Important

   

This space contains documentation for TrueSight Server Automation 8.9.03 and the later service packs for 8.9. For earlier releases, see BMC Server Automation 8.9.

Service Pack 3: version 8.9.03

This topic contains information about fixes and updates in Service Pack 3 (product version 8.9.03), and provides instructions for downloading and installing the service pack.

Tip

For information about issues corrected in this service pack, see Known and corrected issues.

Build information

The following table lists build information for this release.

Oops, it seems that you need to place a table or a macro generating a table within the Table Filter macro.

The table is being loaded. Please wait for a bit ...


Release

Build number

EPD version number

Release date

Patch 2 for Service Pack 4 for version 8.9

8.9.04.253

8.9.04.002September 18, 2019
Patch 1 for Service Pack 4 for version 8.9

8.9.04.227

8.9.04.001June 21, 2019
Service Pack 4 for version 8.9

8.9.04.200

8.9.04January 28, 2019
Patch 1 for version 8.9 Service Pack 3

8.9.03.647

8.9.03.001October 5, 2018
Service Pack 3 for version 8.9

8.9.03.162

8.9.03June 11, 2018

Notice

BMC Software is alerting users of BMC Server Automation for Windows Patching that they need to upgrade the BMC Server Automation application server and Windows target servers to the latest versions to ensure the continued functioning of Windows Patching within the product. 

Ivanti has announced the end-of-life for an underlying Shavlik SDK version that BMC Server Automation uses to get updates for Windows patches. The original end-of-life support for Shavlik 9.1 was December 31, 2018. The end-of-life support is now extended to September 30, 2019, which provides users with additional time to upgrade BMC Server Automation application server and the BMC Server Automation RSCD Agents running on Windows target servers.


Enhancements

The following topics describe the enhancements included in this service pack.

What's new

The following table lists the new features included in this service pack.

CategoryUpdateDescription
PatchingShavlik update OR Third-party software updates

Shavlik version that is shipped with TrueSight Server Automation has been upgraded from Shavlik 9.1 to Shavlik 9.3. This requires that all Windows RSCD Agents that are used for Windows Patching are upgraded to 8.9.03. Windows Patching will not work with downlevel agents once the application server is upgraded to 8.9.03.

GeneralThird-party software updates

Java Runtime Environment (JRE) version that is shipped with TrueSight Server Automation has been updated to 1.8.0_172 (JRE 1.8 Update 172).

For more information about other third-party software versions, see Third-party software.

GeneralThird-party software updatesThe version of the SysInfo utility (from MagniComp) has been updated to 10-H82.
GeneralPatching

You can perform patching and remediation activities for Ubuntu 16.04 by using TrueSight Server Automation.

GeneralAIX build date

A new property, Build Date has been added in AIX  for Service Packs. You can view this property in the following tabs of the Service Packs:

  • Extended Properties tab
  • AIX Container Properties tab

For more information, see Examining patch properties for AIX.

GeneralSMB upgrade

Server Message Block (SMB) version has been upgraded to SMB version 2 (SMBv2) to avoid exposure to security vulnerabilities (for example,WannaCry ransomware attack). For more information, see multiple-vulnerabilities-in-microsoft-windows-smb-server in documentation.

You must ensure that SMBv2 is enabled for Microsoft Windows server for following actions:

  • Add node (Applicable only for Microsoft Windows application server)
  • Remote file server (Applicable only for Microsoft Windows application server and Microsoft Windows file server)
  • Agent Installer Job (Applicable only for Microsoft Windows target server)
  • Unified Agent Installer (Applicable only for Microsoft Windows target server)
Compliance ContentTemplate updates to newer benchmarks

The component template for the Health Insurance Portability and Accountability Act (HIPAA) policy has been updated to more recent benchmarks:

  • HIPAA on AIX 7.1

For the complete list of available templates, see Compliance policy standards supported by TrueSight Server Automation templates.

GeneralSHA 256 support

TrueSight Server Automation now supports Secure Hash Algorithm 256 (SHA 256). By default, the following certificates use SHA256 signing algorithm:

  • RSCD self-signed certificate (certificate.pem)

For fresh installation of RSCD Agent 8.9.03, the certificate.pem is created with SHA256 Signature Algorithm.

If secure logging is configured on RSCD agent, certificate.pem file is used in secure logging. So, in case of upgrade, by default, the existing certificate.pem file is not upgraded to SHA256. To use SHA256 in certificate.pem for upgraded RSCD Agent, perform the following steps:

    1. Back up the existing certificate.pem, RSCD log files and respective signature files. This is applicable if you want to verify older RSCD log files on the server.
    2. Delete certificate.pem file.
    3. Perform any operation against RSCD Agent (for example, restart service, agent info). The RSCD Agent automatically creates a new certificate.pem file with SHA256 Signature Algorithm.
      For more information, see Session layer security.
  • Application server self-signed certificate (bladelogic.keystore)

For fresh installation of application server 8.9.03, the bladelogic.keystore is created with SHA256 Signature Algorithm.

In case of upgrade, by default, the existing bladelogic.keystore file is not upgraded to SHA256. To use SHA256 in bladelogic.keystore for upgraded application server, perform the following steps:

    1. Back up the old bladelogic.keystore file.
    2. Recreate the bladelogic.keystore using blmkcert.
    3. Apply the same bladelogic.keystore across the MAS setups.
      For more information about blmkcert and the steps to apply bladelogic.keystore, see Using certificates to secure communication between clients and Application Servers.

What's changed

The following table lists down the features that have been modified.

CategoryUpdateDescription
PatchingShavlik upgrade

Modifications: The following changes are done with reference to Shavlik upgrade from Shavlik 9.1 to Shavlik 9.3:

  • In global patch configuration parameters for Shavlik, OEMCatalog.zip file is replaced with OemCatalogWpd.zip file. Patch definition and contents files ( pd5.xml and hf7b.xml) are replaced with WindowsPatchData.zip. For more information, see Creating a patch catalog for Microsoft Windows.
  • The format of the product_categories.xml (Windows Filter Configuration file) is changed in TrueSight Server Automation 8.9.03. If you have previously customized the product_categories.xml file and are upgrading from a version prior to TrueSight Server Automation 8.9.03, you must manually update the changes to the new format (see sample product_categories.xml file for the format). Any manual customization in the product sub categories is overwritten and the customizations are lost. However, BMC recommends that you keep a backup of the product_categories.xml file before upgrading. For more information, see Global Configuration parameter list.
  • A new exportIvantiProductCatalog option has been added for Microsoft Windows Patch Downloader utility (offline downloader) to export the products that are available from Ivanti. The exported CSV file is generated with Vendor, Family, Version, Product information. For more information, see Additional commands for Microsoft Windows Patch Downloader utility. This option can be used as reference for customizing product_categories.xml.
  • If you want to add a new product to the filter list in the Windows Catalog tab, you must add a new product_category tag in the product_categories.xml and add a vendor node. You can also add specific information to the optional nodes (familyversionproduct, include_products, exclude_products). For information about how to add new products to the filter list, see Filters.
  • The Refresh button to refresh the Windows Filter Configuration File while configuring global patch configuration parameters for Shavlik is not available.
  • Adding a hotfix from the Depot > Patch catalog and by using Servers > Browse (Live browse) option is not available. The following options are disabled:
    • Add to Depot As → BlPackage 
    • Deploy 

      You can perform the same action by using patching job (Analyze Patch(s) action).  For information about ways to add a hotfix, see Adding a hotfix to the Depot.
  • Uninstall from Live browse does not auto-download the payload and you have to manually provide all required inputs.

Pre-requisites: Ensure that you meet the following pre-requisites:

  • Ensure that the following components must be updated to TrueSight Server Automation 8.9.03 version:

    • Application Servers/Database
    • BMC Server Automation Consoles
    • File Server RSCD Agent
    • All Windows RSCD agents which are targets of BMC Server Automation Windows Patching
  • BMC recommends that you keep a backup of the product_categories.xml file before upgrading, because any manual customization in the product sub categories is overwritten and the customizations are lost.

