Symantec Mobile Management 7.2 SP3 MR1 Release Notes

(1)

Symantec™ Mobile

(2)

Symantec™ Mobile

Management 7.2 SP3 MR1

Release Notes

This document includes the following topics: ■ About Mobile Management

■ What's new in Mobile Management 7.2 SP3 MR1

■ Fixed issues in Symantec™ Mobile Management 7.2 SP3 MR1

■ Known issues for Symantec™ Mobile Management 7.2 SP3 MR 1

■ Product documentation for this version

■ Mobile Management requirements

■ Network ports used by Mobile Management

■ Upgrading Symantec Mobile Management

■ Installing Mobile Management

About Mobile Management

(3)

Management Platform to simplify the management of and communication with the devices in your environment.

What's new in Mobile Management 7.2 SP3 MR1

The 7.2 SP3 MR 1 release of Symantec Mobile Management resolves several issues found in previous releases. See the Fixed Issues list for more information.

Fixed issues in Symantec™ Mobile Management 7.2

SP3 MR1

The following issues from previous releases are fixed in this release. ■ Re-enrolled devices are unable to install MDM profile.

■ Inventory for iOS7 devices doesn't show a valid MAC address.

■ Automated policy evaluation for some iOS devices ends prematurely, failing to complete.

■ Exchange ActiveSync setup: Better alignment between Implentation Guide, KB articles, and the EAS.BAT tool.

■ Blackberry: Unauthorized devices is displaying all versions of BB devices as unsupported OS.

■ Android device location not being reported.

■ Regular policy evaluation and automated push fails for iOS 6 and iOS 7 devices. ■ In the Wifi profile, once you select a SCEP server or certificate, you are unable

to deselect it and make a different choice.

■ In the VPN profile, once you select a SCEP server or certificate, you are unable to deselect it and make a different choice.

■ Wifi password is displayed in the NT_Demand log file.

■ iOS profile's debug logs show passwords located in profiles in plain text. ■ Unable to bootstrap Windows Mobile. Windows Mobile devices attempt to obtain

agent bootstrap files from wrong virtual directory path name.

■ The ExpirationDate field in Inv_Symantec_Mobile_Provisioning_Profile_iOS is emptied upon upgrade from SP2 to SP3

■ Samsung SAFE devices show device safe status = False in Device Information screen. Issue resolved by installing the SMM SAFE Agent.

■ iOS device shows as not compliance when Agent EULA is set to not required.

3 Symantec™ Mobile Management 7.2 SP3 MR1 Release Notes

(4)

■ nlog configs for log rotation are incorrect.

■ Provisioning profiles are not delivered to iOS devices when targeted in a policy. ■ In certain regions, Windows Phone can not enroll because

SymantecMMService.exe cannot process lattitude and longitude values that use commas.

■ Certificate payload in Samsung SAFE causes devices to stop communicating with the MMS.

■ App-installed or iPCU-installed provisioning profiles are removed from the device when in Supervised mode and same profile is also targeted from SMM. ■ Samsung SAFE profiles are not removed from device when the agent is

uninstalled.

■ Add support for Samsung SAFE WiFi Configuration. ■ Add support for Samsung SAFE VPN Configuration. ■ Samsung SAFE payload password shown in debug logs.

■ Android device receives Wipe TouchDown command at policy check-in.

Known issues for Symantec™ Mobile Management

7.2 SP3 MR 1

The following are known issues for this release. Table 1-1

Workaround Cause

Issue

Use a shared-key value that is at least eight characters long. Do not leave the field empty.

The SAFE Wifi PSK shared-key must be eight characters or longer. The field cannot be empty.

Samsung SAFE: Wifi PSK profile doesn't install on device- shows error: Samsung

WifiManager.setNetworkPSK() failed

Re-enroll the agent. Changes to device

identification method between agent versions.

Upgrade to to agent causes agent to reset.

None at this time. Investigating

Samsung SAFE: Blocked Hardware Keys does not work on device.

(5)

Table 1-1 (continued)

Workaround Cause

Issue

N/A SAFE API implementation varies by device. Samsung SAFE: The Peak

Sync Interval and Off Peak Sync Interval settings options do not match the options on the device

Product documentation for this version

The following documents are available for this version of Symantec Mobile Management:

■ Symantec Mobile Management 7.2 SP3 Release Notes (this document).

http://www.symantec.com/docs/DOC7178

■ Symantec Mobile Management 7.2 SP3 Implementation Guide

■ Symantec Mobile Management 7.2 SP3 Quick-start Guide

Mobile Management requirements

The following table describes the requirements of each Mobile Management component.

