OS, and Symantec_DataInsight_windows_winnas_301RP8_3_0_1_8010_x86.exe for 32 bit OS. Patching Data Insight Microsoft SharePoint agent: 1. Log onto the SharePoint farm machine where the SharePoint agent has been previously installed. 2. Use Symantec_DataInsight_sharepoint2010_301RP8_3_0_1_8010.exe for SharePoint farm version 2010, else use Symantec_DataInsight_sharepoint_301RP8_3_0_1_8010.exe. 3. Uninstall the old agent using the "Add/Remove Programs" applet in Control Panel. 4. Unzip the patch files to a temporary folder. In this folder, locate the SharePoint agent installer. The installer is called either Symantec_DataInsight_sharepoint_3_0_1_8010.exe or Symantec_DataInsight_sharepoint_301RP8_3_0_1_8010.exe. 5. Launch the installer to install the new agent. Additional Notes: 1. At this time, automated roll back of a patch is not supported. To roll back the patch manually: a. Remember to take a backup of the original files before you install the rolling patch. b. To roll back the patch, stop all Data Insight services, overwrite the patched files with the original files from backup, and restart services. 2. To confirm if a system has been patched, check the version of Data Insight using the "Add/Remove Programs" applet in the Control Panel. 3. For 3331082 - Discover site collections fails for an extended AD-authenticated SharePoint webapp URL when the default webapp has claims based authentication. Steps to enable correct zone for discovery of site collections from an extended AD-authenticated webapp URL when the default webapp has claims based authentication. 1. Log on to Data Insight console (GUI) and navigate to Settings>SharePoint Web Applications> and click on the Web app having issues(the one with only AD authentication), go to monitored site collections. 2. Delete those site collections which are from Claims based authentication but are listed under the one with only AD authentication. 3. Identify node id for collector for this web app. 4. Log on to the Management Server machine, using administrator privileges. On command prompt, execute following command from \DataInsight\bin location: configdb -o -T node -k -J sp.monitor.zoneurl -j true Eg: configdb -o -T node -k 1 -J sp.monitor.zoneurl -j true where 1 is the node id. 4. Known Issues: 3332967 - EmailUtils caches old value of smtp host due to usage of Session#getDefaultInstance. This can stop automatic email alerts. Workaround is to restart DataInsightWeb service on the management server. 3367656 - In report configuration wizard, if we select root site collection of the Webapp along with non root site collection, report will generate output only for the root site collection. Workaround for this is to select Webapp to get report for all site collections. 2853423 - If a filer is disabled, scan for shares on this filer can still be forked from scanning dashboard or from "scan all" button on Settings->Filers->Monitored Shares. We recommend not to kick off scan from these locations for disabled shares. ************************************************************************************************* Incidents fixed on 3.0.1RP7: ************************************************************************************************* 3193000 - The Exclude Scanning Rules for SharePoint shows the Patterns using wrong "\" 3193586 - The SharePoint agent installation doesn't use the installDir specified in the response file. 3198148 - Incorrect membership information for domain users when those are directly added in Windows File Server/ SharePoint local groups. 3249130 - Upgrade Apache Tomcat webserver to 6.0.37. 3117719 - Data Insight Collector is not able to scan NFS shares where name contains characters not supported by Windows. 3230939 - SharePoint 2010 with 8000 sites - Timeout occurs after 200 seconds. 3158639 - Data Insight does not scan Custom Libraries on SharePoint server. 3255162 - Data Insight is not displaying cross domain user and group membership if domain is located in a different Active Directory forest. 3253971 - idxwriter crash due to ftable_setattr() returning SQLITE_NOMEM. 3234874 - Fixed audit errors for files being renamed. 3248083 - get_path_permissions query returns user as group. 3254075 - Local System and Creator Owner should be considered as groups and not as users. 3207242 - Make sure to not lose filesystem modification events to the compress heuristic. 3273684 - Improve performance for Entitlement Summary report. ************************************************************************************************* Incidents fixed on 3.0.1RP6: ************************************************************************************************* 3136934 - Unable to see cross domain membership information for domain local groups. 3189318 - Setting up appropriate privileges for scanner credentials. ************************************************************************************************* Incidents fixed on 3.0.1RP5: ************************************************************************************************* 3072022 - Data Insight UI not displaying properly in IE 9 in Compatibility mode. 3076812 - Entitlement report does not generate correct output when custom attributes are selected. 3078446 - NEVER scan status not displayed in the UI. 3101281 - Cannot assign custodians to SharePoint paths using mxcustodian command. 3111401 - Fully exclude share-level permission when requested. 3114437 - Fix basic permission mask for effective permissions. 3115058 - ACEs within an ACL are being reordered while displaying in GUI. Order gets changed while displaying it under Workspace-->Permissions. 3119461 - Properly handle FSACL for owner. 3121006 - Everyone is not part of authenticated users. 3065549 - Report for file type EXE on NetApp is EMPTY. The filter works fine for Windows agents. 3093587 - Column Header to change for User/Group & Path permissions report. 3093594 - Don't show ACES in console & reports if effective access mask for the ACE is zero. 3115329 - Stats library to support a timeout for inserting into lstats.dll. 3120448 - Path column under Scan errors page should show complete path on which scan is failing. 