Quest® InTrust™
Version 10.1
Release Notes
March 03, 2009
Resolved Issues and Enhancements
Quest® InTrust™ delivers an enterprise-scale event log management solution for multi-location heterogeneous environments.
New Features introduced in InTrust 10.1 are:
Organizations where Microsoft Audit Collection Services (ACS) is deployed can now gain additional value by using InTrust to do the following:
The new report pack called Quest InTrust for ACS Reports enriches native reporting with reports on consolidated data collected by InTrust. The reports are accessible from the Operations Manager Console.
InTrust configuration, audit and alert databases can now be hosted on SQL Server 2008; InTrust reports work with SQL Server 2008 Reporting Services.
This version of InTrust ships with Quest Knowledge Portal 2.0, which provides improved report, folder and data source management capabilities. This version of Knowledge Portal can work with SQL Server 2008 Reporting Services and use data sources represented by SQL Server 2008 databases.
Repositories now support multiple simultaneous connections by gathering, consolidation and import jobs. Only one job at a time can write to a repository, but this does not prevent repository access for jobs that require only read access. The benefit is fewer restrictions when scheduling InTrust workflows that need to access the repository.
You can dynamically specify the computers in a site using the new type of site object called Enumeration Script. This feature lets you implement custom site enumeration logic in an ECMAScript.
The updated "All activity within and outside of ActiveRoles Server" report in the Report Pack for ActiveRoles Server supplants the following three reports from the previous versions:
This report features more meaningful event names and better filtering options.
The following is a list of issues addressed and enhancements implemented in this release of Quest® InTrust™.
|
Feature |
Resolved Issue |
Change Request |
| Gathering | Audit data is gathered from every instance of an object contained in the InTrust site. If a computer is included into a site, for example, as an IP address and as an FQDN name, it will be processed twice. | CR0117150 |
| Make sure not to create gathering policies with identical names. InTrust allows you to do so, but this will result in unpredictable problems in the product's operation. | CR0115584 | |
| InTrust does not collect DHCP Server logs from machines running 64-bit Windows operating system. | ST55724 | |
| Real-Time Monitoring | Make sure to always have at least one account listed in either Alert Managers or Alert Readers pane for every Alerting Profile (InTrust Monitoring Console, Administration page, Roles tab). Any user will receive the Access denied error at an attempt to view alerts using the Alerting Profile with no account listed on the Roles tab of the Administration page. Access to the Database properties and the Users tab on the Administration page of the Monitoring Console will also result in errors. | CR0121647 |
| After an upgrade of one server in a multi-server InTrust Organization, Data Sources introduced in the new version of InTrust become available to InTrust users who create real-time monitoring rules on InTrust Servers of earlier versions in the same Organizations with instances of InTrust Manger connected to InTrust Servers that are not upgraded yet. Do not use Data Sources introduced in the new version of InTrust in any policies you create on InTrust Servers that are not upgraded. On the upgraded Server(s), don't assign any jobs that use those Data Sources to InTrust Servers that are not upgraded, and neither apply monitoring policies based on those Data Sources to InTrust Sites processed by InTrust Servers that are not upgraded. | CR0153987 |
The following is a list of issues known to exist at the time of InTrust release.
|
Feature/comment |
Issue description |
Defect ID |
| Setup | You may receive the following error when running InTrust server setup
in the Repair mode: "Error: 0x80004005. Cannot configure default Audit Database." To work around this problem, you can do one of the following:
|
ST56734 |
| You will have to log off and log on again once you have installed InTrust Manager to a location other than default. Otherwise, the InTrust Manager shortcut will not work. | CR0112449 | |
| If you have used the Add/Remove Programs dialog to uninstall InTrust,
you will get the Modify/Repair/Remove dialog next time you launch InTrust
setup from the CD. Click Remove and wait until setup finishes, then run setup again. |
CR0112184 | |
| The Quest InTrust Real-Time Monitoring Server service may not be able
to start after installation. Setup will display the following error:
Error 214750037 (unspecified error). Event ID 8202 is also written to the InTrust event log.Restarting the computer resolves the issue. |
CR0115384 | |
| You may get the following error while trying to install InTrust:
Cannot grant the following privileges: |
CR0112303 | |
| InTrust Monitoring Web Portal and InTrust Reporting Web Portal cannot
be installed into a Virtual Directory with special characters (like !#$%^&()_+|][}{;,-=`~)
in the name. An attempt to do so results in the following setup error:
Cannot configure Active Directory object 'VD_ITWEB'. Error -2147463168 E_ADS_BAD_PATHNAME. |
CR0117312 | |
| If you receive the following error while upgrading an InTrust Server:
Error Code: 1603 Fatal error during installation. First of all, check if all of the InTrust Server services have been stopped. Most often, it is Quest InTrust Real-Time Monitoring Server service that takes long to stop and causes the setup to fail with this error. If this is the case, quit the setup, make sure all of the Quest InTrust services have stopped and run the setup again. |
CR0122748 | |
| If you receive the following error at InTrust setup:
Cannot configure default Audit Database. Error code: 0x80004005. Property value is invalid. Make sure the value is typed correctly. Unspecified error Multiple-step OLE DB operation generated errors. Check each OLE DB status value, if available. No work was done. Property value is invalid. Make sure the value is typed correctly. check if you have specified a database with a name that starts with a numeric character (0-9) as either Audit or Alert database.The names of all InTrust Audit and Alert databases must start with an alphabetic character (a-z, A-Z). |
CR0122347, ST54080 | |
| On the Select Features step, InTrust setup wizard displays the required disk space only for the features you select in the tree. There are, however, some features required by those listed in the tree but not shown there because they are not user-selectable. Those 'hidden' features affect disk space requirements too. Click the Disk Cost button to see the more accurate numbers for required disk space calculated with regards to the features not displayed in the tree. | CR0112182, CR0112212 | |
| During InTrust setup, you may receive an error message stating that one or more specific privileges required for the InTrust Server service account cannot be granted to it because assignment of those privileges is controlled by a Group Policy. There is no way for the InTrust setup to check whether a Group Policy actually grants the specified privileges to the service account as a member of a group. If you receive this error message, verify that a Group Policy does grant the privileges and then click the Ignore button in the error message to proceed with the installation. | CR0112218 | |
| When InTrust installation fails and is rolled back, some registry keys it has created are not removed. This is controlled by the Microsoft Installer and cannot be handled from the InTrust setup code. | CR0112227 | |
| When you are running the configdb.sql SQL script on a pre-created
InTrust configuration database to provide for not giving InTrust service
account the database owner right for it, you may receive warnings like the
following:
Cannot add rows to sysdepends for the current stored procedure because it depends on the missing object 'dbo.ITRTProcessingRule_change'. These warnings may be ignored since they do not indicate of any problems that may affect the future InTrust operation. |
CR0152107 | |
| Don't specify any existing Quest Active Roles Server database as the InTrust configuration database, since these two products have incompatible requirements to the system configurations of their databases. | CR0153990 | |
| Components and configuration objects added to an existing InTrust installation by installing an individual Knowledge Pack cannot be consistently removed from InTrust by deselecting the related nodes on the 'Select Features' step of the Installation Wizard. | CR0153504 | |
| A path to the default repository is saved for the whole InTrust Organization when the first InTrust Server in that organization is installed, and defaults to a folder on that InTrust Server's computer local hard disk. Every InTrust Server in the organization uses this parameter 'as is' and treats it as a local path on its computer, which may be resolved to a location where no valid repository exists. If this is not the case, every gathering job configured to store data to a default repository actually stores it to a local disk on the computer of InTrust Server that processes the job. This may result in storing data at unexpected location. To avoid this, don't use the Default Repository predefined object in any gathering, import and consolidation jobs you set up. Instead, make copies of it with the Quest InTrust Manager snap-in, make the changes to the repository name, location, etc. if necessary, and always provide a name of an edited copy of a repository object when you configure a job. | CR0151260 | |
| When you install InTrust or upgrade it from an earlier version, you
may receive the following error message:
Error 1335. The cabinet file '<cab_file_name>' required for this installation is corrupt and cannot be used. This could indicate a network error, an error reading from the CD-ROM, or a problem with this package. One of the recommendations you can find in the Microsoft KB article 314810 must help you resolve this problem. The article describes a similar problem with MS Office installation and the resolutions it provides has proved to work for InTrust installation. |
CR0156239 | |
| If you have individual InTrust component(s) installed on a computer to a non-default path, be sure to not use the InTrust Suite setup to add other InTrust components to that machine. Install additional InTrust components by running their individual setup (.MSI) packages from the product DVD instead. This will let you avoid problems at both installation and uninstallation of those components in the future. | CR0184325 | |
| When you change the installation path for the InTrust Server node of the feature tree (on the Select Features step of the Quest InTrust Setup wizard), installation paths for features down the tree is changed accordingly so that individual InTrust components are installed to subfolders of the folder you specify for InTrust Server. Note that this, however, does not apply to the InTrust Knowledge Portal component which does not inherit its installation path from the InTrust Server component and requires that you explicitly change the installation path if you need that. | CR0190311 | |
| It is recommended that you install the same set of InTrust components on all InTrust Servers in an InTrust Organization. Otherwise, you may have problems, for example, when switching the server that runs a task. | CR0149166 | |
| When you install a report pack and the SQL Server hosting its target
database does not have SQL Server Agent running, you may receive the following
warning, sometimes followed by an error dialog with the same text:
Cannot upload report pack: For Temporary Tables Clean-Up
job When you click OK in this dialog, another error message may be displayed asking you if you want to continue with the setup. Click No and wait for the setup application to prompt you with the options to Retry, Ignore or Abort the installation. When prompted, select Retry. From this point on, the installation of the report pack is expected to run smoothly. |
ST41900 | |
| Upgrade | ||
| After you upgrade your InTrust organization from version 9.6, some of your existing real-time monitoring rules triggered by events generated by script based event providers may stop working. This may happen to a rule that has the data source name specified as one of the rule parameters. To make such a rule work again, you should edit it to expect the actual log name (as specified in the data source Properties) instead of the text string "Script" as a value of this parameter. | ST57972 | |
| When you upgrade an existing installation of InTrust under an account
that doesn't have DBO access rights to the InTrust configuration database,
you may receive the following error message:
Cannot uninstall CI packages. Error code: 0x80004005. Cannot parse ADCClassInventory query. Error of opening file. Click OK and continue. This error does not affect the results of the upgrade. |
CR0156311 | |
| At an upgrade of an InTrust Server in a multiserver InTrust organization,
you may receive a misleading error message:
You are about to remove an InTrust server from an InTrust organization. Any jobs configured to run on this server must be manually transferred to another live server in the same organization. It is safe to ignore this error. Click OK and continue upgrading. |
ST55161 | |
| General | You may receive the "Demo license exceeded" error at InTrust gatherings when if you have a time limited demo license installed, and no license count limit is actually violated. If this happens, reset the license count manually. | ST56154 |
| Two InTrust Servers cannot concurrently process each other using agents. | CR0115565 | |
| You may not be able to log on interactively to a computer where InTrust Server is installed, if the InTrust Configuration database went offline while restarting the computer. Wait until the database goes back online or for about 5 minutes, then try logging on again. | CR0115564 | |
| Don't delete the Default configuration objects (Default databases, repositories,
operators, etc.) even if you never use them in InTrust sites, policies etc.
Other predefined objects may have references to the Default objects by default,
which may result in hard-to-find errors if referenced objects no longer
exist in your InTrust configuration database. Note that the deleted predefined
configuration objects are not recreated at InTrust upgrades or reinstallations,
some of them causing errors at the setup phase if missing from the configuration
database.
The recommended practice is to keep default configuration objects as templates for the custom ones you create for the routine use. |
CR0122083, CR0122368 |
|
| If two operator records with the same computer name exist in the InTrust configuration and both are specified as operators to notify, then two NET SEND notifications are sent to that one computer. | CR0112241 | |
| When you manually stop the Quest InTrust Server service, check the state of its dependent services (Quest InTrust Agent and Quest InTrust Agent Installer) while it is being stopped. If stopping the Quest InTrust Service takes a considerable time, its dependent services may be restarted and will have to be stopped manually. This behavior of dependent services may also prevent the Quest InTrust Server service itself from being stopped successfully, and you will have to manually terminate its process in Windows Task Manager. | CR0114810 | |
| When you restart InTrust services on an InTrust Server serving a large number of agents, real-time monitoring and gathering may require a few minutes to start working again after the services are started. | CR0114831 | |
| If you attempt to start Quest InTrust Server or Quest InTrust Real-Time Monitoring Server service and receive the error 'Unspecified error', in most cases this means that the license related to this service has expired. Look in the InTrust event log on the InTrust Server machine for a more detailed description of the error. | CR0115601 | |
| If there is an e-mail notification configured to be sent to multiple Operators and InTrust fails to send it to one Operator, for example because of an invalid e-mail address, the notification isn't sent to the other Operators on the list either. | CR0151967 | |
| You may receive the following error message when you try to view the details of a specific license in the Installed Licenses dialog: 'Error 0x00004655: Cannot open dialog. Reason: 0x839C0002: Unknown error: 0x839C002'. This happens when you try to view details of a license that has expired. | CR0151964 | |
| When the system time is set back on an InTrust Server computer or on a computer with InTrust agent running, InTrust agent-server operation may become unstable or even broken. It is recommended to restart InTrust services (either Quest InTrust Server or Quest InTrust Agent) on the computer after setting the system time back on it. Automatic time adjustment for daylight savings does not produce this effect on InTrust and does not require restarting any InTrust services. | CR0145993 | |
| The following error message logged to the session results of an InTrust
task may indicate of a frequent changes in the system time on the InTrust
Server computer:
Error: 0x80040e2f Cannot initialize the required component. Cannot initialize session. Sessions Error- The statement has been terminated. Sql State: 01000 Native Error Code: 3621 Violation of PRIMARY KEY constraint 'PK_ITGSessionsInfo'. Cannot insert duplicate key in object 'dbo.ITGSessionInfo'. Sql State: 23000 Native Error Code: 2627 , !! IDispatch error #3119 This may be happening because of some problems with hardware or operating system, frequent time synchronizations with multiple hosts on the network or some other reason. |
CR0155892 | |
| If an InTrust Site includes an AD site that has subnets misconfigured, InTrust may try processing, when monitoring or gathering from this InTrust Site, a lot of unrelated computers or even all computers in the Domain(s) that the AD site spans. | CR0130865 | |
| You may be confused with events you may find in the InTrust event log on the InTrust Server computer stating that a job has completed with error and providing an error code without any error description. These events don't signal of any problem and may be ignored. They are logged to the InTrust event log in order to have process exit codes for InTrust jobs saved for the purpose of possible troubleshooting. | CR0155885 | |
| When you edit filters in data sources for IIS logs, ISAS logs, DHCP logs and Exchange events, and you want to use filtering by empty string value, specify empty strings. To do it, leave the text box in the Add/Edit String dialog box empty and click OK. | CR0146236 | |
| Quest InTrust Manager | Computers added to an InTrust site by their NetBIOS names may be listed under the Agents node in InTrust Manager by their NetBIOS names, not by their FQDNs as might be expected. | CR0111184 |
| The lists of available InTrust Servers in an organization may differ
depending on whether or not InTrust Manager is installed on the same computer
as InTrust Server. The RPC Locator service should be enabled on the InTrust
Manager computer where InTrust Server is not installed for correct results. A specific InTrust Server may be also not visible as available for connection with InTrust Manager if it fails to publish itself in Active Directory (AD). This may happen if the Quest InTrust Server service does not have sufficient rights (see Quest InTrust - System Requirements document for details) to create a Service Connection Point (SCP) in AD. Check events logs, starting with the InTrust log, on the InTrust Manager and InTrust Server machines for events looking related to possible problem with the RPC Locator service and creating an SCP in AD, respectively. Besides, if you know that a specific InTrust Server is available, you can connect to it by specifying it manually, whether or not it is on the list. |
CR0144041 | |
| If an InTrust task has the starting date in its schedule set to some day before the date when the system switches to the daylight-saving time, it will begin starting one hour later than the start time specified in its schedule when the system switches to DST. A task with its starting date in the DST period starts one hour earlier than specified in the properties of its schedule when the system switches to the standard time. When the time is adjusted back, the actual local time the task starts at will match its start time specified in its schedule again. | CR0154835 | |
| You may receive the following error: Internet Explorer Script Error: 'm_idBaloon.style' is null or not an object when you have the Quick Start node selected in the left pane and click the right pane. You must be clicking there too early. Wait for the content of the right pane to be fully loaded before you click it. |
CR0185734 | |
| Quick Start will fail to generate reports you specify if InTrust is
configured to use SRS running on a computer different than SQL Server machine
hosting the InTrust database(s) you are trying to report on, and Windows
authentication is used to connect to Reporting Services.
