Manageengine Asset Explorer Ssl Certificate

[Badomero Schoulund]

NOTETaking a backup is essential to revert to the existing build without any loss of data if the upgrade fails due to unexpected reasons. The backup is stored under Backup folder in Assetexplorer Home directory.

With Asset Explorer 6954, the Update Manager application is already upgraded for security reasons. Therefore, users who wish to migrate to Asset Explorer 6954 and later must import a certificate before installing the PPM. This is a one-time process and the certificate will be automatically applied during future upgrades.

If you had these ciphers enabled under Security Settings > Ciphers, they will no longer appear after the upgrade. If no ciphers are present after removing the weak ciphers, default ciphers will be added to Security Settings > Ciphers.

Note : To authenticate AD for protected user groups, map your fully qualified domain name (FQDN) of the AD server by creating a record in your DNS or map the IP address with the corresponding FQDN in the etc\hosts file in your setup.

Beginning with 6986, new AssetExplorer installations will start in HTTPS mode by default. A valid SSL certificate must be uploaded to establish a secure connection between clients and AssetExplorer. To upload an SSL certificate, go to Admin > General Settings > Import SSL.

AE-105010: Post upgrade to 6980 build and above, basic authentication will no longer be supported for Office365 mailbox. Migration to 6980 build will be paused if Office365 mailbox using basic authentication is enabled under Mail Server Settings.

Administrators can import vendor details along with the products or services associated with vendors in bulk from CSV, XLS, or XLSX files. During import, new vendors can be added in bulk or the details of existing vendors can be updated in AssetExplorer.

Monitor and gauge how effectively you have configured various built-in application security features using the security meter. To access the security meter, go to Admin > General Settings > Security Settings. The security meter provides the following:

Failover Service and Failover Service Replication can now be configured from the application UI under General Settings. Administrators can toggle FOS mode ON or OFF anytime and track the changes performed on the configurations from the History tab.

File attachments in the AssetExplorer server is now password protected. A random password is generated and stored under Admin > Security Settings. SDAdmin can view or change the password if required.

AssetExplorer integrates with Zoho Charts, a charting library with rich features and improved UI. The integrations allows users to create new chart types while generating reports. The UI of the generated chart is fine-tuned to display detailed information on hovering over the chart.

Administrators can now mark out the user additional fields that contain Personally Identifiable Information (PII) or Electronic protected health information (ePHI) to identify the sensitive information collected and stored in AssetExplorer. The personal data of users (both technicians and end users) in PII/ePHI marked fields are handled in accordance with privacy regulations such as the GDPR.

Note: For the Approve action, comments be come mandatory when the "paramvalue" is set to "true" and become optional when it is set to "false". For the Reject action, comments are always mandatory.

Extend the capabilities of AssetExplorer to manage desktops and Windows-based applications through integration with Microsoft System Centre Configuration Manager (SCCM). You can use SCCM for asset discovery and also simultaneously update asset data in AssetExplorer.

If product type name change has modified the name of a child CI Type instead of the parent CI Type, during migration the child CI Type name is reverted back to the original name and parent CI Type name is modified as the latest product type name. For eg: if product type "IP Phone" is changed as "ABC", then the child CI Type "Cisco IP phone" would have changed to "ABC". Now in this migration, "Cisco IP Phone" CI Type would be reverted back to its old name and "IP Phone" CI Type would be modified as "IP Phone'.

When you install and start AssetExplorer for the first time, it detects all the domains in your network and the neighboring network of the server on which it is installed. Click Admin >> Windows Domain Scan to list all the domains. You can also enter the domain controller information, login name and password of the domain you want to scan. The login name and password should be a domain admin login name and password. AssetExplorer uses DesktopCentral agents from BUILD NO for scanning Windows machines. Agent-based scan is made mandatory from this build AssetExplorer 6900 onwards.

With AssetExplorer, you can scan domains and networks that are part of your enterprise. This includes Windows, Linux, MAC, Solaris, HPUX, AIX machines, VMWare, Hyper V devices, Cisco IP phones, and other SNMP supported devices like printers, routers, switches etc.