3123611 - Permission report has memory leak. 3069879 - Remove certain files from $data/updates folder after config is updated. 3105649 - Changes needed to the pause scanner default setting to display two integers behind the colon in the time value. 3017850 - Error generating audit log data for extracts. 3117384 - When we don't include share level permissions for effective permissions view, advanced permissions map should not show share level trustees and share level path. 3118904 - Reduce severity level to warning for error:UNKNOWN_LINK(257). 3122301 - Capture all credential requirements for scanning. 3125490 - Workspace permissions verification for winnas/nfs/SharePoint. 3130301 - Unable to add LDAP and NIS users as custodians using mxcustodian command. 3067090 - Removed custom attributes from Data Insight are still there. Reports & report config still slow. 3107241 - Custom NetApp filer scan schedule not applying with proper saved time and display in console. 3145930 - Cannot manage Windows filer agent automatically from Data Insight console if agent was installed manually. 3145847 - Completed successful scans with non-zero return code showing as failed in Data Insight console. 3149276 - Queryd consuming memory and CPU until host out of memory. 3157936 - Dashboard Summary report failing. 2981486 - Path Permission/User Permission report: Saved changes do not persist. 3120534 - Error fetching health details from filer/node health DB. ************************************************************************************************* Incidents fixed on 3.0.1RP4: ************************************************************************************************* 2989545 - Error 209 when importing custom user attributes using csv file where file format is UTF8. 3006155 - It appears the user selection filter setting is not saved when report is saved. 3009783 - mergedb.exe is causing 90% CPU usage for long periods. 3013462 - Users cannot open output of their created reports in certain scenarios. 3013712 - Wrap all SharePoint web service API calls to deliver exception stack traces to the clients. 3015445 - Fix spurious log message in fpolicyd.log which confuses user about filer connectivity. 3019830 - Path Permission report shows incorrect permissions. 3020696 - After adding several hundred Windows agents, the event processor job appears to be hung and events don't appear to be processing correctly. Inbox full of node events are not getting processed. 3027426 - Invalid user gets set in master report run thread. 3021954 - DataInsightConfig seems to slow down the UI with a large number of servers & shares. 3033697 - SyncScansJob throws exceptions for large deployments. 3049995 - Give the logon user of DataInsightFpolicy permissions to write to the data/collector folder. 3043730 - Enhance testuser utility to support more options. 3051105 - SharePoint client logs do not roll over. 3053172 - netapp_util.exe crashes if no user is specified. 3054269 - Several CIFS files from Windows server agents are not getting consumed and are dropped in the indexer\err folder. ************************************************************************************************* Incidents fixed on 3.0.1RP3 ************************************************************************************************* 3002878 - configdb process crashes during log rollover. ************************************************************************************************* Incidents fixed on 3.0.1RP2: ************************************************************************************************* 2924502 - Data Inventory report is crashing with invalid pointer read in owner index. 2934630 - Issues while deleting Windows File Server with the option of "uninstall agent". 2937368 - Download Logs throws OutOfMemory error for large data set. 2937805 - Enable/Disable site collection auditing on SharePoint server when enabling/disabling site collection in Data Insight. 2937960 - Use custom chunk size for sqlite3 via reports (sensitive_summary.dll). 2941639 - While merging report outputs, move intermediate output db's rather than copy and delete the intermediate ones after merge is complete. 2941806 - Dashboard: Save filter table does not save all filtered data. 2944336 - localuser.exe not picking up the local groups from Netapp filer. 2944616 - Implement a central place in LogServlet to change log level on any node, for any service. 2944814 - Dashboard does not consider absence of share level permission while evaluating open shares. 2945765 - Download logs should try and capture security policies for a collector/Windows File node. 2946060 - ConfigUtils.isWindows fails on Turkish locale. 2952484 - Automatically add DFS mapping for Windows File Server cluster after share discovery. 2952809 - queryd should truncate the sharelist file so that old entries are purged. 2955756 - Automatically set security options for FPolicy in registry. 2957316 - Workspace--->Users, BU attribute query not working for NOT EQUAL operator. 2957680 - Optimize disk space and speed for intermediate files for reports by transferring those with in memory compression. 2968233 - Fixed Notify custodian shows wrong info. 2972341 - Large file download via File Transfer Job causes exception in StatsManager.publishStat. 2976643 - Time taken for directory scan shown on Uber dashboard appears to be incorrect. 2982141 - HA setting : 'Number of files in err folders' is not working. 2982453 - For Exclude Rule, exclude access for a particular user on a particular path doesn't work. It excludes access for all the users on that path. 2875273 - Error generating audit log data for extracts. Added retry logic if sqlite db is locked. This is for a small db which holds the generation number. Parallel collector processes run by DataInsight commd service may encounter a db locked and all input files are moved to collector/err folder. 2953188 - Getting warning show run out of disk space after new install. 