Skip to main content

1E 9.x (on-premises)

Supported Platforms

A list of all the platforms supported by 1E components, and the prerequisite software required to allow them to be installed or to work.

Server software

Category

Product

Notes

Server OS

  • Windows Server 2022

  • Windows Server 2019

For more detail about configuration of servers, please refer to Windows Server requirements.

Only 64-bit server OS are supported. The server must be domain-joined.

This version of 1E requires the server OS to be English because of a Known issues with certain regional settings.

If TLS 1.0 is disabled, then please ensure you follow the steps in Preparation If TLS1.0 is disabled to add registry entries, for the 1E Catalog Update Service to successfully connect to the 1E Cloud Catalog.

Note

This list shows only those OS versions in mainstream support by Microsoft, and therefore supported by 1E, and by 1E Client .

Please refer to Constraints of Legacy OS regarding the end of mainstream support.

For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search.

Refer to Support for Microsoft Rapid-Release Cycle on https://support.1e.com/ for details of which Current Branch versions are supported by 1E products, and known issues regarding specific versions.

SQL Server

SQL Server Analysis Services (SSAS)

  • SQL Server 2022

  • SQL Server 2019

For more detail, please refer to SQL Server requirements.

Standard and Enterprise editions of these versions of SQL Server are supported.

Note

1E only supports AlwaysOn Availability Groups on SQL Server Enterprise Edition. Please refer to High Availability options for SQL Server for HA options and their requirements.

A SQL Server database instance is required for the following databases:

  • 1ECatalog

  • ContentDistribution (optional - required for Content Distribution)

  • SLA-BI (optional - required for Patch Success)

  • SLA-Data

  • SLA-Integrate

  • SLA-Shared

  • TachyonExperience (optional - required for Experience Analytics)

  • TachyonMaster

  • TachyonResponses

SLA Inventory databases

1E Server Setup can install the above databases on separate SQL Server instances, however SLA-Data, SLA-Integrate, and SLA-Shared must exist on the same instance.

All SQL Server instances must be configured with the following:

  • A case-insensitive, accent-sensitive collation which is SQL_Latin1_General_CP1_CI_AS by default,

  • Allow remote connections to this server enabled.

SQL Server Management Studio is required to review the configuration and edit settings in 1E database tables.

For latest information about SQL Server prerequisites, please refer to MSDN: Hardware and Software Requirements for Installing SQL Server.

Microsoft Endpoint Configuration Manager

  • MECM CB 2303

  • MECM CB 2211

  • MECM CB 2207

  • MECM CB 2203

  • MECM CB 2111

1E uses Configuration Manager for the following optional apps and features:

Content Distribution provides the following Content Distribution features for Configuration Manager:

The Nomad app requires the Content Distribution web service to synchronize with the Configuration Manager database. For standalone primary site environments, permissions are automatically assigned to the service account of Content Distribution's web application pool service (by default Network Service) using the ConfigMgr_DViewAccess localgroup native to Configuration Manager. For a CAS, this group is not created natively therefore additional steps are required to allow access. Please refer to Preparation: Microsoft Endpoint Configuration Manager preparation.

Web Server

  • IIS 10

See Preparation: Windows Server roles and features for details about required Web Server roles and features.

Runtime libraries

  • ASP.NET Core Framework 6.0

  • Visual C++ 2013 Redistributable

  • Visual C++ 2015-2019 Redistributable

  • .NET Framework 4.8

See Preparation: Windows Server roles and features for details about required .NET Framework roles and features. To know supported combinations of OS and .NET Framework, please refer to: https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/versions-and-dependencies.

  • Windows Server 2022 has .NET Framework 4.8 installed by default.

  • Windows Server 2019 has .NET Framework 4.7.2 installed by default.

ASP.NET Core Hosting Bundle is required only for Nomad's Content Distribution component. It is not included with the Operating System, and must be downloaded and installed separately. If it not already installed, Tachyon Setup will attempt to automatically download version 6.0.5 and install it. Alternatively you can download it, or a later version, and install it yourself. For more detail please refer to Preparation ASP.NET Core Hosting Bundle,.

Installers include and automatically installs the redistributable packages for Visual C++ 2013 and Visual C++ 2015-2019. The Coordinator (licensing module on the Master Stack), and Switch (on Response Stack) are written in C++ using Visual Studio 2013 and 2019, therefore require the runtime (x64) versions of these packages. Other server components use .NET Framework.

SQL BCP is required by the Export All feature described in Exporting data from Endpoint Troubleshooting, and must be installed on each Tachyon Response Stack server (specifically the servers which have the Tachyon Core installed). BCP uses ODBC, which requires Microsoft ODBC Driver versions 13.1 and 17 and Visual C++ 2017 Redistributable to be installed first. Please refer toP SQL BCP for more detail.

Other software

  • PowerShell

PowerShell is required by 1E Server Setup during installation.

Browsers

Latest version of:

  • Google Chrome

  • Microsoft Edge (Chromium)

  • Mozilla Firefox

A browser is not a prerequisite for installation of 1E servers and components, but is required to use and administer 1E. Administration is performed via the 1E portal and can be on a remote computer.

These browsers are supported on all OS platforms which the browser vendor supports.

The portal and any API should be added as a trusted site. This is especially important when running scripts which may produce unexpected errors.

Note

Microsoft legacy browsers

Support has been withdrawn for Internet Explorer 11 and legacy Microsoft Edge (non-Chromium version) because Microsoft no longer supported them since 2021. We recommend you use Google Chrome, Firefox, or Microsoft Edge Chromium browser.

1E portal

Category

Product

Notes

Browsers

Latest version of:

  • Google Chrome

  • Microsoft Edge (Chromium)

  • Mozilla Firefox

These browsers are supported on all OS platforms which the browser vendor supports.

Please refer to Whitelisting connections to 1E Cloud for details of URL that must be whitelisted for administrator browsers.

The Portal and any API should be added as a trusted site. This is especially important when running scripts that may produce unexpected errors.

Please review Known Issues: Using 1E.

Note

Microsoft legacy browsers

Support has been withdrawn for Internet Explorer 11 and legacy Microsoft Edge (non-Chromium version) because Microsoft no longer supported them since 2021. We recommend you use Google Chrome, Firefox, or Microsoft Edge Chromium browser.

1E Toolkit
Configuration Manager console extensions

Category

Product

Notes

Client OS

  • Windows Server 2022

  • Windows Server 2019

  • Windows Server 2016

  • Windows 11 CB 22H2

  • Windows 11 CB 21H2

  • Windows 10 CB 22H2

  • Windows 10 CB 21H2

For OS supported by Configuration Manager Current Branch (CB) see supported configurations for Configuration Manager, https://technet.microsoft.com/en-us/library/mt589499.aspx

Microsoft Endpoint Configuration Manager console

  • MECM CB 2303

  • MECM CB2211

  • MECM CB 2207

  • MECM CB 2203

  • MECM CB 2111

  • MECM CB 2107

These are the versions of Configuration Manager that 1E has tested and therefore support, but later versions are assumed to work also.

Please see Preparing for the ConfigMgr extensions for 1E Endpoint Troubleshooting.

Runtime libraries

  • Visual C++ 2015-2019 Redistributable

1E Toolkit installer includes the Visual C++ 2015-2019 Redistributable package.

TIMS

Category

Product

Notes

Windows OS

  • Windows Server 2022

  • Windows Server 2019

  • Windows 11 CB 22H2

  • Windows 11 CB 21H2

  • Windows 10 CB 22H1

  • Windows 10 CB 21H2

Professional and Enterprise editions of Windows 10 and 11 are supported.

All versions are provided with 32-bit & 64-installers.

TIMS is currently only available for Windows OS. For installation guidance, please refer Getting started with TIMS.

