Introducing Nomad 7.0.200
Working with Nomad
Nomad 7.0.200 release notes - last updated
This maintenance release is implemented as the Nomad module in 1E Client 5.1 and introduces the following features
- Certificate-based client authentication. Nomad peers can now use client authentication certificates to authenticate peer-to-peer communications, as an alternative to the default Windows authentication using the local SMSNomadP2P& account that the Nomad service creates and manages. When you enable this option, Nomad will not create the local account and you no longer need to allow the local account to access the computer from the network. This feature is supported in the full OS, in Windows PE and for Peer Backup Assistant. This enables organizations to implement Nomad in conjunction with best practice security policies.
- Configuration Manager Enhanced HTTP Support. Microsoft introduced Enhanced HTTP in CM1810 to allow organizations that struggled to manage PKI certificates to use secure communication between clients and DP without the need for PKI-generated certificates. Enhanced HTTP also allows administrators to remove the Network Access Account as it implements a new token-based authentication endpoint on DPs and MPs that do not require Windows authentication. Nomad is now able to communicate with this token-based endpoint and download content from a DP when Enhanced HTTP has been enabled. In this scenario the Network Access account can also be removed. Refer to the Microsoft Configuration Manager documentation for more details on Enhanced HTTP and the Network Access Account
- Support for multiple Certificate Authorities. When configuring Nomad to use HTTPS when communicating with a DP or for P2P communication, the Nomad CertIssuer registry setting defines the issuing Certificate Authority (CA). Nomad now allows multiple CAs to be defined and also supports sub-string matching (for example, if you have ROOTCA1 and ROOTCA2, you can specify ROOTCA as the CertIssuer and Nomad will be able to use a certificate from either ROOTCA1 or ROOTCA2).
- Improved PKI client certificate selection logic. When using HTTPS for communication with HTTPS CM Site Systems or P2P communication using PKI client certificates and the CM client is using PKI client certiicates, Nomad will use the same certificate that CM uses. If CM is using self-signed certificates (or is not present at all) then in most cases Nomad will be able to select an appropriate certificate from the local computer personal store without additional configuration.
- VMware Workspace One support. Nomad 7.0.200 includes updates that will enable VMware Workspace One clients to download and share content using Nomad. This will be supported in an upcoming VMware Workspace One release.
- Improved handling of updated Software Updates. If the source for a Software Update is updated after it has been distributed to one or more clients, Nomad clients may get into a situation where they get into a loop downloading an invalid LsZ file from peers that have the older version of the content. Improvements have been made that can be enabled through the CompatibilityFlags.
- Option to turn off or reduce election notifications in Nomad log. By default, Nomad logs all election responses when elections occur. In large subnets this can result in the logs filling up and rolling over. You can now turn off or limit the number of election responses that are logged.
- 1E Client telemetry for Nomad feature usage. To help 1E understand how customers are using and configuring our products, a telemetry feature has been implemented in Tachyon Platform 5.1. When the Tachyon Platform is implemented, the 1E Client sends telemetry data relating to enabled Nomad features to the Tachyon server. This data will be forwarded to 1E if you enable email and telemetry in Tachyon Setup. If telemetry is not enabled in the platform, the data can be manually exported and may be requested by 1E Support when troubleshooting issues.
The Nomad 7.0.100 maintenance release was implemented as the Nomad module in 1E Client 5.0. This release included rolled up hotfixes but did not introduce any new features.
The main Nomad 7.0 release contained the following features:
- NomadBranch 7.0 client is the Nomad module in 1E Client 4.1 - refer to Installing and upgrading for more details on how to install/upgrade Nomad 7.0
- Support for NomadBranchTools installation on remote SMS Providers - NomadBranchTools can now be installed on remote SMS Providers without the manual steps that were required previously.
- Support for Windows 10 Express File Updates - 1E Client 4.1 supports download of express installation files deployed through Configuration Manager. To use this feature in Nomad, you must first configure Delivery Optimization Download Mode to 0 on all clients. For new installations, the feature is enabled by default and for upgrades it can be enabled in 1E Client 4.1 by setting bit 26 (0x4000000, 67108864 in decimal) of the CompatibilityFlags registry value.
- Support for downloading content for CM Software Updates from Microsoft Update - if you deploy Software Updates, including regular updates, Windows 10 express updates and Office 365 updates with Configuration Manager and in the deployment settings select the option If software updates are not available on distribution points in current, neighbor or site boundary groups, download content from Microsoft Updates, Nomad will be used to download that content from Microsoft Update if it is not available from a DP or local Nomad peers. (Please refer to CompatibilityFlags bits 27 and 28 for further details).
- SSD optimizations
- Large Configuration Manager deployments and downloads to 30K or more machines could result in significant traffic spike from 1E Client to an ActiveEfficiency server that may result in IIS 503 Overload errors, this has been optimized.
- When Local SSD is enabled to support networks where broadcasts are disabled, it is not used when a Nomad master detects broadcasts. This allows the same SSD setting to be used by all clients in a mixed network environment.
- Improved resilience of content registration - a Content Registration Cycle mechanism has been introduced that registers the pending and failed content registrations with ActiveEfficiency.
- Support for TLS 1.1/1.2 in environments where TLS 1.0 is disabled.
Nomad release history
This maintenance release is implemented as the Nomad module in 1EClient 5.1 and introduces the following features:
- Certificate-based client authentication for Nomad P2P communication
- Configuration Manager Enhanced HTTP support
- Support for multiple Certificate Authorities
- Improved PKI client certificate selection logic
- VMWare Workspace One support
- Handling download content for "expired" offer
- Improved handling of updated Software Update content
- Option to reduce election notifications in Nomad logs
- Nomad 1EClient Telemetry
- Q21089 - Unable to download Pre-cache Content from Cloud DP on VPN clients
- Q21061, Q21051 - CertIssuer - specifying issuer name sub string does not work for selecting Server Auth PKI cert for Nomad P2P / PBA over HTTPS
- Q21021, Q21033 - Support pre-caching on internet clients using AE on internet and content distributed on CDP or IBCM based DP
- Q21021, Q21033 - Nomad failing to download the content in first attempt (from CMG) and succeeding in second attempt after 10 min
- Q20979, Q20973 - If enhanced http was enabled, the Pre-stage Content Using Nomad step failed to download the content.
- Q20979, Q20973 - If using SMB to download content from DP in WinPE, the login to the DP share failed and Nomad failed to download the content.
- Q20979, Q20973 - The Pre-stage Content Using Nomad step failed to download content over SMB if the SMB path had a backslash at the end
- Q20943 - Enable DP recycling feature in Win-PE by default
- Q20983 - Legacy Pre-Stage using Nomad task sequence step fails in CB1910
- Q20983, Q20979, Q20973 - Nomad Task Sequence steps fail if Nomad module is not initialized
- Q20973 - Nomad fails a download when similar expired deployment is present
- NomadBranch 7.0.100 client is the Nomad module in 1E Client 5.0
- Q20694 - When an LST is created for a cloud DP a zero byte file causes download failure
- Q20682 - LSZGEN fails on long file path with Nomad SECure enabled
- Q20680 - LSZGEN issues on DP when CACHEPATH installer property has no trailing backslash
- Q20678 - Physical path in the LSZFILES virtual directory in IIS is not updated when LocalCachePath is changes after installation
- Q20676 - Nomad downloads previous version of content
- Q20674 - Captive Portal Web page (eg Logon Page from Public Wifi) may cause issues with Nomad Downloads
- Q20570 - Nomad fails to download updated task sequence references with future deployment dates
- Q20672 - Nomad fails to download updated task sequence references with ConfigMgr Pre-download option
- Q20670 - Nomad service failure on PBA host with hidden share enabled during PBA backup
- Q20666 - PBA Size estimation doesn't update TS progress bar
- Q20664 - Nomad not failing package on CRC failure
- Q20662 - Nomad Status Message Improvements
- Q20660 - Nomad service may fail whilst running cachecleaner manually
- Q20658 - Unable to download 0365 updates with Nomad
- Q20733 - Local SSD is not working
- Q20592 - 1EClient Nomad Module's install fails if Windows Firewall service is disabled or in stopped state
- NomadBranch 7.0 client is replaced as the Nomad module in 1E Client 4.1
- Support for NomadBranchTools installation on SCCM SMS Provider
- Support for Windows 10 Express Files Update
- Support for Regular Software Update (including Win 10 Feature updates) downloads from Windows Update / Microsoft Update (WUMU)
- Support for Windows 10 Express Files and Office 365 downloads from Windows Update / Microsoft Update (WUMU)
- New Content Registration Cycle to mark failed content registrations with ActiveEfficiency server
- New Nomad registry settings to average out the content registration and SSD request load in AE where CM deployment size is of the order of 100K or more.