2959957 - Indexer collector is reporting errors. 2963072 - When installing multiple Windows File Server agents with installcli, configdb uses 100% of CPU. 2973172 - fpolicy crashes since upgrade to DI 3.0.1: SEVERE: #{10} [ReportsDBUpgrade.upgradeReportsDB] HSQL DB path is invalid. 2982513 - Add a node property for fpolicyd called fpolicyd.rulefilter to exclude rules at FPolicy level Please refer to point 3 in addtional notes / Impact section below for more details. 2990530 - ConfigServlet does not update cache after config updates. Collector node does not update its list of associated WinNas nodes and forwards update config requests to MS. ************************************************************************************************* Incidents fixed on 3.0.1 RP1 ************************************************************************************************* 2656072 - User selection panel in the report creation wizard is enhanced to allow selection of all filtered users. 2664129 - Issue with scan resync in case a file is deleted when the DataInsightFpolicy service is stopped. 2679017 - The path for the report files for a specific report run is now shown\ in the View Report Progress window. For example, if the report files for report run ID 5 are located in C:\DataInsight\data\console\reports\reportruns\5, this path is displayed in the View Report Progress window. 2683790 - Issue with purging of segments using indexcli.exe. 2766065 - Typographic errors in log files in case of error V-378-1301-1. 2807744 - Disk space issues on the Collector node as a result of a large number of policy.db files. 2809769 - Job that sends alert emails quits if it encounters an invalid email address. 2818315 - Statistics for utilization of resources, such as CPU and memory, are now available for Linux Indexer nodes. 2829567 - Share selection on the Audit Logs page is now cached and is used when a user revisits the page. 2833689 - Filehash and dirhash files keep getting generated if query and index update occur simultaneously to the same index. 2848554 - The Define Open Share Policy popup is now replaced with the Edit Open Share Policy tab for better usability. 2848602 - Validations added for the values entered on the Edit Open Share Policy tab. 2854788 - Meaningful scan error messages are now printed for Windows System error codes up to 2000 except error codes between 200 and 300. 2854796 - The user interface now shows meaningful scan error messages for final scan error code as well as for intermediate paths. 2859628 - At times, server state for a Data Insight node is shown as Unknown despite all services running properly and nodes communicating properly with the Management Server. 2860299 - Memory consumption is high during dashboard report creation. 2865459 - Issues with filter functionality on the Shares/Site Collections page under Dashboard tab. 2865844 - "Fpolicy connected" event now resets the status of "fpolicy_safeguard" signal in the filer health database. 2869114 - If a share is disabled then the audit events for the last added share is not getting captured. 2869555 - In user-centric views, the Select Resource popup now allows selection of the "Devices with Permissions" option, which results in displaying only those shares on which user has access permissions. 2881044 - If the \scanner\err folder contains files for a failed scan of shares on a filer, the filer health is now shown as "At Risk". 2881064 - Issue with indexing voldb files in case of existence of a zero byte voldb file in the \inbox folder. 2898161 - On a multi-processor Data Insight node, if multiple idxwriter.exe processes are running, the next batch does not start until the last idxwriter.exe process in the first batch ends. 2898975 - DLPSensitiveFilesJob is failing for a report with 5.5M incidents. NOTE: To get around this problem, use jdbc to directly query oracle database instead of using Web APIs. For details, refer to the section "dlp_db.conf File Content" in this document. 2898991 - Last Known Good State is shown as "never scanned" in case of successful FULL scan followed by failed INCREMENTAL scans, followed by failed full scan, followed by successful INCREMENTAL scan. 2899001 - FPolicyd.exe now grants WRITE permission to the logon user for the DataInsightFpolicy service on the \data\stats folder. 2898995 - NullPointerException in populating dashboard stats for a share. 2899029 - Fixed an issue where if a path is opened by copy-pasting UNC into the GOTO bar, the synchronization of navigation pane works only partially. 2899070 - Issue with computing health status of DLP Sensitive files pull. 2899083 - Data Insight node is shown as "At Risk" if there.s a pre-upgrade event for err files exceeding threshold. 2899085 - The actions available from Filers, SharePoint Web Applications, and Data Insight Servers list pages are now also available from the respective details pages. 2900255 - DlpSensitiveFilesJob performance improvement. 2906109 - An additional report, Data Inventory Report, is now available under the Ownership Reports category. This report lists an inventory of files/documents with attributes such as ownership, sensitivity, age and activity. 2913843 - Scan Errors popup shows incorrect SharePoint path. 2914640 - File counts shown on dashboard don't match those shown in Data Inventory Report. Incorrect file count shown on dashboard. 2919668 - Access time and creation time are set incorrectly for root folder in index database. 2919730 - When full scan exits with error code 32768, which indicates that scanning of some paths failed, the last known good state is updated with the time of full scan. This behavior can be changed by using the global property update_last_known_good_state_for_partial_scans to false by using the configdb command. 2922577 - Fixed the custom attribute display issue in edit report view. 2922899 - DataInsightWinnas service now excludes all activity from the user used for scanning local shares. 2925848 - Scan errors do not get processed when the Collector for a Windows File Server is also the indexer for the server.