Buy or Renew
Buy or Renew
NEW! Stay up-to-date on Cisco Secure Access: Software Release Notes and Announcements
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
313
Views
0
Helpful
2
Replies

Old versions going to unsupported? "superseded"

benwe
Level 1
Level 1

‎11-16-2023 02:32 PM - edited ‎11-16-2023 02:34 PM

Can help but notice the last 2 client versions are "superseded" and go straight to unsupported in the console. Thats fine and dandy, but with 20k clients its kinda hard to keep up, and now, according to the console we will not have support if we encounter issues. Also being in the constant state of forced upgrades is not a good look. Is there some reason that Cisco is going in this direction instead of fully supporting previous versions?

Thanks!

Additionally, just a little bit of a 'soap box here' but conversations in the past with TAC when we have had failed upgrades are we have to uninstall and reinstall the client because upgrades dont work sometimes. Not to mention passwords, you really supposed to send an uninstall command to the clients in clear text? How secure is that? Only other option is to move all the machines to an unpassworded policy so that you can do the upgrade and not worry about the password, but that creates a bunch of manual labor to sort each day what machines have what version and move them back to protected after they upgrade. Not to mention the failures on uninstall/reinstall. Then your endpoint is really unsecure as its stuck without a client for whatever the failed to install reason is!

 

0 Helpful
2 Replies 2

Ken Stieers
VIP
VIP

‎11-16-2023 06:05 PM

So the last two versions were pulled due to bugs that were problematic enough that they didn't want anyone deploying them. I am going to guess that the only way to keep them in the gui so you can filter on them but make them undeployable is to mark them unsupported.

As farvas managing your upgrade failure remediation, if the machine is getting the "remove password" directive when you move it, I suspect the Uninstall Connnector button in the gui would work.

You can also write a script to use the API to get the machines from the unprotected group, check the version and them move them to the correct group if upgraded. (Or an Orchestration into you're in XDR)
0 Helpful

Roman Valenta
Cisco Employee
Cisco Employee

‎11-16-2023 08:05 PM

As far for the new "Uninstall Button" feature just a small note:

This will only works for standalone installation. In other words this will not work if Secure Endpoint is part of Secure Client deployment.

Example:

Standalone -  Button is available also notice no UUID under Secure Client ID

Screenshot_2998.png

 

CM Deployment - Button not available / non clickable

Screenshot_2999.png

0 Helpful
Customers Also Viewed These Support Documents