Chat now with support
Chat with Support

Foglight for Active Directory 5.8.3 - Release Notes

Resolved issues and enhancements

Resolved issues and enhancements

This 5.8.3 release of Foglight Active Directory accompanies the release of Foglight Evolve 9.3 and Foglight for Virtualization, Enterprise Edition 8.9.3. This release does not include any resolved issue or enhancement.


Deprecated features

Deprecated features

Foglight for Active Directory no longer supports Monitored Domain Controllers Windows Server® 2003.

 


Known issues

Known issues

The following is a list of issues known to exist at the time of this release.

Defect ID

Known Issue

 

AD-619

Memory Utilization shows a negative value.

Workaround: After changing the memory, restart the Active Directory agent to refresh the memory capacity.

 

AD-759

When host provider has been selected as VMware cartridge/Hyper-V cartridge, though the host provider will be changed to IC /Active Directory cartridge later, datastore metrics still display on Exchange Explorer Resource Utilization dashboard.

 

n/a

Metrics that do not have generally accepted thresholds for alarms are configured as trend alarms.

The significance of trends is dependent on the environment and default settings may generate many meaningless alarms in a busy environment, while failing to fire at all in a smaller environment.

Workaround: We recommended that the administrator allow the agent to collect values over an adequate period of time to observe normal performance and then adjust trend alarms to fire at suitable thresholds.

 

n/a

In some circumstances, DCs on Windows Server 2012/2012 R2 systems may experience high CPU usage when monitored by the Active Directory agent. This issue only appears when using WinRM connections.
Workaround: Using WMI/DCOM connections prevents this issue. For details, see Troubleshooting.

 

n/a

Starting from version 5.7.2, Foglight for  Active Directory trusts (by default) any certificates for secure LDAP connections in non-FIPS mode, and does not require users to import the SSL certificate any longer. The only case when users need to import the certificate is when they set the vm parameter "quest.ldap.ssl.trustAnyCert" as False to disable any certificate trust. For detailed information on how to import certificate, refer to Managing certificates section in Foglight for Active Directory User and Reference Guide.

 

n/a

Microsoft has announced Active Directory LDAP Channel Binding and LDAP signing requirements (https://support.microsoft.com/en-sg/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows). Active Directory and Exchange agents are not supported to connect to LDPA service with non-SSL or TLS-encrypted connection. Below error message will be found in the agent log:
Credential LDAP connectivity test failed: UPN: exc@2016dag.fog.local, error message: javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C090202, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v2580 ]
Workaround:
1. Import your root certificate into both FMS and FglAM server. For detailed information on how to import certificate, refer to Managing certificates section in Foglight for Active Directory User and Reference Guide.
2. Select enable SSL for LDAP in agent properties and restart the agent.

 

n/a

Microsoft has announced Active Directory LDAP Channel Binding and LDAP signing requirements (https://support.microsoft.com/en-sg/help/4520412/2020-ldap-channel-binding-and-ldap-signing-requirement-for-windows). Below error message will be found in the Certificate Authority (CA) agent log, but agent can collect data normally:
Credential LDAP connectivity test failed: UPN: exc@2016dag.fog.local, error message: javax.naming.AuthenticationNotSupportedException: [LDAP: error code 8 - 00002028: LdapErr: DSID-0C090202, comment: The server requires binds to turn on integrity checking if SSL\TLS are not already active on the connection, data 0, v2580 ]

 

n/a

For Windows server 2019 DCs and Certificate Authority, only connecting via WinRM is supported at this release.

 

 


Third party known issues

Third party known issues

The following is a list of third party issues known to exist at the time of this release.

Defect ID

Known Issue

AD-41

The automatic reboot feature of Windows® updates may not allow enough time for the Foglight Management Server (FMS) to shut down correctly. This can result in broken agents when the service is restarted.

Workaround: Manually stop the FMS before performing updates.

 


Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating