Summary

A list of all the platforms supported by Tachyon, and the software required to allow Tachyon to be installed or to work.
On this page:

Tachyon Server Components

CategoryProductNotes

Server OS

  • Windows Server 2019
  • Windows Server 2016

For more detail, please refer to Requirements: Server requirements.

Only 64-bit server OS are supported. The server must be domain-joined.

This version of Tachyon requires the server OS to be English because of a known issue with certain regional settings.

This list is automatically updated to show only those OS versions in mainstream support by Microsoft, and therefore supported by 1E. However, the following OS continue to be supported as exceptions to help customers with their migration to the latest OS:

  • Windows Server 2012 R2.

Please refer to Constraints of Legacy OS regarding end of mainstream support.

For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search.

Please refer to https://1eportal.force.com/s/support-for-msft-rapid-release-cycle for details of which Current Branch versions are supported by 1E products, and known issues regarding specific versions.


SQL Server

  • SQL Server 2019
  • SQL Server 2017
  • SQL Server 2016 SP2

For more detail, please refer to Requirements: SQL Server requirements.

Standard and Enterprise editions of these SQL Server versions are supported.

SQL Server 2016 RTM is not supported due to some issues, which are resolved by SP1.

If you intend to integrate with third-party business intelligence products such as Power BI, you must install the Enterprise edition of SQL Server Analysis Services (SSAS) as per their requirements.

A SQL Server database instance is required for the following databases:

  • 1ECatalog
  • ActiveEfficiency (optional)
  • SLA-BI (only required for Patch Success)
  • SLA-Data
  • SLA-Integrate
  • SLA-Shared
  • TachyonExperience (only required for 1E Experience)
  • TachyonMaster
  • TachyonResponses

SLA databases

Tachyon Setup can install the above databases on separate SQL Server instances, however SLA-Data, SLA-Integrate, and SLA-Shared must exist on the same instance.

A SQL Server Analysis Services (SSAS) instance installed in Multidimensional mode is required for SLA Business Intelligence and 1E Experience.

SLA Business Intelligence

SLA Business Intelligence (BI) is required for the Patch Success application.

The BI installer creates the following:

  • A BI database called SLA-BI on the SQL Server database instance.
  • A BI cube called SLA-BI on the SSAS instance. This is a MOLAP cube.
  • A linked server for the SLA Platform databases to get data from the BI database and then from the BI cube.
  • A linked server for the BI database to get data from the SLA Platform databases.
  • A datasource definition used by the BI cube to connect to the BI database.

If the SLA databases, BI database, or SSAS instance for BI, are on different SQL Servers then the BI installer enforces the use of a SQL login on each instance. If they are on the same SQL Server then the installer gives you a choice of using integrated security (domain user account) or a SQL login.

However, if you are installing all the components from Tachyon Setup instead of their individual installers, then you are not given the choice. Tachyon Setup always uses integrated security. Contact 1E for support if your scenario requires the above mentioned databases to be on different SQL Servers. This affect different servers, not different instances.

1E Experience

1E Experience creates the following:

  • TachyonExperience database on the SQL Server database instance
  • TachyonExperience cube on the SQL Server Analysis Server instance

All SQL Server instances must be configured with the following:

  • A case-insensitive, accent-sensitive collation which is SQL_Latin1_General_CP1_CI_AS by default,
  • Allow remote connections to this server enabled.

All SQL Servers should be configured with the SQL Server Browser service running in order for the BI installer to select from a list of instances.

All SQL Servers must have SQL Server 2012 Native Client installed, in order to support linked server and datasource connections. This is included in the Client Tools Connectivity feature that SQL Server Setup normally installs by default. See Preparation: If TLS 1.0 is disabled.

SQL Server Management Studio is required to review the configuration and edit settings in 1E database tables.

If installing SQL Server locally, note:

  • SQL Server 2016 and 2017 require .NET Framework 4.6 which requires KB2919355 on Windows Server 2012 R2
  • SQL Server setup requires PowerShell 2.0.

For latest information about SQL Server prerequisites, please refer to MSDN: Hardware and Software Requirements for Installing SQL Server.

ActiveEfficiency Server requires Distributed Transaction Coordinator (MSDTC) to be enabled and configured on each of the SQL Servers used by:

  • ActiveEfficiency database
  • Configuration Manager site database - specified in the Nomad Sync settings during installation of ActiveEfficiency. This would normally be the CAS in a multi-site hierarchy, or the Primary Site in a single-site hierarchy.

MSDTC is a feature of Windows Server and is used to track of transactional processes, usually over multiple resource managers on multiple computers. MSDTC ensures that the transactions are completed and can be rolled-back if any part of the process fails. Nomad Sync uses MSDTC to perform complex queries on Configuration Manager and ActiveEfficiency data. For example, to retrieve computers targeted with Nomad Pre-cache policies and Nomad Dashboard data.

For details of how to configure MSDTC on SQL Servers, please refer to Preparation: MSDTC for ActiveEfficiency.

Microsoft System Center Configuration Manager

Not applicable.

Tachyon Server components have no dependencies on Configuration Manager, other than the SCCM Connector as described in Connectors below.

Use the links below for other components that use Configuration Manager::

Web Server
  • IIS 10
  • IIS 8.5

See Preparation: Windows Server roles and features for details about required Web Server roles and features.

Other Software

  • Visual C++ 2013 Redistributable
  • .NET Framework 4.8
  • .NET Framework 4.7.2
  • .NET Framework 4.7.1
  • .NET Framework 4.7
  • .NET Framework 4.6.2
  • .NET Framework 4.6.1
  • .NET Framework 4.6

See Preparation: Windows Server roles and features for details about required .NET Framework roles and features. To know supported combinations of OS and .NET Framework, please refer to: https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/versions-and-dependencies.

  • Windows Server 2012 R2 has .NET Framework 4.5.1 installed by default. You will need to upgrade to one of these supported versions.
  • Windows Server 2016 has .NET Framework 4.6.2 installed by default.
  • Windows Server 2019 has .NET Framework 4.7.2 installed by default.

Tachyon Server installer includes and automatically installs the redistributable package for Visual C++ 2013. The Tachyon Coordinator (licensing module on the Master Stack), and Tachyon Switch (on Response Stack) are written in C++ using Visual Studio 2013 and therefore require Visual C++ 2013 runtime (x64); other server components use .NET Framework.

SQL BCP is required by the Export All feature described in Exporting data from Tachyon Explorer, and must be installed on each Tachyon Response Stack server (specifically the servers which have the Tachyon Core installed). BCP uses ODBC, which requires Microsoft ODBC Driver versions 13.1 and 17 and Visual C++ 2017 Redistributable to be installed first. Please refer to Preparation: SQL BCP for more detail.

PowerShell is required by Tachyon installer during installation.

Browsers

Latest version of:

  • Google Chrome
  • Internet Explorer 11
  • Microsoft Edge
  • Mozilla Firefox
A browser is not a prerequisite for installation of Tachyon Server, but is required to use and administer it. Administration is performed via the Tachyon Portal and can be on a remote computer.

Tachyon Portal

CategoryProductNotes

Browsers

Latest version of:

  • Google Chrome
  • Internet Explorer 11
  • Microsoft Edge
  • Mozilla Firefox


These browsers are supported on all OS platforms which the browser vendor supports.

Please review Known issues: Using Tachyon.

Tachyon Toolkit

Microsoft System Center Configuration Manager Console Extensions

CategoryProductNotes

Client OS

  • Windows Server 2019
  • Windows Server 2016
  • Windows 10 CB 2004
  • Windows 10 CB 1909
  • Windows 10 CB 1903
  • Windows 10 CB 1809
  • Windows 10 CB 1803
  • Windows 10 CB 1709

For OS supported by Configuration Manager Current Branch (CB) see Supported configurations for System Center Configuration Manager (Microsoft).

Microsoft System Center Configuration Manager Admin Console

  • SCCM CB 2002
  • SCCM CB 1910
  • SCCM CB 1906
  • SCCM CB 1902
  • SCCM CB 1810

These are the versions of Configuration Manager that 1E has tested and therefore support, but later versions are assumed to work also.

Please see Preparing for the Tachyon Configuration Manager console extensions.

TIMS (Tachyon Instruction Management Studio)

CategoryProductNotes

Windows OS

  • Windows Server 2019
  • Windows Server 2016
  • Windows 10 CB 2004
  • Windows 10 CB 1909
  • Windows 10 CB 1903
  • Windows 10 CB 1809
  • Windows 10 CB 1803
  • Windows 10 CB 1709


Professional and Enterprise editions of Windows 10 are supported.

All versions are provided with 32-bit & 64-installers.

TIMS is currently only available for Windows OS. For installation guidance, please refer Tachyon SDK - Getting started with TIMS.