The following error message will be received: Login failed for NT AUTHORITY\Anonymous Logon. |
CR0177740
|
|
| When you edit settings of an existing consolidation job and change the source repository, InTrust Manager doesn't prompt you for a new set of repository objects to be copied. Make sure to review the objects selected for processing in the new repository. | ST41513 | |
| When InTrust is running in the Object Level security mode, the InTrust Manager snap-in may crash at an attempt to run Quick Start wizard under an account that does not have the Modify permission on either the Sites or Gathering node, or neither. | ST48615 | |
| If you try to expand the Rules node in InTrust Manager and receive
the following error: Error 0x00006663: Cannot get node
content. this is most likely the result of defining a custom alert severity level with an icon of an unsupported graphic file format. Use the ITCustomAlertSeverity.exe tool to remove a recently added alert severity from the InTrust configuration, and then add it again with an icon of a different format (.gif, .bmp, .jpg, .ico). |
ST50571 | |
| Workflow and Sessions | The If the task is still running, stop it at this time option in the task's Advanced Schedule Options dialog box does not work. Instead, use the Stop the task if it runs for option. | CR0112061 |
| At least 5 minutes must pass between committing a change made to a task and its scheduled start. For example, if you modify a task and commit the configuration at 8:40, then schedule the task to begin no sooner than 8:45. Otherwise, the task will fail to start. | CR0112041 | |
| Tasks with the same names will not work. If you have accidentally created such tasks, remove both of them and create the tasks anew. | CR0112240 | |
| The Application job may seem to be not responding while the application it launches is running. Wait until the application is completed. | CR0112045 | |
| Do not use UPN-style account names (testuser@test.abc.com). | CR0112049 | |
| If InTrust Servers in an Organization are concurrently running too many
tasks, you may receive the following error in results of some sessions: "Components Manager: Failed to find Storage Accessors. Error=0x80004005: Timeout expired. Unspecified error." This happens because each task accesses InTrust Configuration database, and some of them fail to do that because of query timeout expiration. If you cannot reduce the number of task that run concurrently, consider increasing the value of the timeout setting on the SQL Server level using the sp_configure stored procedure. |
CR0111825 | |
| When you create an Application job, clicking the Browse button for Working Directory may not work and result in an error message. If this happens, type in the full path to the working directory instead of browsing for it. | CR0120361 | |
| A session for an InTrust job of the Windows Scheduled Task type configured to run a scheduled task that fails to start will be logged as successful if the job has the 'Synchronous operation' option disabled. | CR0149467 | |
| If a job finishes with an error, its session information may contain the error code without an error description. | CR0155885 | |
An InTrust job of the Windows Scheduled Task type can be configured
to run a task scheduled on a Windows 2008 or Vista machine
only if the task meets both of the following requirements:
If either condition is not met for a Windows 2008/Vista scheduled task, you will not see it in the Select Windows Scheduled Task dialog when you run the New Job Wizard in InTrust Manager. |
ST52816 | |
| Agents | ||
If an agent consistently fails to start on a Windows machine, and you
find the following error in the local Application event log:
or the following error from the agent process is written to syslog on the Unix machine hosting an InTrust agent:
check if any other active process (application, service, daemon) is configured to listen on the port you are going to use as the InTrust agent communication port on this machine (TCP port 900 by default). If you find some, reconfigure either the agent or the other application/service/daemon to use a different port. To change the communication port setting for InTrust agent, edit the agent.ini file located in the agent folder. |
ST55548 | |
| If an agent has been installed manually, then you cannot uninstall it from InTrust Manager. Uninstall the agent manually, as described in the Deploying Agents section of the Quick Start Guide. | CR0111578 | |
| You may have to uninstall the agents manually, if the InTrust Server to which the agents belonged is uninstalled. To avoid this, uninstall the agents from InTrust Manager prior to removing the server. | B102815 | |
| When agents are used to gather audit data, the following error may occur:
Agent has not yet established connection to the InTrust Server (0x8adc2c09). This situation may occur due to network problems, or when InTrust services have just been restarted, and agents have not communicated to the InTrust Server yet. |
CR0111596 | |
| You may get several agent errors, if there's no free disk space on the
computer where the InTrust agent is installed. For example: ADC Error: User not found (0x8adc3207), (0x8adc2c05) |
CR0111560 | |
| If InTrust agent is installed via Group Policy to a Windows XP Professional
computer where the logon optimization is on, remember that software installation
policy is applied only at next logon. Thus, the following message will appear
in the event log: The assignment of application Quest InTrust Agent from policy <policy> failed. The error was: The group policy framework should call the extension in the synchronous foreground policy refresh. For more information, see Help and Support Center. After the next logon, the installation of the InTrust Agent from policy will be completed. For details, refer to the Microsoft KB article 305239 "Description of the Windows XP Professional Fast Logon Optimization Feature" |
CR0112385 | |
| If an attempt to manually register an agent on an InTrust Server fails
with the error message
'Cannot register agent on the InTrust server <...> No connection could be made because the target server actively refused it. <Win32 Error 10061>.' check if the Quest InTrust Agent service is running and not stopped on the agent computer. If the service is stopped, start it and try registering the agent again. |
CR0117194 | |
| Installation of an agent on a computer under an account from a trusted domain may fail with an error message stating that the 'Logon as a service' right cannot be granted to the agent account. This happens if the specific account has never logged on to that computer before. To prevent the problem, log on to the target computer under that account before installing the agent. | CR0114825 | |
| When you are installing an InTrust agent by running the agent installation package (adc_agent*.msi), a Command Prompt window pops up. This window neither requires any input nor indicates of any problem with the agent installation. | CR0135636 | |
| If you install an agent on a computer using the .MSI package, then manually uninstall it with the adcscm.nt_intel.exe -uninstall command and try to install it later using the .MSI package again, the agent setup prompts you to repair or remove the agent as if it was still installed. Select the option to Remove the agent, let the setup run to the end, and then run it again to have the agent installed. | CR0135745 | |
| InTrust agents do not support the ja_JP.SJIS locale on Linux. | CR0148319 | |
| If you use InTrust Manager to unregister an InTrust agent residing on a computer that has no connection to the InTrust Server, then you may get errors trying to register the agent again with InTrust Manager after the connection is restored. If this happens, use the agent command with the -add parameter on the target computer. | CR0149798 | |
