Week 34 - 2022
| | Weekly highlight: ESC-33274 - Elevated CPU usage on Workspace ONE UEM Database after upgrade to 2206 (89338) - Upon upgrading to Workspace ONE UEM 2206, your environment may exhibit elevated CPU usage on the database server. This can lead to latency in communications between Workspace ONE UEM and your managed devices
- This can lead to performance degradation and latency in device and administrator interactions with Workspace ONE UEM.
- Our Product team has been notified and is working to address this issue in a timely manner. Please subscribe to this article to be notified when an update is available.
In the interim:
- Shared SaaS and Dedicated SaaS (Latest Mode): the rollout of Workspace ONE UEM 2206 has been paused
- Dedicated SaaS: The upgrade scheduler has been updated and scheduling an upgrade to Workspace ONE UEM 2206 is temporarily disabled. If you have previously scheduled an upgrade for your Dedicated SaaS environment, you may submit a support request to have the upgrade cancelled/postponed
- On-premise: The installer for On-premise customers for this version has been retracted from the myWorkspaceONE portal temporarily
Workspace ONE UEM FedRAMP: Upcoming Cipher Suite Update (89312) - Ensuring protection of data-in-transit is a key priority for all communication paths that integrate with Workspace ONE UEM (Unified Endpoint Management). To continue to deliver on that promise, VMware continually reviews and updates the associated cipher suites that are available within our SaaS hosted solutions. In an upcoming change window VMware will be restricting the available cipher suites used on all FedRAMP Workspace ONE UEM hosted endpoints.
- https://kb.vmware.com/s/article/89312?lang=en_US&source=email
Horizon 2206 fails to connect to vCenter (89331) - Horizon 2206 Connection Server fails to validate the server certificate of a vCenter instance, preventing a successful connection.
This can happen even if an older version of Horizon can connect successfully using the same certificate.
In the Connection Server debug log, an SSLHandshakeException is logged due to "Certificates do not conform to algorithm constraints." - In Horizon 2206, the list of acceptable certificate signature schemes has changed and may no longer include the algorithm used to sign the vCenter certificate.
- The list of signature schemes can be modified by editing LDAP attribute pae-SSLClientSignatureSchemes under cn=common,ou=global,ou=properties.
The format of this attribute is a single string that begins "\LIST:", followed by one or more comma-separated scheme names.
For example: pae-SSLClientSignatureSchemes = \LIST:rsa_pkcs1_sha256,rsa_pkcs1_sha384,rsa_pkcs1_sha512
It is not necessary to restart any service after making this edit.
In the example above, "rsa_pkcs1_sha256" corresponds to SHA256withRSA, "rsa_pkcs1_sha384" to SHA384withRSA and "rsa_pkcs1_sha512" to SHA512withRSA.
IMPORTANT: The new list must include at least rsa_pkcs1_sha256 and rsa_pkcs1_sha384 to avoid breaking other outgoing connections. - More Info in KB: https://kb.vmware.com/s/article/89331?lang=en_US&source=email
ESC-33274 - Elevated CPU usage on Workspace ONE UEM Database after upgrade to 2206 (89338) - Upon upgrading to Workspace ONE UEM 2206, your environment may exhibit elevated CPU usage on the database server. This can lead to latency in communications between Workspace ONE UEM and your managed devices
- This can lead to performance degradation and latency in device and administrator interactions with Workspace ONE UEM.
- Our Product team has been notified and is working to address this issue in a timely manner. Please subscribe to this article to be notified when an update is available.
In the interim: - Shared SaaS and Dedicated SaaS (Latest Mode): the rollout of Workspace ONE UEM 2206 has been paused
- Dedicated SaaS: The upgrade scheduler has been updated and scheduling an upgrade to Workspace ONE UEM 2206 is temporarily disabled. If you have previously scheduled an upgrade for your Dedicated SaaS environment, you may submit a support request to have the upgrade cancelled/postponed
- On-premise: The installer for On-premise customers for this version has been retracted from the myWorkspaceONE portal temporarily
- Please follow: https://kb.vmware.com/s/article/89338?lang=en_US&source=email
FCA-203819 - Workspace ONE UEM - Access error when navigating to Exports page (89334) - Navigating to the Monitor > Reports and Analytics > Exports page in the Workspace ONE UEM console while logged in with a custom or system role may result in the page not loading and showing a "This door is locked" error.
- The Exports page in the Workspace ONE UEM console has been migrated to a new UI framework that requires a specific admin permission to view. Navigating to this page without the proper permission will result in a "This door is locked" error. By default, most system roles will already have this required permissions, but some custom and system roles may not.
- Pages that are migrated to the new UI framework require a set of admin permissions to load the components of and give access to the page. Without the correct permissions in the current admin's role, the page will show a "This door is locked" error.
- Our product team has been engaged and is actively working to resolve the issue. Please subscribe to this article to be notified when an update is available.
- Workaround in KB https://kb.vmware.com/s/article/89334?lang=en_US&source=email
MACOS-3206 certain Apple Silicon macOS devices leveraging a randomized managed administrator password cannot be accessed with the current password (89299) - This issue affects certain Apple Silicon macOS devices that are enrolled via Automated Device Enrollment with Apple Business or School Manager, if a managed administrator account is configured with a randomized password. In some cases, if you attempt to log into the administrator account with the current password, the log in attempt may fail with an incorrect password.
- The Workspace ONE team has engaged Apple and is working to identify root cause and resolution.
- If this issue occurs, rotating the password again appears to resolve this issue. This can be done in two ways:
- Leverage the Workspace ONE UEM REST API to immediately rotate the managed administrator password for the target device. This can be done with one of the following API endpoints:
- /mdm/devices/{deviceId}/commands?command=RotateDEPAdminPassword
- /mdm/devices/commands/RotateDEPAdminPassword/device?searchBy={searchByParam}&id={Id}
- Alternately, simply by viewing the current managed administrator password for the target device in the Device Details page of the Workspace ONE UEM Console, a rotate command will automatically be issued to the device after a grace period of 8 hours. After this grace period occurs and you verify that the device has processed the command, attempt to log in using the new password.
- KB-Reference: https://kb.vmware.com/s/article/89299?lang=en_US&source=email
Highlighting High Priority KBs - HW-156875 - Patch instructions to address CVE-2022-22972, CVE-2022-22973 in Workspace ONE Access Appliance (VMware Identity Manager) (88438)
CVE-2022-22972, CVE-2022-22973 have been determined to impact Workspace ONE Access (VMware Identity Manager). These vulnerabilities and their impact on VMware products are documented in the following VMware Security Advisory - VMSA-2022-0014 , please review this document before continuing - Announcing end of support for device administrator (Android Legacy) in Workspace ONE UEM (80971)
To align with Google’s strategy and ensure VMware’s investment in the right long-term solution for Android, as of March 31st, 2022, VMware will no longer support device administrator-based management on Android (referred to as Android (Legacy) in the Workspace ONE UEM console). - VMware Tunnel Proxy End of Support Life Announcement (87345)
VMware is announcing End of Support Life for the Tunnel Proxy component of the VMware Tunnel solution. This will be effective January 30, 2023. - VMware Workspace ONE UEM New Control Plane SaaS Deployment Schedule (86243)
Workspace ONE UEM has undergone a complete re-architecture to modernize the platform using microservices and containers to enable increased scalability and performance and increase the rate of innovation. Now after having conducted significant and careful testing, these architecture updates, including a new control plane, will be deployed to UEM SaaS environments over the next several weeks, with options available to on-premise customers after this roll-out (Later in 2022).
Recently updated KBs Digital Workspace Techzone, Blog and YouTube Updates 3rd Blog Updates & Industry News
Patch & Seed Script Updates Week34-2022 - OS Updates Seed Script
- Seed Script for latest Device Model Information
- Custom Script to Allow Android 12 enrollments into Workspace ONE UEM Console
| |
| |
|
|
Comments
Post a Comment