After checking the file versions, it appears that 5520 SP1 does not include Hotfix 15 for 5520. Why? Hotfix 15 is for 5520, not for 5520 SP1. So, are you to apply Hotfix 15 for 5520 and 5520 SP1?
This gets even worse. If you have installed hotfix 15 to version 5520 then upgrade to SP1, it will remove the hotfix from the remote agent installation. The hotfix files will still be on the server but your installs of the remote agent will not include hotfix 15. Hotfix 15 is a security vulnerability too! When you install SP1 for 5520, it replaces the RAWS.msp file in the RANT install with an outdated one. You want the RAWS.msp file that comes with hotfix 15 to make sure you get the latest files with the security patch. After installing 5520 SP1, you need to install hotfix 15 again so the RANT installs are correct. Otherwise your Media server will be patched and all new RANT installs will not.
So I have yet another update on this subject. I just assumed that reinstalling Hotfix 15 would correctly replace the RAWS.msp file with the correct one. It DOES NOT. If you are running 5520 with hotfix 15 installed and then upgrade to 5520 SP1, the Media server does stay patched. 5520 SP1 will however over write the RAWS.msp file in the RANT install with an older one with outdated files. If you reinstall Hotfix 15 to 5520 SP1, it does not correctly replace the RAWS.msp file with the new one. It will leave the older (SP1) RAWS.msp. This means that all Remote Agents installed after your upgrade to SP1 will not be patch with the security vulnerability. The SP1 RAWS.msp is dated 7/19/2005. The hotfix 15 RAWS.msp file is dated 8/13/2005. An easy way to tell if your remote agent installs are installing the right thing is to look at the beremote.exe version on the client (not the media server). Even with SP1 installed, it will be 10.5520.0. If hotfix 15 is correctly installing with the agent install, beremote.exe will be 10.5520.15.
Veritas has a serious problem on their hands because if you were already running 5520 hotfix 15 and upgraded to SP1, there is not way to install patched clients unless you have a backup of the prior RANT directories. If you install 5520 SP1 then hotfix 15 for the first time, it appears to work. Veritas has to come out with a hotfix for 5520 SP1 that will patch the security vulnerability.
I'm placing a phone support call with veritas now to let them know of the issue.
Wonderful. Jut great after I installed the client onto 200 windows servers. Does anyone know which hotfixes ARE included in build 5520? I scoured the BE website and was unable to find much info at all. I personally find that quite negligent as it is important info considering thier recent security hole issue.
I checked every hotfix one by one that was put out for 5520 and the build number of every file. It looks like to me that every hotfix except 15 was included in SP1. They pulled a major mess up with the security vulnerability. They will need to release a patch for SP1 ASAP.
BTW - I called into tech support this morning at 8am MST to make them aware of this problem. I still have not received a call back 6 and 1/2 hours later. I even called them with a current VSN and everything. Go Vertias support!
Thanks for the quick responce Paul. I had a DirectAssist case open about this (silly me) - they told me to check the file versions to figure it out. I said something to the effect of "I dont think so" at which point they asked for a BEDiag report. *shakes head* This is such simple info to relay instead of wasting our time on nonsence.
Sad that another user is a better resource than thier tech support. Thank you very much for the info though, Ill DL and install hotfix 15 and start over. Really is annoying as it refueses to remember my credentials properly so I have to retype them again... 200 times. *sigh*
Please note that if you had hotfix 15 installed with 5520 then upgraded to SP1, the hotfix will not install correctly. It does not replace the RAWS.msp file. I verified this twice in my test lab. The only way to get to SP1 with hotfix 15 is if you did not have hotfix 15 installed to begin with. If you were running 5520 without hotfix 15, installed SP1, then hotfix 15 (which is not even for SP1...hahaha) then it works. You can check your environment my looking at the RAWS.msp file in the ....\Agents\RANT32 install folder. The version you don't want is dated 7/19/05. The version you do want is dated 8/13/05.
Fortuantely for me I went 5484 to 5520 and SP1 installs back to back and now want to put on hotfix 15, though I think I might wait a day or 2 now as I'm a little afraid if something else may break for future installs based on what youre seeing here. Thanks again.
BTW, after escalating my issue to a different DirectAssist rep (I still dont know why the first guy was unable to tell me), I was told that SP1 includes the following hotfixes for 5520:
That's what I would say. I put in a support call to discuss this with Veritas on Monday. I got an email at 11:30pm Monday night explaining they were just about to call but was outside my business hours so they were not. Didn't get a call from them yesterday. I called back today to see if I could get things rolling again and all they would say is they would schedule another call back. So, I'm assuming I'll get another email in the middle of the night saying they aren't going to call. Somebody there has to eventually figure it out.
For those of you following this, I talked with Veritas on Wed. They tested and have verified what I was seeing is true. They said they would issue a patch as soon as possible.
Please let us know if we can mark this case as assumed answered .
NOTE : If we do not receive your intimation within two business days, this post would be marked assumedanswered and would be moved to the answered threads pool.
