* Last updated Feb 3rd *
The VSA 9.5.8 release includes enhancements and fixes described in the topics below. For minimum system and agent requirements, see these topics in the Kaseya R95 System Requirements Guide: Kaseya Server Minimum Requirements & Configuration and Agent Minimum Requirements.
Release Schedule
Note for all customers: This release is the culmination of five months of intensive work to further harden the security of the VSA and the restoration of functionality that was suspended in July 2021. Due to the large number of changes, we have broken down the Scaled SaaS deployment into multiple “waves” to ensure a high-quality experience for our customers.
- Scaled SaaS Wave 1 deployment – Tuesday, November 30th - complete
- Scaled SaaS Wave 2 deployment – Wednesday, December 8th - complete
- Scaled SaaS Wave 3 deployment (new) – Monday, December 13th - complete
- Scaled SaaS Wave 4 deployment (new) – Tuesday, December 21st - complete
- Scaled SaaS Wave 5 deployment (new) - Saturday, January 8th, 7am ET - complete
- Full SaaS deployment - Saturday, January 15th - complete
- General Availability (on-prem customers) - available now (see note below)
Note: the On-Prem release was temporarily suspended on Feb 2nd due to an issue with the login process that was reported by some customers using Active Directory linked user accounts, with a new build containing a fix released on Feb 3rd at 4pm ET. Customers who installed 9.5.8 prior to that, and need the fix, should run the VSA installer again and install patch version 9.5.8.3801.
Important Security Updates
This release includes major security hardening, and we strongly recommend that on-premises customers upgrade to this release as soon as possible (SaaS customers are automatically updated by Kaseya). These changes include:
- Stronger encryption leveraging FIPS 140-2 NIST validated cryptographic modules
- Code hardening to prevent Cross-site Scripting (XSS), SQL injection and other injection attacks/vulnerabilities.
- Re-factoring of file upload controls to prevent upload or execution of unauthorized file types.
- Updates to file system security on the application server including potentially sensitive configuration files moved to more secure locations.
-
The release of VSA 9.5.8 creates several new Security Application Pools within IIS. This works correctly on all supported Windows Server operating systems except Windows Server 2012.
You must contact technical support to obtain a fix for this problem before proceeding with an upgrade or new install of the 9.5.8 release of the VSA if you are using Windows Server 2012.
New Features
FIPS 140-2
In this release, Kaseya has strengthened the security of VSA communication layers by making changes in the cryptography for VSA communication channels to comply with FIPS 140-2.
A NIST Cryptographic Module Validation Program (CMVP) certificate (#4089) has been approved and published for VSA, and is available here.
The Virtual System Administrator (VSA) Cryptographic Module (represented as “FIPS Module” in the image below) used in VSA Server (Edge Services), Live Connect (AdminEndpoint), VSA Agent (AgentMon and Endpoint), and Remote Control Relay and P2P (Kaseya.TurnService and Kaseya.StunService) has been updated to enforce FIPS 140-2 compliant communications.
- The Certificate used for the VSA Server must have FIPS-approved encryption and signature algorithms.
- A new system check has been added in the VSA Installer to validate the certificate. If the certificate is invalid, you will have the option to disable FIPS-mode in Edge Services and continue. FIPS-mode can be re-enabled in Edge Services once a valid certificate has been provided.
- This is due to the updated VSA Agent communication layer. VSA Servers prior to 9.5.8 will not be able to process the updated Agent communication layer.
Kaseya One and IT Complete Single Sign-On Integration: VSA Organization configurations.
In this release, we added Single Sign-On support via KaseyaOne and the IT Complete product suite for VSA Organizations.
To register on On-Premise VSA per single or multiple VSA servers(organizations) where each VSA servers needs to be mapped within a unique KaseyaOne company or needs to be mapped to the same company, a Master Admin must authenticate to IT Complete with a prompt to complete the Kaseya One authentication process:
- Log into the VSA as a Master Admin;
- Navigate to System > Orgs/Groups/Depts/Staff > Manage; (If the user's license is configured for the KaseyaOne SSO feature, there should exist "IT Complete" tab for configuring this feature. Otherwise, no controls should appear if the user's feature flag is not turned on.)
