suit - honeywell€¦ · server 2016. .....43 3.7.6 known issue: on certain scenarios installing ms...
TRANSCRIPT
SUIT
APRIL 2020
SUIT ISO User Guide
APRIL 2020
2
DISCLAIMER
This document contains Honeywell proprietary information.
Information contained herein is to be used solely for the purpose submitted, and no part of
this document or its contents shall be reproduced, published, or disclosed to a third party
without the express permission of Honeywell International Sàrl.
While this information is presented in good faith and believed to be accurate, Honeywell
disclaims the implied warranties of merchantability and fitness for a purpose and makes
no express warranties except as may be stated in its written agreement with and for its
customer.
In no event is Honeywell liable to anyone for any direct, special, or consequential damages.
The information and specifications in this document are subject to change without notice.
Copyright 2020- Honeywell International Sàrl
SUIT ISO December 2019 3
Table of contents
1 ABOUT THIS GUIDE ......................................................................................................................................... 5
1.1 Support and other contacts ............................................................................................................................... 5
1.2 Symbols and definitions ..................................................................................................................................... 6
1.3 Scope ............................................................................................................................................................................ 7
1.4 Revision history ....................................................................................................................................................... 8
1.5 Intended audience .............................................................................................................................................. 14
1.6 Related documents ............................................................................................................................................ 14
2 INTRODUCTION ............................................................................................................................................. 16
2.1 Overview ................................................................................................................................................................... 16
2.2 Supported HPS Products ................................................................................................................................ 16
2.3 Honeywell Recommendation ........................................................................................................................ 19
3 UPDATE MANAGER ..................................................................................................................................... 21
3.1 supported products ............................................................................................................................................ 21
3.2 Checking for Available Updates ................................................................................................................... 33
3.3 Validating Security Updates ........................................................................................................................... 37
3.4 Validating Non-Security Updates ............................................................................................................... 37
3.5 Validating Latest ISO ......................................................................................................................................... 38
3.6 Viewing ISO Configuration File ..................................................................................................................... 39
3.7 Known Issues and Workarounds .................................................................................................................. 40
3.7.1 Known Issue: Updates fail to install due to USB lockdown enabled. Ex: KB982018, KB2775511 ......................................................................................................................................................................... 40
3.7.2 Known Issue: SUIT ISO DVD is taking hours to deploy when a system has WSUS, but the user wants to use the SUIT ISO to align the system. ...................................................................... 41
3.7.3 Known Issue: DVM R500/R600/R620 and EBI R430 ................................................................... 43
3.7.4 Known Issue: SUIT ISO failed on RAE node ......................................................................................... 43
3.7.5 Known Issue: DVM R600/R620/700 and EBI R500/600 On Windows 10/Windows Server 2016. ........................................................................................................................................................................ 43
3.7.6 Known Issue: On certain scenarios installing MS update using Dec 2019 ISO may cause OS crash. ................................................................................................................................................................. 44
3.7.7 Known Issue: ELCN Nodes get stuck in LOC_LOAD after installing Security Update Nov ‘19 or later. .................................................................................................................................................................. 44
3.7.8 Known Issue: Microsoft Security Update September ’19 ->Jan ‘20 might cause a memory leak in Experion Station on Experion R43x and R5xx. ................................................................ 45
3.7.9 Known Issue: KB3125574 install failed on Windows Server 2008 R2 and Windows 7 using August 2019 ISO or later ............................................................................................................................. 46
4 TERMS AND DEFINITIONS ......................................................................................................................... 49
5 NOTICES.......................................................................................................................................................... 50
ABOUT THIS GUIDE
SUIT ISO December 2019 4
ABOUT THIS GUIDE
SUIT ISO December 2019 5
1 About this guide
This guide provides information about using ISO and to keep system updated with latest
available/qualified Security/Non-Security updates.
ATTENTION
It is highly recommended that a user completely understands and
exercises precautions published in this document before using the ISO
for installation of Security and Non-Security hot fixes.
1.1 Support and other contacts
Country Contact Phone MAIL/EMAIL FASCIMILE
USA Honeywell
Solution
Support
Center
1-800-822-7673
(outside Arizona)
602313-5558(in
Arizona)
Honeywell TAC, MS L17 1860
W. Garden Lane Phoenix, AZ,
85027 USA
1-973-455-
5000
Europe Honeywell
TACEMEA
+32-2-728-2732 TAC-BE02
Hermes Plaza Hermeslaan, 1H
B-1831 Diegem, Belgium
+32-2-728-
2696
Pacific Honeywell
Global TAC
– Pacific
1300-364-822 (toll
free within Australia)
+61-8-9362-9559
(outside Australia)
Honeywell Limited Australia 5
Kitchener Way
Burswood 6100, Western/
+61-8-
9362-9564
India Honeywell
Global
TAC-India
+91-20-6603-9400 Honeywell Automation India
Limited 56 and 57 Hadapsar
Industrial Estate,
Hadapsar, Pune-411013-
Pune/ India Global-TAC-
+91-20-
6603-9800
Korea Honeywell
Global TAC
– Korea
82-2-799-6317 (toll
free within Korea)
Honeywell Co., Ltd 4F,
Sangam IT Tower
1590, DMC Sangam-dong,
Mapo-gu Seoul, 121-835,
Korea/
Global-TAC-
+82-2-792-
9015
ABOUT THIS GUIDE
SUIT ISO December 2019 6
Country Contact Phone MAIL/EMAIL FASCIMILE
China Honeywell
Global TAC
– China
+86- 21-2219-6888
800-820-0237
400-820-0386
Honeywell (China) Co., Ltd
33/F, Tower A, City Center, 100
Zunyi Rd. Shanghai 200051,
People’s Republic of
China/
Global-TAC-
Singapore Honeywell
Global TAC
– South East
Asia
+65-6580-3500 Honeywell Private Limited
Honeywell Building
17, Changi Business Park
Central 1 Singapore 486073/
+65-6580-
3501
+65-6445-
3033
Taiwan Honeywell
Global TAC
– Taiwan
+886-7-536-2567 Honeywell Taiwan Ltd.
17F-1, No. 260, Jhongshan 2nd
Road. Cianjhen District
Kaohsiung, Taiwan,
ROC/
Global-TAC-
+886-7-
536-2039
Japan Honeywell
Global TAC
– Japan
+81-3-6730-7160 Honeywell Japan Inc.
