This page lists publically-released patches for Veritas Enterprise Products.
For Product GA build, see Veritas Entitlement Management System(VEMS) by clicking the Veritas Support 'Licensing' option.
For information on private patches, contact Veritas Technical Support.
Veritas is making it easier to find all software installers and updates for Veritas products with a completely redesigned experience. NetBackup HotFixes, NetBackup Appliance patches and APTARE IT Analytics patches are now also available at the new Veritas Download Center.
Patches for your product can have a variety of names. These names are based on product, component, or package names. For more information on patch naming conventions and the relationship between products, components, and packages, see the SORT online help.
Sign in if you want to rate this patch.

 Basic information
Release type: Rolling Patch
Release date: 2015-11-20
OS update support: None
Technote: None
Documentation: None
Popularity: 1013 viewed    239 downloaded
Download size: 1.57 GB
Checksum: 3690844705

 Applies to one or more of the following products:
Data Insight 4.5 On Linux
Data Insight 4.5 On Windows 32-bit
Data Insight 4.5 On Windows 64-bit

 Obsolete patches, incompatibilities, superseded patches, or other requirements:

 Fixes the following incidents:
3218302, 3513464, 3521892, 3642770, 3645769, 3649147, 3655519, 3658403, 3666743, 3667843, 3670031, 3676593, 3684730, 3685768, 3686135, 3686526, 3689738, 3709059, 3709675, 3714680, 3714696

 Patch ID:

 Readme file  [Save As...]

OS: Windows/Linux

Etrack Incidents: 3805633, 3804841, 3814475, 3793823, 3798450, 3791005, 3858042,

Errors/Problems Fixed:

3805633 - Report fails in case of audit events with timestamp larger than 

3804841 - IndexCheckJob failed. One or more database were found to be corrupt.

3814475 - 'Access Details for Paths' Report fails on Linux Indexer.

3793823 - Usermaps file size reduction.

3798450 - Extended workflow date is not getting used. Workflow moves to 
completed date after the end_date specified while workflow creation

3791005 - If Permission Remediation (Email for raising ticket) is configured
and in ER workflow, you submit a path without making any changes to the 
permissions, mail is not sent and the status for that path is always 
"Executing Action".

3858042 - Audit data collected but some events were lost for Filer.

3741310 - Discovery of EMC Isilon fails when using hostname, but works when 
using IP address.

Install/Uninstall Instructions:

Apply this rolling patch on all Data Insight servers with version 4.5 and above.

NOTE: Please keep a backup of the Data Insight files in the installation 
directory. This will be required in case you want to manually rollback the 

High Level Steps:
1. Apply the rolling patch on Management Server first, followed by all worker
2. Next, apply patch to Windows File Server agents (if applicable).
3. Next, apply patch to Microsoft SharePoint agents (if applicable).

Patching Data Insight Management Server and worker nodes:

1. Log onto each server with Administrative privileges.
2. Unzip the patch files to a temporary folder. In this folder, locate the 
   rolling patch installer for the appropriate OS architecture. The installer
   is called Symantec_DataInsight_windows_45RP4_4_5_4_8001_x64.exe for 64 bit 
   Windows OS, Symantec_DataInsight_windows_45RP4_4_5_4_8001_x86.exe for 32 bit
   Windows OS and for
   64 bit Linux RHEL5 OS and for 64 bit 
   Linux RHEL6 OS.
3. Launch the installer executable to install the rolling patch.

Patching Data Insight Windows File Server agents:

1. Unzip the patch files to a temporary folder. In this folder, locate the 
   rolling patch installer bundles for Windows File Server agents. The agent
   bundle is called for 64 bit OS
   and for 32 bit OS.
2. Log into the Data Insight Management Console with Server Administrator 
   privilege and upload the agent bundles to the appropriate Collector worker
   nodes using "Upload Manager" page on the Settings tab.
3. Navigate to Filer details page for each configured Windows File Server from 
   the Settings tab, and click on "Upgrade Agent" button available on the top of
   the page. This option is only visible if you have enabled the option to let 
   Data Insight install/upgrade agent for this filer.
4. Alternately, to manually patch a Windows File Server agent, log onto the 
   Windows File Server machine with Administrative privileges, unzip the agent
   installer bundle in a temporary location, and launch the patch installer. 
   The patch installer is called 
   for 64 bit OS, and 
   for 32 bit OS.