Other Windows Software
  • Visual C++ 2013 Redistributable
  • .NET Framework 4.8
  • .NET Framework 4.7.2
  • .NET Framework 4.7.1
  • .NET Framework 4.7
  • .NET Framework 4.6.2
  • .NET Framework 4.6.1
  • .NET Framework 4.6

TIMS installer includes the redistributable package for Visual C++ 2013.

PowerShell 3.0 or later is required when testing instructions that have PowerShell commands embedded or scripts that are downloaded.

Connectors

The following table shows the supported versions of software used by the Tachyon out-of-box connectors.

ConnectorProductNotes

ServiceNow

  • ServiceNow Jakarta release

Please refer to the ServiceNow connector page for prerequisites.

SCCM (Microsoft System Center Configuration Manager)

  • SCCM CB 2002
  • SCCM CB 1910
  • SCCM CB 1906
  • SCCM CB 1902
  • SCCM CB 1810

Please refer to the System Center Configuration Manager connector page for prerequisites.

Tachyon

  • Tachyon 5.0
Please refer to the Tachyon connector page for prerequisites.

vCenter

  • VMware PowerCLI 11.1.0

VMware PowerCLI 11.1.0 (code.vmware.com/web/dp/tool/vmware-powercli/11.1.0) must be installed on the Tachyon Master server (where the SLA Integrate Services Agent service is hosted) before you can configure and use the vCenter connector. Earlier or later versions of PowerCLI are not supported and may cause errors. VMware PowerCLI is freeware and was previously known as vSphere PowerCLI.

VMware PowerCLI supports multiple versions of VMware vCenter Server. For details, please refer to the VMware compatibility matrix using the following link: https://www.vmware.com/resources/compatibility/sim/interop_matrix.php#interop&2=&106=

Please refer to the vCenter connector page for configuration details.

Tachyon client in 1E Client

1E Client has replaced the Tachyon Agent, and includes clients for Tachyon, Nomad, Shopping and WakeUp products. For more information about the 1E Client, please refer to 1E Client 5.0.

CategoryProductNotes

Windows OS

  • Windows Server 2019
  • Windows Server 2016
  • Windows 10 CB 2004
  • Windows 10 CB 1909
  • Windows 10 CB 1903
  • Windows 10 CB 1809
  • Windows 10 CB 1803
  • Windows 10 CB 1709
  • Windows 8.1

Professional and Enterprise editions of Windows 10 are supported.

The 1E Client for Windows zip is available for download from the 1E Support Portal.

All versions are provided with 32-bit & 64-installers, and can be installed on physical and virtual computers.

This list is automatically updated to show only those OS versions in mainstream support by Microsoft, and therefore supported by 1E, and by 1E Client 5.0. However the following OS continue to be supported as exceptions to help customers during their migration to the latest OS:

  • Windows Server 2012 R2
  • Windows 7 SP1

Please refer to Constraints of Legacy OS regarding end of mainstream support.

For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search.

Please refer to https://1eportal.force.com/s/support-for-msft-rapid-release-cycle for details of which Current Branch versions are supported by 1E products, and known issues regarding specific versions.

For installation guidance on Windows, please refer to Deploying 1E Client on Windows.

The following 1E Client features and modules are supported on Windows OS:

  • Tachyon client
  • Shopping client
  • Shopping WSA (workstation OS only, not server OS)
  • WakeUp client
  • Nomad client

Runtime libraries

  • .NET Framework 4.8
  • .NET Framework 4.7.2
  • .NET Framework 4.7.1
  • .NET Framework 4.7
  • .NET Framework 4.6.2
  • .NET Framework 4.6.1
  • .NET Framework 4.6


One of these versions of .NET Framework is required, but only by the WSA executable in the Shopping module. It is not required by any other 1E Client features or modules.

This list is automatically updated to show only those .NET Framework versions in mainstream support by Microsoft, and therefore supported by 1E, and by 1E Client 5.0.

For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search.

Other Windows Software
  • Visual C++ 2013 Redistributable
  • PowerShell 3.0 (or later)
  • Nomad 6.3.100 (or later)

1E Client installer includes the redistributable package for Visual C++ 2013.

PowerShell is not a prerequisite for installation of the 1E Client. PowerShell is used by some Tachyon instructions (that have PowerShell commands embedded or scripts that are downloaded) and some of these require PowerShell 3.0 or later.

1E Client provides Tachyon client features. It also includes the Nomad client module which replaces the legacy Nomad Branch client. Tachyon client features can optionally use Nomad to download content (feature enabled by default) if the Nomad client module in 1E Client is enabled (module disabled by default) or Nomad Branch 6.3.100 or later is running.