New Pier Takeshiba, South
Tower Building,
20th Floor, 1-16-1 Kaigan,
Minato-ku, Tokyo 105-0022,
Japan
Global-
+81-3-
6730-7228
1.2 Symbols and definitions
The table below describes the symbols and their definitions that are used across in this
document.
Symbols Definitions
NOTE: Identifies advice or hints for the user, often in terms of
performing a task.
ATTENTION: Identifies information that requires special
consideration.
ABOUT THIS GUIDE
SUIT ISO December 2019 7
1.3 Scope
• This document is expected to guide a user to keep systems updated with the latest
Microsoft Security/Non-Security updates qualified by Honeywell for the supported
HPS products that are released to market.
• Microsoft Security/Non-Security updates are re-distributed as a standard ISO
which has a tool embedded, Update Manager, designed to manage the
Security/Non-Security updates for the supported HPS product nodes.
• The document also provides information on the HPS product nodes which are
assigned with a unique node ID, used by the Update Manager to identify the node.
• The document describes the various recommendation standards followed by
Honeywell to help a user to understand the importance of recommendations which
Honeywell provides to all the security updates.
• The recommendations are provided in the datasheets of all the security updates
bundled in the ISO. The datasheets can be accessed from the Honeywell On Line
Support OLS.
• Though Honeywell provides a recommendation for all the security
updates,Honeywell would not account for any consequences if a user is at his/her
own discretion to override the recommendation provided.
ATTENTION
Regardless of the approach taken to update systems with Microsoft
Security/Non-Security updates, Honeywell disclaims the
consequences of overriding the recommendation associated with all
Security/Non-Security updates.
• This document also deals with the security update install exceptions, it is
imperative for a user to visit this section to obtain a clear set of instructions, if a
security update is to be exempted from installation on any of the HPS products.
ABOUT THIS GUIDE
SUIT ISO December 2019 8
1.4 Revision history
Revision Release Description
1.0 June 2012 Merged Update Manager User guide and
SUIT-ISO user guide, added region wise
contact details.
1.1 July 2012 ISO support for Safety Manager has been
upgraded to R133.3, R145.1 and R1501.
1.2 August 2012 ISO support for EPKS R400.3, EBR
R400.1/R410.1 and PCUS R400.1 has been
added.
1.3 September 2012 ISO support for Windows Server 2008 &
Windows Server 2008 R2 Domain
Controllers and TPA R690 has been added.
1.4 October 2012 ISO support for LS/HS R400 and PCUS
R400.1 on Windows 7 SP1 has been added.
1.5 November 2012 ISO support for RAE R610 has been added.
1.6 January 2013 ISO support for PMD R800.1, EPKS R410
RESS and SM 133.4 on XP SP3 IE6 & IE7
has been added.
1.7 February 2013 ISO support for SM 133.4 on Windows
Server 2003 & Windows 7, Plant Cruise
R100.3 and BMA R340.2/R400.1/R401.1
has been added.
1.8 March 2013 ISO support for FDM R430.1 and EBR
R410.1 on Windows Server 2008 SP2 has
been added.
1.9 April 2013 ISO support for EPKS R410.2 and RAE5.0
Update6 with EPKS R301.3 & R310.3 has
been added. Removed updates to obsolete
Operating Systems/ obsolete Windows
Components from ISO.
ABOUT THIS GUIDE
SUIT ISO December 2019 9
Revision Release Description
2.0 June 2013 ISO support for Plant Cruise R100.3 on
Windows 7 SP1 and DVM R500.1 has been
added.
2.1 July 2013 ISO support for BMA and RAE5 Desktop
Server with EPKS R30x, R310.x & R311.x has
been added.
2.2 August 2013 ISO support for HS R410 and vCenter Server
5.0 on Windows Server 2008 R2 SP1 has
been added.
2.3 September 2013 ISO support for EPKS R410.3 and FDM
R430.1 on x86 has been added.
2.4 October 2013 ISO support for Print a GUS has been added.
2.5 January 2014 ISO support for BMA OPBC Standalone
Client nodes and EBR R410.2 on Windows
Server 2008 R2 SP1 has been added.
2.6 March 2014 ISO support for EPKS R430.1, FDM R440.1
and SM R133.5/146.1 on Windows Server
2003 SP2 & Windows XP SP3 has been
added.
2.7 July 2014 ISO support for SM R133.5/146.1/151.4
and FSC R710.6 on Windows Server 2008
R2 SP1
2.8 January 2015 ISO support for PMD R830.1 ha`s been
added.
2.9 March 2015 Updated node ID’s information table.
3.0 April 2015 ISO support for EPKS R431, PCUS R431,
EPKS R430 & 431 Flex Server, and FDM
R450 on x86 & x64, EBR R430 and SH
R200.2 on x86 & x64 has been added.
3.1 May 2015 ISO support for FDM R440 on x86, PBM
R431.x, SM R152.1 and FSC R710.7 has
been added.
3.2 June 2015 ISO support for PCUS R430 has been added.
ABOUT THIS GUIDE
SUIT ISO December 2019 10
Revision Release Description
3.3 August 2015 Removed ISO support for nodes running on
Windows 2003 and XP OS. However, a
separate Phased-out-products ISO is under
progress for these nodes.
3.4 September 2015 Updated Description for Nodes with ID 181-
185
3.5 October 2015 ISO Support added for EPKS 400.8 with IE9,
PCUS 431.2 with IE9 PMD 831.1 and EPKS
410.x & 430.x combinations are added for
BMA nodes 202 to 206
3.6 December 2015 Added Sec 3.7 – Known Issues and
Workarounds
3.7 April 2016 Added Note III(a) in end of 2.2 section
3.8 May 2016 MS ISO support added for BMA nodes
217,219,220, 221,223,225,226,227,
228,230,231,232,233,234,235,236,237,238
3.9 June 2016 Added Note III(b) in end of 2.2 section
3.10 July 2016 EBR 4xx support is added, independent of IE
3.11 July 2016 ISO support added for EPKS R430.5/
R431.3/ R410.9/ R432.1 (Server A, Server B,
ESF, EST, EAPP, Flex Sever) with IE 11 and
.Net 4.5.2, EPKS 431.x Orion Console, BMA
nodes for 4xx releases, P3. Added Note IV in
the end of section 2.2
3.12 September 2016 Reframed node IDs for EPKS R410.9
/R430.5/ R431.3/ R432.1 and added
support (NONRED, SCE, EServer, EHG, EAS
and RESS) nodes. ISO Support added for DC
on W2K8 SP2 with IE 9 and W2K8 R2 SP1
with IE11 Updated the Note I (1) in section
2.2
ABOUT THIS GUIDE
SUIT ISO December 2019 11
Revision Release Description
3.13 October 2016 ISO support added for SM 153.3/160.x on
WIN2K8 R2, WIN 7 SP1 and HSR 430.1
(ESVRA/ESVRB/FLXSRVR) on WIN7-64bit,
HSR 430.1 (EESRV) on WIN2K8R2.