Post-upgrade tasks: You must perform the following tasks after upgrading the agent, because Catalogs, Patch Analysis Job, remediation prepared with Shavlik 9.1 does not work after upgrade:

    • Update all old catalogs
    • Upgrade agents
    • Re-execute existing patching jobs with updated catalogs
    • manually update the customizations to the new format of product_categories.xml
PatchingPatching support deprecationPatching support for the following products have been removed:
  • Microsoft Windows XP
  • Microsoft Office 2000
  • Microsoft Office 2003
  • Microsoft Windows Server 2003
  • Microsoft SQL Server 2000
  • Microsoft SQL Server 2005

Compliance Content

Templates deprecation

TrueSight Server Automation no longer supports the following compliance content templates:

  1. CIS - Windows Server 2003 for Domain Controllers
  2. CIS - Windows Server 2003 for Member Servers
  3. CIS - Red Hat Enterprise Linux 5
  4. CIS SuSE Linux Enterprise Server 10 
  5. DISA - Red Hat Enterprise Linux 5
  6. DISA - Windows Server 2003 DC
  7. DISA - Windows Server 2003 MS
  8. PCI Data Security Standard - Windows Server 2003
  9. PCI Data Security Standard - Solaris8-9
  10. PCI Data Security Standard v2 - Red Hat Enterprise Linux 5
  11. PCI v3 SUSE Linux Server Enterprise Server 10
  12. HIPAA - Windows Server 2003
  13. HIPAA - SUSE 9-10 Linux
  14. HIPAA - Solaris 8-9
  15. HIPAA - AIX (5.2 and 5.3)
  16. HIPAA - Red Hat Enterprise Linux 5
  17. SOX Data Security Standard - RedHat Linux (5)
  18. SOX Data Security Standard - Windows Server 2003
  19. SOX Data Security Standard - SUSE 9-10 Linux
  20. SOX Data Security Standard - Solaris8-9
  21. SOX Data Security Standard - AIX (5.2 and 5.3)

These content templates are deprecated as updates on the compliance standards as well as the platform have been stopped by their respective vendors. TrueSight Server Automation no longer supports agent for the underlying platforms. These templates are no longer bundled and tested. However, the existing templates in your environment are not modified. If you need to use the existing templates in your environment, you can still use the existing templates. However, if you face any issues on this templates ( if the rules need fix), and you need assistance, contact BMC Customer Support.

For more information about the templates supported by the product, see Compliance policy standards supported by TrueSight Server Automation templates.

GeneralOffline helpTrueSight Server Automation 8.9.03 does not support the local offline help.
Databasepermissions

You must apply both the granular and resource permissions:

  • Resource permission
    • GRANT RESOURCE permissions
  • Individual privileges
    • CREATE TRIGGER
    • CREATE SEQUENCE
    • CREATE TYPE
    • CREATE PROCEDURE
    • CREATE CLUSTER
    • CREATE OPERATOR
    • CREATE INDEXTYPE
    • CREATE TABLE

For more information, see List of required database permissions.

Downloading the service pack

Service Pack 3 for version 8.9 includes full installers for all components. You can download the files for version 8.9.03 from the TrueSight Server Automation 8.9.03 download page at the BMC Electronic Product Distribution (EPD) website

For full download instructions, see Downloading the installation files.

For a list of installation programs by OS, see Installation programs for TrueSight Server Automation.

Installing the service pack as a fresh product installation

If you are installing this service pack as a fresh product installation, do one of the following:

Upgrading to the service pack

You can upgrade to this service pack from product versions 8.7.x, 8.8.x, 8.9.00, 8.9.01, and 8.9.02.

To upgrade, do one of the following:

Note: Upgrading the TrueSight Server Automation console

When you upgrade the TrueSight Server Automation Application Server to version 8.9.03, you must upgrade the TrueSight Server Automation Console to version 8.9.03.

BMC Decision Support for Server Automation version 8.9.00 is not compatible with TrueSight Server Automation version 8.9.03. BMC Decision Support for Server Automation users must install a hotfix on BMC Decision Support for Server Automation 8.9, before installing or upgrading to TrueSight Server Automation 8.9.03. For more information about the hotfix, see  Prerequisites  in the BMC Decision Support for Server Automation documentation.


Was this page helpful? Yes No Submitting... Thank you

Comments