| If agent recovery takes place on a site for which the Prohibit automatic agent deployment on site computers option is enabled, the InTrust Server log may contain incorrect messages stating that the recovery was successful. | CR0114462 | |
| When you are uninstalling an InTrust agent by running the agent installation package (adc_agent*.msi), the File In Use dialog may pop up stating that the Quest InTrsut Agent process currently uses the files that require update, and prompting you to either Exit or Ignore or Retry. Agent uninstallation is expected to finish successfully if you select the Ignore option. | ST54666 | |
| Networking | InTrust does not support NetBIOS computer aliases. | CR0115379 |
|
Gathering |
||
| Events logged for renaming an account in Active Directory collected with a gathering policy based on a data source with the Create agent-side audit log backup option enabled may be stored to the target repository or/and database with the old account name specified instead of its new name. This happens because, due to the current implementation of operations with AD accounts and event logging in Microsoft Windows, this data is not yet available at the moment when the event is written to the agent-side cache. | ST57888 | |
| If at the moment you attempt to gather Microsoft Proxy Server log this log contains event data in different formats, then gathering process will not work correctly. | CR0117156 | |
| If you gather IIS/ISA Server text logs with the Time data field disabled for logging, some events may be lost. To avoid event losses, don't disable the Time field in the logging options on IIS/ISA Servers you are going to collect logs from. | CR0117109 | |
| If you receive the following error message in the task session results:
The session terminated unexpectedly. while the individual job sessions under this task are marked as successful, check if the system time is synchronized between the InTrust Server and the SQL Server that hosts the InTrust configuration database. |
CR0152716 | |
| When the agent on a computer in some InTrust site becomes lost, InTrust cannot receive information about the type of that computer in order to check if processing it exceeds the installed license. As a result, any further attempt to gather audit log data from that computer may fail with a misleading error message 'License is exceeded'. | CR0152230 | |
| Time stamp for events collected with a Data Source of the Custom Text Log type may be displayed incorrectly in InTrust Repository Viewer if these events were logged before the system time adjustment for daylight savings but collected after the time switch. In the Audit database, event time is saved correctly and this problem does not affect in InTrust reports. | CR0154507 | |
| When events from the IIS log are collected with the Ignore events older than / before ... option enabled, a warning about some events having been ignored is not logged to the results of the gathering job session as it is for gathering jobs that collect events from other logs with this option enabled. | CR0155889 | |
| If an InTrust Server is included in a site with automatic agent deployment disabled, a message about skipped agent installation is generated for the InTrust Server computer, and no gathering or monitoring policies that apply to the site are applied to it. As a workaround, consider including the InTrust Server computer into a site with automatic agent deployment enabled and running some gathering job for that site at least once. Then you may move it back to the original InTrust site since the policies will work for it as expected. | CR0114233 | |
| When you set up an InTrust Site to filter for Domain Controllers with
InTrust for Active Directory service running, InTrust also enumerates all
machines that have the InTrust for Active Directory Administration Tools
installed. When a gathering job configured to collect events from InTrust
for AD log is run for this Site, the following warning is logged for every
enumerated computer that does not have InTrust for Active Directory service
running:
The specified log does not exist. |
CR0185886 | |
| Events on a Group Policy creation collected with a gathering policy based on a data source with the Create agent-side audit log backup option enabled may be stored to the target repository or/and database with the GPO display names unresolved. This happens because, due to the current implementation of GPO creation and event logging in Microsoft Windows, this data is not yet available at the moment when the event is written to the agent-side cache. | ST27221 | |
| A gathering job configured to use agents may fail with the following
error message: The license does not include the specified computer type or the specified data provider. for target computers that do not have agents installed by the time when the gathering session starts. If this happens, wait for a short time to let agents get installed, and run the gathering job again. |
ST41440
|
|
| When you change the location of an event log file on a Windows 2008 server, InTrust may be unable to collect events from that log even after you reboot the server and it starts writing new events into the log at its new location. Like Windows native Event Viewer running on a remote pre-Windows 2008 machine, InTrust will be unable to use the log after you move it until you reboot the collected server again. | ST54042 | |
| Real-Time Monitoring | ||
| It may take the InTrust Real-Time Monitoring Server service a long time to stop if the Alert Database is overloaded with alerts and slow to respond. | CR0111672, CR0115603 |
|
| The 'Registry Permissions Changed' rule doesn't work on Windows Server 2003 computers. | CR0112157 | |
| Do not use wildcards in rule parameter values that define authorized/administrative/target/etc. groups in rules that require group membership resolution for user accounts. Most of these are rules with words 'by unauthorized personnel', 'administrative account', 'administrative rights' in their names. | CR0112159, CR0112161 |
|
| InTrust scripts related to Active Directory object management cannot be executed on Windows NT 4.0 computers. | CR0112142 | |
| On platforms other then Windows, when a 'Successful <logon, 'su' command, etc.> after failed attempts' rule is matched, the number of failed attempts reported includes the successful attempt that triggers the rule. | CR0112270, CR0115771 | |
| Community names with non-Latin characters are sent incorrectly when you select sending an SNMP trap as a response action for a real-time monitoring rule. | CR0115387 | |
| After the Quest InTrust Real-Time Monitoring Server service is restarted, real-time monitoring may temporarily stop working for a computer that is included in multiple InTrust sites under different names if those InTrust sites are configured for real-time monitoring with the same monitoring policy. Monitoring will be resumed for each affected InTrust site when it is enumerated the next time, as defined in the site properties. | CR0115566 | |
| The RemoveGroup script does not remove Distribution groups from Active Directory. | CR0115585 | |
| When a new Alerting Profile associated to a different InTrust Server is created in any installation of Monitoring Console in the InTrust Organization, clickable links in alert notification emails stop working for any alerts in the old Alerting Profiles. | CR0152503 | |
| If you experience a degrade in the Alert Database performance, try increasing
values of the two InTrust configuration parameters that control the buffer
and queue sizes for the connection InTrust makes to the Alert Database.