Added a known issue description and
workaround under section 3.7.
Added new SM and HSR releases entry in
HPS/Third Party Product table under
section 2.2.
3.14 November 2016 ISO support for LX R 120.1 Patch1 on
WIN2K8 R2 SP1 and Windows 7 SP1 has
been added. Removed Note III(a) in end of
2.2 section
3.15 December 2016 ISO support for FSC 710.9 and Domain
Controllers on Windows Server 2012 and
Windows Server 2012 R2 has been added
3.16 March 2017 ISO support for EPKS R500.1, PMD R900.1,
PBM R500.1, BMA R4xx nodes with IE11 &
3.17 April 2017 ISO support for RAE R700.1, BMA 400 nodes
with .Net 4.5 and Domain Controller on
Windows Server 2016 has been added.
Updated Known Issues section 3.7
3.18 June 2017 ISO support for HS R500 and EBR500 has
been added. Updated Known Issues section
3.7
3.19 July 2017 ISO support for FDM R500 has been added.
3.20 August 2017 ISO support for SM R153.4, DVM R600.1
and EBR R431.x on Windows Server 2012
has been added.
3.21 October 2017 ISO support for EPKS R505, DVM R620.1
and SM R153.5 has been added.
3.22 November 2017 ISO support for PHD R340/R321, UPS
R322/R320, DynAmo R200/R120 and AAM
R321 has been added.
ABOUT THIS GUIDE
SUIT ISO December 2019 12
Revision Release Description
3.23 February 2018 Added “Note VI” in page 15.
3.24 March 2018 ISO support for FSC R801.1, SM R161.1, SM
R146.2/153.5 on Win 10 and EBR R501
3.25 April 2018 ISO support for EPKS R501.x, Profit Suite
R412/R431/R442, CPM R601.x, EBI R500.1
and NAS on Windows Server 2016 &
Windows Server 2012R2 has been added.
3.26 May 2018 ISO support for PBM R501.x, RAE R701.1
has been added. Updated Known Issues
section 3.7
3.27 June 2018 ISO support for EPKS R510.x, CPM R570.x,
EBI R430.x and PA R500/R430 has been
added.
3.28 August 2018 ISO support for Safety Manager R200.2 has
been added and removed support for EPKS
R505.Updated Known Issues section 3.7
3.29 October 2018 ISO support for PMD R910.2 has been
added and Updated Known Issues section
3.7
3.30 December 2018 ISO support for EPKS R511, PHD340.X on
Windows Server 2012R2, SM 162.1, SM
200.3, FSC 801.2, Carbon black
3.31 March 2019 Information added for March SUIT ISO DVD
size.
3.32 April 2019 Added attention section for April month ISO.
ABOUT THIS GUIDE
SUIT ISO December 2019 13
Revision Release Description
3.33 May 2019 Added attention section for CVE-2019-0708
RDP remote code execution vulnerability
Added attention section for System slow
boot times and performance issue with
April\May ISO.Added attention section for
UM tool modifications for automated
recheck of installed updates on reboot
Added support for SPA120, FDM R511, SM
201.x, IE11 support on FDM R430, R440,
R450, R500 and R501.
3.34 June 2019 Added ISO support for LX
R500/R501/R510/R511 and PC
R500/R501/R510/R511, for HS
R500/R501/R510/R511, Skill IC 101.x
ProfitSuite R500 and CPM 602 Removed
support for ProfitSuite R412 on Windows 7
x86
3.35 July 2019 Added ISO support for SM-154.X-Win10,
VcenterSrv 6.0, EBI 500 With DVM 620, EBR
430 With SM151 and SH200
3.36 July 2019 Added ISO support for DVM R700, Carbon
Black 8.1.0, EBI R600, EBR R501 and
Process Safety Analyzer R115 Added Reboot
required check box support for rebooting the
system automatically after installing all
updates
3.37 September 2019 Added ISO support for Console stations on
all EPKS releases on Windows 2008 R2 and
Windows Server 2016
3.38 October 2019 Modified Node ID support for EPKS 511
Updated Known issues and workarounds
section to include workaround for file not
found error in DVM and EBI nodes
ABOUT THIS GUIDE
SUIT ISO December 2019 14
Revision Release Description
3.39
November 2019
Added ISO support for :
AAM 321 on Windows 2012 R2 and Window
server 2016, Dynamo 202 on Windows 2012
R2. SM 146, SM 153 and SM 162 on
Windows server 2016, Trace 130 on
Windows server 2016. SH 200 and 201 on
Windows 10 and Windows server 2016.
3.40
December 2019
Added ISO support for VMWare Workstation
on Windows Server 2016, EPKS R515.1 on
Windows Server 2016 and Windows 10,
FDM R511 on Windows Server 2016 and
Windows 10, SM 154.2 on Windows Server
2016 and Windows 10
3.41 February 2020 Added ISO support for vCenter Server 6.0 on
Windows 2012 R2
3.42 March 2020 Added support for SM 201.2 and SM 210.1
on Windows 10 X64. Added support for FSC
710 on Windows 10 X64. Added support for
EPKS R516 on Windows Server 2016 and
Windows 10 X64.
3.43 April 2020 Added support for QCS SE 100 on Windows
10 X64 Implemented ESU key detection
support.
1.5 Intended audience
This guide is primarily intended for Honeywell field personnel who install and configure the
product.
1.6 Related documents
The following list identifies publications that may contain information relevant to the
information in this document.
Document Name Description
Anti-Virus Software
Guidelines
This document identifies Anti-virus software certified for currently
supported Windows based HPS products along with installation and
configuration guidance.
ABOUT THIS GUIDE
SUIT ISO December 2019 15
Document Name Description
Anti-Virus Quick
Reference Guide
This document provides Quick information about installation and configuration of McAfee and Symantec Antivirus.
