1. Landesk Logo
2. Install Landesk Agent

LANDesk provides an executable called 'UninstallWinClient.exe' that is on the available on the core server share under: ssvmldeskcore ldmain. Note: This share is. LANDesk Management Suite Release Notes. The following are known issues with LANDesk. New notes for Management Suite 8. The following sections cover notes from.

Best Known Methods LANDESK has prepared a document outlining the best known methods for installing or upgrading to LANDESK Management Suite 2016. It covers the various upgrade paths and options, along with checklists, considerations and step-by-step guides to help ensure that any installation or upgrade is successful.

It is strongly recommended that you review the document before performing an installation or upgrade. This update can be applied to a LDMS 9.5 or 9.6 system. The latest service packs are recommended.

For more information about current service packs please see For more information about Supported Platforms for this release please see. Prior to installing a patch on the Core Server it is recommended to make a backup of the LANDESK database. Steps. Disable any services on other machines that interact with the Core Server. Double-click on installer to run it.

When Setup completes, reboot the machine if a reboot is required. After applying the patch, you may need to re-activate your Core Server using the Core Server Activation Utility. Ensure that any services stopped in Step 1 are restarted. Note: The installer included with this release writes a detailed log that can be used to help troubleshoot installation problems. After running setup.exe from the patch, the log is located in the C: ProgramData LANDESK ManagementSuite Install 10.0 Log folder.

Installing on Remote Consoles A Remote Console is any machine that is not the Core Server and has the LANDESK Management Suite Console installed. Console Machines need to be updated to be able to connect to the updated Core Server and Database.

Because ADS may block files on Windows systems, it is recommended that you extract the patch on the machine you are going to install it on. Steps. Close the Console. Double-click on the installer to run it. In setup, select that you are installing/updating a Remote Console. When Setup completes, reboot the machine if a reboot is required Note: The installer included with this release writes a detailed log that can be used to help troubleshoot installation problems. After running setup.exe from the patch, the log is located in the C: ProgramData LANDESK ManagementSuite Install 10.0 Log folder.

Updating the Agent The upgrade must be installed on the Core Server before updating Agents Use one of the following methods to re-deploy the agent once the patch has been applied to the Core or to apply the patch manually. Methods of agent deployment. Manual: Map a drive to Coreserver ldlogon and run 'wscfg32.exe -f' This is used for single client installs and testing.

Push: Schedule a push of the full agent. Self-Contained EXE: Create an EXE that can be installed. Advance Agent: This is a two stage process. The Advance Agent consists of a small MSI and a self-contained EXE. The MSI is deploy to the client and then the MSI downloads and installs the EXE.

This allows for bandwidth friendly downloads. For more information on agent configuration and deployment see Release Information.

New Workspaces Database The LDMS 2016.3 release includes new improvements to Workspaces and now requires an additional database to be used by Workspaces. The database will be set up during the install, but there must be an empty container available for the installation. For more details, please review the installation documents Windows XP and Server 2003 The LDMS 2016.3 release no longer supports the installation of the agent on Windows XP and Server 2003 systems. Existing agents on Windows XP/2003 will continue to function, but new features will not be available. If you have a large number of Windows XP devices and need to continue installing agents, it is recommended that you use LDMS 2016.0 with SU5.

An agent installation can be created and preserved from the previous version, or Windows XP machines can be managed by a previous version of LDMS until they are updated to operating systems supported by Microsoft®. LANDESK 2016 Updates This update includes all features, improvements, changes and fixes that were included in the release of LDMS 2016, as well as the subsequent Service Updates. It is recommended to review the appropriate information when upgrading from previous versions. (Includes previous fixes) LANDESK 2016 Sustaining The 2016.3 release is a sustaining release for LANDESK 2016. Future Service Updates and other patches will require 2016.3 be installed. Additionally, 2016.3 will not have a separate end-of-life (EOL) from LDMS 2016. Workspaces LDMS 2016.3 includes the latest release of Workspaces, including the End User, IT Analyst, Asset Manager and Security Workspaces.

