Date:2013-08-16

OS: Windows/Linux

Etrack Incidents: 3193000, 3193586, 3198148, 3249130, 3117719, 3230939, 3158639, 3255162, 3253971,
3234874, 3248083, 3254075, 3207242, 3273684

Errors/Problems Fixed:

3193000	- Exclude Scanning Rules for SharePoint shows the patterns using wrong "\".

3193586	- The SharePoint agent installation doesn't use the installDir specified in the response file.

3198148	- Incorrect membership information for domain users when those are directly added in WinNAS / SharePoint local groups.

3249130	- Upgrade Apache Tomcat webserver to 6.0.37.

3117719	- Data Insight collector is not able to scan NFS shares where name contains characters not supported by Windows.

3230939	- Timeout occurs after 200 seconds for a SharePoint 2010 Web Application with 8000 sites.

3158639	- Data Insight does not scan Custom Libraries on SharePoint server.

3255162	- Data Insight is not displaying cross domain user and group membership if domain is located in a different Active Directory forest.

3253971	- idxwriter crash due to ftable_setattr() returning SQLITE_NOMEM.

3234874	- Fixed audit errors for files being renamed.

3248083 - get_path_permissions query returns user as group.

3254075 - Local System and Creator Owner should be considered as groups and not as users.

3207242 - Make sure to not lose filesystem modification events to the compress heuristic.

3273684 - Improve performance for Entitlement Summary report.

Install/Uninstall Instructions:

Apply this rolling patch on all Data Insight servers with version 3.0.1 with or without earlier rolling
patches applied.

NOTE: Please keep a backup of the Data Insight files in the installation directory. This backup is 
required in case you want to manually roll back the patch.


High-level Steps:

1. Apply the rolling patch on the Management Server first, followed by all worker nodes.
2. Next, apply the patch to Windows File Server agents (if applicable).


Patching Data Insight Management Server and worker nodes:

1. Log in to each server with administrative privileges.
2. Unzip the patch files to a temporary folder. In this folder, locate the rolling
   patch installer for the appropriate OS architecture. The installer is called
   Symantec_DataInsight_windows_301RP7_3_0_1_7000_x64.exe for 64 bit Windows OS,
   Symantec_DataInsight_windows_301RP7_3_0_1_7000_x86.exe for 32 bit Windows OS, and
   Symantec_DataInsight_linux_301RP7_3_0_1_7000_x64.sh for 64 bit Linux OS.
3. Launch the installer executable to install the rolling patch.


Patching Data Insight Windows File Server agents:

1. Unzip the patch files to a temporary folder. In this folder, locate the rolling
   patch installer bundles for Windows File Server agents. The agent bundle is called
   Symantec_DataInsight_windows_winnas_301RP7_3_0_1_7000_x64.zip for 64 bit OS and
   Symantec_DataInsight_windows_winnas_301RP7_3_0_1_7000_x86.zip for 32 bit OS.
2. Log in to the Management Console with Server Administrator privilege and upload the 
   agent bundles to the appropriate collector worker nodes using "Agent Uploader" page
   in the Settings tab.
3. Navigate to the Filer details page for each configured Windows File Server in the Settings
   tab, and click on "Upgrade Agent" button available at the top of the page. This option
   is only visible if you have enabled the option to let Data Insight install/upgrade
   agent for this filer.
4. Alternately, to manually patch a Windows File Server agent, log onto the Windows File
   Server machine with Administrative privileges, unzip the agent installer bundle in a
   temporary location, and launch the patch installer. The patch installer is called
   Symantec_DataInsight_windows_winnas_301RP7_3_0_1_7000_x64.exe for 64 bit OS,
   and Symantec_DataInsight_windows_winnas_301RP7_3_0_1_7000_x86.exe for 32 bit
   OS.


Additional Notes:

1. At this time, automated roll back of patch is not supported. To roll back the
   patch manually:
   a. Remember to take a backup of the original files before you install the rolling patch.
   b. To roll back the patch, stop all Data Insight services, overwrite the patched 
      files with the original files from backup, and restart services.
2. To confirm if a system has been patched, check the version of Data Insight using the 
   "Add/Remove Programs" applet in the Control Panel.
   
