Red Hat NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE Manuel d'utilisateur télécharger pdf (Page 21)

Dell KACE K1000 Systems Management Appliance, Version 6.0, Release Notes 21

Agent-related known issues

This section lists Agent-related known issues.

About Agent security

Two amp.conf SSL settings are implemented on the K1000 Agent: sslrequired and verifyssl. Both

settings are disabled by default, and they have to be set manually using AMPTools.

Enabling sslrequired in amp.conf (using a value of either yes or true), forces the Agent to connect to the

appliance using HTTPS over port 443 for both AMP and web connections. As a result, if the appliance is not

configured to use port 443, the Agent disconnects. Uploads and downloads are also performed through

HTTPS when sslrequired is enabled because the regular fall back to HTTP is disabled.

Enabling verifyssl provides a higher level of security than sslrequired alone. When verifyssl is enabled in

amp.conf (using a value of either yes or true), the Agent validates the K1000 server certificate against the

list of known certificate authorities listed in cacert.pem in the data directory. The certificate bundle is

exported from Mozilla and shipped with the Agent installation by default. Turning on verifyssl implies

sslrequired, so the Agent cannot connect if port 443 is not configured. Verifying the server certificate means

the certificate must be up to date, the server name must match, and the certificate must be traced back to a

trusted authority listed in the certificate bundle.

In version 6.0, self-signed certificates are not supported because they are not listed as trusted authorities in

the certificate pem file. As a result, Dell KACE recommends that you enable verifyssl only if the server has a

publicly signed valid certificate. Otherwise the Agent cannot connect to the K1000 appliance.

Use the following commands to enable SSL in AMPTools:

AMPTools set sslrequired=true

AMPTools set verifyssl=true

K1SD-2249 If the Title field is marked as hidden in a Service Desk ticket queue, errors are

reported when you edit Process tickets in that queue. To prevent errors,

temporarily mark the hidden Title field as visible, modify the Process ticket, then

mark the Title field as hidden again.

N/A Service Desk ticket rules that refer to HD_QUEUE custom fields fail because

HD_QUEUE is moved to HD_FIELD during the K1000 server update to version

6.0. To resolve the issue, rewrite ticket rules to use HD_FIELD.

N/A K1000 version 5.5 had a Show Patch Progress check box on the Patch Schedule

Detail page. This check box controlled whether patch progress messages

appeared on managed devices during patching. In version 6.0, the Show Patch

Progress check box has been removed. To prevent patch progress messages

from being displayed on managed devices, delete the contents of the message

boxes (Initial Message, Progress Message, and Completion Message) in the

Notify section of the Patch Schedule Detail page (Security > Schedules >

Schedule Detail).

If Show Patch Progress is disabled when the appliance is updated to version 6.0,

the content of the message boxes is removed. This prevents patch progress

messages from being displayed on managed devices after the update. For more

information, see Verifying patch notification settings for patch schedules on

page 12.

Table-5: Server-related known issues (Continued)

Issue Number Title or Description

1 2 ... 16 17 18 19 20 21 22 23 24 25

Commentaires sur ces manuels

Pas de commentaire

Red Hat NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE Manuel d'utilisateur Page 21

Commentaires sur ces manuels

Produits connexes et manuels pour Logiciel Red Hat NETSCAPE MANAGEMENT SYSTEM 6.0 - AGENT GUIDE