Note: The mobile apps are also being updated through the appropriate 'App Stores'. Once published, mobile devices that update to the latest Workspace app will be unable to communicate with any versions of LDMS prior to LDMS 2016. Security Suite. Application Information View. Provides in-depth security related information about applications running on the endpoint. Allows admins to further investigate and remediate directly from this view. Ransomware Protection Capabilities.

Protect the master boot record from been encrypted by a ransomware. Detect a ransomware that is running on an endpoint, kill the ransomware process and blacklist it ensuring all other endpoint cannot be infected. Other Improvements. Added the ability to learn and add security permissions to individual scripts - Added the ability to import digital certificates between different endpoint security settings Defects Fixed.

Agent Configuration. 302341 Agent install failed when Microsoft Office IME 2010 is installed on client. Incorrect release of heap memory caused crash.

wscfg32.exe. 304734 Files missing in custom remote control agent created via 'Manage Cloud Services Appliances'. Add missing SSL library files to package. landesk.gateway.agent.dll. 328497 Uninstallwinclient.exe not removing LDCred.dll from Windows System32. The uninstaller now deletes Windows System32 ldcred.dll instead of leaving it behind.

UninstallWinClient.exe. 356601 Not all agent files are signed. Fixed signing for some binaries that were not being signed properly on the agent install. Added LANDESK version info so that the exe would be signed.

Antivirus. 314007 Impossible to change the Full Scan schedule settings onto LANDESK Antivirus with a.cfg file. It's because the imported schedule settings were cleared by LDAV and re-scheduled with our Local Scheduler, it will only use the schedule time from our AV behavior XML file. To fix this defect, we added a new setting to Windows AV behavior file to indicate whether overwrite the imported scan settings or not. If this setting is set, LDAV will not clear the imported scan settings, also will not set Local Scheduler. If this setting is not set, LDAV will do same as before. AVBiz.dll AVUI.dll LDAV.exe Vulscan.dll.

323018 LDAV may make the computer reboot after every restart. It's due to the path of skin.ini and skin images was changed. So the function checks rebrand always false.

And if the system language is not English, it will require reboot to take effect for localization. LDAV.exe. 331965 AV Install fails if Sophos 10.6 is present. Sophos Antivirus 10.6 has new component, so the uninstall process was failed. It's fixed now.

ldavhlpr.dll. 356550 In some circumstances AV backups may disappear. Change the path of Legacy Windows AV backup folders to its own parent folder to prevent it from deleting other AV backup folders.

PatchBiz.dll. Console. 303596 F1 launches two Web browser pages and then opens the LANDESK online help. Pressing F1 will only launch a single web browser instead of two in some instances. 321256 When moving a patch in a group to 'Do Not Scan' the group that the patch was moved from gets the focus in the console instead of the patch that was moved. After moving the selected definitions to a different folder, a focus will be set to a list view to select the definitions that are moved.

PatchManagement.dll. 356459 Some circumstances can lead to high memory usage on Console. In each of the background discovery threads, a new idal was created. These objects were never garbage collected. Instead of get the ldms version over and over in the background thread, the call to get the ldms client version was moved to the instantiation of the computer class. Landesk.managementsuite.winconsole.dll, landesk.managementsuite.data.dll, landesk.managementsuite.database.dll.

Endpoint Security. 315298 Bluescreen when HP LaserJet printer is connected via Bluetooth (when EPS is enabled). Cause: When verifying if a CD/DVD device is allowed, the EPS driver was using a Windows Kernel API at an incorrect IRQL level (DPC).Fixed. LdSecDrv.32 LdSecDrv.64. 316012 The scheduled task for Batch package failed while EPS is Enabled. Cause: sdistbat.exe is blocked by mistake when accessing the LANDESK folders.

LdSecSvc.exe LdSecSvc64.xe. 320492 Files may be logged/copied by ShadowCopy even if they are not copied on a removable volume. Error that resulted in some case as seeing a file as copied on a removable volume, when the target is the system disk. LdSecDrv.32 LdSecDrv.64. 322643 Wake up from suspend, wireless and wired both enabled unless device control has set disabled wireless. Cause: A wired network card was erroneously seen as disconnected after resuming from suspend, causing any wireless card to be allowed.

LdSecSvc.exe LdSecSvc64.exe. 330255 EPS may not automatically come out of 'Learning' mode at time specified in the agent settings. Cause: The learning period is reset by mistake each time the EPS service starts. LdSecSvc.exe LdSecSvc64.exe EPSUI.exe. 330701 Switching Device Control to OFF won't unblock a blocked drive (cd/dvd or usb). Cause: Deactivating Device Control won't prevent the EPS driver from blocking accesses on a previously blocked drive. LdSecDrv.32 LdSecDrv.64 LdSecSvc.exe LdSecSvc64.exe.

Landesk Logo

333338 If the user request approval for the same file several times, there are several entries on the core for the same file. Fix: The EPS client now checks if there is already a pending request for the blocked application, and if this is the case, it won't allow another approval request. EPSUI.exe.

339856 A message box with no text is displayed when a removable device is blocked. The issue occurs only when you uncheck the EPS setting “Show violation balloon tips”. If this option is unchecked, when a removable device is blocked, a message box is displayed instead of a popup. The issue is that the message box is displayed even if the admin didn’t configured any message in the Device Control settings, causing the message box to be is empty. EPSUI.exe. 339878 The EPS client is blocking AdvanceAgent.exe (LANDESK process). Cause: The folder C: Program Files (x86) LANDesk AdvanceAgent is not listed as a LANDESK folder on the EPS client, and AdvanceAgent.exe is not digitally signed by LANDESK As a result, it doesn't have the permission to write into the C: ProgramData LANDesk Log folder.

LdSecSvc.exe LdSecSvc64.exe. Inventory.

259660 Inventory scanner not picking up the NIC's driver information on Windows 8.1/10. Fixed registry scanning for NIC info on W8.1 and above. ldiscn32.exe ldiscn32.sig.

295536 The Inventory Server leaves vendor as null in fileinfo instead of setting it to 'UNKNOWN' for files without Vendor in the header. Fill in 'UNKNOWN' as vendor if missing in Inventory scan FileInfo. LANDESK.Managementsuite.upgrade.dll LDInv32.exe. 307783 IP address and MAC address information in the inventory is wrong on clients with VirtualBox installed. Treat the Virtualbox network interface as a virtual rather than a real network interface. ldiscn32.exe ldiscn32.sig. 308581 The Install Date for Office Products is not consistent and sometimes reflects the patched date instead of the original install date.

Set a preference on getting software install dates from WMI. ldiscn32.exe. 313458 Failed to gather WMI Custom Data inventory information. Fix to get WMI Custom Data from the root wmi namespace. ldiscn32.exe.

313530 The custom Computer Location is not picked up by the Inventory Scanner. Added 'Computer Static Location' to inventory. ldiscn32.exe datamart.xml enutranslations.xml. 328762 Invalid NIC Address for Marshmallow in LDMS 2016. On Marshmallow now obtaining MAC address using a different approach as original approach is not supported. 328871 Ldapwhoami.exe crashes on some client computers when inventory is run.

Prevent buffer overflow in the face of large LDAP distinguished names. ldapwhoami.exe. LDDownload. 306652 LDdwnld.dll ignores client proxy configuration to access public-facing alternative patch download server. Clients can be configured to require CSA to talk to the core. The current code would never try direct connections for web requests when set to CSA only even for requests that are not to the core.

This fix allows direct connections to be attempted for non-core web requests even when CSA only is set for core communication. It turns out that vulscan detects if a url is off the core and because of the proxyhost limitation it tells lddwnld to disable proxyhost.