You can schedule periodic scanning of your network, enable regular clean up of scanned information, and set the re-scan interval for scanning workstation under Admin >> Audit Settings Or you can also configure scan schedule under the Assets tab.

DC Agents are from Endpoint Central, which is a complete and robust unified endpoint management tool for Windows, Linux, and macOS computers. AssetExplorer's asset scanning functionality benefits by leveraging the effective and powerful Endpoint Central Agent. There are specific agents for scanning Windows, Linux and macOS devices and these agents fetch complete hardware details during the scan while maintaining the uniformity of data fetched across Windows, Linux, and Mac machines.

New customers of AE from build no AssetExplorer 6900 will have inventory and warranty features served from DC for all AE nodes. However, for features like remote control, chat, Wake-on-LAN, system manager an add-on license has to be purchased. Once the add on license is purchased, these features will be supported for the number of nodes purchased in the add on.

All existing AE customers with a DC integration enabled already (AssetExplorer 6900) will have inventory, warranty, and remote control features served from DC for all AE nodes. So, if the number of nodes purchased in AE is higher than the nodes in DC, inventory, warranty, and remote control features will be supported for all AE nodes. Other DC features like Wake-on-LAN, system manager, chat, system tools, remote shutdown (which includes shut down, restart, hibernate, standby, and lock computers) would work for nodes purchased in DC.

All existing AE customers without DC integration will have inventory, warranty, and remote control features served from DC for all AE nodes. For features including chat, Wake-on-LAN, system manager, an add-on license has to be purchased. Once the add on license is purchased, these features will be supported for the nodes purchased in the add on license.

Assets in DC are managed for both AE & AE+DC functionality. Therefore if an asset which is deleted in AE does not have any DC functionality, then it will get deleted in DC too. The agent installed in the client machines will get uninstalled. But if the asset which is deleted in AE does have a DC functionality, then it will not be deleted in DC and such assets would be add under the exclude list in AE.

No, the agentless scan will not be supported anymore. We strongly recommend not to use agentless scan. However, if you still want to use the agentless scan, you can use Scan Scripts (Not recommended by us).

If AssetExplorer is installed on a Non - Windows server like, Linux, then DC has to be installed manually in another Windows machine (as currently DC supports windows OS only). This DC installation has to be integrated with AE under Admin >> Integrations >> Endpoint Central. Once integrated, the agent deployment can be done from DC installation and refer the links below for more details.

By default, the DC gets installed with a bundled PGSQL database. However, DC also supports MSSQL. Please check here ( -central/help/getting_started/desktop_central_system_requirements.html#accTree14 ) for MSSQL versions supported by DC. Click here ( -central/using-mssql-database-how-to.html) for a detailed instruction for moving DC to a MSSQL database.

The NAT settings let you specify the public IP Address to which the requests/data from the Endpoint Central Agents will be sent. The requests get translated at your router to reach the Endpoint Central Server.

Even if the number of technicians are lesser in DC than in AE, all the AE technicians would be allowed to perform agent related functionalities such as inventory, remote control, system manager etc from within AE.

While upgrading AE to later versions, few upgrades might require DC also to be upgraded in order to be compatible. In such cases, post-upgrade a message would be displayed on the top banner in AE, that DC also has to be upgraded with the compatible build number and the service pack link. This upgrade has to be performed manually

If DC is downloaded and installed within AE for inventory, remote control and tools functionality in a Windows server, the backup and restore for DC has to be performed separately. Please refer the DC docs for the steps to be followed.

Solution If you have the AMS file in PDF, the upgrade will not happen. Please contact sa...@manageengine.com to get the AMS in a XML file. Apply the license file and then proceed with the upgrade.

An authenticated local file disclosure vulnerability that allows users to download local files has been fixed in AssetExplorer version 6977. Please refer to this security advisory to learn more and upgrade to the latest version.

CVE-2021-44515 affects customers of AssetExplorer who use the Endpoint Central agent for asset discovery, and can lead to a remote code execution attack. We strongly urge customers who use the Endpoint Central agent to refer to this security advisory for more information and the steps to upgrade Endpoint Central to the latest version.

3a8082e126