For more details please refer to Design Considerations: Downloading Tachyon client content and Nomad integration. 

Non-Windows OS

macOS

  • MacOS Catalina 10.15.1
  • macOS Mojave 10.14
  • macOS High Sierra 10.13

Linux

  • CentOS 7
  • Red Hat Enterprise Linux 7.1
  • SUSE Linux Enterprise (SLES) 12
  • Ubuntu 14.04

Solaris

  • Solaris 11.3

1E Client supports only Tachyon features on non-Windows devices.

Other versions of these non-Windows OS should work but have not been tested by 1E.

The 1E Client for non-Windows zip is available for download from the 1E Support Portal, and includes 1E Client packages for the following architectures:

  • Linux variations on Intel 64-bit platforms
  • Solaris on Intel 64-bit and SPARC platforms

Also included in the download are 1E Client packages for the following legacy Linux distributions:

  • Fedora 21
  • openSUSE Leap 42.1

1E Client packages for other Linux distributions can be requested, including Raspbian for Raspberry Pi, and Debian.

For Solaris, the following specific libraries are required, but are usually installed by default:

  • libcurl
  • zlib

For installation guidance on the following OS, please refer to:

For installation guidance on other non-Windows OS, please contact 1E.

Mobile OS

Android

  • Android Pie 9.0
  • Android Oreo 8.1
  • Android Oreo 8.0

1E Client supports only Tachyon features on non-Windows devices.

Other versions of these mobile OS should work but have not been tested by 1E.

The 1E Client for Android zip is available for download from the 1E Support Portal, and includes 1E Client packages for the following architectures:

  • Android ARM


Other Non-Windows Software

  • Bash
  • Perl

Bash and perl are required for installation of 1E Client on all non-Windows OS, with the exception of the 1E Client for Android which is available from the Google Play Store.

Tachyon instructions support the use of Bash scripts on all supported non-Windows OS.

To see if an Instruction requires a Bash script, look in its Instruction Definition XML file for Bash script resources defined under the <Resources> tag. Bash is the preferred choice when developing custom instructions for non-Windows OS.

There are slight differences between OS implementations of Bash, particularly on the Mac. Therefore 1E recommends testing custom Bash scripts on each supported OS.

Microsoft System Center Configuration Manager Client

  • SCCM CB 2002
  • SCCM CB 1910
  • SCCM CB 1906
  • SCCM CB 1902
  • SCCM CB 1810
  • SCCM CB 1806

The following client features work with these versions of Configuration Manager on Windows computers:

  • Nomad client - all Nomad features
  • Shopping client - N/A
  • Tachyon client - instructions used by Tachyon Configuration Manager Console extensions
  • Wakeup client - 1E WakeUp Policy Refresh and REFRESHONSUBNETCHANGE

Configuration Manager is not a prerequisite for installation of the 1E Client, and except for above features, the 1E Client, its features and modules, have no dependency on Configuration Manager.

Tachyon, Nomad, WakeUp and Application Migration have Configuration Manager Console extensions which are available separately.

This list is automatically updated to show only those Configuration Manager versions in mainstream support by Microsoft, and therefore supported by 1E, and by 1E Client 5.0.

For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search.

Please refer to https://1eportal.force.com/s/support-for-msft-rapid-release-cycle for details of which Current Branch versions are supported by 1E products, and known issues regarding specific versions.

(Microsoft System Center Configuration Manager is also known as Configuration Manager, ConfigMgr, Config Man, CM and SCCM among other names. Version names include 2012 and Current Branch or CB.)

Running Tachyon instructions on devices

You must ensure the appropriate scripting environment is present on Tachyon client devices. Tachyon SCALE - Simple Cross-platform Agent Language for Extensibility - supports running native PowerShell on Windows OS and bash on non-Windows OS devices, which can be script files downloaded when an instruction runs, or command text. You will very probably want to use these native scripting features in instructions you download from 1E or ones you develop yourself using TIMS.

PowerShell on Windows OS

PowerShell is used by some Tachyon instructions (that have PowerShell commands embedded or scripts that are downloaded) and some of these require PowerShell 3.0 or later, although some scripts will support PowerShell 2.0. PowerShell scripts are supported only on Windows OS.

To see if an instruction requires PowerShell, look in its Instruction Definition XML file for the Scripting.Run method.

If installing or upgrading PowerShell, it is best to install the latest version available. However, do not expect full forward or backward compatibility between PowerShell versions.

To determine the version of PowerShell on a computer, start PowerShell (command prompt or ISE) and enter one of the following commands: $PSVersionTable.PSVersion or $PSVersionTable for more detail.