Patching Data Insight Microsoft SharePoint agent:

1. Log onto the SharePoint farm machine where the SharePoint agent has been 
   previously installed.
2. Uninstall the old agent using the "Add/Remove Programs" applet in Control 
3. Unzip the patch files to a temporary folder. In this folder, locate the 
   SharePoint agent installer. The installer is called 
   Symantec_DataInsight_sharepoint_45RP4_4_5_4_8001.exe for SharePoint 2007, 
   Symantec_DataInsight_sharepoint2010_45RP4_4_5_4_8001.exe for SharePoint 2010, 
   Symantec_DataInsight_sharepoint2013_45RP4_4_5_4_8001.exe for SharePoint 2013.
4. Launch the installer to install the new agent.

Additional Notes:
1. At this time, automated rollback of patch is not supported. To roll back the
   patch manually:
   a. Remember to take a backup of original files before you install the rolling
   b. To roll back the patch, stop all Data Insight services, overwrite the 
      patched files with original files from backup, and restart the services.
2. To confirm if a system has been patched, check the version of Data Insight
   using the Add/Remove Programs applet in the Control Panel.
3. For 3741310 - Discovery of EMC Isilon fails when using hostname, but works 
when using IP address.

	a. Make sure .Net 4.5 version is installed on all Data Insight Collector 
	nodes serving Isilon filer.
	b. Run following commands on Management Server node
	Go to INSTALL_ROOT\DataInsight\bin\ on command prompt and run:
		configdb -p -T node
	Above command will give list of all Data Insight nodes with their Ids
		configdb.exe -o -T node -k <nodeId> -J use.dotnet.version -j 4.5
	Above command needs to be run for Management Server node and all Collector 
	nodes for Isilon filers.
	E.g.: configdb.exe -o -T node -k 1 -J use.dotnet.version -j 4.5
	Where 1 is the node id. 
	Run this command for respective node IDs of Management Server node and 
	all Collector nodes for Isilon filers.
	c. Rename filer in Data Insight. Refer for detail steps. 
	(If you want to delete and re-add the filer, this step should be
	d. From Isilon administration console, go to cluster management > auditing 
	and under settings, change storage cluster name to hostname which is used
	while adding filer into Data Insight.
Incidents fixed in 4.5RP3

3609208 - Change the Event details of "Exit Code 1: Incorrect function"

3723581 - Add open_with_delete_intent filter in case of netapp cluster mode

3725228 - Remove ojdbc6.jar from DI.

3726404 - WSDL changes for DI-DLP.

3726431 - Consumption BY folder: atime/mtime/ctime should come from index.db

3727295 - Upgrade OpenSSL modules used in netappsdk to latest version 1.0.2.

3728431 - EMC Isilon: Handle share discovery when multiple access zone are 

3737740 - Enabling Cluster mode NetApp service to use domain in credentials for
ONTAPI connection.

3745658 - Improve handling of deleted users/groups.

3747719 - Log vserver disconnection time period in Cluster mode Netapp service.

3750538 - users and groups belonging to disabled domains are getting deleted 
from users db in AD Scan.

3758953 - Report consumption by folder and custodian not working with DFS path.

3762321 - EMC Isilon Doc Change: Audit Log Time Adjustment for fetching events.

3762330 - NetApp Cluster Mode Doc Change: Add domain user support.

3763098 - Log filer disconnection time period in 7 mode Netapp service.

3764644 - Custodians do not appear in entitlement report pick list.

3767718 - Fixing consumption by folder report defects.

3769421 - Comment field not visible on backend.

3770196 - Path Permissions report for custom security groups not returning 
expected results.

3771759 - SharePoint scanner creates large intermediate files.

3772735 - Custom attributes for disabled domains are not retained in users.db.

3774322 - queryd's query 'get_device_details' failed to get object attributes 
for devices where msu id greater than 20.

3775261 - get_user_overview query fetches incorrect membership information

3780293 - Log warning and not error when failed to invoke NetApp API 
"nfs-exportfs-list-rules" as we are re trying with upgraded API 

3780347 - Link generated in alerts email points to an invalid location.

3783825 - Hartford: Sharepoint Web app does not remain disabled after modifying.

3784091 - mxpredictor exits with -1

3784131 - When a deleted group is found, check if the distinguished name also
already exists.

3784768 - report crash on share name with special character (&).

3785646 - Job Details page will not show certains jobs.

3787838 - Status count is incorrect in case of ER workflow.

3788040 - SSP Entitlement review shows 'Groups' column in console, but it is
missing when exporting to csv"

3788418 - Downloading CSV file from SSP workflow saves data under wrong columns.

For 3737740 - Enabling Cluster mode NetApp service to use domain in credentials
for ONTAPI connection. 
Following additional steps are required.
	1.	If you are setting up AD user as filer credentials, complete one of the 
	following steps by logging on to NetApp cluster using SSH with Admin credentials: 
		•	If the cluster already has a data SVM with a CIFS server created, you 
		can use that data SVM as an authentication tunnel by using the security 
		login domain-tunnel create command with the -vserver parameter set to that 
		data SVM. 
		The security login domain-tunnel show command displays the specified 
		authentication tunnel. 
		•	If the cluster does not have a data SVM with a CIFS server created, 
		you can use any data SVM in the cluster and join it to a domain by using the
		vserver active-directory create command with the -vserver parameter set to 
		the data SVM.
		Joining a data SVM to a domain does not create a CIFS server or require a 
		CIFS license. However, it enables the authentication of AD users and groups
		at the SVM or cluster level.

	2.	Grant an AD user or group, access to the cluster or SVM by using the 
	security login create command with the -authmethod parameter set to domain. 
		•	The value of the -user-or-group-name parameter must be specified in the
		format of domainname\username, where domainname is the name of the CIFS 
		domain server and username is the AD user or group that you want to grant 
		•	AD user authentication and AD group authentication support only ssh and
		ontapi for the -application parameter.
		•	If the authentication tunnel is deleted, AD login sessions cannot be 
		authenticated by the cluster, and AD users and groups cannot access the 
		cluster. Open sessions that were authenticated prior to the deletion of the
		authentication tunnel remain unaffected.
	Examples of enabling an AD user as Data Insight  filer credentials. 
	These credentials are Required to discover shares and enabling FPolicy on the
	NetApp filer.
	The following example specifies the "vs1" data SVM as the tunnel that the 
	cluster will use for authenticating an AD user or group, and then displays the
	authentication tunnel.
	# security login domain-tunnel create -vserver vs1
	# security login domain-tunnel show

	Run following commands to create the role with specific privileges:

	security login role create -role testrole -cmddirname "version"-access all
	security login role create -role testrole -cmddirname "vserver cifs"-access readonly
	security login role create -role testrole -cmddirname "vserver"-access readonly
	security login role create -role testrole –cmddirname "vserver cifs share" -access readonly
	security login role create -role testrole -cmddirname "volume"-access readonly
	security login role create -role testrole –cmddirname "vserver fpolicy policy" -access all
	security login role create -role testrole –cmddirname "vserver fpolicy" -access readonly
	security login role create -role testrole –cmddirname "vserver fpolicy enable" -access all
	security login role create -role testrole –cmddirname "vserver fpolicy disable" -access all
	security login role create -role testrole –cmddirname "statistics" -access readonly

	The following command enables “testuser” in the "DOMAIN1" domain to access the
	cluster through SSH:
	cluster1::> security login create -vserver cluster1 
	-user-or-group-name DOMAIN1\testuser -application ontapi    
	-authmethod domain –role testrole

	Where cluster1 is the name of admin vserver. 

	You can optionally specify default role such as admin/vsadmin which already has above 

Incidents fixed in 4.5RP2b

3670031 - collector.exe crashes when handling out-of-order events for EMC VNX and

Incidents fixed in 4.5RP2

3689738 - Data Inventory report (DIR) crashes when there is no entry in uentry 
table. (Incorrect arguments to log function.)

3686526 - CEE files: Fix collector processing to finalize the audit file if the
timestamp goes back in time for an incoming record.

3649147 - salvage.exe crashes when CompactJob runs on a Linux indexer node.

3658403 - On restore, undelete the path from Data Insight.

3666743 - Scan end time is not correctly populated in GUI under
Scanning Dashboard > Scan History.

3709675 - Enterprise Vault workflow: While running the CreateWorkflowDBJob, 
expansion of paths in the temporary workflow database fails in some cases.