Runtime libraries

  • .NET Framework 4.8

  • Visual C++ 2015-2019 Redistributable

One of these versions of .NET Framework is required.

Note

1E supports .NET Framework versions that are in mainstream support by Microsoft.

For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search.

TIMS installer includes the Visual C++ 2015-2019 Redistributable package.

Other Windows Software

  • PowerShell 3.0 (or later)

PowerShell 3.0 or later is required when testing instructions that have PowerShell commands embedded or scripts that are downloaded.

Connectors

The following table shows the supported versions of software used by the 1E out-of-box connectors.

Connector

Product

Notes

BigFix

  • BigFix

Please refer to the BigFix connector or BigFixInv connector pages for prerequisites.

Intune

  • Intune

Please refer to the Intune connector page for prerequisites.

Microsoft Office 365

  • Azure

Please refer to the Microsoft Office 365 connector page for prerequisites.

OpenLM

  • OpenLM Server 21.12

Please refer to the OpenLM connector page for prerequisites.

Oracle LMS

  • Oracle LMS

Please refer to the Oracle LMS connector page for prerequisites.

ServiceNow

  • ServiceNow Utah release

  • ServiceNow Tokyo release

Please refer to the ServiceNow connector page for prerequisites.

System Center Configuration Manager

  • MECM CB 2211

  • MECM CB 2207

  • MECM CB 2203

  • MECM CB 2111

Please refer to the System Center Configuration Manager connector page for prerequisites.

1E Platform

  • 1E

Please refer to the 1E connector page for prerequisites.

vCenter

  • VMware PowerCLI 11.1.0

VMware PowerCLI 11.1.0 (code.vmware.com/web/dp/tool/vmware-powercli/11.1.0) must be installed on the Tachyon Master server (where the SLA Integrate Services Agent service is hosted) before you can configure and use the vCenter connector. Earlier or later versions of PowerCLI are not supported and may cause errors. VMware PowerCLI is freeware and was previously known as vSphere PowerCLI.

VMware PowerCLI supports multiple versions of VMware vCenter Server. For details, please refer to the VMware compatibility matrix using the following link: https://www.vmware.com/resources/compatibility/sim/interop_matrix.php#interop&2=&106=

Please refer to the vCenter connector page for configuration details.

WSUS (Windows Server Update Services)

  • WSUS

Please refer to the Windows Server Update Services connector page for configuration details.

Constraints of Legacy OS

In this documentation, the following are referred to as legacy OS. Below are described some known issues for these OS.

1E does not provide support for 1E products on the following OS unless the OS is explicitly listed as being supported for a specific 1E product or product feature. This is because Microsoft has ended mainstream support for these OS or they are not significantly used by business organizations.

  • Windows XP *

  • Windows Vista

  • Windows 7

  • Windows 8.0

  • Windows 8.1

  • Windows Server 2003 *

  • Windows Server 2008

  • Windows Server 2008 R2

  • Windows Server 2012

  • Windows Server 2012 R2

Note

1E Client and later will not install on Windows XP and Windows Server 2003. Please contact 1E if you intend to continue using any of the other legacy OS. If you experience an issue, then please try replicating the issue on a supported OS.

For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search.

Microsoft legacy browsers

Support has been withdrawn for Internet Explorer 11 and legacy Microsoft Edge (non-Chromium version). 1E has taken this decision for new releases that are expected to remain in support by 1E beyond March 2021 when Microsoft Edge goes end of life and August 2021 when Internet Explorer 11 goes end of life. We recommend you use Google Chrome, Firefox or Microsoft Edge Chromium browser.

Certificate limitations - SHA2

Like most software vendors, 1E software requires the OS to support SHA2. If your organization has a PKI configured to use SHA2 256 or higher encryption, then your legacy OS may have already been updated to support it.