- Select the Organization from the list to which the Master Admin user is assigned and then navigate to the IT Complete tab;
Note: The IT Complete tab will not be visible for users who does not have the user's license configured for the KaseyaOne SSO. - Click the Authenticate with IT Complete button. The new window with KaseyaOne login page will open;
- Login to your KaseyaOne account. Once you authenticate with Kaseya One, you can continue with the VSA registration process;
- Click the Register VSA with IT Complete button;
- Check the Enable Log in With IT Complete checkbox, and click the Update button;
Now your VSA account is registered with an IT Complete account.
Agent: MSI Package installation
- Added a new feature to create or download an agent MSI Package installation through Agent > Manage Packages page. To create an MSI package, use the new option: “Create package installer as. MSI instead of .exe”. This option is available for selection only when “Windows” OR the upcoming “Automatic” selections are used for “Choose an Agent Type.”
Software Management
- With this release, we introduce a new View Application History popup with detailed change log information on a given title (installations, uninstallation, patches).
User Portal
In this release, we enhanced the ticket-submission process when using the VSA User Portal to submit tickets for Service Desk and BMS.
- We have added the ability to embed images in the Description, and attach files to the ticket during ticket creation.
- We have also added three new fields on the ticket creation form for an end-user to identify themselves using their first name, last name, and email address. Once the ticket is submitted, the following will occur depending on the ticket platform used:
- Service Desk
- The user information will automatically be added to the Submitter Name and Submitter Email fields on the created ticket.
- BMS
- The email address will be used to automatically match and associate existing contact records, based on the “default” email address of the record.
- If no match is found, the submitter information will be included in the ticket notes.
- If a single match is found, the matched record will be:
- Automatically associated with the ticket if the record exists in the same BMS account as the associated asset record.
- Added to the notes if the record is in a different BMS account as the associated asset record.
- If multiple matches are found, but only one is in the same BMS account as the associated asset, the contact in the same account as the asset will be automatically associated with the ticket, and a note will be included with information about the contact records from other accounts.
- If multiple matches are found in the same or different BMS accounts as the associated asset, submitter information will be included in the ticket notes with additional information about the contact records.
- The email address will be used to automatically match and associate existing contact records, based on the “default” email address of the record.
- Service Desk
Deprecations
Ticketing
- This legacy module was replaced in 9.5.7a by a more advanced ticketing capability derived from our BMS product. The following functions, which had been retained to facilitate migrations, have now been removed: -
- Migrate Tickets
- Email Reader
Discovery
- Removed references to previously deprecated Portal Access functionality from the Discovery module.
Live Connect App
- Removed Chat feature from Live Connect application. The agent side code was removed in 9.5.7, and initiating a session from Live Connect would result in an Oops error page on the agent machine. Chat functionality will be reintroduced in a future release.
Enhancements
Agent App
- Fixed an issue where the latest available agent version was incorrect.
Agent Procedures
- Restored the option to delete managed files.
Authentication
- The VSA login page is updated to align with IT complete design standards.
System
- Simplified Machine Role Access Rights and removed redundant functions. Only the following functions will now be displayed: -
- Home
- Tickets
- Simplified User Role Access Rights and removed redundant functions.
User Portal
- In this release, we provided end-users with the ability to submit more data on the User Portal ticket entry form when VSA is configured to use Service Desk as the ticketing platform.
VSA Core (Architecture)
- In this release we have updated the VSA installer to deploy latest .Net Core version.
Bug Fixes
Agent Module
- Fixed an issue in Agent > Configure Agents > Assign Lan Cache page which was displaying HTML tags.
- Fixed an issue with macOS agent where Agent status turned offline for a minute after running certain agent procedures.
- Fixed an issue in Quick View software licenses where unescaped html tags were visible.
- Fixed an issue where no records were found when filtering by asterisk (wildcard) in machine filters.
Agent Procedures
- Fixed an issue where writeFile was not working on Mac/Linux machines.
- Fixed an issue with Linux Agent where files were written to the wrong destination path.
Audit
- Fixed an issue where the Mac address for macOS Catalina agents was different in Audit and Discovery modules for the same machine.
Authentication
- Fixed an issue where, after changing the password using Forgot Password link, a user is not re-directed to the login page.
- Fixed an issue where, after a domain user’s password was changed in Active Directory, they could continue authenticating to VSA using the old password.
Backup
- Fixed an issue in Backup > Recovery > CD Recovery where no machines were displayed by machine selector.
Cloud Backup
- Fixed an issue in the alert harvesting process where failure to process an alert would cause the entire process to fail, and no further alerts would be created in VSA until the problematic alert was cleared from Acronis console.
Data Backup
- Fixed a display issue in Data Backup > Backup > Status where the backup Status was overlapping with the first percentage value.
- Fixed an issue where backups were skipped due to a scheduling error on the Agent.
- Fixed an issue where certain pages were not displayed correctly for limited role users.
- Fixed an issue where file selection and backup processes would fail because the agent was unable to communicate with the VSA server.
- Fixed an issue where backups would fail because required DLL files failed to copy to agents.
Database and Schema
- Fixed a database performance issue with the Traverse integration.
- Fixed a database performance problem with BMS integration.
- Fixed a database performance issue which could cause failure of Agent Procedure signing process in some environments.
Discovery
- Fixed an issue where Domain Watch would fail to deploy agents in some environments.
- In this version, an appropriate image is shown on the topology map for a virtual switch in case Discovery scan was performed with VMware or WMI (Windows Management Instrumentation) creds specified.
Info Center
- Fixed an issue where Monitor Alarm Summary report failed to render.
- Fixed a display issue in Executive Summary report where group information was not correctly aligned with the label.
- Fixed a Microsoft JScript runtime error ‘800a138f’ in executing Executive Summary Report.
KaseyaOne Integration
- Fixed an issue with Tenant Admin login as it failed to map two different tenants from one VSA server to one KaseyaOne Company.
KAV
- Fixed an issue where KAV installation failed in some environments due to an HTTP download error.
Live Connect App
- Fixed an issue where Live Connect > Ticketing tab would display an “Oops” error if Service Desk is not configured on the system. It will now display a message saying “Service Desk is not configured on this system”.
- Fixed an issue where Live Connect web UI would fail to display the Ticketing tab and re-direct to login page instead.
- Fixed an issue in Live Connect > Extensions which threw an error “Server error occurred but could not be parsed” when trying to upload a file or do anything on the extensions tab.
- Fixed an issue where uploading or downloading documents from Live Connect application would fail.
Monitoring
- Fixed an issue where Alarm Summary taskbar was not visible in light mode.
- Fixed an error which was generated while creating the Dashboard list of in the Monitor module.
- Fixed a Javascript error when selecting event log type from Monitor> Agent Monitoring >Event Log Alerts>Assign Event Set.
- Fixed an issue where an “Oops” error was displayed when trying to apply “Run Script” option with another agent selected from Monitor > Agent Monitoring > Event Log Alerts > Set Alert Actions.
Network Monitor
- Fixed an issue where Gizmo application displayed “the remote server returned an error: (400) Bad Request” error message.
- Fixed an issue where KNM (Kaseya Network Monitoring) pages would fail to load in SaaS environment.
Passly (Authanvil) Integration
- Fixed an issue where Login Page displayed “An error has occurred” when “Disable Standard Login” option is enabled and a user attempts to log in directly to VSA. It will now display the standard login failure message.
Quick View
- Fixed an issue in Quick View where some icons were not loaded or displayed.
