This Service Pack should be applied to all machines hosting Blueprint server components, i.e. the Analyst, Collector or Administrator. This will bring the patched files up to version 5.2.9857. Updated Print Scout packages (version 22.214.171.1246) should subsequently be distributed to all workstations and print servers hosting the Print Scout (or the Blueprint Tracker, if you’re upgrading an older system.) This Service Pack includes all previously released 5.2 Service Packs.
Summary of New Features and Improvements
- Supports TLS 1.2 for server-to-server WCF communications.
- If TLS 1.2 is the ONLY cipher suite enabled, FIPS compliance must be enabled at both the client and server to view Blueprint reports. Please read Enabling FIPS Compliance for further instructions.
- Note: If older cipher suites such as SSL 3.0 or TLS 1.0 are also enabled, Blueprint server-to-server WCF will use the more secure TLS 1.2 suite.
- You can now use Active Directory Groups to assign Blueprint roles.
- All DLLs in Print Scout are code signed.
- Now uses .Net 4.6.1, and .Net 3.5 is no longer required. (For more information, please refer to the Blueprint 5.2 Installation Guide.)
- Support for SNMP V3
- Support for Mobile Print 2.2.1 (See Also: MobilePrint 2.2.1 Now Available)
- Event logs for multiple Collectors can be viewed from Print Center.
- Additional Health Tests have been added to the Blueprint Server self-checks.
Note: Collectors will now e-mail failed self-check results. Make sure that the Collectors are able to contact the mail server.
- Delegate Printing is now in Pharos Print Center. Employees can add or remove delegates using their browser.
- On sites where Blueprint Servers can't retrieve SSL Certificate Revocation Lists (CRL), networking delays can occur. It's now possible to tell Blueprint to use SSL certificates that do not check the CRL.
- No more "The service '/PharosSystems/AgentController.svc' does not exist" events in Windows Application Events.
- Support added to verify the email settings using Blueprint Administrator on a Collector.
For a detailed description of the new features and improvements in this release, please refer to the Blueprint 5.2 Service Pack 3: New Features guide.
- The Health Tests will run at the same frequency they were set to prior to applying Service Pack 3 (typically once per hour.) If you prefer to be notified more quickly if a problem occurs, you can increase the frequency via the Administrator (on the Analyst server). Go to Servers > Settings > General > Update Frequency. This is automatically propagated to all Collectors over a few hours.
- The Secure Queue Configuration Tool no longer marks secure queues as supporting Workstation Delegation. This is because delegates are assigned using Print Center.
- Policy Print has been updated to support Universal Security Group only. Distribution groups and other security group scopes are no longer supported. Searching for a group by user or group in Blueprint Administrator for Policy Print will only return Universal Security Groups.
SP3 Bug Fixes
- Card Registration can be carried out during an HR Import.
- Employee List and Usage Report references to user location and not device location.
- VPSX file import deadlocks if a SR25 tries to register or update itself at same time a VPSX file import is running
- Recording of Serial Number of locally connected USB printers, handles case of printer being moved between workstations.
- Improve Active Directory search performance. Looking up Groups for Policy no longer times out on large Active Directory systems.
- Restriction removed to display a max of 1000 rows in certain Administrator views (Models, Terminals, Devices, etc.).
- Collector BIN files with a Machine data signature of 5.1 are now imported correctly. This bug would manifest itself if BP 5.1 Collectors sent bin files to a BP 5.2 Analyst.
- A Print Scout installed in August or September or on the 8th or 9th of the month may fail to upload job data to Collector.
- Use of load balancers between workstation and SRH collectors can result in a print job being sent to multiple Collectors. When this happens, a user is unable to release any jobs until the duplicate jobs are located and deleted.
How to Apply This Service Pack
Warning: Blocked Files
Depending on how this Service Pack or its files were copied to the target machine, some of the files may have been 'blocked' by Windows. Trying to update a Blueprint component with a blocked file will most likely prevent that component from working correctly. To check whether a file is blocked and/or unblock it, right-click the file in Windows Explorer and select 'Properties'.
Warning: In use Files
Under some conditions, the upgrader may be unable to replace files because they are in use. If this happens:
- Stop IIS using the command line iisreset /stop
- Run the upgrade again.
- Start IIS using the command line iisreset /start
Updating Analyst or Collector
If updating Analyst, make sure you have an up to date backup of the psbprint and psreports databases.
Close the Window's Printers window (if it is open). Close any Pharos applications (e.g. Troubleshooter, Blueprint Administrator) that are open.
Note: you do not need to stop the Pharos Services. The Service Pack installer will do this automatically.
Open an elevated Windows command prompt and run Patcher.exe from the command line. No additional parameters are necessary.