Running the following SQL query on the InTrust configuration database will
increase both sizes from the default value of 800KB (819200 bytes) to 10MB
(10485760 bytes):
UPDATE ADCOrganizationParameter |
CR0153944 | |
| After disabling a real-time monitoring policy configured to monitor an MS IIS Server and removing the InTrust Agent from a monitored IIS computer you will have to restart IIS on that computer in order to restore its Web connectivity. | CR0149865 | |
| If a script-based real-time monitoring rule fails on some of the monitored computers, the agent installed on that computer does not inform InTrust Server about the failure and no error entry is reported in the InTrust Server log. | CR0151859 | |
| When real-time monitoring rules are matched, event field names that consist only of digits are treated as integers. This causes errors, because string values are expected. | CR0135658 | |
| When two or more InTrust Servers have real-time monitoring policies with WMI-based rules in them applied to the same computer, alerts triggered by rules handled by different InTrust Servers may be saved to an Alerts database of a wrong InTrust Server. | CR0184711 | |
| You must be a member of the Administrators group on the InTrust Monitoring Console machine to make changes to Database settings of an alerting profile if this profile has SQL Authentication selected for its connection to the Alert database. | ST41049 | |
| You may receive the following error at an attempt to import an exported
user settings in InTrust Monitoring Console: Cannot import user. Enhanced error information. Number: 0x80004005 Description: 007~ASP 0104~Operation not Allowed~ This is most likely to be caused by the settings of MS IIS hosting InTrust Monitoring Console. For more information see Microsoft KB article 327659. |
ST41636 | |
| An attempt to export a large number (around 10,000 or more) of alerts
from InTrust Monitoring Console to a Microsoft Excel spreadsheet may fail
with the following error: Cannot show alerts. Enhanced error information. Number: 0x80004005 Description: 006~ASP 0251~Response Buffer Limit Exceeded~Execution of the ASP page caused the Response Buffer to exceed its configured limit. This is most likely to be caused by the problem with Microsoft IIS described in Microsoft KB article 826756. |
ST41622
|
|
| WMI-based real-time monitoring rules cannot be applied to Windows NT
4.0 computers. Assigning a real-time monitoring policy with these rules
to an InTrust site that includes Windows NT 4.0 computers produces the following
events in the InTrust event log on the InTrust Server machine:
Event ID: 8195
Event ID: 8200 |
ST42668 | |
| After you upgrade your InTrust to version 10.1 from version 9.6, real-time monitoring with the AR Server Service: Physical memory usage rule (Quest Active Roles Servers (ARS) Knowledge Pack) may not work out of the box on agents running on Windows 2008 machines . A resolution for this problem is available from Quest Support on request. | ST54788 | |
|
Reporting |
||
| Don't use the Update Database option for any data source in InTrust Knowledge Portal since it proved to run an outdated SQL script on Audit databases. This command is intended to update a structure of an Audit database created by InTrust of version earlier than 9.0. If you use Audit database(s) created with later versions of InTrust, you don't need to update the Audit database structure. | CR0190753 | |
| Don't add too many reports to one reporting job. Doing so may make the
whole Tasks node not responding to your attempts to browse it, with the
following error message displayed: Enumerating collection
failed. |
CR0181130 | |
| If you modify a model of a report that is already included in some reporting
jobs, for example, add or remove a filter, reporting job(s) configured to
compile this report will fail with the following error: Object reference not set to an instance of an object. After you modify a report model, you will have to remove it from any reporting jobs that use it and add them to those jobs again. |
CR0180458 | |
| A report with query based parameters or filters cannot be added to a
reporting job if a data source specified for this report is configured with
invalid settings. An attempt to add such a report to a job fails with the
following error: Cannot create a connection to data source 'MainDataSource'. If you receive this error, edit the properties of the related data source to make sure it lets the report access a valid InTrust Audit database. |
CR0183629 | |
| An event logged to the InTrust log for a completion of a reporting job that failed states the job has completed successfully. Under the Sessions node, the status of the job is displayed correctly. | CR0184386 | |
| The unclear error message: Report "<report_name>" failed to process: An error has occurred during report processing. An error has occurred during report processing. An error has occurred during report processing. Query execution failed for data set 'MainDataSet'. is logged to the session results for each report in a reporting job that is configured to use a Data Storage that is not accessible when the job starts. |
CR0184587 | |
| If InTrust reporting is configured to access MS SQL Reporting Services
over an HTTPS connection, and the InTrust Server computer does not have
a certificate installed for the specified MS SRS server, an attempt to access
Reporting Services results in the following error: Error
0x00004659: Internal error occurred. To install a required certificate, you can use Internet Explorer to open the URL of MS SRS specified in the properties of the Reports node in InTrust Manager as 'MS SQL Reporting Services path'. When prompted for certificate installation, accept it. When the certificate is installed, you will be able to perform any operations with reports and reporting jobs in InTrust Manager. |
CR0185153 | |
| If a reporting job fails to notify an operator specified on the Notification tab, it neither sends generated report(s) by e-mail to recipients specified on the Delivery tab even if all the settings on that tab are correct and the e-mail can be sent. | CR0186899 | |
| A reporting job may fail with the following error: The job was finished, but no entry was created for it in the task session because of an error. If this happens, check whether the account under which the job starts has the Read access permission to the Windows folder on the InTrust Server computer. |
CR0187676 | |
| If a reporting job fails with the following error: The remote server returned an error: (500) Internal Server Error. check the reports in the job for incorrect filter settings. This error may be logged to the session results, for example, when some report has a filter that requires a non-empty value specified, and that filter is disabled. |
CR0188342 | |
| Avoid selecting "HTML with Office Web Components" as an output format for reports on the Delivery tab of a reporting task. Reports saved in this format may contain an invalid HTML code and be unreadable with conventional Web browsers. | CR0188772 | |
| When you manually stop a reporting job that is running, temporary objects related to reports the job has generated before termination may be not always automatically removed from MS SQL Reporting Services server and you may have to clean them up later. | CR0186374 | |
| Some reports are wider than the page. The width of the fields in such reports may change depending on the values in the fields. | CR0145120 | |
| Some subreports are cached. If you configure filters in the parent report, the subreport is not regenerated with these filters. Instead, the subreport's version is loaded from the cache. To compile a subreport with filters, press Ctrl+F5 to refresh the subreport page. | CR0145121 | |
| For very large reports, the Print Preview page may not open and the report may not print. | CR0139691 | |
| Page breaks in the online version of a report may not correspond to the page breaks in the printed version. | CR0139480 | |
| If large fonts are in use, the Report View page (if credentials to connect to the data source are required) is displayed incorrectly. | CR0131812 | |
| If the Microsoft SQL Server Reporting Services and Microsoft SQL Server used to generate a report are installed on different computers, then the report cannot be compiled using the Windows Authentication of the user currently logged on to InTrust Knowledge Portal. | CR0145326 | |
| Search results for the search through report descriptions may not include all keywords actually existing if description is longer than 512 characters. | CR0168949 | |
| If browsing for SRS local user/group accounts when configuring report (folder) security settings, in case of remote installation (InTrust Knowledge Portal installed on different computer from SRS), similar account found on InTrust Knowledge Portal computer will be selected. | CR0181349 | |
| If password was changed for the user account you planned to use for browsing Active Directory (specified during the setup), then error will occur when you try to browse for this account when assigning security roles in InTrust Knowledge Portal. | CR0173578 | |