3714680 - HNasEnableAuditJob calls multiple threads of winnas_util for the same 

3521892 - Ownership Confirmation workflow: Progress status marked as 100% 
complete when the number of paths is large and only one or two paths are 

3714696 - On the SharePoint Web Applications listing page, when you click 
Select Action > Download Logs option for a configured web application, the
View Migration Status page opens.

3685768 - The fpolicyd service fails if it is unable to read the filer version. 
If the service is not able to read the filer version, it will continue by 
assuming the filer version as highest available version with the service.

3642770 - Report not able to show custodians for an individual file, only at
folder level. The issue may have been caused if a share is configured with 
different capitalization in Data Loss Prevention (DLP) and Data Insight.

3655519 - winnas_util.exe crashes when the filer credential used is not part of 
Administrators group.

3684730 - fpolicycmod service displays an error that a specific VServer does not

3218302 - Path Permissions report: Exclude Group does not work in case of 
SharePoint paths.

3645769 - Error 500 displayed when disabling celerrad service on a remote node.

3676593 - Entitlement Review report: In the CSV output of an Entitlement Review 
report, the first path in the alphabetical order is recursively displayed.

3686135 - DQL Membership: Query does not return membergroup depth.

3513464 - On the Reports home page, the Report Output icon is not displayed for 
partially successful reports.

3667843 - DataInsightFpolicy service does not use the credentials properly when 
run as Local System Account.

3709059	- NetApp 7-mode: Include one more API, nfs-exportfs-list-rules-2.
Incidents fixed in 4.5.1 4.5(RP1b)

3554447 - Even though Master report download thread issue is fixed, still, due to
incorrect settings for thread queue and core pool size, there is only one
report which can download in entire deployment.

3566477 - Fix memory leak for queryd in the list_custodian query.

3596849 - Events_first/events_next functions not re-entrant causing a dqlexec
query to crash.

3618936 - 'from dfspath get' crashes because cursor_limit[]
was not updated for a newly added table.

3317978 - Unable to clear the pending jobs from dashboard run.

3581084 - Using top command to compute memory consumption results in showing
incorrect value to be shown in statistics for Linux Indexers.

3551787 - Memory utilization on Linux indexers will not report high utilization
where used memory is greater than what can be reported as XXX KB by java INT.

3552962 - FPolicy service should ignore corrupted .tmp file for finalizing and
move ahead and start the service, instead of refusing to start.

3365514 - Scan resync does not work in scenarios listed in incident.

3553434 - Deleted path getting fetched in path_exist query.

3617741 - Data Aging report does not honor exclusion of user when the computed
user is the last option or the only option for the given owner method.

3526117 - In path csv upload with a folder path which exists, but same name
file is deleted, the report runs for FILE instead of FOLDER.

3526108 - In the report wizard, if a SharePoint folder is selected, on EDIT, 
the type is shown as unknown and path is displayed as CIFS path style instead
of SharePoint path.

3441687 - The custom attribute column name in DQL does not ignore case.

3510237 - UTF8 characters are encoded using Windows default character encoding
in BIRT HTML report output.

3510176 - Report: in case of report output (PDF), page breaks inserting
incorrectly for certain reports.

3511015 - Report: report.exe resolves the DFS path and should use the same
in protobuff progress output.

3510539 - Upgrading from version 301RP8 to 4.5: archived segments are not
asked to restore during upgrade.

3591682 - Active Directory scan fails while discovering the domain users if
timeout occurs.

3573527 - Full scan for share fails with the error code: V-378-1312-102.

3508323 - The server statistic page shows overlapping charts in GUI.

3488423 - If the IndexWriterJob and the CollectorJob are set to Never then
IndexWriterJob_Size & CollectorJob_Size jobs should be set to Never.

3488383 - Remove unnecessary stats for the Portal node.

3488183 - Remove unnecessary jobs from Portal nodes.

3087723 - Active Directory scan fails where there is multi-value custom
attribute with hundreds of values.

3601287 - Active Directory scan fails while discovering the domain users.

3389526 - On the Portal node the FileTransferJob failed to transfer file from
inbox\tmp to workflow\inbox.

3583328 - Share name is wrongly getting added in Data Insight when the share
name contains the characters: ' and &.