The Service Pack installer does not create a log file. We recommended that you run DebugView (http://technet.microsoft.com/en-us/sysinternals/bb896647) to capture the output of the installer. This output will include error messages if the installer fails.
Also, the existing Blueprint files will be backed up to BP52-SP3 in the Temp directory, before they're replaced with the updated versions.
If the Service Pack installer fails, you can correct the cause of the error and run Patcher.exe again. Alternatively, you can contact Pharos for manual upgrade instructions, or you can manually recover the files from the BP52-SP3 backup directory.
At completion, the Patcher may automatically force a restart. Follow the remaining instructions after the restart.
On the Analyst, open the Administrator and go to Reporting > Publications and click Publish to Data Warehouse on the toolbar.
Automated Deployment to Collectors
Customers with a large number of Collectors may want to deploy this Service Pack using an automated software deployment tool (e.g. IBM's Tivoli).To help with this process, the Patcher can be configured to send an e-mail at the end of the patching process indicating the patching attempt's success or failure. The configuration is held in the file Patcher.xml. Modify the file as follows:
- Change the <automated> element from "false" to "true".
- Set to to the e-mail address you want the notification sent to.
- Set from to the e-mail address you want the notification to claim it was sent from.
- Set smtpServerHost to the FQDN of the mail server.
- Leave smtpServerPort alone, unless the mail server is using a non-standard port. Or you want the communication encrypted using SSL.
- If the mail server and its Host are configured to support SSL, you can change useSSL to "true" and smtpServerPort to the SSL port (usually 465).
- Set smtpUserName and smtpPassword to the user and password needed to use the mail server.
- If you do not want to put an unencrypted password in the Patcher.xml file, you can put the password as encrypted text into smtpEncryptedPassword. You can encrypt the password by calling Patcher.exe from the command line with the flag "/encrypt:". For example, say your mail server password is "MySecretPassword".
- Open a command prompt and type in patcher /encrypt:MySecretPassword
- Patcher.exe will return something like EncryptedPassword:L9EMZX9r1CkvI8rNybP/dikf09zwBPLMfl6OMk7/nXOCgZQpaePQDoGDULN3eAbe"
- Set smtpEncryptedPassword="L9EMZX9r1CkvI8rNybP/dikf09zwBPLMfl6OMk7/nXOCgZQpaePQDoGDULN3eAbe"
- If your deployment tool will run the patcher under an account that has permission to send e-mails, then you can set useDefaultCredentials to "true" and leave smtpUserName, smtpEncryptedPassword and smtpPassword blank.
Updating standalone installations of the Blueprint Administrator
If Workstation Tracker is installed along the Blueprint Administrator, applying the Service Pack will NOT update the Tracker.
- Close the Window's Printers window (if it is open).
- Open an elevated Windows command prompt and run Patcher.exe from the command line. No additional parameters are necessary.
Note: The Service Pack installer does not create a log file. It is recommended that you run DebugView (http://technet.microsoft.com/en-us/sysinternals/bb896647) to capture the output of the installer. This output will include error messages if the installer fails.
- A reboot might be required after the Service Pack is run. This is done automatically so make sure you save any open files prior to applying the Service Pack.
- If the Service Pack installer fails, you can correct the cause of the error and run Patcher.exe again. Alternatively, you can contact Pharos for manual upgrade instructions.
Updating Tracker on Print Servers
On all the Windows Print Servers where tracking is required, use the Blueprint Print Scout package contained in the Tracker directory to install or upgrade the Tracker.
Updating Tracker on Windows Workstations
Print Scout packages should be distributed to all workstations hosting the Blueprint Tracker, so you can take advantage of the new features and improvements.
Pharos Print Center
For the Pharos Print Center Integration to work with this Service Pack the following order of install is recommended:
- Apply Service Pack 3 to all Blueprint server components (this can be done in stages).
- Upgrade Pharos Print Center to the latest version (3.7.2).
- Restart IIS (on the server where the Pharos Print Center Integration is installed).
MobilePrint is NOT affected by applying Service Pack 3. Also, MobilePrint installed AFTER Service Pack 3 was applied will work with no further configuration changes. MobilePrint 2.2.1 does not support TLS 1.2 and will not work if TLS 1.2 is the only cipher suite enabled. Later versions of MobilePrint will have full support for TLS 1.2.
Updated versions of all other Integrations (e.g.VPSX and HP e-Print) are not included in this Service Pack. Please contact your Pharos representative to obtain any additional Integrations. Any previously installed VPSX and HP e-Print Integrations will stop working once Service Pack 3 is applied. If TLS 1.2 is the ONLY cipher suite enabled the VPSX SRH integration will not work.