K2 v7.5 (2019-01-31 Image)
(a yellow icon above, instead of green, indicates that this local document is not the latest -- the latest warnings are online)
Read this document for notes on bug fix or upgrade issues that warrant emphasis, explanation, or might otherwise be overlooked.
In addition to the specific warnings below, always consult the comprehensive list of all important bug fixes as documented in:
Partner Notes documents possible issues concerning any third party product which may have been purchased with pre-configured KeyServer control built in by the software publisher. [Note: the icon for a publisher supplied license certificate (.lic file) will appear in KeyConfigure's Licenses window with a green tint.]
KeyAccess 126.96.36.199 through 188.8.131.52 on macOS can exclude many programs from the audit (2019-01-31)
In certain cases when there are soft links directly to an app, other apps within the same directory will not be reported as part of a full audit. Upgrade KeyAccess on macOS clients to version 184.108.40.206 or higher to collect complete audit information.
KeyAccess earlier than 220.127.116.11 can generate extra Computer records following a change to ID types (2019-01-31)
When KeyAccess performs a software audit at a time when no user is logged into the OS, it can fail to use the Computer ID that has previously been used for that computer. This happens especially in cases where a change has been made to the Computer ID Types. This can result in duplicate Computer entries. Upgrade KeyAccess to version 18.104.22.168 or higher to ensure that the client uses the same ID for all audits on a given computer.
KeyAccess 22.214.171.124 on macOS reports keyed software as unkeyed in software audits (2019-01-31)
KeyAccess 126.96.36.199 on Mac reported all installed software is unkeyed. This is fixed by updating to 188.8.131.52.
KeyAccess 7.5 running on macOS 10.14 “Mojave” will generate a warning message the first time a browser is launched (2018-11-15)
Security and privacy changes in macOS X 10.14 include a sandboxing feature that prompts the user to allow applications to commumicate with each other. To track URLs, KeyAccess uses this gated IPC mechanism when querying browsers for information on which URLs have been loaded. The first time KeyAccess queries a given browser, the OS will display this prompt. Once the user allows or disallows the communication between KeyAccess and the browser, the OS will not prompt again. The setting can be changed in the Security & Privacy system preference panel (under the Privacy tab select Automation).
KeyServer versions 184.108.40.206 and 220.127.116.11 installed on Windows as a 32-bit process can give incorrect report results and have other subtle problems (2018-10-22)
Running the 32-bit Windows version of KeyServer 18.104.22.168 or 22.214.171.124 can result in reports that show "Policy not found" and other incorrect or inaccurate information. The raw user data is not affected, so there is no loss of accurate data. To avoid this issue, upgrade to KeyServer version 126.96.36.199 or higher. Most modern computers are capable of running 64-bit OSs, so we recommend using the 64-bit KeyServer when possible. There is no need to convert data when upgrading from 32-bit to 64-bit executables; the same data can be used on all platforms regardless of OS type, “bitness”, or version.
KeyAccess versions prior to 188.8.131.52 might exhibit excessive CPU usage on Windows (2018-10-22)
Windows KeyAccess versions older than 184.108.40.206, in rare cases, will show high CPU usage after running without issue for some length of time. The chance of this happening is low, but is more likely on multi-user systems such as Windows Terminal Server when many sessions are connected, depending on usage patterns. To avoid this issue, especially important when KeyAccess is installed on WTS with heavy use, upgrade to KeyAccess version 220.127.116.11 or higher.
KeyAccess versions 18.104.22.168 and 22.214.171.124 cause a compatibility problem with Microsoft Access and Internet Explorer (2018-08-08)
With KeyAccess version 126.96.36.199 or 188.8.131.52 installed, the first launch of either Microsoft Access or Internet Explorer will fail silently. Subsequent launches of the program will succeed. To avoid this compatibility issue, upgrade to KeyAccess version 184.108.40.206 or higher.
KeyServer versions 220.127.116.11 and 18.104.22.168 can crash under normal operation (2018-07-26)
We strongly recommend that you upgrade to version 22.214.171.124 or higher if you are running one of these earlier versions of KeyServer, even if you have not experienced any crashes yet.
KeyServer installers for versions 126.96.36.199 and 188.8.131.52 might fail to upgrade maps from earlier versions (2018-07-26)
If you upgraded from 7.x to 184.108.40.206 or 220.127.116.11, and had set up any Availability Maps in 7.4, your maps might not have been transfered to the upgraded server. Contact Sassafras Software for help moving the necessary files into place on the new server. Part of the process will include upgrading your KeyServer to version 18.104.22.168.
Cautions when upgrading from an earlier major version – i.e., 7.4 or earlier (2018-07-05)
Read the Major Upgrade documentation!
K2 7.5 requires a new license certificate (server.lic) and new KeyConfigure. Before upgrading an older KeyServer version (6.2, 7.0, 7.1, 7.2, 7.3, 7.4, etc) you must receive a new license certificate configured for 7.5 support -- a 7.4 or earlier certificate will not enable version 7.5.
The major version of KeyConfigure version and KeyServer version must match (e.g., first two digits must match). KeyConfigure 7.4 won't connect to KeyServer 7.5, KeyConfigure 7.5 won't connect to KeyServer 7.4.
Any KeyShadow installs must be discarded whenever the KeyServer process is upgraded. The KeyShadows must be recreated with a version 7.5 shadow certificate created by the version 7.5 KeyConfigure.
In cases where the Windows KeyServer is running in a Service Account, the Service Account must have a valid password that is reflected in properties of the KeyServer Service in the Service control panel. Furthermore, the Account must have full permissions on the KeyServer Data Folder in order for KeyServer and KeyReporter to properly run. Therefore, it is important to double-check permissions if your KeyServer is configured to run as anything other than the local service account.
On Windows, if your 7.4 (or older) KeyServer data is stored at a non-default location (for example on a non-system drive), the 7.5 Server installer will move the converted data to the default location in C:\Program Files\Sassafras K2\Server unless you select the “KeyServer Data Folder” item within the installer's “Sassafras K2 KeyServer Setup” dialog and browse to the existing Data Folder's Drive/Path during the install. This is necessary because the data folder is now a distinct entry in the installer. Choosing this option once will allow the data folder to remain at that location for any subsequent 7.5.x upgrades.
Minimum supported version of Mac OS X is 10.8 (2018-07-05)
K2 7.5 has several operational and UI improvements that require Mac OS X 10.8 and higher. Previous versions of K2 support Mac OS X 10.6 and higher, so if you have client computers with OS X 10.6 or 10.7, you should use KeyAccess 7.4.2 on those systems. The older client versions are compatible with the 7.5 server, although the newer functionality will obviously be missing for those clients.