This breaks if there is an internet proxy in the network. So modified lddwnld to depricate (not do anything) in the disableproxyhost call. proxyhost.exe lddwnld.dll. 320372 Core as preferred server with FQDN fails UNC test credentials.

If you try to authenticate to the fqdn of the machine you are running on it will not work. A short name works fine and an ip address works fine. So I created a function function is to check to see if the server passed in is the fqdn of the local machine this process is running on. If it is, it will modify the fqdn to be the short name.

All other cases the server should be returned unchanged. filereplui.dll.

Linux-Unix. 206912 Linux - fdisk -lu output is crashing map-phydrivescan. Verification Info: Tested install and inventory scan on all release targets on 10.0. U4 and a handful on 10.1. 304480 Errors in the landesk.log files. map-reporter no longer reports a failed status if /opt/landesk/var/customdata does not exist.

Map-versionscan no longer attempts to scan sendstatus which is obsolete TEST VERIFICATION NOTES: Must run inventory with higher level of debug Verified on 10.0.0.271 U4 and 10.1 that the three errors listed do not appear after an agent install plus inventory scan /opt/landesk/var/customdata appears but no longer as an ERROR. map-reporter map-vesionscan.

321000 Linux agent install is enabling iptables. The cba8 package installation should not add iptable rules anymore. All references to iptables have been removed and it is 100% up to the system owner to allow access to the CBA ports. Verification Info Tested with 10 U4 and 10.1. InstallNIXAgentManualAll iptables were set to disable prior to install, no change in state. cba8.rpm.

321001 Linux CBA becomes unresponsive and has multiple running instances. Corrected the init script processes. They were using killall which is an optional package and not installed by default in newer installations.

Killall is part of the psmisc package on both RH and SuSE installs. Verification Info: tested with both 10 U2 and 10.1. STA test InstallNIXAgentAll (pull). No multi CBA running. In addition repeated with InstallNIXAgentAll without VM checkpoint. No multi CBA running on targets. cba8.init cba8.init.suse Both files end up as /etc/init.d/cba8.

323502 32-bit MAP agent incorrectly puts a platform id of 'rhel5' on CentOS 5 32-bit devices. These changes are modifying the value of /opt/landesk/etc/landesk.conf platformid=xxxxxxxxxxx For 10, nixconfig.sh updated to properly identify an CentOS5 host and then change the effective vendor to RedHat for package installation. This allows the post processing to create the centos5 and centos5x8664 platform ids. 10.0: 32-bit Log Verification: Tue Aug 9 09:23:08 CDT 2016: OS Information: linux - centos 5 i386. Tue Aug 9 09:23:15 CDT 2016: Effective vendor for package installation: redhat Tue Aug 9 09:23:15 CDT 2016: linux and centos yeilds OS abbreviation: rh.

Tue Aug 9 09:26:09 CDT 2016: Attempting installation of package: vulscan-10.0-0.4697.rh5.i386.rpm Tue Aug 9 09:26:09 CDT 2016: Installing package: vulscan-10.0-0.4697.rh5.i386.rpm Tue Aug 9 09:26:47 CDT 2016: Verifying package installed: vulscan Tue Aug 9 09:26:47 CDT 2016: Setting configuration: platformid=centos5 Tue Aug 9 09:26:47 CDT 2016: Successfully installed package: vulscan Tue Aug 9 09:22:23 CDT 2016: Notifying Core Install is complete. Tue Aug 9 09:22:23 CDT 2016: Verifying installation is running properly. Tue Aug 9 09:22:23 CDT 2016: Installation appears to be running correctly. Tue Aug 9 09:22:23 CDT 2016: nixconfig.sh done.

10.0: 64-bit Log Verification: Tue Aug 9 09:23:08 CDT 2016: OS Information: linux - centos 5 x8664. Tue Aug 9 09:23:15 CDT 2016: Effective vendor for package installation: redhat Tue Aug 9 09:23:15 CDT 2016: linux and centos yeilds OS abbreviation: rh. Tue Aug 9 09:26:09 CDT 2016: Attempting installation of package: vulscan-10.0-0.4697.rh5.x8664.rpm Tue Aug 9 09:26:09 CDT 2016: Installing package: vulscan-10.0-0.4697.rh5.x8664.rpm Tue Aug 9 09:26:47 CDT 2016: Verifying package installed: vulscan Tue Aug 9 09:26:47 CDT 2016: Setting configuration: platformid=centos5x8664 Tue Aug 9 09:26:47 CDT 2016: Successfully installed package: vulscan Tue Aug 9 09:22:23 CDT 2016: Notifying Core Install is complete. Tue Aug 9 09:22:23 CDT 2016: Verifying installation is running properly. Tue Aug 9 09:22:23 CDT 2016: Installation appears to be running correctly. Tue Aug 9 09:22:23 CDT 2016: nixconfig.sh done.

10.0 - nixconfig.sh Verification Information Test with vulscan.sat. 327586 Linux Agent Scheduled Task Issues. 330607 Agent installation on RHEL 6.4 failed.

Updated check for prerequisites to include version numbers. Verification Info Tested with 10.1 on msp-tst-centos62x64 target check point NO OPENSSL. Open ssl 1.0.0 installed and verified nixconfig.sh identified it as a missing preq. Verified previous nixconfig.sh did not identify it as a missing preq.

nixconfig.sh. Mac.

277943 Macintosh inventory records overwrite themselves when the agent is installed with the same thunderbolt adapter. This is an incremental improvement to this behavior during provisioning. Following this workflow (in addition to the code changes we have made so far) will minimize this issue for our users: When provisioning a new device, netboot using the (single) thunderbolt network adapter. Provision the device, including deploying the agent and completing whatever other provisioning tasks are required. When provisioning is complete, disconnect the device from the (single) thunderbolt network adapter, join it to a wifi network (or whatever other network connectivity it will be using) and give it a chance to reconnect with the core server, sending a miniscan.

At this point, the next device can be provisioned. When re-provisioning an old device, it must be connected to the (single) thunderbolt network adapter and given a chance to reconnect to the core server (sending a miniscan) before starting the re-provisioning process. After that the workflow is the same as above. These are the first of a couple of changes to provisioning and inventory that will completely resolve this issue. 318493 Mac Agent schedule run filter settings not saved.

These issues have been resolved for Patch and APM, by eliminating this interface in Mac Agent Config, and using the settings from Agent Behaviors instead. This is the first of several changes to more fully support Agent Behaviors settings in the Mac Agent. LANDesk.ManagmementSuite.WinConsole.dll.

320886 Stamper Utility not detecting required components. Updated Stamper utility to get all information. landeskNBIStamper.pkg, which will install LANDESK Startup Disk Stamper.app.

356537 Multiple inventory records for single Mac devices after upgrade. A difference in the way we handle mini-scans vs. Regular scans was causing redundant records to be created for machines where the agent was being upgraded from a previous version. This has been resolved. ldcache.dll ldinv32.exe.

Patch Manager. 315036 Users with no 'edit public' right for the 'patch and compliance' permission are able to move a private custom group into the public group folder. If the users do not have 'Edit public' rights for Patch and Compliance, they cannot change a private custom group to a public group.

LANDesk.ManagementSuite.Winconsole.dll PatchManagement.dll. 326928 Failed to calculate MD5 hash for additional files from HTTP path when making custom definition. Hash will be calculated for HTTP path. patchbiz.dll. Provisioning. 303490 Provisioning History screen stops refreshing after a while.

Fixed an issue with refreshing the provisioning history. landesk.provisioning.winui.dll. 308273 Map drive action can't validate UNC paths with $.

Accept dollar signs in UNC path of provisioning drive map actions. LANDesk.Provisioning.WinUI.dll. 309306 Deploying an image with Multicast causes the OS partition to be deleted by deployimagehandler.exe. Fix an issue when using multicast with a drive with no partitions.

It would select first available drive letter for the temp partition which would be c. This caused issues after installing the OS as we attempt to remove the c: volume. It now finds the first available drive after d. deployimagehandler.exe. 309408 Device Naming Template defaulting ldHostname if Timeout is reached. The device name prompter will select the option chosen in the ui on timeout.

Previously it was reverting back whatever ldhostname was previously as it does if the user presses cancel. devicenamehandler.exe. 314341 Cloning a template from remote console messes up encrypted variables. Encrypted variables are now cleared when you clone a template. This is for security purposes to prevent cloning and usage of credentials by potentially unauthorized individuals.

315312 Not all.INF drivers shown in HII Drivers management. Fixed a regression not showing all inf in a folder. Only affected the case where multiple inf files were in the same folder and the user would like to disable the drivers in that inf. Also fix the display of inf files when in the root node. landesk.provisioning.winui.dll landesk.provisioning.business.dll. 323084 Unable to use variables in UNC path in Map/Unmap drive action.

During map/unmap drive UNC path syntax check, ignore embedded macro variables. LANDesk.Provisioning.WinUI.dll. 323557 Errors and failures occur in Provisioning and other agent activities when multiple.0 files are used. Fixed logic in makekey to sign with the newest.0 file based on last modified time instead of create time. If a file is copied from another serve, such as for side-by-side install, the create time is the time when the file is copied over but the last modified time is the time it was last edited on the orginal system. This was causing some servers to sign with old certs (based on last modified time) because the create time was newer on the old files. makekey.exe.

329708 Always have to reselect distribution packages in Provisioning Template. Fix an issue where the software distribution package selected in a provisioning template may not be selected correctly when editing the provisioning template.

LANDesk.ManagementSuite.SoftwareDistribution.WinUI.dll. 331568 Sensitive data variable presents an error about matching values when values match. Editing a sensitive data variable will no longer give an error the values don't match if the variable is not modified.

Remote Control. 306904 Remote Control may crashe when copying to clipboard. Reason: the return value is incorrect when reading clipboard.

Fix: change the return value. issclip.dll.

309279 Remote Control prompt cut-off on Surface Pro. Reason: The dialog's size is too small on Surface pro 4.

Install Landesk Agent

Fix: Modify the dialog's size. rcgui.exe.

320626 On-demand Agent pulls CSA IP address instead of DNS name. reason: there was only CSA IP, didn't get the CSA name. Fix: use CSA DNS name(read from cert), CSA name populates with DNS name. issuer.exe.

323737 Need improved logging for Remote Control. Reason: Clear the username before writting the log file. Fix: Clear the user name after writting the log file. issuser.exe. Shared Tech. 297178 Security Issue: CBAANONYMOUS logging in as batch account is an issue for some customers. Changed the way CBAANONYMOUS is configured on Windows client systems.

Previously it was added to the 'Guests' group and was configured to require LogonAsBatch permissions and denied LogonInteractive. This was done to prevent the user from seeing the CBAANONYMOUS account as an option at the login screen. Because this configuration required additional GPO configuration to make it work right, CBAANONYMOUS has been changed to no longer be in the Guests group and is using LogonInteractive instead of LogonAsBatch.

Because the account isn't in in a group such as Users, it still doesn't show up in the Windows logon screen. ServiceHost.exe (and subsequently cba8inst.msi). Software Distribution. 301425 ProvAdd detection to GetPackageXML to prevent caching of 'incomplete' package info.

Using LDHashUtilx64 do MD5 hash. Modified schedpkgupdate.exe with new command line switch /checkhash to hash all not hashed package files decoupled from task. Modified scheduler to regularly calling schedpkgupdate.exe for un-hashed files.

schdsvc.exe Landesk.ManagementSuite.SoftwareDistribution.Business.dll package.data.dll schedpkgupdate.exe. 302318 Non-English: The 'Column set' doesn't work in Scheduled task.

Non-english consoles don't show columns due to malformed BNF. LANDesk.ManagementSuite.SoftwareDistribution.WinUI.dll. 304957 TaskAllowedMachines tables - Duplicated rows inserted when multiple scopes associated to the task owner. Select unique computer id for given targeted scopes. LANDesk.ManagementSuite.SoftwareDistribution.Business.dll. 309387 Application Virtualization doesn't create destination folder on client.

IsFileInCache return SOK not a Boolean value. sdclientlib.dll.

318454 File download size display incorrectly in Portal Manager. Update total package size after build download file list. sdclientlib.dll. 319796 Delayed packages gets installed at the next boot if the delayed time elapsed when the computer is switched off. When user check fail install, check if wait for user response is checked and prompt user to uncheck it if has been checked. PatchBiz.dll PatchManagement.dll.

320576 Policysync fails with Verify: failed ValidateSignature for cert. Microsoft CryptStringToBinaryA may fail but still return true. If that is the case, try base64 decode one more time.

localrequest.dll. 322282 LDAP Info can be truncated from local cache due to group string value. Correctly get cached group reg name and using bigger buffer loading group multistring value. localrequest.dll LANDesk.DrManAPI.dll.

324057 Security: Deployment of a powershell distribution package with LDMS changes the powershell execution policy. Added UI to turn on the security attribute for powershell execution.

Run script using 'RemoteSigned' and restore to original after execution. sdclientlib.dll sdistps1.exe. 327037 Some scheduled tasks are set to complete when schedqry.exe runs. Do not call UpdateTaskStatusBasedOnMachines that should only run on rollup core. schedqry.exe.

327549 Under high screen resolution, dialog boxes are 'compressed'. Reset dialog size based on html page size. htmldialog.exe htmldialog/html/deferraldeploypage.html htmldialog/html/deferraldeploywithmessage.html htmldialog/html/deferraldownloadpage.html htmldialog/html/deferraldownloadwithmessage.html htmldialog/html/deferralpage.html htmldialog/html/deferralwith. 331964 The 'Distribution packages' 'Timeout settings' option does not work as expected. Parsing time out period settings from package xml. sdclientlib.dll. 356515 Software Distribution will not find the VPP Assembly if the core is install on a non standard location.

Mac. 354983 Provisioning: capture Mac image failed. It looks like it may be a bug in Apples hdiutil program related to saving to a Windows share. If you do this to an afp (Apple) share, it works. You can capture Sierra images from an El Capitan or Yosemite.nbi file or you can capture the image by hand using Disk Utility. More info: This issue is a result of a defect in the macOS Sierra 10.12 version of hdiutil.

This has been reported to Apple (radar #28407476, current status OPEN). There is no known workaround for this issue in Sierra at this time. For LANDESK users, the workaround is to base the netboot images (nbi files) on a version of OS X El Capitan. 355029 Provisioning: Deploy windows image to bootcamp disk failed.

We have not yet verified this defect using Sierra macOS 10.12 based NetBoot images. Currently, if the user experiences this issue, the workaround is to use an El Capitan OS X 10.11 based NetBoot image. Boot Camp Windows and macOS Sierra partitions can both be captured using n El Capitan OS X 10.11 based NetBoot image for provisioning. 360564 Mac mdm enrollment app is not included in the installer and has been rejected by the Apple Store. We will be publishing the enroller on the community site in the same manner we have been publishing the NBI stamper until we can include it in the core install. Mobility.

350809 Single-app Mode can't change app in one setting. Work around: Uncheck 'Enbale kiosk mode' and sync to device, then check the 'Enbale kiosk mode' change the app and sync to device. 352467 Because an admin can choose to sync vpp packages they may sync to a core without the appropriate VPP token and fail to execute. 357895 DEP: iOS 10.x devices do not enroll after upgrading from iOS 9.x. 358074 GetCompany from identifier exception on iosEnrollment.

Validation for the Nutreco app that caused this problem was done by Plinio. Unfortunately other app validation for this must be done by creating our own app, which becomes too expensive for what it's worth. We'll fix other problems found by customers when reported.