VMware Mirage 5.9.1 Release Notes

|

Updated 28 SEP 2017

Mirage 5.9.1 | 28 SEP 2017

Check for additions and updates to these release notes.

What's in the Release Notes

The release notes cover the following topics:

About VMware Mirage

VMware Mirage offers a unique solution for managing physical or virtual desktops and laptops, and for BYO users, combining centralized management for IT and local execution for end users. When Mirage is installed on a Windows PC, it centralizes a complete virtual copy of that end point to the data center and keeps it synchronized. The synchronization includes changes from a user's Windows PC being uploaded to the data center, and changes from IT being downloaded and applied directly to the user's Windows PC. Mirage enables central image management of desktops while still allowing local execution at the user end point.

Localization

VMware Mirage 5.9.1 is available in the following languages:

  • English
  • French
  • German
  • Japanese
  • Korean
  • Spanish
  • Simplified Chinese
  • Traditional Chinese

What's New

VMware Mirage 5.9.1 is a maintenance release, aimed to deliver bug fixes, security and stability enhancements.

Resolved Issues

Significant Fixes

  • Core Windows 10 Creators Update (v1703) support: Support added for bare metal provisioning, in-place provisioning, OS migration, hardware migration, restore, revert to snapshot, and apply driver library. Operations not supported include base layer update and rebase, application layer and update.
  • Bare metal provisioning for GPT disk partitions: Support for GPT partitioning (and re-partitioning) on all Windows platforms that support GPT and UEFI boot.
  • Bare metal provisioning support for devices with eMMC and SD disks: Extends provisioning support onto Windows tablets and other devices with embedded disks.
  • Improved support for SSL CRL/OSCP validation: New option to permit SSL connections when under certain CRL/OSCP communication failures, resolving connection issues related to use of Mirage 5.9.
  • Improved MongoDB replica set controls: Fixed replica set membership and arbiter activation issues, especially on uninstallation or upgrade of Management Server node.
  • Improved MongoDB connection handling: Stability fixes with Mirage Management Server establishing and maintaining MongoDB connection.
  • Fixed server deadlocks in large environments with many CVD transactions: Improved handling of large transaction loads and pruning of old transactions to prevent server deadlocks and loss of service.
  • Fixed server deadlocks caused by malformed client event messages: Fixed common problem leading to loss of service caused by client upgrade from old version of Mirage.
  • Retain activation of Microsoft Office license after migration: Fix to prevent Microsoft Office licenses becoming deactivated in Out-of-Tolerance (OOT) state after migration.

Minor Fixes

  • To aid device identification, WinPE devices are assigned fixed generated host names instead of being randomly generated on each boot.
  • Retain Windows power settings on base layer update.
  • Improved diagnostic logging of SIS and MongoDB storage issues.
  • Fixed sysreport generation on WinPE x64 endpoints.
  • Fixed intermittent Mirage client crash upon boot.
  • Security fix replacing usage of obsolete DES algorithm with AES256. Legacy encrypted data will be automatically migrated upon upgrade.
  • Security fixes to XML External Entity vulnerabilities by disabling external references in XML documents.
  • Security fixes to improve privacy of session data held in cookies with the file and admin web portals.
  • Security fixes and important package upgrades to Mirage Gateway.
  • Preserving BCD locale that prevents boot menu from reverting to English after disk repartitioning as part of bare metal provisioning.
  • Removed desktop failures related to failing to parse Windows 10 prefetch files.
  • Fix internal server errors in file portal caused by failed authentication.
  • Minor Mirage web console fixes.

Known Limitations

The following limitations are known in this Mirage release.

  • Mirage supports up to 1,000,000 files per CVD on 32-bit systems. There are no file limits on 64-bit systems.
  • Local user profiles on a reference machine are deployed only in a base layer when used in Windows 7 migration or base layer provisioning. In image assignment and layer updates, only the default local user profile is deployed. Applications that require the creation and use of local user profiles are not suitable for inclusion in a base layer or an application layer.
  • During the streaming restore process, applications cannot access offline files before the Mirage service has started, which might impact their normal operation. You can extend the minimal restore setup to accommodate these specific applications. For further information, see the VMware Mirage Administrator's Guide.
  • All changes to the CVD on the server (base layer assignment, policy change) only propagate to the client on the next synchronization interval (by default, 1 hour, customizable by policy). Use the Sync Device action from the Mirage Management console or the Sync Now action from the endpoint device to force synchronization.
  • If the account password for a machine has expired after a restore operation, you might not be able to connect to the domain. This is a known issue with Active Directory and backups. See http://support.microsoft.com/kb/175468.
  • Mirage requires the default Windows Shadow Copy Provider 1.0. Use the line: vssadmin list providers command to view the VSS providers installed on the computer.
  • Windows Fast User Switching option is not supported. Disable this option on the endpoint and reference machines before capturing a base layer.
  • Mirage only uploads and stores the main NTFS stream of a file. All other streams are not uploaded to, or restored from, a CVD.
  • Changes to a .pst file are uploaded from the endpoint into the CVD once a day. To ensure that the .pst file is successfully uploaded to the CVD before you perform a restore operation of a CVD to a new hardware, perform a Sync Now procedure from the Mirage client UI.
  • You cannot apply a base layer to an endpoint that removes or installs Kaspersky antivirus software. See http://kb.vmware.com/kb/2048424 for additional details and a solution.
  • When restoring a CVD that does not have Sophos SafeGuard Encryption installed to a machine that does have SafeGuard installed, the restoring procedure might fail. See http://kb.vmware.com/kb/2081607 for additional details and a solution.
  • If you work with multiple volumes, note the following:
    • Content of non-fixed drives (network maps, volatile devices such as Disk-on-key) is not uploaded to the server.
    • When you assign a base layer or an application layer to the endpoint, Windows fixed-drive letters on the endpoint must be the same as on the reference machine from which the base layer or app layer was captured. (For example, it cannot be C: on a CVD and D: on a base layer.)
    • When you migrate from an older Mirage version to a newer Mirage version, the existing CVD policy is not modified, and in most cases only the system volume is uploaded.
  • You cannot deliver a SQL server in an app layer. You can perform layer provisioning and OS migration procedures with a SQL server in a base layer.
  • You cannot update a SQL server application using a Mirage base layer update or app layer update.
  • When reverting to Windows XP after an OS migration from Windows XP to Windows 7, 802.1X settings might not be preserved.
  • Mirage only supports delivery of a full Microsoft Office suite to endpoints that do not already have a Microsoft Office suite installed.
  • You cannot deliver two, full Microsoft Office suites in different layers.
  • Scenarios in which an endpoint has more than one version of a full Microsoft Office suite are not supported by Mirage.
  • Windows system restore points do not work on machines that have Mirage installed.
  • When you migrate from Windows XP to Windows 7 on machines that have McAfee Endpoint Encryption installed, you must first perform one of the following procedures.
    • Decrypt the machine before the migration.
    • Centralize the machine, perform a bare metal provisioning procedure that includes user-profile migration, and perform a user-profile migration procedure from the CVD to the machine.
  • You cannot perform migration operations and layer update operations on machines running Check Point Endpoint Full Disk Encryption.
  • Mirage does not support EFS-encrypted files on Windows Embedded Point-of-Service (WEPOS).
  • Mirage decrypts EFS-encrypted files that were captured in the base layer as part of bare metal provisioning.
  • You cannot customize access roles in the Mirage Web Management console.
  • When you use a base layer that has a non-system drive, the layer provisioning operation is blocked.
  • When you perform an enforce layers operation, the drivers on the layer are not updated.
  • English is the only supported language for importing and exporting bandwidth limitation rules to or from a .csv file.
  • If you remove security products as part of a layer removal or layer reassignment procedure, the layer might not work correctly.
  • If Windows already has an installed driver, Mirage does not initiate plug-and-play driver redetection.
  • IPv6 configuration is not supported by Mirage clients. Ensure that IPv4 is configured on the all Mirage clients.
  • Using ReFS file system on Mirage volumes is currently not supported since ReFS does not support names streams.
  • Make sure UAC is enabled on the reference machine before starting base layer capture operations.
  • Enabling Windows 10 Device Guard feature might cause interoperability issues with Mirage layer updates.
  • Base layer update and rebase operations are not supported on Windows 10 Creators Update (v1703) or higher.

Known Issues

  • When exporting the software from a reference VM, all values under Wow6432Node\Network Associates\ePolicy Orchestrator\Agent are missing and breaks the McAfee EPO agent.
    The mfehidk.sys registry filter driver obfuscates the values while exporting HKLM\Software.

    Workaround: Disable registry filters for the Wanova.Desktop.Service.exe process. For more information, see http://kb.vmware.com/kb/2052489

  • When the Mirage client is in the pending boot state during layer update operation and Windows updates automatically get installed at this point.
    Mirage defers the layer update upon endpoint restart and prompts for an additional reboot message after installation of Windows updates is completed.

    Workaround: Disable automatic installation of Windows updates or schedule them to a specific time, which does not overlap with the layer update operations.

  • On rare occasions, activation of the Office suite might fail.
    This might occur when delivering both Office 2013 suite with legacy service pack via an app layer and a standalone Office application (Microsoft Visio, Project, or Lync) with a newer service pack via a base layer.

    Workaround: Capture and deliver the same service pack of Microsoft Office 2013 suite as other standalone Office applications that are delivered to the endpoints using Mirage layers.

  • The Full restore event is sometimes shown in the CVD history when client is waiting for the plug and play phase to complete as part of base layer update.

    Workaround: You can safely ignore this event as it does not have any impact on the base layer update operation.

  • After applying a base layer, user-installed applications do not work.
    If applying a Windows 8.1 base layer that has a different Windows product ID than the one in the CVD, assigning the CVD to a different hardware device might cause user-installed Windows Store applications to not work. Clicking Repair when you try to launch the Windows Store applications might not repair them.

    Workaround: Reinstall any user-installed Windows Store applications that do not work.

  • After you perform an in-place Windows 8 migration, you might not be able to create or edit files.
    When you perform an in-place Windows 8 migration, McAfee AntiVirus software might prevent Mirage from setting the correct access rights on directories. You might not be able to create or edit files.

    Workaround: Before you start the OS migration, disable McAfee access protection. For more information, see http://kb.vmware.com/kb/2052489

  • Reverting to the previous OS image after an OS migration might fail due to lack of available disk space.

    After you perform an OS migration, if you try to revert to the previous OS image, the migration might fail due to lack of available disk space. Mirage does not consume local disk space for local files that are identical to the files in the reverted CVD image and in the same path.

    Workaround: Verify that the available disk space is greater than the size of the previous OS image. Run the Windows disk-cleanup utility and delete Windows installations to increase space.

  • OS migration from Windows 7 to Windows 8.1 might fail due to different versions of Sophos SafeGuard
    When you perform an OS Migration from Windows 7 with Sophos SafeGuard 5.6 in the base layer to Windows 8.1 with Sophos SafeGuard 6.1 in the base layer, the migration might fail.

    Workaround: Before starting the OS migration, remove Sophos SafeGuard 5.6 from the Windows 7 base layer. After you migrate to Windows 8.1, install Sophos SafeGuard 6.1 on the Windows 8.1 machine.

  • After performing an OS migration, the Hybrid Sleep function might not work.

    Mirage does not detect the compatibility of a processer with the Hybrid Sleep capability, or if the mergeBiPowerSetting configuration setting is true.

    Workaround: Before you capture base layers for OS migration, disable Hybrid Sleep on the reference machine or set mergeBiPowerSetting to false.

  • McAfee's Access Protection mechanism might block Mirage operations.
    In rare cases, McAfee's Access Protection mechanism might block Mirage operations, such as downloading base layers, OS migration, provisioning, and so on.

    Workaround: Exclude the Mirage service from security products.

  • End users receive an error message when their default Web browser was removed during a base layer or app layer update.

    If performing a base layer or app layer update that removes a Web-browser application that an end user has specified as their default Web browser, the end user might receive an error message when opening Websites or HTML files.

    Workaround: Advise the end user to re-install the Web browser or select another default Web browser.

  • Having multiple versions of Microsoft Visio on a single machine, the Microsoft Office configuration window might display on an end user's machine when they open Microsoft Visio.
    When you perform a layer procedure that results in multiple versions of Microsoft Visio on a single machine, the Microsoft Office configuration window might display on an end user's machine when they open Microsoft Visio.

    Workaround: This is a known issue with Microsoft Office. See http://support.microsoft.com/kb/298947 and http://support.microsoft.com/kb/314392.

  • The Microsoft Office configuration might appear when you perform a layer procedure that includes Microsoft Office.
    When you perform a layer procedure that includes Microsoft Office, if you open a Microsoft Office application before the "completing system updates" phase is finished, the Microsoft Office configuration window might appear.

    Workaround: Wait for all layer assignment procedures to finish before you run any Microsoft Office applications.

  • Some sysprep operations might fail when delivering a base layer.
    In rare cases, when you deliver a base layer that includes a Windows Live account, some sysprep operations might fail.

    Workaround: Do not capture a base layer that includes a Windows Live account. If you deliver a base layer that includes a Windows Live account and the user experiences issues, recapture the base layer without a Windows Live account.

  • When two or more Microsoft Office applications are installed on a machine, and at least one is part of a layer, the interoperability of the remaining Microsoft Office applications might not work.

    Workaround: There is no workaround for this issue.

  • Manual installation of Microsoft Office might fail.

    When you deploy a layer that includes Microsoft Office products to a machine that already has Microsoft products installed, and the architectures are different, you cannot manually install Microsoft Office products on the machine.

    Workaround: There is no workaround for this issue.

  • Manual installation of Microsoft Office might fail after adding and removing a layer that includes Microsoft Office products.

    When you deploy a layer that includes a Microsoft Office product, and you update the Microsoft Office product, if you remove the layer that includes the Microsoft Office product, you might not be able to manually install Microsoft Office products.

    Workaround: See https://support.microsoft.com/en-us/mats/program_install_and_uninstall

  • Microsoft Office 2013 license activation does not migrate with a CVD.
    When you migrate a CVD that has Microsoft Office 2013 installed, the Microsoft Office license activation does not migrate and Microsoft Office is in an unlicensed state.

    Workaround: Manually activate the Microsoft Office license from any application.

  • A taskbar shortcut or desktop shortcut for an application is not deleted when you remove layer that contains that application.
    When you deliver a program in an app layer, a taskbar shortcut or desktop shortcut is automatically created. When you remove the program from the layer, Mirage does not delete the shortcut.

    Workaround: There is no workaround for this issue.

  • When you perform an OS migration procedure on a machine that contains ActivID software, the Mirage screen might disappear.
    This is a display issue. The migration procedure completes successfully.

  • Multiple file errors during scan warning message appears while performing a provisioning operation using WinPE.
    Ignore this warning.

  • When the Mirage client upgrade fails after a bare metal provisioning procedure, an event log is not sent to the server.
    When the Mirage client upgrade fails after a bare metal provisioning procedure, an event log is not sent to the server.

    Workaround: There is no workaround for this issue.

  • VSS might fail with a timeout error.

    Workaround: Install the hotfix for Windows 7 SP1 and later, see https://support.microsoft.com/en-us/kb/2996928.

  • POSReady 2009 clients enter a reboot loop after performing a restore operation.
    In rare cases, after you perform a restore operation on a POSReady 2009 machine, the POSReady 2009 client enters a reboot loop because of the recurring LSA Shell failure.

    Workaround: This is a known Microsoft OS issue.

  • OS migration fails on machines that are encrypted using Sophos Safeguard 5.60.1.

    Workaround: Upgrade Sophos SafeGuard to a newer version before running a migration operation.

  • The operating system of the provisioned device is set as the default operating system.
    When you perform a bare metal provisioning procedure on machines that have multiple boot operating systems, the operating system of the provisioned device is set as the default operating system.

    Workaround: Add the secondary operating system in the boot manager.

  • Endpoints cannot connect to the Mirage Gateway server.

    When you configure the Mirage Gateway server with a cluster of Mirage servers and DNS round-robin, the Mirage Gateway server might have the status "Up" in the Mirage Management console, but endpoints cannot connect to the Mirage Gateway server.

    Workaround: Contact the VMware support team for assistance.

  • Checkpoint encryption might cause migration procedures to fail.
    When you perform a migration procedure from Windows XP to Windows 7, and Checkpoint encryption is installed, the migration procedure fails.

    Workaround: There is no workaround for this issue.

  • Custom reports are not removed when you reinstall Mirage.
    When you reinstall Mirage with the create new storage areas option, custom reports are not removed from SSRS.

    Workaround: Delete the custom reports from the Reports tab after the installation finishes.

  • Safend Data Protection cannot be removed through a layer procedure.

    Workaround: Uninstall the Safend Data Protection Agent from the target machines before applying a layer that does not have a Safend Data Protection Agent.

  • When using certain versions of Firefox, you cannot connect to the Mirage Web console.

    Workaround: Use a different browser.

  • Horizon View USB redirection cannot be enabled when deploying Horizon View client as part of an app layer or base layer.

    Workaround: There is no workaround for this issue.

  • The Mirage Gateway server cannot bind with LDAP using a user name that contains non-ASCII characters.

    Workaround: Use an administrator user name that only contains ASCII characters.

  • Custom Windows explorer libraries need to be manually created after OS migration.
  • Certain types of external hard drives are identified as fixed drives and might cause Mirage to ignore the drive mismatch validation.
  • Selecting several hundred items from the Web Management lists that include over 10,000 items might cause the web page to become non-responsive and require a refresh.
    Workaround: Define grid filters to reduce the number of items presented in the list before selecting hundreds of items.
  • Performing a Windows update on an endpoint can result in deleted managed layers.

    When you perform a Windows update while managing the endpoint machine containing base layers and app layers, the layers might fail to update because some of the files in the managed layers were deleted during the Windows update.

    Workaround: Either use Windows Update or use Mirage for managing updates, but do not use both.

  • During the migration process, if you use the Workgroup option instead of the Doman option, after migration, you might not be able to log in with your old Workgroup account.

    Workaround: Use the Domain account during migration. After migration, log in and rejoin Workgroup.