Rest API
- Fixed an issue where API DELETE /thirdpartyapps/notification/{appId}/{messageId} was not deleting the required message.
- Fixed an issue where Service Desk API GET/automation/servicedesktickets/{ticketId} as it was not returning the Agent ID.
Service Desk
- Fixed an issue where the inline images were broken in Service Desk when the images were sent through email.
- Fixed an issue where the Service Desk Escalation procedure was not terminating even if the ticket was moved out of the stage triggering the escalation procedure.
- Fixed an issue where the number of closed tickets was not displayed under the Statistics button.
- Fixed an issue where the numbers were not displayed on the right side of the chart after selecting the appropriate service desk from the dropdown on the Statistics page. Additionally, the data on the diagrams were not corresponding to the data on the charts.
- Fixed an issue where MSP Assist plugin would fail to sync ticket details to a 3rd party PSA due to REST API calls failing.
Software Deployment
- Fixed a database performance issue that could cause Software Deployment scans to fail in some environments.
Software Management
- Fixed an issue in Software Management 2.0 where the History pane was not showing the correct “status date” time.
- Fixed an issue in Software Management 2.0 where an error message was getting displayed “Exit Code: 9999 Deployment Failure” when third party titles were deployed.
- Fixed an issue in Software Management 2.0 where the vulnerable machine pop up shows “No records found” on the patch approval page.
- Fixed an issue in Software Management 2.0 where the scanning of a machine failed if the Lumension files were not on the Kaseya server.
- Fixed an issue in Software Management 2.0 when scanning and deploying triggers update or download the Lumension OSPX files.
- Fixed an issue where the PMClient timed out when attempted to download and install the patch.
- Fixed an issue where the latest version for a software catalog item was not always updated.
- Fixed a Windows patch detection issue when using a Scan & Analysis profile with Kaseya Update 2.0 as Patch Strategy.
- Fixed an issue where new deployment process may start while the previous deployment is still in progress.
- Fixed an issue where uninstall records override install records in the History page.
- Fixed an incorrect error message for 3rd-Party Software that received an error while uninstalling.
System
- Fixed an issue where form validation failed with “Password must contain non alphanumeric character” error and underscore character were treated as alphanumeric in password for new user or tenant.
- Fixed an error message “Object reference not set to an instance of an object” which appeared upon login to VSA.
- Improved error handling in Import Center when attempting to import from XML file with outdated or invalid formatting.
- Fixed an issue where “Set User Password” Dialog contains HTML tags.
- Fixed an issue where users on SaaS environments were repeatedly required to authenticate with 2FA, despite having checked the “Remember Me” box .
- Fixed an issue where HTML tags were displayed in the Select time format section of System> Server Management> Configure page.
- Fixed an issue where “Set User Password” dialog contained HTML tags.
- Fixed an issue where “Set User Password "dialogue allows passwords to be saved which do not conform to password strength policy.
User Portal
- Fixed an issue where tickets with attached files would fail to open, and cause the Ticket interface to get stuck in a loop.
- Fixed an issue where, after updating contact information, UI showed that the contact information was updated successfully, however after refreshing the page it was still empty.
- Fixed an issue in the agent menu where the “Contact Administrator” link to a custom URL was not working. It would display a page showing the URL, but would not re-direct to the destination page. This would impact BMS integrations where a formatted URL with machine ID tag is used to direct users to the BMS ticket entry form, as described here.
- Fixed an issue with the Ticket grid where column headers would not move when scrolling horizontally, meaning they would no longer be aligned with the column values.
- Fixed an issue where no tooltip was displayed when hovering over any field on the Ticketing page.
vPro
- Fixed an issue where an “Oops” page was shown when clicking on some pages in the module.
VSA Core (Architecture)
- Fixed an issue where connections to the database were not properly closed, which could cause system performance and stability issues.
- Removed the requirement that verifies the user has permissions to the System > User Security > Users function from the /system/currentUser API.