3. For 3230939 - Timeout occurs after 200 seconds for a SharePoint 2010 Web Application with 8000 sites
   It may be required to change client side timeout. The default client timeout is 100 seconds. 
   You can try by increasing this value to 600 seconds. Set the client side timeout using the following
   command on the Management Server:
   configdb.exe -O -J sp.client_timeout -j <value in seconds>

  
*************************************************************************************************
Incidents fixed on 3.0.1RP6:  
*************************************************************************************************

3136934 - Unable to see cross domain membership information for domain local groups.

3189318 - Setting up appropriate privileges for scanner credentials.


*************************************************************************************************
Incidents fixed on 3.0.1RP5:  
*************************************************************************************************
   
3072022 - Data Insight UI not displaying properly in Internet Explorer 9 in Compatibility mode.

3076812 - Entitlement report does not generate correct output when custom attributes are selected.

3078446 - NEVER scan status not displayed in the UI.

3101281 - Cannot assign custodians to SharePoint paths using mxcustodian command.

3111401 - Fully exclude share-level permission when requested.

3114437 - Fix basic permission mask for effective permissions.

3115058 - ACEs within an ACL are being reordered while displaying in GUI. Order gets changed while displaying 
          it under Workspace-->Permissions.

3119461 - Properly handle FSACL for owner.

3121006 - Everyone is not part of authenticated users.

3065549 - Report for file type EXE on NetApp is EMPTY. The filter works fine for Wndows agents.

3093587 - Column Header to change for User/Group & Path permissions report.

3093594 - Dont show ACES in console & reports if effective access mask for the ACE is zero.

3115329 - Stats library to support a timeout for inserting into lstats.dll.

3120448 - Path column under Scan errors page should show complete path on which scan is failing.

3123611 - Permission report has memory leak.

3069879 - Remove certain files from $data/updates folder after config is updated.

3105649 - Changes needed to the pause scanner default setting to display two integers behind the colon in the time value.

3017850 - Error generating audit log data for extracts.

3117384 - When we don't include share level permissions for effective permissions view, 
          advanced permissions map should not show share level trustees and share level path.

3118904 - Reduce severity level to warning for error:UNKNOWN_LINK(257).

3122301 - Capture all credential requirements for scanning.

3125490 - Workspace permissions verification for winnas/nfs/SharePoint.

3130301 - Unable to add LDAP and NIS users as custodians using mxcustodian command.

3067090 - Removed custom attributes from Data Insight, still there. Reports & report config still slow.

3107241 - Custom NetApp filer scan schedule not applying with proper saved time and display in console.

3145930 - Cannot manage Windows filer agent automatically from Data Insight console if agent was installed manually.

3145847 - Completed successful scans with non-zero return code showing as failed in Data Insight console.

3149276 - Queryd consuming memory and CPU until Host out of memory.

3157936 - Dashboard Summary report failing.

2981486 - Path Permission/User Permission report: Saved changes do not persist.

3120534 - Error fetching health details from filer/node health DB.


*************************************************************************************************
Incidents fixed on 3.0.1RP4:  
*************************************************************************************************

2989545 - Error 209 when importing custom user attributes using csv file where file format is UTF8.

3006155 - It appears the user selection filter setting is not saved when report is saved.

3009783 - mergedb.exe is causing 90% CPU usage for long periods.

3013462 - Users cannot open output of their created reports in certain scenarios.

3013712 - Wrap all SharePoint web service API calls to deliver exception stack traces to the clients.

3015445 - Fix spurious log message in fpolicyd.log which confuses user about filer connectivity.

3019830 - Path Permission report shows incorrect permissions.

3020696 - After adding several hundred Windows agents, the event processor job appears to be hung and
          events don't appear to be processing correctly. Inbox full of node events are not getting processed.
  
3027426 - Invalid user gets set in master report run thread.

3021954 - DataInsightConfig seems to slow down the UI with a large number of servers & shares.

3033697 - SyncScansJob throws exceptions for large deployments.

3049995 - Give the Logon user of DataInsightFpolicy permissions to write to the data/collector folder.

3043730 - Enhance testuser utility to support more options.

3051105 - SharePoint client logs do not roll over.

3053172 - netapp_util.exe crashes if no user is specified.

3054269 - Several CIFS files from Windows server agents are not getting consumed and are dropped in the
          indexer\err folder.
  

*************************************************************************************************
Incidents fixed on 3.0.1RP3

*************************************************************************************************

3002878 - configdb process crashes during log rollover.




*************************************************************************************************
Incidents fixed on 3.0.1RP2: 
*************************************************************************************************


2924502 - Data Inventory report is crashing with invalid pointer read in owner index.

2934630 - Issues while deleting winnas server with the option of "uninstall agent".

2937368 - Download Logs throws OutOfMemoryError for large data set.

2937805 - Enable/Disable site collection auditing on SharePoint server when Enabling/Disabling
           site collection in DI.

2937960 - Use custom chunk size for sqlite3 via reports (sensitive_summary.dll).

2941639 - While merging report outputs, move intermediate output db's rather than copy
          and delete the intermediate ones after merge is complete.
  
2941806 - Dashboard: Save filter table does not save all filtered data.

2944336 - localuser.exe not picking up the local groups from Netapp filer.

2944616 - Implement a central place in LogServlet to change log level on any node, for any service.

2944814 - Dashboard does not consider absense of share level permission while evaluating open shares.

2945765 - Download logs should try and capture security policies for a collector/winnas ndoe.

2946060 - ConfigUtils.isWindows fails on Turkish locale.

2952484 - Automatically add DFS mapping for winnas cluster after share discovery.

2952809 - queryd should truncate the sharelist file so that old entries are purged.

2955756 - Automatically set security options for fpolicy in registry.

2957316 - Workspace--->Users, BU attribute query not working for NOT EQUAL operator.

2957680 - Optimize Disk Space and speed for intermediate files for reports by transferring those with
          in memory compression.
  
2968233 - Fixed Notify custodian shows wrong info.

2972341 - Large file download via File Transfer Job causes exception in StatsManager.publishStat.

2976643 - Time taken for directory scan shown on Uber dashboard appears to be incorrect.

2982141 - HA setting : 'Number of files in err folders' is not working.

2982453 - For Exclude Rule, exclude access for a particular user on a particular path doesn't work.
          It excludes access for all the users on that path.
  
2875273 - Error generating audit log data for extracts. Added retry logic if sqlite db is locked.
          This is for a small db which holds the generation number. Parallel collector processes
          run by DataInsight commd service may encounter a db locked and all input files are moved to
          collector/err folder.
  
2953188 - Getting warning show run out of disk space after new install.


2959957 - Indexer collector is reporting errors.

2963072 - When installing multiple Winnas agents with installcli, configdb uses 100% of CPU.

2973172 - fpolicy crashes since upgrade to DI 3.0.1: SEVERE: #{10} [ReportsDBUpgrade.upgradeReportsDB]
          HSQL DB path is invalid.
  
2982513 - Add a node property for fpolicyd called fpolicyd.rulefilter to exclude rules at fopolicy level
          Please refer to point 3 in addtional notes / Impact setion below for more details.
   
2990530 - ConfigServlet does not update cache after config updates. Collector node does not update its list
         of associated WinNas nodes and forwards update config requests to MS.
 


*************************************************************************************************

Incidents fixed on 3.0.1 RP1

*************************************************************************************************

2656072 - User selection panel in the report creation wizard is enhanced to
          allow selection of all filtered users.

2664129 - Issue with scan resync in case a file is deleted when the DataInsightFpolicy
          service is stopped.

2679017 - The path for the report files for a specific report run is now shown\
          in the View Report Progress window. For example, if the report files for report
          run ID 5 are located in C:\DataInsight\data\console\reports\reportruns\5,
          this path is displayed in the View Report Progress window.

2683790 - Issue with purging of segments using indexcli.exe.

2766065 - Typographic errors in log files in case of error V-378-1301-1.

2807744 - Disk space issues on the Collector node as a result of a large number
          of policy.db files.

2809769 - Job that sends alert emails quits if it encounters an invalid email address.

2818315 - Statistics for utilization of resources, such as CPU and memory, are now available
          for Linux Indexer nodes.

2829567 - Share selection on the Audit Logs page is now cached and is used when a user revisits
          the page.

2833689 - Filehash and dirhash files keep getting generated if query and index update occur
          simultaneously to the same index.

2848554 - The Define Open Share Policy popup is now replaced with the Edit Open Share
          Policy tab for better usability.

2848602 - Validations added for the values entered on the Edit Open Share Policy tab.

2854788 - Meaningful scan error messages are now printed for Windows System Error codes up to
          2000 except error codes between 200 and 300.

2854796 - The user interface now shows meaningful scan error messages for final scan error code
          as well as for intermediate paths.

2859628 - At times, server state for a Data Insight node is shown as Unknown despite all services
          running properly and nodes communicating properly with the Management Server.

2860299 - Memory consumption is high during dashboard report creation.

2865459 - Issues with filter functionality on the Shares/Site Collections page under Dashboard tab.

2865844 - "Fpolicy connected" event now resets the status of "fpolicy_safeguard" signal in the filer
          health database.

2869114 - If a share is disabled then audit events for the last added share is not getting captured.

2869555 - In user-centric views, the Select Resource popup now allows selection of the "Devices with
          Permissions" option, which results in displaying only those shares on which user has access
          permissions.

2881044 - If the \scanner\err folder contains files for a failed scan of shares on a filer, the filer
          health is now shown as "At Risk".

2881064 - Issue with indexing voldb files in case of existence of a zero byte voldb file in the \inbox folder.

2898161 - On a multi-processor Data Insight node, if multiple idxwriter.exe processes are running,
          the next batch does not start until the last idxwriter.exe process in the first batch ends.

2898975 - DLPSensitiveFilesJob is failing for a report with 5.5M incidents.
          NOTE: To get around this problem, use jdbc to directly query oracle database
          instead of using Web APIs. For details, refer to the section "dlp_db.conf File
          Content" in this document.

2898991 - Last Known Good State is shown as "never scanned" in case of successful FULL scan followed
          by failed INCREMENTAL scans, followed by failed full scan, follwed by successful INCREMENTAL scan.

2899001 - FPolicyd.exe now grants WRITE permission to the logon user for the DataInsightFpolicy service
          on the \data\stats folder.

2898995 - NullPointerException in populating dashboard stats for a share.

2899029 - Fixed an issue where if a path is opened by copy-pasting UNC into the GOTO bar, the
          synchronization of navigation pane works only partially.

2899070 - Issue with computing health status of DLP Sensitive files pull.

2899083 - Data Insight node is shown as "At Risk" if there.s a pre-upgrade event for err files
          exceeding threshold.

2899085 - The actions available from Filers, SharePoint Web Applications, and Data Insight Servers
          list pages are now also available from the respective details pages.

2900255 - DlpSensitiveFilesJob performance improvement.

2906109 - An additional report, Data Inventory Report, is now available under the Ownership Reports
          category. This report lists an inventory of files/documents with attributes such as ownership,
          sensitivity, age and activity.

2913843 - Scan Errors popup shows incorrect SharePoint path.

2914640 - File counts shown on dashboard don't match those shown in Data Inventory Report.
          Incorrect file count shown on dashboard.

2919668 - Access time and creation time are set incorrectly for root folder in index database.

2919730 - When full scan exits with error code 32768, which indicates that scanning of some paths failed,
          the last known good state is updated with the time of full scan. This behavior can be changed
          by using the global property update_last_known_good_state_for_partial_scans to false by using
          the configdb command.

2922577 - Fixed the custom attribute display issue in edit report view.

2922899 - DataInsightWinnas service now excludes all activity from the user used for scanning local shares.

2925848 - Scan errors do not get processed when the collector for a Windows File Server is also the indexer
          for the server.