Table 1-2 Mobile Management requirements

Requirement and description Component

■ Symantec Management Agent.

■ Web Server (IIS) that corresponds with your operating system. IIS must also have the role defaults and Role Service IIS 6 Management compatibility.

■ .NET Framework that corresponds with your operating system and IIS.

■ ASP.NET.

■ Apple Push Notification Service (APNS) certificate.

■ Microsoft Message Queuing Mobile Management Server

(6)

Table 1-2 Mobile Management requirements (continued) Requirement and description Component

■ Internet Explorer 7.1 or later.

■ Silverlight 4.x/5

■ Java Runtime Environment Symantec Management Console

■ iPhone 3G, 3GS, 4, 4S, and 5 running iOS 5.0 or later

■ iPod Touch 2nd generation, 3rd generation, and 4th generation running iOS 5.0 or later

■ iPad running iOS 5.0 or later

Note:Mobile Management Agent 5025 and later for iOS 6 and iOS 7 only.

■ Android 2.2 or later

■ Samsung SAFE devices.

■ Windows Mobile 6.0, 6.1, and 6.5 Professional and Standard

■ Windows CE 4.2 to 6.0

■ Windows Phone 7.5, 8.0

■ Blackberry OS 4.3 to 6.0

A complete "agent compatibility by platform" matrix is available at

www.symantec.com/docs/TECH206740. Mobile Management Agent

■ Windows Server 2008 R2, R2 SP1- 64-bit only. (Core Edition not supported.)

■ SQL Server 2005 or 2008

■ IIS 6.0

■ .NET Framework 3.0

■ Symantec Management Platform 7.1SP2, 7.1 SP2 MP1-MP1.1, 7.5

Symantec Management Platform server

See SQL Server documentation. Microsoft SQL Server

See Active Directory documentation. Active Directory

See LDAP documentation. LDAP

See SLL documentation. Trusted SSL web server certificate

See Certificate Authority documentation. Certificate Authority

See SCEP documentation. SCEP

(7)

Table 1-2 Mobile Management requirements (continued) Requirement and description Component

Exchange ActiveSync integration software requirements:

■ Microsoft Exchange 2007 SP1 or SP2 with Exchange Server 2007 Management Tools or Microsoft Exchange 2010 SP1 or SP2 with Exchange Server 2010 Management Tools

Note:Exchange ActiveSync access control integration with F5 BIG-IP LTM and EAS ABQ rules supported on Exchange 2010 only.

■ Microsoft Windows Management Framework, specifically Windows PowerShell 2.0

See Microsoft Exchange ActiveSync documentation for Exchange ActiveSync requirements.

Microsoft Exchange ActiveSync

SeeGoogle Cloud Messagingdocumentation Google Cloud Messaging (GCM)

Additional requirements exist for Data Loss Prevention. See Symantec Data Loss

Prevention for Tablets Solution Guide for VPN On Demand Enforcement, which is

available at the Symantec Data Loss Prevention knowledge base.

Network ports used by Mobile Management

The following table describes the ports that are used by Mobile Management: Table 1-3 Network ports used by Mobile Management

Description To

From Port

IIS HTTP for agent communication, IIS HTTPS for agent communication (optional) Mobile Management Server Agent 80, 443 Remote control connection Mobile Management Server Agent 7780 7 Symantec™ Mobile Management 7.2 SP3 MR1 Release Notes

(8)

Table 1-3 Network ports used by Mobile Management (continued) Description To From Port APNS communications to Apple by APNS servers Apple Push Notification Service Agent 5223 APNS communications to agent by APNS servers Apple Push Notification Service Mobile Management Server 2195, 2196, 5223 Remote control connection Mobile Management Server Symantec Management Platform Server 7778 IIS HTTP Symantec Management Platform Server Mobile Management Server 80, 443 Console Symantec Management Platform Server Symantec Management Console browser 80, 443 Remote control connection Mobile Management Server Symantec Management Console browser 7778 Database Microsoft SQL Server Symantec Management Platform Server Standard SQL ports SMP Client Task Agent communications