Anti-Virus Software Guidelines for Virtualization Environment
This document guides installation and configuration of McAfee MOVE
Antivirus(Agentless) in an NSX for virtualized environment.
INTRODUCTION
SUIT ISO December 2019 16
2 Introduction
2.1 Overview
The qualified Security/Non-Security updates are re-distributed as an ISO which is posted
at Honeywell OLS.
Qualification of the Security updates abide by Honeywell policy of supporting N, N-1 and
N-2 HPS product releases, N being the latest HPS product release available to the
customer.
Effectively, systems are updated with latest qualified Security updates using a Honeywell
proprietary application which automatically deploys all the Security updates required on
the target systems. This application is typically termed as Update Manager which is
responsible for managing the qualified updates on systems hosting various Windows
Operating Systems.
2.2 Supported HPS Products
The HPS product software must be installed on the system for Update Manager to
manage the system as the Security/Non-Security updates are qualified on various HPS
product releases. The Update Manager application cannot manage an Operating System
which does not have any of the HPS product software installed on it.
The following table describes HPS product releases which are Supported by the Update
Manager.
If a HPS product is not mentioned in the list below, then that product is not supported by
Update Manager and it is recommended to contact the local TAC for registering a request.
ATTENTION
Update Manager doesn’t support all HPS products by default, using ISO
on a product node not supported by Update Manager will not help a user
to keep system updated with latest qualified security updates.
ATTENTION
USB lockdown policy must be disabled. Kindly follow the steps described
in section 3.6 of “SUIT-ISO-USER-GUIDE.pdf” before deploying the MS
ISO updates.
INTRODUCTION
SUIT ISO December 2019 17
ATTENTION
Microsoft Windows 7 64bit and Windows Server 2008 R2 64bit reached End of
Extended Support on 14-Jan-2020, and general security updates are no longer
available for these operating systems. Continued access to critical security
updates is available through an active Extended Security Update (ESU)
agreement with Honeywell. Please contact your Honeywell account manager for
details.
Update Manager tool supports only those systems which have ESU key installed
in it. User will not be able to proceed with update installation if ESU key is not
installed on systems with Windows 7 and Windows Server 2008 R2 operating
systems.
HPS/Third Party Product Release
Experion R400.x, R410.x, R430.x, R431.x, R432.x, R500.x,
R501.x, R510.x, R511.x,R515.x, R516.x
Experion Small Systems LSR400, HSR400, HSR410.x, HSR 430.x, HS R500,
HS R501, HS R510, HS R511
Experion Plant Cruise R100.x, LXR120.1 Patch1, LX R500, LX R501, LX
R510, LX R511
PC R100.x, PC R120.1 Patch1, PC R500, PC R501,
PC R510, PC R511
EBR R410.x, R410.x, R430, R431, R500, R501
PCUS R400.x, R431.x
Safety Manager R133.x, R146.x, R151.x, R152.x, R153.x(3,4),
R154.X R160.x, R161.x, R162.1, R200.2, R200.3,
R201.x, R210.x
Fail Safe Controller R702, R710.x, R801.x(1,2)
Safety Historian R200.x
Digital Video Manager R500.x, R600.x, R620.1, R700.1
Enterprise Buildings Integrator R500.x, R430.x, R600.1
Pulp, Paper and Printing RAE 600, RAE 601, RAE 602, RAE 603, RAE 61X.x,
RAE 700.x, RAE R701.x and RAE R702.x, TPA 690,
PMD R800.x, PMD 830.x, PMD831.x, PMD R900.x,
PMD R910.x
Field Device Manager R410.x, R430.x on x64, R430.x on x86, R440.x on
x64, R440.x on x86, R450.x on x64 and R450.x on
x86, FDM R500, FDM R501, FDM R511
INTRODUCTION
SUIT ISO December 2019 18
HPS/Third Party Product Release
Procedure Analyst 500.x, R430.x
Blending Movement Automation R400.x, R401.x, R410.x, R430.x
Profit Blending & Movement R431.x, R500.1, R501.x
PHD R340, R321, R340.X
UPS R322, R320
DynAmo R200, R120, R201.x, R202.x
AAM R321
Profit Suite R431, R442, R500, R500
CPM R570.x, R601.x, R602.x
Uniformance Trace
R120.x, R130.x
Skill IC
R101.x
Domain Controller (Only with High
Security Policies)
Windows 2008 SP2, Windows 2008 R2
SP1, Windows 2012, Windows 2012 R2, Windows
2016
VCenter Server 5.0, 5.5, 6.0
Network Attached Storage Windows 2012 R2, Windows 2016
Carbon Black-8.0.0 Windows Server 2016, 64bit, No Service Pack
SPA 120 Windows Server 2016, 64bit, Windows Server 2012
R2
Process Safety Analyzer R115 Windows Server 2012 R2, 64bit, No Service Pack
NOTE
NOTE III
The following updates are “Not Applicable” for the EPKS R410.X nodes
using RS-Linx PCIC Driver on Windows 2008 R2 SP1 and will fail
installing: KB3155413 & KB2921916.
INTRODUCTION
SUIT ISO December 2019 19
NOTE
NOTE IV
The Optional updates are excluded from the ISO media, due to the size
constraints.
Also, the “Optional Updates” recommendation document is provided with
ISO media, where the user can download and install the necessary
optional updates based on the recommendations provided for EPKS
4xx/5xx releases.
NOTE
NOTE V
From March-17 onwards providing four ISO images. i.e.
1. ISO for HPS Products/Releases running on Windows Vista SP2,
Windows Server 2008 SP2, Windows 7 SP1-x86, and Windows
Server 2008R2 SP1 and Windows 7 SP1-x 64 operating systems.
2. ISO1 for HPS Products/Releases running on Windows Server 2016
and Windows 10x64 operating systems.
3. ISO3 for HPS Products/Releases running on Windows Server 2012,
Windows Server 2012 R2 and Windows 8.1 operating systems. ISO
supports Domain Controller on Win 2012 SP2 with IE10 and Win
2012 R2 with IE11 only.
NOTE
NOTE VI
In some cases, (for example, prerequisites for the current updates are not
installed), the Update Manager will identify prior updates to be installed,
and the user will be presented with the option to install those prior
updates and continue the installation of the current updates. In rare
instances, the Update Manager may not be able to locate the prior
updates; in these instances, the Honeywell Technical Assistance Center
(TAC) should be contacted for assistance.