3549344 - ContextMap save table data contains "-1" for lot of field, where as
GUI shows null.

3508639 - Entries having comma (,) in the CSV files fails for CSV upload
functionality throughout the product.

3478876 - Deletion of msu/device should delete .lst file under 
<datadir>\scanner\lst of Collector or Windows File Server node.

3547499 - For the non-existing users/groups in customattr.csv file, attribute
value should not get added in attr and textvalue tables.

3585607 - While executing workflows, temporary reports for Entitlement Review
are stored under installdir/bin/null folder which occupies too much disk space.

3551120 - Custom action with the expand folder option fails to expand non-CIFS
folders and hence generated workflow remains in in-progress status
as the workflow_paths table is empty

3548112 - In the Management Console, the Attribute query (under
Workspace>Users) should show the edit option for existing queries.

3597995 - Sorting on saved credential page not working.

3502504 - Entitlement Review workflow: There is no way to know which users and
groups that are excluded under the Exclusion List tab.

3506279 - Workflows: Data Selection tab - Select Paths having Custodian - Search
for DFS paths does not work properly.

3513398 - In Entitlement Review workflow, email is sent even when the paths are

3513291 - Ownership Confirmation workflow: Data Selection pane (Select
Resources having Custodians)does not work as expected if you have
custodian assigned at web application and site collection levels and
you click Select All Resources.

3521333 - Ownership Confirmation workflow: Clearing the selected action for some
paths in certain situations still results in submitting all paths instead of
submitting only the paths which have actions associated with them.

3528789 - Windows File Server fails to scan. Both the credential tests fail in
Data Insight Console.

3586006 - Exclude rules do not work - First exclude rule contains the criteria 
for user, IP address, and prefix. The second exclude rule contains the file

3612194 - Maximum kernel ring buffer size changes to 0 when a node template
is used.

3441387 - Workflow template creation: if you choose a different font for
custodian name variable, the value of the variable name is not displayed in the
This issue is resolved when you apply the style to the entire variable
including $ and {}.

3602705 - Indexer fails to process a SharePoint audit file, stating: Path '/' 
can not be a file - Unable to add event to index. error=203.

3526657 - report.exe crashes for non-existing path or a path with no activity.

3524480 - Add pagination to SharePoint web service during enabling of event
handler feature to SharePoint.

3463724 - EMC Celerra and Isilon : When filer is disabled, raw audit files
should not be generated.

3507610 - In the Folder-centric view for Permissions>Recommendations: When
a group is expanded, a disabled user is displayed as an enabled user.

3547163 - Inactive Data By File Group report may crash.

3544968 - DQL- query returns incomplete data for permissions query for msu.

3537652 - queryd crash- get_analytics is crashing on 4.5GA build.

3525526 - In SharePoint if the Path Permissions report is configured to run on
unique paths, the report shows paths with non-unique permissions.

3540130 - Custodian report is failing that involves direct and inherited 
custodians coming from the same device/share.

3543888 - DQL- msu query that references device object crashes.

3543883 - DQL- syntax check does not work in case of query that involves nested

3501122 - PORTAL- If remote communication service is down, Data Insight still
shows paths coming from remote indexer under 'Show paths having
custodian' panel.

3496942 - DQL- In case of invalid syntax query returns nothing, this causes
blank popup on console.

3514519 - Portal: Ownership Confirmation- DLP policy filter is not working.

3493231 - DQL- root level site collection not printed in path table if its 
absname is specified in IF condition.

3507740 - Entitlement report for SharePoint - Report returns wrong permissions
if group G1 and its parent group PG1 has permission on same path.

3489596 - Inactive Data By File Group Report- report ran against any folder 
within share returns share level data.

3487464 - Portal Delegation: delegation trail column in workflow details panel
needs to be provided.

3375457 - Report: Custodian report: Setting up keep intermediate DBs true 
results in report failure.

3605262 - DQL Query does not return values for multivalued attribute such as
dlp_policies if you prefix the attribute name with object, and do not provide
FORMAT specifier.

3588184 - DQL- Presence of same column twice in Get clause results in merge

3600369 - Under Services panel, DataInsightWorkflow service should not be shown
for Collector, Collector+Indexer node. Also 
DataInsightGenericCollector, DataInsightWorkflowservice should be
hidden for Linux Indexer.

