Jump to content
bigdog09

Automate - Patch Upgrade Guide

Recommended Posts

On 4/30/2018 at 12:04 PM, bigdog09 said:

This patch is required

We are on v12 patch 12 (12.0.12.496).  As of tonight, https://university.connectwise.com/university/AutomateResources/ProductsAndUpdates.aspx doesn't show 2019.2 yet for us but does show a new patch 12 (12.0.12.497).  Presumably that's the hotfix mentioned at https://forums.connectwise.com/community/automate_hotfixes/f/automate-hotfixes-forum/43420/please-take-action-on-your-automate-server

.

Share this post


Link to post
Share on other sites
On 2/9/2019 at 8:35 PM, SteveYates said:

We are on v12 patch 12 (12.0.12.496).  As of tonight, https://university.connectwise.com/university/AutomateResources/ProductsAndUpdates.aspx doesn't show 2019.2 yet for us but does show a new patch 12 (12.0.12.497).  Presumably that's the hotfix mentioned at https://forums.connectwise.com/community/automate_hotfixes/f/automate-hotfixes-forum/43420/please-take-action-on-your-automate-server

19.0.2 is a very solid patch, it is highly recommended to take it before Mar 9. It won't hurt anything besides needing agents upgraded. Depending on how many endpoints you have, it would be a good idea to get that going as ASAP as possible, as any agents before the 19.0.2 version will cease to check in, regardless of OS. 

You can directly install 19.0.2 via this exe: http://labtech-msp.com/release/AutomatePatch_19.0.2.58.exe

Share this post


Link to post
Share on other sites
On 2/9/2019 at 10:35 PM, SteveYates said:

We are on v12 patch 12 (12.0.12.496).  As of tonight, https://university.connectwise.com/university/AutomateResources/ProductsAndUpdates.aspx doesn't show 2019.2 yet for us but does show a new patch 12 (12.0.12.497).  Presumably that's the hotfix mentioned at https://forums.connectwise.com/community/automate_hotfixes/f/automate-hotfixes-forum/43420/please-take-action-on-your-automate-server

 

.

Sorry for the late response, but @Ban-Hammer is correct. Follow the link that he provided or the link under the Patch name in the OP to download it. Patching a CWA server is actually relatively easy, so I'll add the steps below and edit them into the original post.
 - Download the patch to the CWA server (patch is linked in the OP or if you're on Slack then open up a DM to yourself and type `!patch 19 2` to get an auto-response with the patch link.)
 - Right click the .exe and select properties
 - Click the "unblock" option at the bottom and then click ok
 - Right click the .exe again and select 'Run as Admin'
 - Allow the prompt to finish and verify that it says the patch installed correctly
 - Open the Control Center (it should auto update to the latest CC therefore making you initially log in twice - If not then you need to adjust the dashboard settings to enable that)
 - When The Control Center loads go to Help > About
 - Verify that the version installed matches the version that you're trying to install (v19.0.58 (Patch 2) in this case)

If you have any problems with any of the steps above then reach out to the Slack community and/or CW support. (Try us in Slack first).

Please update to Patch 2019.2 as fast as possible because your server AND agents need to be updated soon to avoid any problems in the near future. The patch 12 hotfix would work the same way, but the stability of 2019.2 is solid enough that I would just go ahead and upgrade.

Edited by bigdog09
  • Like 1

Share this post


Link to post
Share on other sites

@bigdog09  - Can we still list out known issues with patch 2019.2.  While it is a mandatory patch, people would find it helpful to know about any bugs to plan for.  I think there is an issue with location cached credentials and ticket sync with CWM.

Share this post


Link to post
Share on other sites

Sure thing. The goal of this thread is to inform people on the state of each patch good and bad. 2019.2 is slightly less of a priority now that they have hotfixes in place,  but there are still good benefits that comes with the new patch. I try to source all the issues back to Connectwise statements or detailed comments in this thread. Please feel free to post any 2019.2 in here and I'll cite them on the OP.