- Support for P2P downloads when a client machine switches from NomadInhibitedAdSite to a non InhibitedAdSite
- Ignore Local SSD if machine is in a NomadInhibitedSubnet
- Support for SSD usage as a criteria for Nomad cache clean cycle
- Some registry values have new defaults set to support new features and running Tachyon on computers that do not have the Configuration Manager client. These include SpecialNetShare and CompatibilityFlags.
- DP recycling feature in WinPE is enabled by default, for upgrade from previous version the previous settings will be preserved.
- Dynamic Block Size (DBS) is now disabled by default (even in WinPE), for upgrade from previous version the previous settings will be preserved.
- MulticastSupport is now disabled by default, for upgrade from previous version the previous settings will be preserved.
- Broadcasting download statistics is disabled by default, for upgrade from previous version the previous settings will be preserved.
- Support for downloading from source over HTTP/S or SMB is enabled by default, for upgrade from previous version the previous settings will be preserved.
- By default SHA-256 is used to verify integrity of downloaded content.
- Stage Nomad and Install Nomad TS steps updated to support staging and installing 1EClient
- Added 'SMSTSNomadDefaultCachePriority' TS variable to be used when SMSTSNomad is unable to get cache priority from package policy or policy itself is missing from TS variables.
- Support for TLS 1.1/1.2 in environments where TLS 1.0 is disabled
- Status Message consistency improvements
- 1E Client Health feature has been removed
- Q20390 - Allow WSA to exclude data backup
- Q20384 - Cache cleaner unable to remove content when cache already exceeded configured size
- Q20382 - Nomad O365 download from untrusted forest not using Network Access Account (NAA)
- Q20368 - Active Efficiency Web service logs exception if FQDN is missing from client data
- Q20350 - Same disqualified master keeps winning elections
- Q20322 - Don't download content to USB if it's already in the Nomad cache
- Q20314 - HTTP Proxy causes failures while downloading from Windows Update
- Q20310 - Nomad Service Failure while logging disqualification details
- Q20266 - SMSTSNomad fails if the Nomad service is slow to start
- Q20262 - NMDS ExtraReplyDelayMS setting capped at 5000
- Q20260 - Nomad download logs CopyLoopWait CopyError: Missing File(s)
- Q20256 - Nomad failing to download SU from Cloud Distribution Points
- Q20254 - TLS 1.2 compliance testing and fixes for Nomad
- Q20252 - CTM DP order with neighboring boundary group DPs
- Q20250 - Nomad O365 downloads fail when requested range does not exist
- Q20248 - Active Efficiency Nomad sync is failing with a "Arithmetic overflow error converting expression to data type bigint" error
- Q20246 - Cannot download software updates from Windows Update
- Q20198 - LSZ downloads fail when package contains files with Unicode names
- Q20196 - Ignore Local SSD if machine is in a NomadInhibitedSubnet
- Q20194 - SSD queries may connect on inhibited subnets if the master moves
- Q20192 - Active Efficiency experiencing database deadlocks at high utilization
- Q20144 - Express Update support for Nomad (from on premises DP)
- Q20142 - RDC doesn't work in some cases
- Q20140 - Nomad downloads previous version of content
- Q20138 - SMSTSNomad does not set cache priority correctly
- Q20136 - Issues working Nomad HTTP with WINHTTP Proxy
- Q20134 - Disqualifications sent when too many connections reached over HTTP(S)
- Q20132 - Slow Nomad downloads from DP when BranchCache is enabled
- Q20130 - NomadBranch Range Overlap Exception
- Q20128 - Nomad Not Sending Error Status Messages
- Q20056 - NomadBranch fails on NMDS_FIND HTTPPull when trying to restore a PBA user state backup
- Q20054 - Nomad not failing package on CRC failure
- WSA Support
- OSDDownloadContent.exe Support
- Turned off Status messages for Client health and Dashboard by default.
78808 - Nomad causing ARP storm with FanOut enabled resulting in some ports being shut down by network policy
129252 - Nomad HTTPS Peer copy on Windows 10 1709 with Default Virtual Switch, PKI certificate tries to bind to Default Virtual Switch IP subnet, not device IP Subnet and fails
124850 - Nomad issue with Hyper–V Default Switch in Windows 10 1709
113381 - Nomad CacheCleaner process miscalculates Nomad max allowed space
135659 - Re-position Create/Delete Nomad Application Policy TS steps from Pre-6.0 into 1E Nomad group
- 136770 - Nomad Fails to pass Express Updates job to CTM when Success code registry have value set to 0x9999 in Nomad branch
103758 - Excessive Comms logging making issues hard to troubleshoot
- 107144 - Nomad not stopping SSD download when it is supplanted as subnet master
- 113902 - Client health Nomad Share Account check fails when HTTP/S peer copy used and no share is present
- 113379 - Longer Strings crashing Nomad (Nomad InhibitedSubnet List when exceeds certain limit, throws an error in NomadBranch.log and While Upgrade Nomad).
- 121922 - Handle Express Updates gracefully with CM CB 1710 and notify E_FAIL to CTM.
- 124771 - Task Sequence Transferring Bar doesn't go away after 100%
- 124934 - Cannot disable TSDisableProgressUI with Nomad
- 123257 - Downloads from cloud DP are failing.
- 109809 - OSDDownloadContent.exe Support.
- 121702 - Nomad Branch service crashing during OSD task sequence after rebooting into full OS.
- 124934 - Cannot disable TSDisableProgressUI with Nomad.
- 130340 - LSZ regression issue with BigFix integration.
- 132692 - Nomad PBA with size estimation fails due to the requirement on TsProgressUI.exe
18.104.22.168 (7 November 2017)
- Nomad Content Pause (renamed as Nomad Download Pause in later version)
- Enhanced Nomad support for Office 365 Updates
- Microsoft Azure Support
- Increased Download Speed
- Nomad Cache Optimization
- Nomad Baseline Wizard
- Support for Core OS Server 2016 and Server 2012 R2
52073 - Nomad Peer Backup Assistant (PBA) doesn't do recursive delete so USMT store is left behind on the hosted machine
52073 - Nomad Peer Backup Assistant (PBA) fails with hardened Windows GPO due to NMDS_Users group removal from Shopping 5.2.100
80510 - Incorrect behavior with HTTPS P2P when cert is invalid or missing
81070 - Nomad does not add firewall exceptions when HTTP(S) is enabled post-installation
64010 - Remove Authenticated Users group from Nomad PBA share permissions
89788 - Nomad doesn't work if content spans multiple volumes
86594 - Pre-cache Deployment over HTTPS only
88150 - Nomad v6.2 fails to switch between HTTP and HTTPS
88135 - Nomad fails to create hard links or replicate content to ConfigMgr client cache for Software Updates
87644 - SSPBA peers excluded if not in the same subnet when NET LITERAL enabled
79086 - Align NTFS Permissions on Cache folder with Share permissions when configuring Authenticated user setting
97588 - Inside CopyLoopWait CopyError: Missing File(s)
88188 - Software Updates are not installing on Internet-facing clients
81335 - Nomad not installing on Server 2008 and 2012 R2 Core OS
97205 - Remove limitation of Anonymous Access for Pre-Caching
100130 - Nomad crash caused by Empty string returned from WMI
102523 - Peer Backup Assistant Size Estimation not running when PBA steps are in a task sequence group
107633 - Alt-Http being logged although P2PEnabled=9
109580 - Installer to handle Blocksize especially during an upgrade
109254 - Blocksize field inserted into the Install Nomad in WinPE step
22.214.171.124 (27 March 2017)
- Peer copy over HTTPS and SSL
- Encryption support for PBA
- PBA copy over HTTP or HTTPS
- 77946 - Unhandled Exception when doing Nomad Share health check
- 71718 - Remote differential compression is not working
- 77657 - Unable to PreCache with updated Source Files with Same Name but different content
- 76075 - Nomad registering greater than 100% in AE
- 74135 - Applying transform via command line in 'Install Nomad' step
- 74040 - PBA: Local Copy of USMT capture saved with purpose to serve in NMDS_FIND
- 73943 - Nomad binds with the wrong certificate when issuer names are overlapping
- 73781 - Nomad package download failures - SMS Job Data not found
- 73704 - PBA: Support for FQDN
- 70746 - Nomad choosing lower weighted machine if it responded first
- 65773 - Registering proper IP in AE in case of Multiple Network Interface
126.96.36.199 (27 October 2016)
- Office 365 Updates support
- SSD Enhancements
- 60666 - Use AE to get list of devices in same subnet (LocalSSD)/Enable SSD Provider over WiFi
- 49513 - NomadAdmin Installer license agreement font issue
- 55394 - Client Health firewall check exception
- 49910 - WARNING: No Bios GUID" with Windows 8.1 Surface Pro 3 tablets
188.8.131.52 Major release (02 September 2016)
- Nomad Dashboard
- Dynamic Pre-caching
- Nomad SECure
- Client Health
- Windows 10 Servicing upgrades
- BIOS2UEFI v1.0.1609.0502
- 32027 - Nomad Registers Content as 100% after hash mismatch in pre-cache jobs
- 47447 - Nomad ignores file with the word "sparse" between the file name and extension when creating hardlink or copy content to the ConfigMgr client cache
- 47884 - PBHA Request fails with longer host names
- 42473 - Throttled downloads of large WIM file after certain percentage
- 53381 - Stage and Install steps doesn't work on non-default windows drive.
- 49024 - Nomad should never get stuck more than 100 times (or less)
- 52058 - Unable to determine why Nomad fails to connect
- 52641 - Install Nomad TS actions fails to install Nomad
- 52057 - ClientHealth service causes Nomad client installation to fail on CM Primary server
- 52050 - Nomad LsZ gen failure on long file path
- 53369 - Client Health service throws exception when there are no CH dlls deployed
- 49024 - Nomad should never get stuck more than 100 times (or less)
- 51219 - Nomad fails to download software updates via Internet with SuccessCodes 0x9999 set
- 51879 - Bad Blknum warnings in logs
184.108.40.206891 Maintenance release (02 February 2016)
- Precaching improvements and enhancements
- Managing pre-cached jobs in the Configuration Manager console
- RBAC support
- Support for multiple management points
- Hash validation
- Support for custom ports
- Powershell cmdlets for Pre-cache job management
- Support for Auto Apply drivers tS action in SMSTSNomad
- Support for multiple network access accounts
- Job Manager improvements for improved queuing of jobs
- Improved interaction between Nomad and NightWatchman
- Net literal support for SSD and PBA/SSPBA/PBAHA
- 20311 - Nomad Issue creating LSZ file on some packages using AEPreCache on remote DP
- 20319 - Nomad 6 pre-cache jobs and Nightwatchman sleep prevention.
- 20323 - Nomad precache doesn’t handle multiple Management Points
220.127.116.11 Major release (10 August 2015)
- Nomad pre-caching
- OSD Integration enhancements
- FIPS compliant communication encryption
- Enhanced Nomad share security
- Windows 10 system deployment and support
- Configuration Manager 2012 SP2 and Configuration Manager 2012 R2 SP1 support
- 20287 - Nomad fails to download content when there are pending jobs for the same content with stale details
18.104.22.1682 Minor release (26 September 2014)
- Nomad integration with WakeUp
- Memory-efficient P2P transfer
- Download on clients is prevented if the content on the Distribution Point is corrupt or bad
- Improvements to logging for LSZ generation error scenarios
- Support for App-V 5.0 SP2
- Central multicast now works for SIS content in CM2012 (except for Applications)
The service-startup type has now been changed to Automatic (delayed). This is because of our dependency on the SMS Agent Host service which has got the same startup type.
- 20062 - Nomad Installer tries to resolve My Favourites and other personal folders during installation and fails when do not exist.
- 20124 - TSEnv2 fails trying to set a variable value with a long length
- 20130 - TSEnv2 Handles values with commas in as name-value pairs rather than one value containing a comma
- 20048 - Change the Startup Type for Nomad on Win7+ machines
- Q12587 - Nomad doesn't appear to use Network Access Account to connect to DP
- Q12552 - Nomad needs to validate job properties before persisting and attempting to download
- Q12550 - SMSNomad failing to call CacheCleaner.exe due to cache evaluation error
- Q12548 - Nomad and "If software updates are not available on preferred distribution point or remote distribution point, download content from Microsoft Updates" option
- Q12546 - DP generating bad LsZ files with missing data