3593331 - DQL- Global MSU query returns wrong last_activity_time.

3570945 - dqlexec may crash if large number of values are present in IF

3575288 - list_custodian query is executed for each custodian, instead of
executing just once through report framework, when data is selected using

3568072 - Reports- Send latest copy of email does not work with email id ends
with .local.

3548614 - DQL- MSU query that involves permission computation does not work
for MSU type NFSv3.

3538893 - DQL- The database link provided in report email notification does not

3538735 - Portal Entitlement Review- Console fails to assign custodian to 
shares, even though custodian already exists in Data Insight.

3240597 - Unable to read property for log rollover for sharepoint and Enterprise
Vault clients.

3547793 - Workflow should also process sensitive files which do not have any
incident associated with them.

3535186 - Database locking issues if a single workflow db is accessed by over
100 users simultaneously.

3596074- The msu_summary table in dashboard database fails to populate with

3510996 - Report: If report is run on DFS paths, incorrect count is displayed 
in View Report progress > report execution on node.

3526315 - Fix SharePoint inherited permissions flag in the Dashboard summary

3430460 - If using IE 9, you cannot edit the Member count field in Entitlement
Review report.

3586907 - DataInsightFPolicy should not disconnect from filer due to crossing
threshold for NFS latency when only CIFS shares are being monitored
from Data Insight.

3612865 - Indexwriter crashes while processing audit files.

3581623 - Data Insight FPolicy service trying to connect to a NetApp filer that
is no longer configured.

3519318 - cel_util crashes when no command is provided while invoking it.

3561296 - cel_util.exe should not discover NFS exports.

3510980 - Provide an additional logging under fpolicycmod logs if events 
database is locked.

3587664 - root directory "/" may not get listed in DQL output when there are no
other directories in the share.

3536600 - The segment file mismatch with segment size in database is more than
on disk size should not crash segment read.

3630066 - Rolling Patch upgrade is disabled for Indexer+Collector node.

3523967 - If a file is selected in report creation wizard under data selection,
on edit, it is displayed as a folder.

3510446 - mxcustodian crashes on Linux Indexer when input csv contains i18n

3620906 - Multibyte characters are not handled for encoding or decoding URL for

3577068 - Login admin as custodian feature - improvements.

3462848 - Entitlement Review report generates incorrect output in case of nested
groups, resulting in showing blank rows in Entitlement Review portal.

3508654 - Reports- Report framework maps invalid path to any random device
then triggers and executes report successfully.

3573534 - Need to handle 4.5.1(i.e number) in the SORT code.

3507761 - Need to add action "view migration status" for SharePoint web

3228192 - Show output on GUI even though report fails at copy output to stage.

3455300 - We need to enhance DlpImportSensitiveFilesJob to map DFS share
with actual physical share.

3508392 - FURTHER consolidate DO policy across ContextMap and
get_data_owner() and mxcustodian.

3591005 - dqlexec membership 'group.iscircular' may mess up with 'depth'.

3599519 - DQL- Global MSU query is returning wrong last_activity_time.

3341634 - During the creation of Incident Remediation workflow, re-selecting 
path with custodian does not work.

3381820 - Remove options which are not related to Portal node from Download
Logs list wizard.

3628337 - GUI does not show correct schedule when filer's scan schedule is

3601169 - Report: Edit icons are not showing correctly. Issue observed for
SharePoint sites only.

3534151 - 1) Report footer should accept UTF-8 characters. 2) report header
cannot be changes to utf-8 characters. 3) html output via BIRT report
does not support UTF-8 characters.

3629122 - Show appropriate message when web-app addition fails because of
adding duplicate web application.

3509902 - Report: Getting exception in Webserver logs while running a report 
with container. It appears when a container is added to a report and the
report is edited or run. It tries to resolve all container as path and throws

3554645 - CEE supports only one Auditing connector for Isilon and not multiple.

3533663 - Avoid IndexWriterJob and ActivityIndexJob on the index only in case it
is migrating out of the current node.

3632817 - path:device.capacity is slow and cause memory leak. 

3627353 - Security event should not change last access timestamp for file and
folders because lot of times it does not get updated on file system.

3602443 - ChangelogJob throws exception when it fails to merge a pathdb file and
tries to publish an event.

Read and accept Terms of Service