  • Windows XP and Server 2003 require an update as described in KB968730. Microsoft no longer provides this hotfix as a download. You must contact Microsoft Support if you need it

  • Windows 7 and Server 2008 R2 require an update as described in KB3033929. This update is not available for Vista and Server 2008

  • Windows 8, 8.1, Server 2012, Server 2012 R2 and later OS already support SHA2.

Certificate limitations - encrypted certificate requests

Windows XP and Server 2003 are unable to encrypt certificate requests, whereas later OS are able to support higher more secure RPC authentication levels. If you are using a Microsoft CA and expect these clients to request (enrol) certificates then the CA must have its IF_ENFORCEENCRYPTICERTREQUEST flag disabled. It is disabled by default on Windows 2003 and 2008 CA, but is enabled by default on Windows 2012 CA.

To determine which InterfaceFlags are set, execute the following command on the CA server:

       certutil -getreg CA\InterfaceFlags

If the following is specified then it means the flag is enabled.

    IF_ENFORCEENCRYPTICERTREQUEST -- 200 (512)

To disable the encrypt certificate requests flag, execute the following commands on the CA server:

  certutil -setreg CA\InterfaceFlags -IF_ENFORCEENCRYPTICERTREQUEST
  sc stop certsvc
    sc start certsvc
Certificate limitations - signing certificates missing

On Windows computers, the installation MSI files, and binary executable and DLL files of 1E software are digitally signed. The 1E code signing certificate uses a timestamping certificate as its countersignature. 1E occasionally changes its code signing certificate, and uses it for new releases and patches for older versions, as shown in the table(s) below.

Root Certificate Authorities are implicitly trusted to validate certificates, and their certificates must be correctly installed to do this. Your computers should already have the necessary root CA certificates installed, however this may have been prevented by your organization's security policies, or inability to connect to the Internet, or they are legacy OS. In general this is not an issue because by default Windows allows software to be installed and run without validation, although you may see a warning or experience a delay. However, you must have relevant CA certificates installed if you are using 1E Client (which self-validates its own files), or your organization has applied more secure polices (for example UAC, AppLocker or SmartScreen).

Typical reasons for issues with signing certificate are:

  • If your organization has disabled Automatic Root Certificates Update then you must ensure the relevant root CA certificates are correctly installed on each computer

  • If computers do not have access to the Internet then you must ensure the relevant root and issuing CA certificates are correctly installed on each computer, numbered in the table(s) below.

The signature algorithm of the 1E code signing certificate is SHA256RSA. In most cases, the file digest algorithm of an authenticode signature is SHA256, and the countersignature is a RFC3161 compliant timestamp. The exception is on legacy OS (Windows XP, Vista, Server 2003 and Server 2008) which require the file digest algorithm of an authenticode signature to be SHA1, and a legacy countersignature.

The table below applies to software and hotfixes released in 2020.

2020

Signing certificate

Timestamping certificates

Certificate

1E Limited

TIMESTAMP-SHA256-2019-10-15 and DigiCert Timestamp Responder

Issuing CA

DigiCert EV Code Signing CA (SHA2)

Thumbprint: 60ee3fc53d4bdfd1697ae5beae1cab1c0f3ad4e3

DigiCert SHA2 Assured ID Timestamping CA

Thumbprint: 3ba63a6e4841355772debef9cdcf4d5af353a297

and DigiCert Assured ID CA-1

Thumbprint: 19a09b5a36f4dd99727df783c17a51231a56c117

Root CA

DigiCert High Assurance EV Root CA

Thumbprint: 5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25

DigiCert Assured ID Root CA

Thumbprint: 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43

Certificate limitations - expired root certificates

Ensure that your Root CA Certificates are up-to-date on clients and servers. The Automatic Root Certificates Update feature is enabled by default, but its configuration may have been changed or restricted by Group Policy Turn off Automatic Root Certificates Update.

If this GPO is enabled, then you will see DisableRootAutoUpdate = 1 (dword) in HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRoot.

In this section: