2024.3 Release Notes

Release notes for versions prior to 2024.3 are available on the Environment Manager Community Page.

Components in this release

Component	Version
Environment Manager Agent	10.14.0.0
Environment Manager Server	10.14.0.0
Environment Manager Console	10.14.0.0
Database Schema	10.4.220

Important upgrade information

This upgrade section contains functionality changes that have been introduced in Management Center v10.1 or above. Any information that is new to this release is specifically listed as Environment Manager 2024.3.

When upgrading server and database infrastructure it is best to upgrade by no more than two major versions in each step. Upgrading three or four versions in one operation is not a method that has been tested and could produce unexpected behavior.

For further details relating to upgrades and compatibility please refer to the following Ivanti Community article.

Windows Server

Environment Manager 2024.3 Personalization Server requires Windows Server 2012 R2 SP1 or above. Microsoft mainstream support for both Windows Server 2008 and R2 ended on 13 January 2015, and we support Windows Server 2008 R2 beyond this date on a best-efforts basis.

Windows client

Support for Windows XP, Windows Vista, and Windows Server 2008 has been deprecated for the Environment Manager Agent, therefore the Environment Manager 10.x Agent now requires Windows 7 SP1 or above and Windows Server 2008 R2 SP1 or above. Microsoft extended support for Windows XP ended on 8 April 2014, and mainstream support for Windows Vista ended on 10 April 2012.

In addition, both Windows 7 SP1 and Windows Server 2008 R2 SP1 must be updated to support SHA-256.

For details on SHA-256 requirements, please refer to this Ivanti Community article.

SQL Server

Support for SQL Server 2008 and 2008 R2 has ended. The Environment Manager 10.x Personalization Server requires SQL Server 2012 SP2 or above. Microsoft mainstream support for SQL Server 2008 and R2 ended on 8 July 2014.

Please refer to 2024.3 Release Notes for further details.

Product licensing

Environment Manager 10.x and above requires a v2 product license key, and this key must be deployed to all endpoints to which the Environment Manager v10.x Agent is deployed. The new license key can be installed alongside the existing 8.x license key and should be deployed at the same time or before the Environment Manager Agent is deployed. The new license key is deployable via Management Center 10.x and is available from Ivanti Licensing Support.

For further information on Licensing queries, refer to this Ivanti Community article.

User personalization data

Introduced in Environment Manager 10.0, Personalization Groups are no longer used as a container for user personalization data. Personalization Groups are now only used for assigning settings to users. If a user falls into a different Personalization Group due to a membership rule changes, or Personalization Group hierarchy changes, or because Active Directory changes, their personalization data moves with them automatically.

During the upgrade process, user personalization data that may have been orphaned due to user movement between Personalization Groups in the past will be merged. Where there is a conflict, the most recent user personalization data will be used. Pre-upgrade SQL scripts are included with the Personalization Server installation package to show the impact of any changes prior to upgrade.

File-based registry (FBR)

Environment Manager 8.x utilized a file-based registry (FBR) to personalize virtualized registry keys and values. In version 10.x, the FBR mechanism has been replaced with registry hives for efficiency and performance. FBR files created in 8.x versions of Environment Manager will not be upgraded until the global setting.

UpgradeFbrToHive is set to True. Once the UpgradeFbrToHive has been set to True (Not Reversable), the FBR files on the endpoints will be converted to registry hives at next logon or application launch. The old FBR files will remain in place for a period of at least 30 days, after which time they will be deleted if they have not been accessed by version 8.x agents.

For customers who want to stage the implementation of the New Registry Hive format from 8.x, you could first enable the UpgradeFbrToHive setting to True after Server Upgrade to 10.1 FR1 and then target specific Endpoints for 10.1 FR1 Agent deployment in controlled manner (via our Management Center for example).

Please note that in this scenario, if a user roams between 8.x and 10.1 FR2 Agents, the 8.x Agent will continue using the Legacy FBR and the user settings are partitioned between 8.x FBR & 10.x Hive formats.

Personalization Operations

If you are upgrading from an older version of Personalization Operations, please note that some updates to the software affect HTML files which may have an extended cache expiry time. To force a full refresh following upgrade, users are advised to refresh their browser's cache. From the Personalization Operations console, press Ctrl + F5.

SQL Server Certificate validation for Personalization Server

The Server Configuration Portal (SCP) now enables greater security for communications between the Personalization Server and its respective SQL Server instance. This is set up when creating the database connection in the portal, and existing connections may be changed to use these options. The options are shown as checkboxes, and they are:

• Encrypt Connection - all data transfers between the server and SQL are encrypted. This might have a performance impact

• Validate Server Certificate - the Personalization Server must trust the certificate that SQL Server uses for encryption, that is, the SQL certificate must be signed by a root certificate in the Personalization Server’s trusted root store. Also, the DNS name on the certificate must match the name used by Personalization Server for the SQL instance.

The ‘Validate Server Certificate’ option also requires ‘Encrypt Connection’ to be set on.

The SCP checks for a valid server certificate when ‘Validate’ is selected and will use these options to communicate with SQL server when setting up.

Without these options only SQL login messages are encrypted, and if SQL authentication is used there is a risk that a spoofed certificate used in an exploit may reveal login details to the database. In this case it is recommended that windows authentication be used for the configuration and service accounts.

For setup via PowerShell cmdlets, the default security remains the same (for backward compatibility), but relevant cmdlets have the new parameters -ValidateServerCertificate and -EncryptConnection added to support the new feature.

On setup, the Personalization Server will use these options for all communications with SQL Server.

New Features and Product Updates

To learn more about the latest features and improvements, please navigate to the "What's New" page in our product's online help documentation.

Customer bugs fixed

Article ID	Title
000091191	Environment Manager system messages are not being suppressed.
000091460	Profile migration fails to import or export application groups.
000091925	Error displays when moving computer trigger nodes.
000092036	Environment Manager Policy configuration takes a long time to save.
000092074	Environment Manager "unmap printer" action not working.
000092188	Environment Manager 2024.1 Agent increases logon time for large configurations.
000092503	Service account incorrect variances in Server Configuration Portal.
000092741	Personalization operations 500 error on SQL managed instance.
000092812	EMPMigrate failed to update last login on existing user.
000092842	Group policy import feature incorrectly imports policies outside of Windows settings templates.
000091171	Duplicate Environment Manager configuration folders and files created in Windows temp folder.
000091190	Personalication analysis error: FBR: Failed to read data, unable to cast object of Type 'FBRStringdata' to type 'System.String'.

Known issues and limitations

The known issues and limitations are detailed on the Ivanti Community site.

Supported operating systems and technologies

The supported operating systems and technologies are detailed in the Environment Manager Maintained Platforms Matrix.

For previous versions, please refer to the Online version of the release notes.

Required utilities and components

Component	Required utilities and components
Database Server	Microsoft SQL Server 2012 SP2 or above – all editions Microsoft SQL Server 2014 SP1 or above – all editions Microsoft SQL Server 2016 or above – all editions
Personalization Server	Microsoft Windows Installer 5.0 .NET Framework 4.8 Web Server (IIS): Common HTTP Features: Default Document Directory Browsing HTTP Errors Static Content HTTP Redirection Performance Static Content Compression Security: Request Filtering Basic Authentication IP and Domain Restrictions Windows Authentication Application Development: .NET Extensibility 4.8 ASP.NET 4.8 ISAPI Extensions SAPI Filters Management Tools: IIS Management Console IIS Management Scripts and Tools .NET Framework 4.8 Features: .NET Framework 4.8 ASP.NET 4.8 WCF Services: HTTP Activation TCP Port Sharing IIS URL Rewrite Module 2 Windows PowerShell 3.0 or above Microsoft Core XML Services (MSXML) 6.0 Microsoft Visual C++ 2022 Redistributable
Console	Microsoft Windows Installer 5.0 Microsoft .NET Framework 4.8
Client	Microsoft Windows Installer 5.0 XML Lite 1.0.1018.0 Microsoft Core XML Services (MSXML) 6.0 Microsoft Visual C++ 2022 Redistributable

Please ensure that your endpoints are fully up to date with the latest Microsoft patches.