Share this post


Link to post
Share on other sites

Great, thanks.  This is a great thing you are doing in here, so if i haven't said it...thanks.  Unfortunately, I have no specific details as of yet, but ill post them when i get them

Share this post


Link to post
Share on other sites
On 2/7/2019 at 4:18 PM, dpltadmin said:

Per Support:

Bug Introduced in v12p12. Issue still appearing in 2019.2 (We are on v12p12)

Known Issue Ticket# 11289491 (Not sure if public facing yet per support chat)

Password Changes for User Accounts that are not in the Super Admin User Class, after password change, can log into /automate (AWA), however, the user loses the ability to log into Control Center Thick Client or WCC.

Workaround (Verified Working in my Case):

  • Assign "Super Admin" User Class to the User
  • Reload dbagent
  • Verify User can log into CC/WCC
  • Remove "Super Admin" User Class from the User
  • Reload dbagent
  • Verify User can log into CC/WCC without 'Super Admin' User Class

Chat Session Highlights:

Quote

06:45 PM - cward: ok so this looks like its an ongoing issue our dev team is working on, but I have a workaround we can try

06:46 PM - cward: Give this user superadmin permissions, then log in to thick client using their credentials, they should be able to log in, after doing this have them log out, remove their super admin permission and they should still be able to log in

06:50 PM - cward: another fix I'm seeing is to recreate the user with super admin permissions, then delete the old user, but you said you had already tried something similar to that?

06:58 PM - cward: it is an ongoing issue for all users across all systems who try to change their password without being a super admin. Dev is aware of the issue, the current work around is what we just di d

07:01 PM - cward: it was introduced in patch 12, issue is still happening in 2019.2, I do not have an eta, but I can create a ticket for someone to document and escalte the issue for you so that you can be notififed when its fixed

07:07 PM - cward: that is your ticket number, 11289491 is our ki number, but I do not know if that is publicly facing yet

 

Confirmed the issue is still present in 2019.2

Edited by dpltadmin
  • Like 2
  • Thanks 1

Share this post


Link to post
Share on other sites

Patch 2019.3 has been released and updated on the front page.  Please post any issues, bugs, etc that you run into.

Share this post


Link to post
Share on other sites
Posted (edited)

color me confused... I see the statement of 2019.3 having 'the new LDAP' but there's no mention of it in the patch notes from CW (unless it's the 'issues addressed' piece).  I am used to things like this being left out, however I am wondering where we are getting the information.

Edited by mnpuckett

Share this post


Link to post
Share on other sites

"New" is probably giving it a bit more credit than it deserves, it's just fixed.

Quote

Corrected an issue to ensure that the LDAP sync works to update passwords when a user is part of any number of groups including only a single group.
LDAP integration now consistently sync passwords/accounts on both single servers and split server environments.

The big takeaways from the LDAP update:
 - When LDAP syncs initially it creates a group in AD to match every group in Automate. Apparently it was a pretty hit or miss if your AD groups didn't match the Automate groups precisely.
 - Also prior to this update the sync worked by comparing "incorrect" automate passwords with AD and if it was a match, then it would rewrite your automate password to match. The process took about 30 seconds, so that's why it would fail initially and then 30 seconds later it would accept the password. I'm not sure exactly what they mean by "consistent sync," but I've heard a lot of positive feedback on it.


It's still not perfect. In pilot there were issues with usernames that had a period in the middle, so `big.dog` would not sync with AD. I'm not sure if that was corrected prior to the production release.

  • Thanks 1

Share this post


Link to post
Share on other sites

Greetings All,

I updated to Update 2019.3 last Friday, and wanted to share the good news. I haven't run into any issues since, either.

Before hand I had updated the Control plugin, and the Control server to the newest version. Thanks for the tip :)

 

I can confirm that LDAP is working for technician logins through the web interface, as well as the control panel.

Share this post


Link to post
Share on other sites
Posted (edited)

I was unable to log into the control center with any user account after installing 2019.3. Had to reboot the Automate server and run the patch a second time before everything started working right again.

Edited by Leapo
  • Sad 1

Share this post


Link to post
Share on other sites
21 hours ago, Leapo said:

I was unable to log into the control center with any user account after installing 2019.3. Had to reboot the Automate server and run the patch a second time before everything started working right again.

Ran this patch on Tuesday and had no issues until today. Had all logins start failing abruptly this afternoon and had to reboot the Automate server to get back in.

Share this post


Link to post
Share on other sites
2 hours ago, EssentialSteve said:

2019.4 totally failed for us. I had to get the Emergency Response Team to help us fix it, which they are still doing as we speak...

And a complete failure of the patch. We have to do a restore from backup of the whole server, Grrr....

Share this post


Link to post
Share on other sites
On 4/30/2018 at 12:04 PM, bigdog09 said:

Patch 2019.4 (19.0.4.110)
Benefits/Features:

  • Licensing can now be purchased inside of Automate (instead of directly reaching out to CW via phone or email)

 

Can someone shed some light on this statement?  When I review the official release notes for 2019.4, the only thing I see is an enhancement for the Web Control Center regarding a licensing manager.  I had taken this to mean we could manage / purchase our Automate seats in Automate, rather than calling Connectwise / talking to our account rep.

Share this post


Link to post
Share on other sites

@j.light That was discussed in the Slack channel, but I don't see that in the official notes. I know that I don't have the ability to do that yet (that I can find), so I'm going to remove it from the feature list. I hadn't upgraded to that patch at the time I added the notes, so I wasn't able to test it. Sorry for the confusion.

Share this post


Link to post
Share on other sites

We updated from 2019.3 to 2019.5 this past weekend.

What happened:

Quote

Update went through without any noticeable issues (at least not serious ones). Tech who performed the update reported some oddness over the next day where his LT Control Center would "time out" occasionally, but had no issues logging back in.

Next business day (yesterday) we had (some/many, but not all) users in the CST and PST timezones having problems logging into the Control Center and general performance issues once/if they could. (Users in the EST timezone were unaffected.) Users' attempts to authenticate (password then 2FA) appeared to be successful, but the logon process would suddenly fail without showing the progress splash (no message), or the software would go through much/most/nearly all of the load before suddenly failing without a message. Main Control Center log (on at least my PC) would show token-related failure message(s) and sometimes other errors (application or server comm time-outs). The API logs on the APP+WEB server did not contain any information regarding those failed/aborted logon attempts.
Our LT Support ticket was escalated to a specialist.

 

What was learned:

Possible network performance/stability issues aside, LT Support identified the LT -side problem as being caused by User Permissions issues.

Apparently, there were quite a few security-related changes made in 2019.4 and/or 2019.5 which were involved here.

LT used to "tolerate" what I've called "ugly permissions": multiple User Classes assigned, sometimes with over-lapping Permissions and even including 'Super Admin' thrown in.

Used to be you'd have performance issues due to LT having to sort that mess out.  Now LT will kick a user to the curb.

The biggie was having more than one User Class assigned that has the 'Super Admin' Permission, though I wouldn't rule out other Permissions as possible causes of either logon issues, or Control Center performance or functional issues.

Share this post


Link to post
Share on other sites
37 minutes ago, KI_EricS said:

LT used to "tolerate" what I've called "ugly permissions": multiple User Classes assigned, sometimes with over-lapping Permissions and even including 'Super Admin' thrown in.

Used to be you'd have performance issues due to LT having to sort that mess out.  Now LT will kick a user to the curb.

The biggie was having more than one User Class assigned that has the 'Super Admin' Permission, though I wouldn't rule out other Permissions as possible causes of either logon issues, or Control Center performance or functional issues.

"Sort that mess?"  Permissions are bitmasks. It's as simple as "OR"ing them together to get the cumulative permission. (Because there is no deny, only Enabled or not Enabled).

I've never heard of this, but that doesn't mean that they couldn't have problems processing permissions. There just should not be any reason to have problems with permissions. Two classes with Super Admin?  How should that matter?

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

×