2.3 Honeywell Recommendation
Honeywell provides a recommendation with every security update which is qualified and
published at the OLS in the form of datasheets. The table below shows different
recommendations provided by Honeywell and details on the connotation of each one of
them.
The recommendations are provided by Honeywell with respect to the HPS products and
this recommendation is made in the datasheets provided for every security update against
all supported HPS products. These datasheets along with the ISO image and user guide
can be obtained from the OLS.
INTRODUCTION
SUIT ISO December 2019 20
Recommendation Description
Install
Mandatory install.
This update is related directly to Honeywell software. This
update has been qualified for installation and should be installed
at the earliest convenience. Please use the installation
procedures as per the Microsoft instructions (click the link in the
Microsoft KB Article column) associated with the update.
Install-Optional
Optional install.
This update is related to approving the optional software
loaded on a node, an example of this is Microsoft Excel. This
update has been qualified for installation and should be installed
at the earliest convenience based on the existence of the
approved optional software. Please use the installation
procedures as per the Microsoft instructions (click the link in the
Microsoft KB Article column) associated with the update.
Install – Latent
Mandatory install.
This update is related to an embedded software in the OS that is
not used by Honeywell software or recommended for use (e.g.
Outlook Express) but their existence without their updates
represents a security risk. This update has been qualified for the
installation and should be installed at the earliest convenience.
Please use the installation procedures as per the Microsoft
instructions (click the link in the Microsoft KB Article column)
associated with the update.
Exception
Do not install.
This update that is not applicable to the approved Base
Honeywell Platform software implementation. Note that the
components for the update are not present in the system.
Hold Take no action until the testing is complete, and final
recommendation has been posted to OLS.
ATTENTION
A user must complete registration with the Honeywell OLS website. to
view and download the details of Update Manager from the ISO.
3 Update Manager
3.1 supported products
Node Windows SP IE Node ID
Experion R400.8 Server (ESV, eServer, EAPP, ACE
or EHG or SIM or EBR Server or RESS)
2008 2 9 1
Experion R400.8 Client (ESF, ESC, EST, ES-CE) WIN7 1 11 2
Domain Controller on Windows Server 2008 2008 2 9 3
Domain Controller on Windows Server 2008R2 2008R2 1 11 4
Experion R410.9 (Server A, Server B, ACE,
NONRED, ESC, SCE, eServer, EHG, EAS, RESS)
2008R2 1 11 5
Experion R410.9 (ESF, EST, ESC) WIN7 1 11 6
Experion R410.9 EAPP 2008R2 1 11 7
Experion R430.x (Server A, Server B, ACE,
NONRED, ESC, SCE, eServer, EHG, EAS, RESS)
2008R2 1 11 8
Experion R430.x (ESF, EST, ESC) WIN7 1 11 9
Experion R430.x EAPP 2008R2 1 11 10
Experion R430.x Flex Server WIN7 1 11 11
Experion R431.x (Server A, Server B, ACE,
NONRED, ESC, SCE, eServer, EHG, EAS, RESS,
Orion console Server)
2008R2 1 11 12
Experion R431.x (ESF, EST, ESC, Orion Console) WIN7 1 11 13
Experion R431.x EAPP 2008R2 1 11 14
Experion R431.x Flex Server WIN7 1 11 15
Experion 432.x (Server A, Server B, ACE, NONRED,
ESC, SCE, eServer, EHG, EAS, RESS, Orion console
Server)
2008R2 1 11 16
Experion 432.x (ESF, EST, ESC, Orion console) WIN7 1 11 17
vSphere Client WIN7 1 NA 17
UPDATE MANAGER
SUIT ISO December 2019 22
Node Windows SP IE Node ID
Experion R432.x EAPP 2008R2 1 11 18
Experion R432.x Flex Server WIN7 1 11 19
Experion R500.x (Server A, Server B, ACE,
NONRED, ESC, SCE, eServer, EHG, EAS, RESS,
PCUS)
2016 NA 11 20
vSphere Client 2016 NA NA 20
Experion R500.x (ESF, EST, ESC, Orion Console,
PCUS)
WIN10 NA 11 21
vSphere Client WIN10 NA NA 21
Experion R500.x EAPP 2016 NA 11 22
Experion R500.x Flex Server WIN10 NA 11 23
HSR 430.1 ESVRA/ESVRB/FLXSRVR WIN7 1 9 24
HSR430.1 eServer 2008R2 1 9 25
LX PC 120.x (Server A, Server B, SCE, eServer, Flex
Station and Direct Station)
2008R2 1 11 26
LX PC 120. x (Server A, Server B, SCE, eServer, Flex
Station and Direct Station)
