NetIQ Secure Configuration Manager 5.9.1
Micro Focus has discovered a serious issue with Secure Configuration Manager 5.9.1 Hotfix 7015965, posted in March 2015, that will affect a small number of customers under specific circumstances. If affected, customers will experience permanent data loss of report data older than 90 days.
All supported versions of Secure Configuration Manager (SCM) have a disk space management feature that purges reports from the database after a user-configurable period that defaults to 90 days. Fully enabling this feature also requires the SQL Server database administrator to start/enable the SQL Server Agent Service. With extremely large databases, this cleanup operation can be extremely slow, so SCM 5.9.1 Hotfix 7015965 introduced a bulk purge feature to improve performance. This feature has a bug that bypasses the data retention settings in the SCM user interface and automatically purges reports after 90 days, even if a longer retention period is configured or the purge was previously disabled.
You are at risk of unintentional data loss after 90 days if:
â¢ You applied Hotfix 7015965 to an SCM 5.9.1 system.
â¢ AND the SQL Server Agent Service is enabled/started. (This is disabled in a default installation.)
â¢ AND one or more of the following conditions apply
o You attempted to disable purging in the SCM user interface (before or after applying Hotfix 7015965)
o You attempted to set the data retention policy to greater than 90 days (before or after applying Hotfix 7015965)
You are also at risk of unintentional data loss after 90 days if you meet the conditions above and then upgraded to SCM 6.0.
You are not at risk of unintentional data loss if:
â¢ You have never applied Hotfix 7015965.
â¢ OR You have not manually enabled the SQL Server Agent Service.
â¢ OR Your intended report retention period is 90 days or less.
Micro Focus makes the following urgent recommendations:
1. If you have not already, do not install SCM 5.9.1 Hotfix 7015965.
2. After they are released, apply either SCM 5.9.1 - HotFix 7016729 or SCM 6.0.0 Hotfix 7016730. These will correct the problem and may have additional, unrelated fixes.
3. To neutralize the risk if you have already applied SCM 5.9.1 Hotfix 7015965, the best approach is to disable the Bulk_purging job in the SQL Server database. Technical Support can assist you. If you're unable to reach Technical Support immediately, one or more of the following approaches can reduce your risk in the meantime:
1. Back up your database regularly. Periodic backups are also recommended as a standard best practice.
2. Export your reports to a different location, such as a distributed share.
3. Disable the SQL Server Agent Service on the SQL Server database. (Note: This may disable other desirable functionality, so consult your database administrator first.)
Data older than 90 days was being purged even if the report retention settings were higher than 90 or set to never purge. This only happens with 5.9.1 after applying Hotfix 7015965.