Note:If these ports are not available, the Client Task Agent will fail-over to use HTTP-HTTPS for communications. Mobile Management Server Symantec Management Platform Server 50120-50124 Google Cloud Messaging (GCM) communications Google Cloud Messaging (GCM) Mobile Management Server 80 8 Symantec™ Mobile Management 7.2 SP3 MR1 Release Notes

(9)

Table 1-3 Network ports used by Mobile Management (continued) Description To From Port Microsoft notification server communication Microsoft Push Notification Server Mobile Management Server 5087, 5061

Upgrading Symantec Mobile Management

Use the following procedure to update to latest version of Symantec Mobile Management:

Prerequisites for upgrading to Symantec Mobile Management

7.2 SP3

■ Upgrading to version 7.2 SP3 is only supported from version 7.2 SP2. If your current installation is an earlier version that 7.2 SP2, you must first upgrade to 7.2 SP 2. Be aware of the following warnings:

Warning:The update to Symantec Mobile Management 7.2 SP1 or later from 7.2 or earlier can result in the loss of WiFi connectivity for managed iOS devices. The managed devices that have a WiFi profile are affected. Read the knowledge base articleTECH194739Loss of Device Wi-Fi Communication After Upgrade of SMM to 7.2 SP1 for more information about this issue.

Some installations may also lose authentication services. For more information and instructions to correct the problem, see the Symantec knowledge base article TECH197019,Authentication stops working after upgrading to Symantec Mobile Management 7.2 SP1.

Warning:If using F5 rules and your environment has custom iRule requirements, manually remove the iRule cache file

(C:\ProgramData\Symantec\MobileManagement\eas_rule.txt). Replace this cache file with the new version by running the

NS.Quarter-Hour{5834ae07-1160-4037-8a25-67aebf6a254e} scheduled task after upgrading. Replacing the cache file allows the iRule definition version to update to the new version. The iRule definition version is not automatically changed during an upgrade to the latest Symantec Mobile Management version. TouchDown configuration fails as a result.

(10)

To upgrade Symantec Mobile Management

1

Log in as the service account (application identity) and make sure that it has local admin rights.

2

You upgrade Mobile Management through the Symantec Installation Manager. Go to Start > All Programs > Symantec > Symantec Installation Manager. Right-click the Symantec Installation Manager and select Run as administrator.

3

On the Installed Products page, click Upgrade installed products..

4

Select Symantec Mobile Management with the correct version number of the upgrade, and click Next.

5

On the Optional Installations page, click Next

6

Accept the EULA and click Next.

7

On the Contact Information page, click Next.

8

Verify the installation details and click Next.

9

On the Installation Complete page, click Finish.

Note:After an upgrade, Exchange ActiveSync configuration is lost. If using EAS, you must rerun the eas.bat batch file after the upgrade to restore the EAS server information. Then, you can re-configure EAS functionality. For more information about the eas.batch file, see the Symantec knowledge base article TECH201454,

Configuration of EAS Integration Using the EAS ConfigTool.

During an upgrade, the database is locked, and communication between the Symantec Management Platform Notification Server and the site server is stopped. The site server still attempts to communicate with the Notification Server computer. This situation can cause errors and issues. After you install Mobile Management 7.2 SP3, you must upgrade Mobile Management servers manually in the Symantec Management Console to complete the upgrade. Use this procedure to upgrade Symantec Mobile Management servers:

Upgrading the Mobile Management Server manually

1

In the Symantec Management Console, click Home > Mobile Management

> Settings > Mobile Management Server Settings

2

In the right pane, highlight the site server and then on the toolbar, click

Upgrade.

3

Repeat Step 2 for each server.

4

Click Save changes

(11)

For more information about upgrading the products that use the Symantec Management Platform, see Symantec Knowledge-base article HOWTO 44338,

Installing an update or an additional product.

Installing Mobile Management

You install this product by using the Symantec Installation Manager. You can download the installation files directly to your server or you can create offline installation packages.

Note:Symantec recommends configuring SSL communication in the server environment (Symantec Management Platform Server and site server). Configuring SSL communication protects data, process communications, and account information that is transferred between the servers.

For more information, see the IT Management Suite Implementation Guide at

http://www.symantec.com/docs/DOC3464.

For detailed information about installing and setting up Mobile Management 7.2 SP3 MR1, see the Mobile Management 7.2 SP3 Implementaion Guide at:

http://www.symantec.com/docs/DOC6826.