WIN7 1 11 27
PMD R830.x/831.x/R900.x/R910.x DM, DM_R on
WIN2008 SP2-32 Bit
2008 2 9 28
PMD R900.x/R910.x DM, DM_R on WIN7 SP1-32
Bit
WIN7 1 11 29
Domain Controller on Windows Server 2012 2012 NA 10 30
Domain Controller on Windows Server 2012R2 2012 R2 NA 11 31
DynAMo M&R 200.x/201.x/202.x 2016 NA 11 32
Domain Controller on Windows Server 2016 2016 NA 11 33
Experion R400.x Server or ACE or EHG or SCE or
eServer or RESS (x = 2 to 7)
2008 2 8 34
RAE R700.x AV/QCS Server with EPKS R500.x 2016 NA 11 36
RAE R701.x AV/QCS Server with EPKS R501.x 2016 NA 11 36
UPDATE MANAGER
SUIT ISO December 2019 23
Node Windows SP IE Node ID
RAE R702.x AV/ QCS Server with EPKS R50X.x 2016 NA 11 36
RAE R700.x Opstn/Desktop with EPKS R500.x WIN10 NA 11 37
RAE R701.x Opstn/Desktop with EPKS R501.x WIN10 NA 11 37
RAE R702.x Opstn/Desktop with EPKS R50X.x 2016 NA 11 37
QCS – Performance CDMV R700.1 without EPKS
R500.1
WIN10 NA 11 39
EBR 500 on Windows Server 2016 2016 NA 11 40
EBR 501 on Windows Server 2016 2016 NA 11 40
Experion R400.x eApp (x = 2 to 7) 2008 2 8 41
PHD340 / R400.x 2016 NA 11 42
UPS 322+ PHD 340 clients-64Bit WIN10 NA 11 43
RAE 60X - QCS quality server 2008 2 8 45
FDM R500/R501/R511 Server/Client/RCI
Client/RCI on Windows Server 2016
2016 NA 11 46
EPKS R500.x/501.x with PBM 500.x/501.x 2016 NA 11 47
EPKS R500.x/501.x with PBM 500.x/501.x WIN10 NA 11 48
PBM 500.x/501.x - No EPKS 2016 NA 11 49
PBM 500.x/501.x -No EPKS WIN10 NA 11 50
FDM R500/R501/R511 Server/Client/RCI
Client/RCI on Windows 10 64Bit
Win10 NA 11 51
Experion HS R500/R501/R510/R511 (SRVA,
SRVB, SCADA
WIN10 NA 11 52
Experion HS R500/R501/R510/R511 EServer 2016 NA 11 53
DynAMo M&R 120.2 2012 R2 NA 11 58
Experion R400.x Client (ESF, ESC, EST, ES-CE) (x =
2 to 7)
WIN7 1 8 59
vSphere Client WIN7 1 NA 59
AAM R321 2008R2 1 9 60
UPDATE MANAGER
SUIT ISO December 2019 24
Node Windows SP IE Node ID
AAM R321 2008R2 1 11 61
PHD R321 \ R400.x 2008R2 1 11 62
UPS 320.x \ PHD 321 clients-32Bit WIN7 1 11 63
PHD R321\ R340.x \ R400.x 2012 R2 NA 11 64
UPS 320.x \ PHD 321 clients WIN8.1 NA 11 65
Experion R501.x(ServerA, ServerB, ESV-T, ACE,
ACE-T, ESC, SCE, eServer, EHG, EAS, RESS, PCUS)
2016 NA 11 66
Experion R501.x (ESF, EST, ESC, Orion Console,
PCUS, vSphere)
WIN10 NA 11 67
RAE 60X AV\QCS Server 2008 2 8 68
RAE 60X Opstn\ Desktop Server WIN7 1 8 70
QCS – Performance CDMV R600 WIN7 1 8 71
Network Attached Storage 2016 NA 11 73
Carbon Black-8.0.0 2016 NA 11 73
Carbon Black-8.1.0 2016 NA 11 74
Experion R501.x EAPP 2016 NA 11 75
Experion R501.x (Flex Server, eServer) WIN10 NA 11 76
FDM R410.1 Server on Windows Server 2008 2008 2 8 77
FDM R410.1 Server/Client/RCI/RCI Client on Win
7
WIN7 1 8 78
Plant Cruise R100.3 Server on WIN2K8 2008 2 7 79
Plant Cruise R100.3 SCE on WIN2K8 2008 2 8 81
Experion R410.1 Server (ESV, eServer, EAS, ACE,
EHG, ESC, SCE, RESS)
2008R2 1 8 82
Experion R410.1 Client (ESF, ESC, EST, ES-CE) WIN7 1 8 83
Safety Manager R146.2/153.5/R154.x/R161.1/R200.2/R200.3/R201.x
R210.1 and Fail Safe Controller R710.x
WIN10 NA 11 84
UPDATE MANAGER
SUIT ISO December 2019 25
Node Windows SP IE Node ID
Safety Manager R200.x / 201.x / R210.1 License Server
WIN10 NA 11 84
Experion R410.1 eApp 2008R2 1 8 85
Experion R510.x (Server A, Server B, ACE,
NONRED, ESC, SCE, eServer, EHG, EAS, RESS,
PCUS)
2016 NA 11 86
Experion R510.x (ESF, EST, ESC, Orion Console,
PCUS)
WIN10 NA 11
87
Experion R510.x EAPP 2016 NA 11 88
Experion R510.x Flex Server WIN10 NA 11 89
RAE 61X.x AV/QCS Srv on WIN2K8 R2 SP1 IE8 2008R2 1 8 93
RAE 61X.x Opstn/Desktop on WIN7 SP1 IE8 WIN7 1 8 94
RAE 61X.x Qlty Srv on WIN2K8 R2 SP1 IE8 2008R2 1 8 95
Network Attached Storage 2012 R2 NA 11 96
TPA GUS/DxM 032/005 Win7 SP1 IE8-32 Bit WIN7 1 8 97
TPA GUS 032 on Win7 SP1 IE8-64 Bit WIN7 1 8 98
TPA GUS 032 on Remote Srv Win2K8 SP1 IE8 2008R2 1 8 99
Experion LS R400 – Server, Flex and ACE WIN7 1 8 100
Experion HS R400 – Server and Flex WIN7 1 8 101
PCUS R400.1 on Win7 SP1 IE8 WIN7 1 8 102
CPM 570.x 2008R2 1 11 103
CPM 570.x on Win7 SP1 -32 Bit WIN7 1 11 104
CPM 570.x on Win7 SP1 -64 Bit WIN7 1 11 105
CPM 570.x WIN8 NA 11 106
PMD R800.x Srvr/RHS on WIN2K8 R2 SP1 2008R2 1 8 109
PMD R800.x HMI, Console on WIN7 SP1-64 Bit WIN7 1 8 110
Safety Manager R146.2/153.5/
R154.X/R162.x/R200.2/R200.3/ R201.x,R210.1
2016 NA 11 111
UPDATE MANAGER
SUIT ISO December 2019 26
Node Windows SP IE Node ID
Safety Manager R200.x / R201.x / R210.1
License Server 2016 NA 11 111
PMD R800.x DM, DM_R on WIN7 SP1-32 Bit WIN7 1 8 112
FDM R430.1/R440.1 Server on Windows Server
2008R2 SP1- 64 Bit
2008R2 1 8 113
FDM R430.1/R440.1 Server/Client/RCI/RCI Client
on Win 7 SP1-64 Bit
WIN7 1 8 114
EBR 410.1 on Win2008 SP2 IE8 2008 2 8 115
Profit Suite R442 / R501 2016 NA 11 116
Profit Suite R442 / R501 WIN10 NA 11 117
Profit Suite R442 / R501 2012 R2 NA 11 118
Profit Suite R442 2012 NA 10 119
Profit Suite R442/R431/ R501 2008R2 1 11 120
Experion R410.2/R410.3 Server (ESV, eServer,
EAS, ACE, ESC, EHG, SCE, RESS)
2008R2 1 8 121
Experion R410.2/R410.3 Client (ESF, ESC, EST,
ESCE)
WIN7 1 8 122
Experion R410.2/R410.3 eApp 2008R2 1 8 123
DVM R500.1 on Windows Server 2008 R2 IE8 2008R2 1 8 126
DVM R500.1/R600.1/R620.1 on Windows Server
2008 R2 IE11
2008R2 1 11 127
DVM R500.1 on Windows 7 SP1-64 Bit IE8 WIN7 1 8 128
DVM R500.1/R600.1/R620.1 on Windows 7 SP1-
64 Bit IE11
WIN7 1 11 129
Profit Suite R442 on Windows 7 SP1-64 Bit IE11 WIN7 1 11 130
Profit Suite R431 2008 2 9 131
DVM R500.1 on Windows 7 SP1-32 Bit IE8 WIN7 1 8 132
UPDATE MANAGER
SUIT ISO December 2019 27
Node Windows SP IE Node ID
DVM R500.1/R600.1/R620.1 on Windows 7 SP1-
32 Bit IE11
WIN7 1 11 133
Profit Suite R431 on Windows 7 SP1-32 Bit IE11 WIN7 1 11 134
EBI R500.1 Server 2012 R2 NA 11 135
EBI R500.1 Remote Point Server, Client WIN10 NA 11 136
CPM R601.x / R602.x 2016 NA 11 137
CPM R570.x / R601.x / R602.x 2012 R2 NA 11 138
Procedure Analyst R430 2008R2 1 NA 139
Procedure Analyst R430 WIN7 1 NA 140
EBI R430.x 2008R2 1 11 141
EBI R430.x/R500.1 on Win 7 SP1-64 Bit WIN7 1 11 142
EBI R430.x on Win 7 SP1-32 Bit WIN7 1 11 143
Procedure Analyst R500 WIN10 NA 11 144
Procedure Analyst R500 2016 NA 11 145
Plant Cruise R100.3 Station and SCE on Win 7
SP1
WIN7 1 8 146
System Performance Analyzer R120.1 2016 NA 11 147
System Performance Analyzer R120.1 on
WIN2K12R2
WIN2K12R2 NA 11 148
FDM R430.1/R440.1 Server/Client/RCI/RCI Client
on Win 7, 64bit
WIN7 1 11 149
BMA With EPKS R400.x Srvr -.Net 3.5 2008 2 8 150
BMA With EPKS R410.x 2008R2 1 8 151
LX PC R500 / R501 / R510 / R511 (Server A,
Server B, SCE, eServer, Flex Station and Direct
Station)
2016 NA 11 152
LX PC R500 / R501 / R510 / R511 (Server A,
Server B, SCE, eServer, Flex Station and Direct
Station)
WIN10 NA 11 153
UPDATE MANAGER
SUIT ISO December 2019 28
Node Windows SP IE Node ID
Skills Insight Immersive Competency R101.x 2016 NA 11 154
BMA with EPKS R400.x Flex -IE8 .Net 3.5 WIN7 1 8 155
BMA with EPKS R410.x WIN7 1 8 156
Standalone OBPC Server- Win2K8 SP2 IE8 2008 2 8 157
BMA with No EPKS 2008R2 1 8 158
Experion R511.1(ServerA, ServerB, ESV-T, ACE,
ACE-T, ESC, SCE, eServer, EHG, EAS, RESS, PCUS)
2016 NA 11 159
Experion R511.1 (ESF, EST, ESC, Orion Console,
PCUS,)
WIN10 NA 11 160
Experion R511.1 EAPP 2016 NA 11 161
Experion R511.1 (Flex Server, eServer) WIN10 NA 11 162
Vcenter Server 5.0 /5.5/6.0 on Win2K8 R2 SP1 2008R2 1 NA 163
Experion HS R410.1 – Server and Flex on Win 7
SP164 Bit
WIN7 1 8 164
FDM R430.1/R440.1 Server on Windows Server
2008 SP2-32 Bit
2008 2 8 165
FDM R430.1/R440.1 Server/Client/RCI/RCIClient
on Win 7 SP1-32 Bit
WIN7 1 8 166
Experion R430.1Server (ESV, eServer, EAS, ACE,
ESC, EHG, SCE, RESS)
2008R2 1 9 167
Experion R430.1 Client (ESF, ESC, EST, ES-CE) WIN7 1 9 168
Experion R430.1 eApp 2008R2 1 9 169
EBR 410.2 on Win2008 R2 SP1 IE8
2008R2 1 8 170
PMD R910.X DM, DMR on WIn 10 32 bit, IE11 WIN10
NA
11 171
Standalone OBPC Client. N e t 3.5
WIN7 1 8 172
UPDATE MANAGER
SUIT ISO December 2019 29
Node Windows SP IE Node ID
BMA – No EPKS
WIN7 1 8 173
Experion R431.1Server (ESV, eServer, EAS, ACE,
ESC, EHG,
SCE, RESS)
2008R2
1 9 174
Experion R431.1 Client (ESF, ESC, EST, ES-CE)
WIN7
1 9 175
Experion R431.1 eApp
2008R2
1 9 176
Safety Manager
R133.x/R146.x/R151.x/R152.x/R153.x/SM-
154.X/ R160.x/R161.x/ R162.1/R200.2 and Fail
Safe Controller R710.x/801.1/801.2 on Win 7- 32
bit SP1
WIN7
1 NA 177
Safety Manager R146.x/R151.x/R152.x/
R153.x/ SM-154.X/ R160.x/R161.x/
R162.1/R200.2 and Fail Safe Controller
R710.x/801.1/801.2 on Win 7- 64 bit SP1
WIN7
1 NA 178
Safety Manager
R146.x/R151.x/R152.x/R153.x/SM-
