- 08 Mar 2024
- 8 Minutes to read
- Print
- DarkLight
- PDF
Pharos Blueprint 5.4 - Update 1 Release Notes
- Updated on 08 Mar 2024
- 8 Minutes to read
- Print
- DarkLight
- PDF
Release Notes
This update should be applied to all machines hosting Blueprint components, i.e. the Analyst, Collector, Administrator.
The components included in this update are:
Component | Version |
---|---|
Blueprint | 5.4.11731.0 |
Windows Print Scout | 7.27.61.11 |
macOS Print Scout | 1.0.1300 |
Pharos API/Print Center | 5.4.5.47 |
Pharos IPP Service | 7.4.0 |
Sentry Print Service | 3.86.12 |
Identity Service | 17.0.1-pre.2 |
Provisioning Service | 13.04 |
MPS Proxy Service | 1.9.3 |
Device Scout | 1.21.10.1 |
The Print Scout package should be distributed to all Workstations where Serverless Printing feature will be used.
What's new in Sentry Print 3.86.12
Bugfix - If Sentry Print was configured so that secure devices used a CName to connect to collectors, upgrading Sentry Print (either by itself or as part of a Blueprint upgrade) would clear the CName.
What's new in 5.4 - Update 1 Release
Device Admin Credential management has been improved to ensure rotation of credentials on a physical device is less likely to cause issues with existing secure devices. They can now be updated in the Print Center from the Secure Printers list as well as the dialog for securing a device. In addition they can be imported via the Administrator UI in bulk. Replication of these credentials to collectors has also been improved.
Customers can download and import the latest models database. Models information now includes whether they are supported by Sentry Print.
The Pharos API health test has been added to the System Monitor. The Pharos API is used by the Print Center and the Sentry Print Service to interface with the Blueprint services.
If sentry Print has been manually uninstalled, the Update 1 Patcher can be used to install and configure it again by setting the <InstallSentryPrint> element in the file "Patcher.xml" to "true".
Note, re-installing the Sentry Print Service will result in a new "Secure Print Trust Root" SSL certificate being created and installed for use by the Sentry Print Service.
This will not match the SSL certificate installed on the secured devices by the previously installed Sentry Print Service. To get the devices to work with the newly installed Sentry Print Service, you need to either:Use the Blueprint Server Configuration Tool to rebind the old certificate to the new Sentry Print Service. Or
Re-secure the secured devices with the new Sentry Print Service.
Customers can specify the Active Directory attribute which holds the "display name" of a user. This is shown as the user's name in the Print Center.
The following bugs have been fixed:
Server offline detection bugs resulted in servers being incorrectly marked as offline therefore preventing attempts to call those servers. This mainly affected calls from collectors.
Health tests results were not able to be updated when the Print Spooler was stopped, which prevented collection of Print Spooler performance counters.
When the "Tracker SSL Support" setting in the Server Configuration Tool was set to "Required" the Tracker Service health test would fail.
Calls to the Tracker Service would not work when IIS had multiple SSL certificates bound to the web port
The Authentication method tester when given bad credentials threw an unhandled exception and prompted to be closed.
Customized Sentry Print Theming on secured devices revert to defaults when Collectors are unable to communicate with Analyst. Blueprint allows customers to customize the Sentry Print UI that appears on secured devices. With Blueprint 5.4, the Theme settings for this customization were fetched from the Analyst when required. This meant that when a Collector was unable to contact the Analyst, the UI on secured devices reverted to the default appearance. In 5.4 Update 1, the Sentry Print Theme settings are now replicated down to the Collectors. Now, when a Collector is unable to contact the Analyst, the secured devices will continue to display the modified appearance. However, because the settings are replicated, it can take up to 12 hours for changes to be propagated from the Analyst to the Collector which means if you make a change to the Sentry Print Theme settings in the Print Center, it will take up to 12 hours for the changes to be automatically propagated to the Collectors. If you wish the changes to propagate more quickly, you will need to manually clear the "Sentry Print Theme Settings" on each Collector.
How to apply this Update
Warning: Blocked Files
Depending on how this update or its files were copied to the target machine, some of the files may have been 'blocked' by Windows. Trying to update a Blueprint component with a blocked file will most likely prevent that component from working correctly. To check whether a file is blocked and/or unblock it, right-click the file in Windows Explorer and select 'Properties'.
Warning: In use Files
Under some conditions, the upgrader may be unable to replace files because they are in use. If this happens,
Stop all the Application Pools in IIS.
Run the upgrade again.
Start all the Application Pools after the patcher succeeds.
Updating Analyst or Collector
Installation Steps
If updating Analyst, make sure you have an up to date backup of the psbprint database.
Close the Window's Printers window (if it is open). Close any Pharos applications (e.g. Troubleshooter, Blueprint Administrator) that are open.
Note: you do not need to stop the Pharos Services. The update installer will do this automatically.Open an elevated Windows command prompt and run Patcher.exefrom the command line. No additional parameters are necessary.
The update installer does not create a log file. It is recommended that you run DebugView (http://technet.microsoft.com/en-us/sysinternals/bb896647) to capture the output of the installer. This output will include error messages if the installer fails.
