Re: Security issue with 7.6.04 sp5 midtier
As I expected, no Hot Fix will be forthcoming for a pretty good reason It required a major re-work that gave us v 8.x! I'm ok with that one. We'll probably just stick with our workaround as we are hoping to move off this platform and onto 9 sometime in the next year. On Wed, Jul 22, 2015 at 4:14 PM, LJ LongWing wrote: > ** > Wellbased on my understanding of 'Limited Support', it essentially > means that they reserve the right to tell you to go take a hike if they > feel like it...and it sounds like that's exactly what they have done. What > you might try is setup some new Remedy 9 Mid-Tier servers...they should > work just fine against the 7.6.04 App servers, should be a very minimal > config/upgrade...and will likely get you past this particular hurdle > without much pain...and have the advantage of moving you down the road of > upgrade just a bit :) > > On Wed, Jul 22, 2015 at 12:21 PM, Warren R. Baltimore II < > warrenbaltim...@gmail.com> wrote: > >> ** >> I'm wondering if anyone out there is ars list land has come across this >> issue >> >> We are on Windows 2008 boxes. We have 3 app servers and 3 web servers. >> Each run on their own virtual device. >> >> Load balancing is conducted by an F5 Load Balancer. >> >> Starting sometime in the last week (most likely the weekend) our users >> started encountering enourmous wait times logging into Remedy. Each time >> would take around 4 minutes! Needless to say, they weren't pleased. >> >> It took about a day and a half, but we finally worked the issue down to >> the load balancer our infrastructure provider uses. What happened is that >> a meta tag that is part of each Remedy form - > http-equiv=\"X-UA-Compatible\" content=\"IE=5\">. The load balancers IDS >> had sometime in the last month had an update that added a rule blocking IE5 >> content. We're not sure why it didn't actually start blocking this stuff >> until now, but it did. >> >> Now, our provider was able to change the rule so that it merely logs the >> usage and does not block it, so we are now back to normal operations, but >> it leaves open a potential security hole, and they are understandably >> resistant to leaving that open. >> >> When I spoke with BMC, I got back a response that there would be no more >> Hotrfixes for 7.6.04! That took me back a bit given the fact that we're in >> limited support until 1/2017! Now, I pushed back (lightly) and they are >> talking it over, so I'm not getting myself to worked up just yet. But I am >> curious if anyone else is having this issue. We're not that unusual in our >> setup. >> >> Anyone else? >> >> -- >> Warren R. Baltimore II >> Remedy Developer >> 410-533-5367 >> _ARSlist: "Where the Answers Are" and have been for 20 years_ > > > _ARSlist: "Where the Answers Are" and have been for 20 years_ -- Warren R. Baltimore II Remedy Developer 410-533-5367 ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Re: Security issue with 7.6.04 sp5 midtier
Wellbased on my understanding of 'Limited Support', it essentially means that they reserve the right to tell you to go take a hike if they feel like it...and it sounds like that's exactly what they have done. What you might try is setup some new Remedy 9 Mid-Tier servers...they should work just fine against the 7.6.04 App servers, should be a very minimal config/upgrade...and will likely get you past this particular hurdle without much pain...and have the advantage of moving you down the road of upgrade just a bit :) On Wed, Jul 22, 2015 at 12:21 PM, Warren R. Baltimore II < warrenbaltim...@gmail.com> wrote: > ** > I'm wondering if anyone out there is ars list land has come across this > issue > > We are on Windows 2008 boxes. We have 3 app servers and 3 web servers. > Each run on their own virtual device. > > Load balancing is conducted by an F5 Load Balancer. > > Starting sometime in the last week (most likely the weekend) our users > started encountering enourmous wait times logging into Remedy. Each time > would take around 4 minutes! Needless to say, they weren't pleased. > > It took about a day and a half, but we finally worked the issue down to > the load balancer our infrastructure provider uses. What happened is that > a meta tag that is part of each Remedy form - http-equiv=\"X-UA-Compatible\" content=\"IE=5\">. The load balancers IDS > had sometime in the last month had an update that added a rule blocking IE5 > content. We're not sure why it didn't actually start blocking this stuff > until now, but it did. > > Now, our provider was able to change the rule so that it merely logs the > usage and does not block it, so we are now back to normal operations, but > it leaves open a potential security hole, and they are understandably > resistant to leaving that open. > > When I spoke with BMC, I got back a response that there would be no more > Hotrfixes for 7.6.04! That took me back a bit given the fact that we're in > limited support until 1/2017! Now, I pushed back (lightly) and they are > talking it over, so I'm not getting myself to worked up just yet. But I am > curious if anyone else is having this issue. We're not that unusual in our > setup. > > Anyone else? > > -- > Warren R. Baltimore II > Remedy Developer > 410-533-5367 > _ARSlist: "Where the Answers Are" and have been for 20 years_ ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
Security issue with 7.6.04 sp5 midtier
I'm wondering if anyone out there is ars list land has come across this issue We are on Windows 2008 boxes. We have 3 app servers and 3 web servers. Each run on their own virtual device. Load balancing is conducted by an F5 Load Balancer. Starting sometime in the last week (most likely the weekend) our users started encountering enourmous wait times logging into Remedy. Each time would take around 4 minutes! Needless to say, they weren't pleased. It took about a day and a half, but we finally worked the issue down to the load balancer our infrastructure provider uses. What happened is that a meta tag that is part of each Remedy form - . The load balancers IDS had sometime in the last month had an update that added a rule blocking IE5 content. We're not sure why it didn't actually start blocking this stuff until now, but it did. Now, our provider was able to change the rule so that it merely logs the usage and does not block it, so we are now back to normal operations, but it leaves open a potential security hole, and they are understandably resistant to leaving that open. When I spoke with BMC, I got back a response that there would be no more Hotrfixes for 7.6.04! That took me back a bit given the fact that we're in limited support until 1/2017! Now, I pushed back (lightly) and they are talking it over, so I'm not getting myself to worked up just yet. But I am curious if anyone else is having this issue. We're not that unusual in our setup. Anyone else? -- Warren R. Baltimore II Remedy Developer 410-533-5367 ___ UNSUBSCRIBE or access ARSlist Archives at www.arslist.org "Where the Answers Are, and have been for 20 years"