The table below shows which versions of PowerShell are supported on each OS version and Service Pack, and if it is built-in or needs to be installed.

OS VersionPowerShell VersionNotes
1.02.0 (Note 3)3.04.05.05.1
Windows Server 2016, 2019



RTM (Note 9)RTM (Notes 12, 13)Note 4
Windows 10



RTM (built-in)Anniversary Update (built-in)
Windows Server 2012 R2


RTM (built-in)RTM (Note 9)RTM (Note 12)Note 4
Windows 8.1


RTM (built-in)RTM (Note 9)RTM (Note 12)
Windows Server 2012 *

RTM (built-in)RTM (Note 7)RTM (Note 9)RTM (Note 12)Note 4
Windows 8 *

RTM (built-in)



Windows Server 2008 R2 *
RTM (built-in)SP1 (Note 6)SP1 (Note 7)SP1 (Note 8)SP1 (Note 10)Note 4
Windows 7
RTM (built-in)SP1 (Note 6)SP1 (Note 7)SP1 (Note 8)SP1 (Note 10)
Windows Server 2008 *RTM (built-in)
SP1 & SP2 (Note 2)



Windows Server 2003 *RTM & SP1R2 & SP2



Notes 1, 2
Windows Vista *RTMSP1 & SP2



Notes 1, 2
Windows XP *RTM, SP1 & SP2SP3



Notes 1, 2

* These OS are regarded as Legacy OS.

  1. PowerShell is not built-in for these OS. These OS do not support 3.0 or later. See Constraints of Legacy OS.
  2. If PowerShell 1.0 is installed it must be removed in order to install a later version.
  3. Support for PowerShell 2.0 is included in PowerShell 3.0 and later.
  4. PowerShell is not installed by default on these OS but is an optional feature that should be enabled using Server Manager.
  5. PowerShell 2.0 is part of WMF Core package (KB968930) with prerequisite of .NET Framework 3.51 (which includes .NET 2.0 SP1).
  6. PowerShell 3.0 is part of WMF 3.0 with prerequisite of .NET Framework 4.0 or later. Refer https://www.microsoft.com/en-us/download/details.aspx?id=34595
  7. PowerShell 4.0 is part of WMF 4.0 with prerequisite of .NET Framework 4.5 or later. Refer https://www.microsoft.com/en-us/download/details.aspx?id=40855
  8. PowerShell 5.0 is part of WMF 5.0 with prerequisites of .NET Framework 4.5 or later and WMF 4.0. Refer https://www.microsoft.com/en-us/download/details.aspx?id=50395
  9. PowerShell 5.0 is part of WMF 5.0 without any other prerequisites. Refer https://www.microsoft.com/en-us/download/details.aspx?id=50395
  10. PowerShell 5.1 is part of WMF 5.1 with prerequisites of .NET Framework 4.6 or later, WMF 4.0 and SHA-2 Code Signing. Refer https://msdn.microsoft.com/en-us/powershell/wmf/5.1/install-configure
  11. PowerShell 5.1 is part of WMF 5.1 with prerequisites of .NET Framework 4.6 or later and WMF 4.0. Refer https://msdn.microsoft.com/en-us/powershell/wmf/5.1/install-configure
  12. PowerShell 5.1 is part of WMF 5.1 with prerequisite of .NET Framework 4.6 or later. Refer https://msdn.microsoft.com/en-us/powershell/wmf/5.1/install-configure
  13. In these Server OS, PowerShell 5.1 is referred to as the Desktop Experience. You can use the PowerShell Core version if you prefer.

Microsoft ended support for .NET Framework 4, 4.5, and 4.5.1 on January 12, 2016. Please refer to https://support.microsoft.com/en-gb/help/17455/lifecycle-faq-net-framework.

Bash on non-Windows OS

Bash and perl are required for installation of all non-Windows 1E Clients, with the exception of the 1E Client for Android which is installed through the Google Play Store and configured using UI screens.

Tachyon instructions support the use of Bash scripts on all supported non-Windows OS.

To see if an Instruction requires a Bash script, look in its Instruction Definition XML file for the Scripting.Run method. Bash is the preferred choice when developing custom Instructions for non-Windows OS.

There are slight differences between OS implementations of Bash, particularly on the Mac. Therefore 1E recommends testing custom Bash scripts on each supported OS.

Constraints of Legacy OS

In this documentation, the following are referred to as legacy OS. Below are described some known issues for these OS.

1E does not provide support for 1E products on the following OS unless the OS is explicitly listed as being supported for a specific 1E product or product feature. This is because Microsoft has ended mainstream support for these OS or they are not significantly used by business organizations.

  • Windows XP
  • Windows Vista
  • Windows 7
  • Windows 8.0
  • Windows Server 2003
  • Windows Server 2008
  • Windows Server 2008 R2
  • Windows Server 2012
  • Windows Server 2012 R2

Please contact 1E if you require support for these legacy OS. If you experience an issue on these OS, then please try replicating the issue on a supported OS.

For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search.

Microsoft legacy browsers

Support has been withdrawn for Internet Explorer 11 and legacy Microsoft Edge (non-Chromium version). 1E has taken this decision for new releases that are expected to remain in support by 1E beyond March 2021 when Microsoft Edge goes end of life and August 2021 when Internet Explorer 11 goes end of life. We recommend you use Google Chrome, Firefox or Microsoft Edge Chromium browser.

Certificate limitations - SHA2

Like most software vendors, 1E software requires the OS to support SHA2. If your organization has a PKI configured to use SHA2 256 or higher encryption, then your legacy OS may have already been updated to support it.

Windows XP and Server 2003 require an update as described in KB968730.  Microsoft no longer provides this hotfix as a download. You must contact Microsoft Support if you need it.

Windows 7 and Server 2008 R2 require an update as described in KB3033929. This update is not available for Vista and Server 2008.

Windows 8, 8.1, Server 2012, Server 2012 R2 and later OS already support SHA2.

Certificate limitations - encrypted certificate requests

Windows XP and Server 2003 are unable to encrypt certificate requests, whereas later OS are able to support higher more secure RPC authentication levels. If you are using a Microsoft CA and expect these clients to request (enrol) certificates then the CA must have its IF_ENFORCEENCRYPTICERTREQUEST flag disabled. It is disabled by default on Windows 2003 and 2008 CA, but is enabled by default on Windows 2012 CA.

To determine which InterfaceFlags are set, execute the following command on the CA server:

	certutil -getreg CA\InterfaceFlags

If the following is specified then it means the flag is enabled.

	IF_ENFORCEENCRYPTICERTREQUEST -- 200 (512)

To disable the encrypt certificate requests flag, execute the following commands on the CA server:

	certutil -setreg CA\InterfaceFlags -IF_ENFORCEENCRYPTICERTREQUEST
sc stop certsvc
sc start certsvc

Certificate limitations - expired root certificates

Ensure that your Root CA Certificates are up-to-date on clients and servers. The Automatic Root Certificates Update feature is enabled by default on these legacy OS but its configuration may have been changed or restricted by Group Policy Turn off Automatic Root Certificates Update.

If this GPO is enabled then you will see DisableRootAutoUpdate = 1 (dword) in HKLM\Software\Policies\Microsoft\SystemCertificates\AuthRoot.

Certificate limitations - signing certificates missing

On Windows computers, the installation MSI files, and binary executable and DLL files of 1E software are digitally signed. The 1E code signing certificate uses a timestamping certificate as its countersignature. 1E occasionally changes its code signing certificate, and uses it for new releases and patches for older versions, as shown in the table(s) below. 

Root Certificate Authorities are implicitly trusted to validate certificates, and their certificates must be correctly installed to do this. Your computers should already have the necessary root CA certificates installed, however this may have been prevented by your organization's security policies, or inability to connect to the Internet, or they are legacy OS. In general this is not an issue because by default Windows allows software to be installed and run without validation, although you may see a warning or experience a delay. However, you must have relevant CA certificates installed if you are using 1E Client (which self-validates its own files), or your organization has applied more secure polices (for example UAC, AppLocker or SmartScreen).

Typical reasons for issues with signing certificate are:

  • If your organization has disabled Automatic Root Certificates Update then you must ensure the relevant root CA certificates are correctly installed on each computer
  • If computers do not have access to the Internet then you must ensure the relevant root and issuing CA certificates are correctly installed on each computer, numbered in the table(s) below. 

The signature algorithm of the 1E code signing certificate is SHA256RSA. In most cases the file digest algorithm of an authenticode signature is SHA256, and the countersignature is a RFC3161 compliant timestamp. The exception is on legacy OS (Windows XP, Vista, Server 2003 and Server 2008) which require the file digest algorithm of an authenticode signature to be SHA1, and a legacy countersignature. 

The table below applies to software and hotfixes released in 2020.


Signing certificate

Timestamping certificates

2020

1E Limited

TIMESTAMP-SHA256-2019-10-15 and DigiCert Timestamp Responder

Issuing CA

DigiCert EV Code Signing CA (SHA2)

Thumbprint: 60ee3fc53d4bdfd1697ae5beae1cab1c0f3ad4e3

DigiCert SHA2 Assured ID Timestamping CA

Thumbprint: 3ba63a6e4841355772debef9cdcf4d5af353a297

and  DigiCert Assured ID CA-1

Thumbprint: 19a09b5a36f4dd99727df783c17a51231a56c117

Root CA

DigiCert High Assurance EV Root CA

Thumbprint: 5fb7ee0633e259dbad0c4c9ae6d38f1a61c7dc25

DigiCert Assured ID Root CA

Thumbprint: 0563b8630d62d75abbc8ab1e4bdfb5a899b24d43

The table below applies to software and hotfixes released in 2019.


Signing certificate

Timestamping certificates

2019

1E Limited

Symantec SHA256 TimeStamping Signer - G3

Issuing CA

Symantec Class 3 SHA256 Code Signing CA

Thumbprint: 007790f6561dad89b0bcd85585762495e358f8a5

Symantec SHA256 TimeStamping CA

Thumbprint: 6fc9edb5e00ab64151c1cdfcac74ad2c7b7e3be4

Root CA

VeriSign Class 3 Public Primary Certification Authority - G5

Thumbprint: 4eb6d578499b1ccf5f581ead56be3d9b6744a5e5

VeriSign Universal Root Certification Authority

Thumbprint: 3679ca35668772304d30a5fb873b0fa77bb70d54

1E Catalog

This table lists all the platforms supported by 1E Catalog, and the software required to allow 1E Catalog to be installed or to work.

CategoryProductNotes

OS

  • Windows Server 2019
  • Windows Server 2016

1E Catalog will only install on computers running one of these server OS.

This list is automatically updated to show only those OS versions in mainstream support by Microsoft, and therefore supported by 1E. However, the following OS continue to be supported as exceptions to help customers with their migration to the latest OS:

  • Windows Server 2012 R2.

Please refer to Constraints of Legacy OS regarding end of mainstream support.

For Microsoft product lifecycle details, please refer to https://support.microsoft.com/en-us/lifecycle/search.

Please refer to https://1eportal.force.com/s/support-for-msft-rapid-release-cycle for details of which Current Branch versions are supported by 1E products, and known issues regarding specific versions.

Database servers

  • SQL Server 2017
  • SQL Server 2016 SP2
  • SQL Server 2016 SP1
  • SQL Server 2014 SP2

You must have one of these SQL Server versions installed, either local or remote. SQL Server Standard or Enterprise edition is recommended.

The SQL Server database instance must be configured to use a case-insensitive, accent-sensitive collation as the server default (the preferred collation is SQL_Latin1_General_CP1_CI_AS.

If installing SQL Server locally, note:

    • SQL Server 2014 requires .NET 3.5 SP1 and .NET 4.x - supported Server OS include both which will need to be enabled in Server Manager roles and features
    • SQL Server 2016 and 2017 require .NET 4.6 which requires KB2919355 on Windows Server 2012 R2
    • SQL Server setup requires PowerShell 2.0.

SQL Server Browser service is required only if you wish to browse for available SQL Server instances during installation instead of typing the instance name.

For more information about SQL Server requirements, refer to MSDN: Hardware and Software Requirements for Installing SQL Server.

Web servers

  • IIS 10
  • IIS 8.5

The server hosting 1E Catalog must have one of these Web server versions installed.

See Requirements - Server Roles and Features for details of required IIS features.

Runtime libraries

  • .NET Framework 4.8
  • .NET Framework 4.7
  • .NET Framework 4.6.2
  • .NET Framework 4.5.2

You must have one of these .NET Framework versions installed. See Requirements - Server Roles and Features for details of required .NET Framework features.

To know supported combinations of OS and .NET Framework, please refer to: https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/versions-and-dependencies .

    • Windows Server 2019 has .NET Framework 4.7.2 installed by default
    • Windows Server 2016 has .NET Framework 4.6.2 installed by default
    • Windows Server 2012 R2 has .NET Framework 4.5.1 installed by default, therefore you must upgrade to one of the supported versions of .NET Framework.

See Database servers above for notes on .NET Framework and SQL Server.

Browsers

  • Google Chrome
  • Internet Explorer 11
  • Microsoft Edge
  • Mozilla Firefox

Web-based administration for the Catalog using the CatalogWeb UI is supported on the latest versions of these browsers.