If the update installer fails, you can correct the cause of the error and run Patcher.exe again.
At completion, the Patcher may automatically force a restart. Follow the remaining instructions after the restart.
To log the installation of MSI files associated with the update, edit <MsiLogFileDirectory> in the Patcher.xml file with a folder path.
If Site Monitor with a lite license is installed and the logged on user does not have permissions to remove the Site Monitor database, the DbAdminUser and EncryptedDbAdminPasswordelements can be populated in the patcher.xml to allow full uninstallation of Site Monitor.
Open an elevated command prompt and type in patcher /encrypt:MySecretPassword to retrieve the encrypted version of the Db Admin Password.
On Analyst, open the Blueprint Analyst, go to Reporting -> Publications and click on "Publish to Data Warehouse" on the toolbar.
Automated Server Deployment
Customers with a large number of Blueprint Servers may want to deploy this update using an automated software deployment tool (e.g. IBM's Tivoli).
To help with this process, the Patcher can be configured to send an e-mail at the end of the patching process indicating the patching attempt's success or failure. The configuration is held in the file Patcher.xml. Modify the file as follows:
Change the <automated> element from "false" to "true".
Set "to" to the e-mail address you want the notification sent to.
Set "from" to the e-mail address you want the notification to claim it was sent from.
Set smtpServerHost to the FQDN of the mail server.
Leave smtpServerPort alone, unless the mail server is using a non-standard port. Or you want the communication encrypted using SSL.
If the mail server and its Host are configured to support SSL, you can change useSSL to "true" and smtpServerPort to the SSL port (usually 465).
Set smtpUserName and smtpPassword to the user and password needed to use the mail server.
If you do not want to put an unencrypted password in the Patcher.xml file, you can put the password as encrypted text into smtpEncryptedPassword. You can encrypt the password by calling Patcher.exe from the command line with the flag "/encrypt:". e.g. Assume your mail server's password is "MySecretPassword".
Open an elevated command prompt and type in patcher /encrypt:MySecretPassword
Patcher.exe will return EncryptedPassword:L9EMZX9r1CkvI8rNybP/dikf09zwBPLMfl6OMk7/nXOCgZQpaePQDoGDULN3eAbe"
Set smtpEncryptedPassword="L9EMZX9r1CkvI8rNybP/dikf09zwBPLMfl6OMk7/nXOCgZQpaePQDoGDULN3eAbe"
If your deployment tool will run the patcher under an account that has permission to send e-mails, then you can set useDefaultCredentials to "true" and leave smtpUserName, smtpEncryptedPassword and smtpPassword blank.
Updating standalone installations of the Blueprint Administrator
If Workstation Tracker is installed along with the Blueprint Administrator, applying the update will NOT update the Tracker.
Close the Window's Printers window (if it is open).
Open an elevated Windows command prompt and run Patcher.exe from the command line. No additional parameters are necessary.
Note: The update installer does not create a log file. It is recommended that you run DebugView (http://technet.microsoft.com/en-us/sysinternals/bb896647) to capture the output of the installer. This output will include error messages if the installer fails.A reboot might be required after the update is run. This is done automatically so make sure you save any open files prior to applying the update.
If the update installer fails, you can correct the cause of the error and run Patcher.exe again. Alternatively, you can contact Pharos for manual upgrade instructions.
Updating Tracker on Print Servers
On all the Windows Print Servers where tracking is required, use the Blueprint Print Scout package contained in the Tracker directory to install or upgrade the Tracker.
Updating Tracker on Windows Workstations
Print Scout packages should be distributed to all workstations hosting the Blueprint Tracker, so you can take advantage of the new features and improvements.
The patcher does not uninstall Site Monitor when database cannot be contacted
Applying Update 5 to Blueprint removes any existing Pharos Site Monitor Lite install on the Analyst. However, the Site Monitor is not removed when the database cannot be contacted by the patcher.
Site Monitor can be uninstalled after running the Patcher.
Go to "Add or Remove Programs" and select "Pharos Systems Site Monitor".
Select "Uninstall", and when prompted, supply credentials for a MSSQL server administrator account.
Integrations
MobilePrint
MobilePrint is NOT affected by applying this update. Also, MobilePrint installed AFTER update is applied will work with no further configuration changes. MobilePrint 2.2.1 does not support TLS 1.2 and will not work if TLS 1.2 is the only cipher suite enabled. MobilePrint 2.3 and later have full support for TLS 1.2.
Other
Updated versions of the following integrations are included in this update.
Apple Airprint
MobilePrint
Pharos Print Center
VPSX
VPSX, HP ePrint, and Apple UTF-8 Integration
Any previously installed version of these Integrations will stop working once the update is applied.
After applying this update, you will need to re-install the integration using the version included with this Update. i.e. replace the deployed DLLs with the new versions.
If TLS 1.2 is the ONLY cipher suite enabled the VPSX SRH integration will not work.
Limitations
If "Integrated Security" is used to connect to MS SQL, the Print Center won't work after applying this release. To fix, set the Pharos ASP.NET v4.0 App Pool in IIS to use an account that has MS SQL permissions. Refer to the "New Features" document in the Pharos Community for more information.