| The following report settings cannot be configured if you are using SQL Server Express Edition (due to Express Edition's Reporting Services limited feature set): subscription, security, and history. | CR0179549, CR0179546 |
|
| When storing the Solaris events, Quest InTrust may add spaces to the beginning and end of the event fields. To prevent problems at filtration, specify these fields with percent signs: '%username%', but not 'username'. | CR0137465 | |
| If you customize a report view (using the Customize Report View dialog) and clear View the report when customization is completed check box, and then close this dialog by clicking OK, changes will not be applied (no refresh will take place after you click Refresh, CTRL+Refresh, or View Report). | CR0163972, CR0164807 |
|
| The 'Weekly Alerts Reporting' job in the 'Weekly Alert Database Reporting and Cleanup' predefined task does not include any report. | CR0190957 | |
| If you select the Create the Reporting Server snap-shot option on the Delivery tab of a reporting task properties, the settings of InTrust Data Sources used by reports in the job are overwritten with the values specific to this job. | CR0191127 | |
| InTrust does not clean up all of the temporary tables and views reports create in the databases. Depending on the version of SQL Server hosting the database you need to clean up, use the TempCleaner_2000.sql or TempCleaner_2005.sql script from the product DVD (<DVD_Root>\InTrust\Tools\Database CleanUp\) to remove the temporary objects from databases. The script can be scheduled by means of MS SQL Server to be run on a regular basis and configured to delete temporary database objects older than a specified number of days. | CR0191293 | |
| You may receive the following confusing error: "Query execution failed for data set 'MainDataSet'." at an attempt to open a subreport of a report generated by a reporting job. If this happens, check if the subreport uses a different data source than the main report included into the job, and if that data source is configured with valid settings (server, database, access credentials). |
CR0191339 | |
| You may be unable to compile subreports of the Multiple failed account logons report if a reporting job configured to compile it accesses the SQL Server under an account that does not have the db_owner role for the InTrust Audit database. | CR0188067 | |
| If you select the Use SRS data source associated with each report option for a reporting job, make sure no report included into the job has an associated data source with the Credentials supplied by the user running the report option selected in its properties. | ST31276 | |
| When you configure a reporting job with the Import objects from the following repository: option enabled, and set it up to include reports configured to use event local time, as opposed to GMT, make sure to provide time values matching local time on the event originating computers in time-related filters of the reports. | ST36881 | |
| When you configure filters in a report and enable the NULL checkbox for either the Date/time from: or Date/time to: filter, values you specify in these filters will be ignored and data in the report will be filtered based on the value specified in the Interval filter. | ST41084 | |
| When a report with a cover page enabled is exported to a file in the Excel format, the resulting Microsoft Excel document does not include data column captions. | ST40615 | |
| The su command usage report may produce incorrect output if it is generated on the audit trail that includes entries in languages other than English. | ST26561 | |
| A reporting job configured to import required data from a repository
may sometimes fail with the following error logged to the session results
(RDDI Import node): Description: Cannot initialize the required component. Cannot create one of the InTrust components.Cannot open repository. The system cannot find the path specified. or Description: Cannot import data from the repository.Cannot enumerate the repository objects. If this happens, check if there is a database or some other object under Data Stores node in the configuration with a name identical to that of the source repository for the job. Rename one of the objects to make names of all objects under the Data Stores node unique. |
ST42803 | |
| You cannot specify a name of a text file listing parameter values in
the input field on a report parameter tab in the reporting job configued
to import required data from a repository. If you do so, the reporting job
will fail with the error message looking like: Internal error: Cannot initialize required component.ADC Error0x8add2102: Failed to initialize DataFilters. |
ST54632 | |
| If a reporting job configured to import required data from a repository
fails with the following error: Preparing for data import has finished with errors. check that a semicolon (";") is the last character of a connection string specified in the data source of every report included into the job. |
ST54667 | |
|
Agent-side audit log backup |
The option to resolve IP addresses at gathering IIS logs does not work with the 'Create agent-side audit log backup' option enabled. | CR0154160 |
| When you process a non-Windows audit trail, avoid gathering the same event data to the same Audit database with and then without the 'Agent-side audit log backup' option enabled on the agents, since this may result in duplicate event records in the Audit database. For event data collect from Windows event logs, duplicate records never appear in an Audit Database. | CR0154165 | |
| Events collected from IIS Server log with the 'Agent-side audit log backup' option enabled are stored with empty site description fields. | CR0154362 | |
| An attempt to change location of a audit log backup on the agent engaged
in real-time monitoring of a Microsoft IIS WWW log or gathering of that
log with the 'Create agent-side audit log backup' option enabled fails with
the following error popping up in InTrust Manager: Error
0x00004659: Internal error occurred. |
ST40556 | |
|
Switching Wizard |
All agents in an InTrust Site lose the 'Limit CPU usage to...' setting when the site is moved to another InTrust Server with Switching Wizard. | CR0141795 |
| Don't use the AdcFailover.exe from the Support Tools folder on the InTrust Server to start the InTrust Server failover process. In the current version of InTrust, use the Switching Wizard that can be run from InTrust Manager, or the Switch server response action that runs when the InTrust server is down predefined rule is matched. | CR0115054 | |
| If an InTrust site with Linux or Solaris computer has been re-assigned for processing to a different InTrust Server during a failover procedure, you must manually register every Linux and Solaris agent in the site on the new InTrust Server. | CR0139189 | |
|
Repository management |
If you convert, with Evt2Repository.exe tool, the same .EVT file to the same repository more than once, data from that .EVT file will be duplicated. | CR0117160 |
| When a repository cleanup job starts under an account that has insufficient
rights for deleting data from the target repository, the job fails with
an error message that does not mention the reason for the failure:
Cannot clean up obsolete data from one or more data stores. Cannot remove one or more files. |
CR0155534 | |
| When you create a new repository of the EMC Centera type and select the 'Use custom connection string:' option, make sure to not save a new line character at the end of the connection string you type in there. A connection string with trailing line feed characters will look as a valid one but will cause InTrust fail to authenticate when it connects to EMC Centera. | CR0182152 | |
| Be careful to not specify a path to a file system based EMC Centera repository index when you configure a file system based repository, or to specify a path to a file system based repository when you configure a repository on EMC Centera. Either mistake may result in corrupted or lost data in a repository. | CR0182228 | |
| Repository Viewer does not correctly display insertion strings longer than 260 characters in events stored in a repository. Characters starting from posisiton 261 are not displayed. | CR0177531 | |
| The Use this InTrust server to manage the repository setting in the properties of a consolidation job cannot be used with InTrust repositories based on EMC Centera. | ST54022 | |
|
Sun Solaris systems processing |
On a SPARC machine, a successfully installed agent may fail to start with the following error message logged to syslog: "ADC error: 8adc1006 host/server name not known". If this happens, use the 'hostname' command to restore the host name. | CR0111618 |
| During an attempt to uninstall an InTrust agent on a Solaris system, the file adcscm.solaris_sparc may be removed before the agent process is stopped. In that case, uninstallation of the agent fails, and no further attempt to uninstall the agent can succeed until you create a new file with the name 'adcscm.solaris_sparc' that the uninstallation process is able to remove. | CR0114822 | |
| When you are gathering BSM log events from a Solaris host that does not have access to a DNS server and has an entry for itself in the hosts file only by a FQDN and not by its short name, gathering fails with the following error: 'ADC Error: Failed to collect from network object. (Internal error: Failed to enumerate event logs. (host/servername not known (CRuntime error: 8)))'. Edit the hosts file on the Solaris host include an entry for the short name of that host. | CR0151318 | |
| When InTrust collects syslog events from a Linux machine, events logged on a Solaris machine and redirected to a Linux machine are stored with the Linux PlatformID (630) and not the Solaris one (610). When InTrust collects a redirected Linux syslog trail from a Solaris host, all events are saved with the Solaris PlatformID. | CR0152540 | |
The following reports from the InTrust for Solaris report pack
work only for events collected from Solaris 8 and 9:
|
CR0154230 | |
| When you collect data from a BSM log, you may receive a warning that InTrust is unable to find the last gathering position in the log file to start gathering from. InTrust is unable to identify a last gathered event in the BSM log file if any process keeps the log file open at the time of gathering. When this happens, all data in such a log file is gathered starting from the first record in it. To avoid collection of duplicate data, consider forcing the Solaris system to start writing a new BSM log file shortly before the gathering is started. | CR0190754 | |
| When you change the adc_temp_path parameter for an agent running on a SPARC Solaris machine, you may receive the "Connection is closed" error in InTrust Manager. If this happens, the target agent loses connection(s) to InTrust server(s) and may crash with a core dump. After a restart, the agent will reconnect to InTrust server(s) it is registered with. Sometimes it is required that the agent is restarted more than once before it is able to successfully restore the connection(s). | ST47168 | |
|
Linux systems processing |
On Linux systems with NetArmor enabled, InTrust cannot gather or monitor data with any of the following data sources: Syslog, Accounts Monitoring, Text Files Monitoring. | ST56955 |
| The 'Text file modified' real-time monitoring rule doesn't work for files with space characters in the names. | CR0185158 | |
| Alert generated by predefined rules from the Account Management group may display inconsistent user names if a user is not only created or only deleted but created AND deleted between the consequent runs of the rule script (at 1 minute intervals by default). | CR0116004 | |
|
HP-UX systems processing |
The ADC Error: System resources exceeded (0x8adc100b) error received at log gathering from an HP-UX system is most likely to mean that the value of the max_thread_proc Kernel Parameter in the collected system should be increased. This error is most expected at gathering from HP-UX 11.11 systems where this parameter is set to 64 by default. | ST54690 |
|
Syslog processing |
When syslog events are collected from a computer to which syslog is redirected and not from original host that generate them, event time values in local time will be calculated based on the time zone of the computer InTrust collects them from. If you choose to treat timestamps in syslog events as local time, consider redirecting syslog for gathering it with InTrust to a computer in the same time zone as the hosts you redirect it from. | CR0146199 |
|
Microsoft IIS log processing |
Microsoft IIS FTP log monitoring in cached mode does not work with IIS 6.0. | CR0145807 |
| Enabling real-time monitoring or agent-side audit log backup on a Windows NT 4.0 computer running MS IIS 4.x may result in termination of IIS logging to a standard W3C format log. W3C logging on the IIS 4.x may be resumed after the InTrust agent is removed from the computer, or the real-time monitoring or agent-side audit log backup for the computer is disabled and W3C logging is explicitly enabled. | CR0188983 | |
| InTrust cannot resolve the %event_1.cs_cookee% parameter in alerts and notifications generated by real-time monitoring of the Microsoft IIS WWW log. | ST25411 | |
| At real-time monitoring or gathering of IIS 7.0 WWW logs with the agent-side audit log backup enabled, the values of some data fields (time_taken, cs_bytes, sc_bytes) in generated alerts or collected events are set to 0. | ST51758 | |
| Gathering of WWW logs in UTF-8 format does not work if logging on the IIS is configured with the Do not create new log files option enabled (a size of a single log file is not limited). | ST53804 | |
| Real-time monitoring and gathering of IIS 7.0 FTP logs with the agent-side audit log backup enabled doesn't work. | ST52601 | |
| Microsoft ISAS log processing | The following reports in the current version of InTrust do not return
events collected from MS ISAS 2004:
|
CR0154104 |
| The setting to Clear Log After Gathering does not work for ISA logs stored to MSDE. | ST51922 | |
|
Microsoft ACS data processing |
||
If a gathering job configured to collect event data from ACS keeps failing
with the following error logged to its session results:
check if the Microsoft SCOM console installed on the InTrust agent (or InTrust Server, in case of agentless gathering) machine is of a version compatible with that of the collected ACS server. |
ST55892 | |
| Microsoft Exchange Server log processing | The "seconds" parameter in the Exchange Tracking log is treated as the time taken to process the message, although in fact this parameter contains irrelevant values. | CR0146607 |
| Custom text logs processing | Some log files of formats that suppose log data to be rewritten and not always appended to the end of the file, may be collected incorrectly and some events may be lost. If this happens, the 'Invalid record' warning is logged to the gathering session results. | CR0118101 |
| InTrust agent running on a Sun Solaris or Red Hat Linux machine may crash if you specify a wildcard as a part of a name for a directory immediately under the root, like '/tm*', in the path to the collected log. However, for directories down the file system tree in log paths, like '/home/user*', wildcards are safe to use. | CR0123466 | |
| When you collect an audit trail data with a Custom Text Log Events type data source, every event will be collected with values of Version Major and Version Minor data fields set to those of the last collected event. | CR0165698 | |
| The Description data field of events collected with a Custom Text Log Events type data source is not saved to an InTrust audit database. | CR0184224 | |
| In the New Data Source Wizard, on the Date/Time step, clicking on the Test Formatting button will display a correctly parsed date/time fields even if you don't specify field delimiters between field numbers in the 'Log fields' field of the dialog page. However, when you later collect data with the data source created in this way, gathering sessions will fail with error messages stating that some lines in the log cannot be parsed. For example, if the format of date and time data in the log is space delimited, like "Mar 23 12:13:10" and, in the 'Log fields', you specify "<1><2><3>" and not "<1> <2> <3>", the Test Formatting button will recognize date and time correctly but the gathering module will not. Make sure to always accurately specify field delimiters in the 'Log fields' input field on the Date/Time step of New Data Source Wizard. | CR0183396 | |
| DB-based logs processing | In the DB-based log provider query, data fields of type(s) TEXT or/and
NTEXT must be either come last in the SELECT statement or be explicitly
converted to the NVARCHAR data type. Otherwise the following error will
be received at gathering: [Microsoft][ODBC SQL Server Driver]Invalid Descriptor Index. |
CR0119477 |
| If the Oracle DB-based log is being collected from a machine with no Oracle driver installed, Microsoft ODBC Driver for Oracle pops up an error message about the absence of the required Oracle driver on the collected machine. For collections that don't use agents, this message box pops up on the InTrust Server machine, while for agent-enabled collections the error message pops up on the agent side. There is no way for InTrust to suppress this error message box because of the specifics of Microsoft ODBC Driver for Oracle implementation. | CR0121853 | |
| Attempting to select an SQL server from the list in the New Database log template wizard may result in InTrust Manager crashing. This is caused by Microsoft ODBC driver behavior and cannot be controlled from the InTrust Manager snap-in code. | CR0111355 | |
| Command line tools | If you run the Evt2Repository.exe tool on a Windows 2008 machine
to import events from an event log saved to an .evt file on a pre-Windows
2008 computer, the tool fails with an error message saying the event log
file is corrupted. To work around this problem, you can do one of the following:
|
ST57215 |
| Don't use the AdcChangePath tool from the InTrust Support Tools folder. | CR0153635 | |
| When the AdcSrvAcc.exe tool is started with the -restart switch on the command line, the Quest InTrust Server, Quest InTrust Real-Time Monitoring Server and Quest InTrust Agent services are not restarted as expected but just stopped and have to be started manually. If the services are not running when the AdcSrvAcc.exe is run with the -restart switch, only the Quest InTrust Server service starts, while the Quest InTrust Real-Time Monitoring Server and Quest InTrust Agent services still have to be started manually. It is recommended that you don't rely on AdcSrvAcc.exe in restarting these three InTrust services but run it without the -restart switch on the command line and use the Services snap-in, net stop/net start commands or some other tool of your choice to have the services restarted. | CR0153996 | |
| The ItRepConverter.exe command line tool does not make use of the UserName and Password parameters you specify on the command line. Instead, use the runas Windows command to launch ItRepConverter.exe if you want it to use alternative credentials to access the repository. | CR0155375 | |
| Use the Evt2Repository.exe tool to import events only from event
log files saved in the .EVT format with Event Viewer. If you try to point
it to a raw .EVT file the system is writing events to, or the copy of such
a file created outside Event Viewer, Evt2Repository.exe will fail
to import events from this file with the following error:
Cannot convert file. The event log file is corrupted. (Win32 error: 1500) |
CR0155535 | |
| If you use the InTrustPDOImport.exe tool to import an InTrust
configuration object from an XML file exported from InTrust 9.6, the operation
will fail with the following error: XML structure
is incompatible with configuration structure.Reason: The configuration object
'<object_name>' does not contain property 'EDACL'. |
ST49704 | |
| Platform-Specific Issuess | InTrust Monitoring Console does not work on Windows Server 2003 64-bit systems. | ST50685 |
| If you collect event logs from Windows 2008 machines without agents with an InTrust Server running on a Windows 2003 machine, values of some data fields in collected events will not be resolved. Agentless gatherings from Windows 2008 machines should be done by InTrust Servers running on Windows 2008 machines only. | ST53708 | |
| On Windows 2008 machines, if you configure an event log with the Retain old events and Backup log authomatically when full option, InTrust cannot collect events from Archive event logs created by the systems to backup old events on log retention. | ST54044 | |
| When you are in the process of upgrading a multiserver InTrust 9.6 organization deployed in a Windows 2008 domain, only the servers that are already upgraded will be listed in InTrust Manager 10.1 running on a Windows 2008 or Windows Vista machine as InTrust Servers available for connection. | ST54633 | |
|
Internationalization |
||
InTrust agent for HP-UX does not not support the following code pages:
|
ST49820 |
InTrust 10.1 supports upgrade from InTrust 9.6 and 10.0. To upgrade from version 9.0, you should first upgrade your InTrust installation to version 9.6 (as described in the InTrust 9.6 Upgrade Path), and then upgrade from version 9.6 to version 10.1.
For more detailed instructions on upgrading your existing InTrust installations, see the Quest InTrust Upgrade Path document shipped with the version of the product you are upgrading to.
Important:
Agents installed on non-Windows computers are not automatically upgraded. You will have to manually uninstall an existing agent and then manually install the new InTrust 10.1 agent and register appropriate InTrust Server(s) on it (CR0153297, CR0154356).
| Architecture | Intel x86 -OR- Intel 64 (EM64T) -OR- AMD64 -OR- IA64 |
| Operating system | Microsoft Windows XP Service Pack 1 or higher, -OR- Microsoft Windows Server 2003 -OR- Microsoft Windows Server 2003 R2 -OR- Microsoft Windows Vista -OR- Microsoft Windows Server 2008 |
| Additional Software & Services | Microsoft Internet Explorer 6.0 or higher,
Windows Script Host 5.6 or higher, Microsoft Management Console 2.0 Microsoft .NET Framework 1.1 |
| Architecture | Intel x86 -OR- Intel 64 (EM64T) -OR- AMD64 -OR- IA64 |
| Operating system | Microsoft Windows Server 2003 -OR- Microsoft Windows Server 2003 R2 -OR- Microsoft Windows Server 2008 |
| Memory | Min. 512 Mbytes |
| Hard Disk Space | Min. 4 Gbytes when installing all components |
| Additional Software & Services | Microsoft .NET Framework 2.0 |
Notes:
* - a local or remote installation can be used. If you plan to use Microsoft IIS 6.0 or 7.0, make sure ASP extensions are allowed.
** - a local or remote installation of Reporting Services can be used; Microsoft SQL Server 2005 or 2008 Express Edition with Advanced Services is not supported.
For detailed system requirements for all the InTrust components and processed systems, see the Quest InTrust 10.1 System Requirements document supplied on the product DVD.
This release is Unicode-enabled and supports any character set. In this release, all product components should be configured to use the same or compatible character encodings and should be installed to use the same locale and regional options. This release is targeted to support operations in the following regions: North America, Western Europe and Latin America, Japan.
The InTrust release package contains the following products:
Refer to Quest InTrust 10.0 - Installation and Configuration Guide for installation instructions.
Get the latest product information, find helpful resources, test the product betas, and join a discussion with the Quest InTrust team and other community members. Join the Compliance Suite Community at http://compliancesuite.inside.quest.com.
| info@quest.com | |
| Quest Software, Inc. World Headquarters 5 Polaris Way Aliso Viejo, CA 92656 USA |
|
| Web | http://www.quest.com |
Refer to our Web site for regional and international office information.
Quest Support is available to customers who have a trial version of a Quest product or who have purchased a commercial version and have a valid maintenance contract. Quest Support provides around the clock coverage with SupportLink, our web self-service. Visit SupportLink at http://support.quest.com
From SupportLink, you can do the following:
View the Global Support Guide for a detailed explanation of support programs, online
services, contact information, and policy and procedures. The guide is available
at: http://support.quest.com/pdfs/Global
Support Guide.pdf
Note: This document is only available in English.
© 2009 Quest Software, Inc.
ALL RIGHTS RESERVED.
This guide contains proprietary information protected by copyright. The software described in this guide is furnished under a software license or nondisclosure agreement. This software may be used or copied only in accordance with the terms of the applicable agreement. No part of this guide may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying and recording for any purpose other than the purchaser’s personal use without the written permission of Quest Software, Inc.
If you have any questions regarding your potential use of this material, contact:
|
Quest Software World Headquarters LEGAL Dept 5 Polaris Way Aliso Viejo, CA 92656 Email: legal@quest.com |
This product includes software components or involves tools and technologies developed by third party vendors. For copyright and disclaimer notices provided in compliance with the licenses governing third party source code, tools and technologies used in this product, refer to the COPYRIGHTS.txt file distributed with the product.
The information in this document is provided in connection with Quest products. No license, express or implied, by estoppel or otherwise, to any intellectual property right is granted by this document or in connection with the sale of Quest products. EXCEPT AS SET FORTH IN QUEST'S TERMS AND CONDITIONS AS SPECIFIED IN THE LICENSE AGREEMENT FOR THIS PRODUCT, QUEST ASSUMES NO LIABILITY WHATSOEVER AND DISCLAIMS ANY EXPRESS, IMPLIED OR STATUTORY WARRANTY RELATING TO ITS PRODUCTS INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NON-INFRINGEMENT. IN NO EVENT SHALL QUEST BE LIABLE FOR ANY DIRECT, INDIRECT, CONSEQUENTIAL, PUNITIVE, SPECIAL OR INCIDENTAL DAMAGES (INCLUDING, WITHOUT LIMITATION, DAMAGES FOR LOSS OF PROFITS, BUSINESS INTERRUPTION OR LOSS OF INFORMATION) ARISING OUT OF THE USE OR INABILITY TO USE THIS DOCUMENT, EVEN IF QUEST HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. Quest makes no representations or warranties with respect to the accuracy or completeness of the contents of this document and reserves the right to make changes to specifications and product descriptions at any time without notice. Quest does not make any commitment to update the information contained in this document.