Others

  • AD security group

Although not required for installation, an AD security group is required to control access for users permitted to rebuild your Catalog data, as described in Rebuilding the 1E Catalog - How to reconfigure the website to grant admin access. Members of this group will also have access to the Admin menu item in the Catalog UI.

ActiveEfficiency Server and the ActiveEfficiency Scout

CategoryProductNotes

OS

  • Windows Server 2019
  • Windows Server 2016
  • Windows Server 2012 R2
ActiveEfficiency and the Scout will install on systems running these OS.

Database servers

  • SQL Server 2017
  • SQL Server 2016 SP2
  • SQL Server 2014 SP2
  • You must have one of these SQL Server versions installed for ActiveEfficiency and the Scout
  • SQL server must be configured to use a case-insensitive, accent-sensitive collation as the server default (the preferred collation is SQL_Latin1_General_CP1_CI_AS
  • ActiveEfficiency supports SQL Always On Availability Groups or SQL cluster
  • See Preparation for details of SQL permissions required by the installation and service accounts

Configuration Manager

  • SCCM CB 2002
  • SCCM CB 1910
  • SCCM CB 1906
  • SCCM CB 1902
  • SCCM CB 1810
  • SCCM CB 1806
  • SCCM CB 1710
  • You must have one of these Configuration Manager versions installed for ActiveEfficiency and the Scout
  • If you installed or upgraded to ActiveEfficiency 1.10 ensure you have installed Nomad Configuration Manager Admin Console Extensions for Nomad 6.1 (or later), otherwise pre-caching content fails when you run it.

Pre-caching content failure

  • Enable the Distributed Transaction Coordinated (DTC) service. DTC is a feature of Windows Server and is used to track processes of transactional processes, usually over multiple resource managers on multiple computers. DTC ensures that the transactions are completed and can be rolled-back if any part of the process fails.
    Enabling the DTC service

    Nomad synchronization uses DTC to perform complex queries on Configuration Manager and ActiveEfficiency data (for example, to retrieve computers targeted with Nomad Pre-cache policies and Nomad Dashboard data). DTC must be enabled and configured on the Configuration Manager SQL database server.

    You must restart the SQL service after enabling DTC.

Web servers

  • IIS 10
  • IIS 8.5
  • You must have one of these IIS versions installed for ActiveEfficiency and the Scout. The ActiveEfficiency installer runs a check to ensure that a supported version of IIS is installed before continuing.
  • To allow users and other 1E products to access the ActiveEfficiency website and web services, you must enable the following roles and features under IIS:
      • Windows Authentication
      • ASP.NET 4.x (under the ISAPI and CGI restrictions section in IIS Manager)

  • If your SQL server is remote and TLS 1.0 is disabled in your environment you must install the SQL Server Native Client 11.0 (also known as SQL Server 2012 Native Client) on the Web server hosting the ActiveEfficiency application. If your SQL server is local you will likely already have the SQL Server Native Client installed, but you should check that this is the case.

    The following image illustrates the ODBC driver for the installed SQL Server Native Client:

You can download the SQL Server Native Client 11.0 installer (sqlncli.msi) from the following link: https://www.microsoft.com/en-us/download/details.aspx?id=50402. Note that this version supports SQL Server 2012, 2014, 2016 and 2017.

Runtime libraries

  • MSMQ
  • .NET Framework 4.7
  • .NET Framework 4.6
  • .NET Framework 4.5
  • You must have one of these versions of .NET Framework. The ActiveEfficiency and Scout installers each runs a check to ensure that .NET Framework Full Profile runtime library is installed. To know supported combinations of OS and .NET Framework, please refer to: https://docs.microsoft.com/en-us/dotnet/framework/migration-guide/versions-and-dependencies .
    • Windows Server 2019 has .NET Framework 4.7.2 installed by default.
    • Windows Server 2016 has .NET Framework 4.6.2 installed by default.
    • Windows Server 2012 R2 has .NET Framework 4.5.1 installed by default. You will need to upgrade to one of these supported versions.
  • You must install MSMQ if you use the Nomad integration with WakeUp, Nomad Dashboard or Pre-cache features. ActiveEfficiency Server is required by these features, and even though the Dashboard and Pre-cache features do not use MSMQ, it is a prerequisite for installation of ActiveEfficiency Server.



Browsers

  • Google Chrome
  • Internet Explorer 11
  • Microsoft Edge
  • Mozilla Firefox

Others

  • ActiveEfficiency Server
ActiveEfficiency Server must be running on your network before you install the ActiveEfficiency Scout.