154.X/R160.x/R161.x/R162.1 and Fail Safe
Controller R710.x/801.2 on Win 2K8 R2 SP1
2008R2
1 NA 179
DVM 700 Client \ Console on Windows 10 (1903
Build)
WIN10
NA 11 180
EBI 600 on Windows 10 (1903 Build) WIN10 C 11 181
BMA with EPKS R430.x 2008R2 1 9 182
BMA with EPKS R430.x WIN7 1 9 183
BMA – No EPKS 2008R2 1 9 184
BMA- No EPKS WIN7 1 9 185
PMD R830.x/831.x Srvr/RHS on WIN2K8 R2 SP1 2008R2 1 9 186
UPDATE MANAGER
SUIT ISO December 2019 30
Node Windows SP IE Node ID
PMD R830.x/831.x HMI, Console on WIN7 SP1-64
Bit
WIN7 1 9 187
PMD R830.x/831.x DM, DM_R on WIN7 SP1-32
Bit
WIN7 1 9 188
vCenter Server 6.0 on Windows Server 2012 R2 2012R2 NA 11 189
FDM R450.1/R500 Server on Windows Server
2008R2 SP164 Bit
2008R2 1 8 190
FDM R450.1/R500 Server/Client/RCI/RCI Client
on Win 7 SP1- 64 Bit
WIN7 1 8 191
FDM R450.1/R500 Server on Windows Server
20082 SP232 Bit
2008 2 8 192
FDM R450.1/R500 Server/Client/RCI/RCI Client
on Win 7 SP1-32 Bit
WIN7 1 8 193
Safety Historian R200.2 Basic/Server on Win 7
SP164 Bit
WIN7 1 8 194
Safety Historian R200.2 Basic/Server on Win 7
SP132 Bit
WIN7 1 8 195
EBR R430.1/R431 on Win2008 R2 IE8 2008R2 1 8 196
PCUS R431.1 on Win7 SP1 IE8 WIN7 1 8 197
Safety Historian R200.2 Client on Win 7 SP1-64
Bit
WIN7 1 8 198
Safety Historian R200.2 Client on Win 7 SP1-32
Bit
WIN7 1 8 199
Experion R430.1 Flex Server WIN7 1 9 200
Experion R431.1 Flex Server WIN7 1 9 201
QCS SE 100 WIN10 NA 11 202
BMA with EPKS R431.x 2008R2 1 9 203
BMA with EPKS R431.x WIN7 1 9 204
Trace Server
2012R2
NA 11 205
UPDATE MANAGER
SUIT ISO December 2019 31
Node Windows SP IE Node ID
Trace Server
2016
NA 11 206
VMware Workstation on Windows 10 WIN10 NA 11 207
Risk Manager R150.X\160.X\170.X\171.X
NA 11 208
Enterprise Risk Manager
R150.X\160.X\170.X\171.X
2012R2 NA 11 212
EBI 500 With DVM 620 on Windows Server 2012
R2, 64bit,
WIN2K12R2 NA 11 213
EBR 430 With SM151 and SH200 ON Windows 7,
32bit, Service Pack 1
WIN7 1 11 214
EBR 430 With SM151 and SH200 ON Windows 7,
32bit, Service Pack 1
WIN7 1 11 215
PCUS R431.2 on Win7 SP1 IE9 WIN7 1 9 216
BMA with EPKS R400.x SVR ERC\EBC 2008 2 9 217
DVM 700 on Windows Server 2016
2016
NA
11 218
EBI 600 Server\Client on Win10 (1903 Build) WiN10 NA
11 219
BMA - Standalone OBPC\BPC 2008 2 9 223
BMA Standalone OBPC Client Win 7 32 bit SP1,
IE11, .Net 3.5
WIN7 1 11 226
DVM R600.1/R620.1 on Windows Server 2012 R2
IE11
2012 R2 NA 11 230
DVM R600.1/R620.1 on Windows 8.1 - 64 bit WIN8 NA 11 231
BMA with EPKS R431.x 2008R2 1 11 233
BMA with EPKS R431.x WIN7 1 11 234
BMA -No EPKS 2008R2 1 11 235
UPDATE MANAGER
SUIT ISO December 2019 32
Node Windows SP IE Node ID
BMA -No EPKS WIN7 1 11 236
Experion R515.1(ServerA, ServerB, ESV-T,
ACE, ACE-T, ESC, SCE, eServer, EHG, EAS,
RESS, PCUS)
2016
NA
11 237
Experion R515.1 (ESF, EST,ESC, orion console,
PCUS)
WIN10 NA 11 238
Experion R515.1 EAPP
2016
NA
11 239
BMA with EPKS R430.x 2008R2 1 11 240
BMA with EPKS R430.x WIN7 1 11 241
Experion R515.1 (Flex Server, eServer)
WIN10
NA 11 242
EBR R431 on Win2012 2012 NA 10 245
EBR R500.1 on Win2008 R2 IE11 2008R2 1 11 246
EBR R500.1 on Win2K12 2012 NA 11 247
PSA R115 on Windows Server 2012 R2 IE11 2012 R2 NA 11 248
BMA With EPKS R410.x 2008R2 1 11 250
BMA With EPKS R410.x Win7 1 11 251
Experion R516.1 (ServerA, ServerB, ESVT, ACE,
ACE T, ESC, SCE, eServer, EHG, EAS, RESS, PCUS)
2016 NA 11 252
Experion R516.1(ESF, ESC, EST, Orion Console,
PCUS)
WIN10 NA 11 253
Experion R516.1 EAPP 2016 NA 11 254
Experion R516.1 (Flex Server, eServer) WIN10 NA 11 255
BMA with EPKS R432.x 2008R2 1 11 256
BMA with EPKS R432.x WIN7 1 11 257
RAE 61X.x AV/QCS Srv on WIN2K8 R2 SP1 IE11
(EPKS 410.x)
2008R2 1 11 261
UPDATE MANAGER
SUIT ISO December 2019 33
Node Windows SP IE Node ID
RAE 61X.x Opstn/Desktop on WIN7 SP1 IE11
(EPKS410.x)
WIN7 1 11 262
FDM R430.1/R440.1 Server on Windows Server
2008R2 SP1- 64 Bit, IE11
2008R2 1 11 264
FDM R430.1/R440.1 Server/Client/RCI/RCIClient
on Win 7 SP1-32 Bit, IE11
Win 7 1 11 265
FDM R450.1/R500/R501 Server on Windows
Server 2008R2 SP164 Bit, IE11
2008R2 1 11 266
FDM R450.1/R500/R501 Server/Client/RCI/RCI
Client on Win 7 SP1-64 Bit, IE11
WIN7 1 11 267
FDM R450.1/R500/R501 Server/Client/RCI/RCI
Client on Win 7 SP1-32 Bit
WIN7 1 11 268
Windows 2008 operating system WIN8 1 11 269
Windows 7 operating system WIN7 2 11 270
Windows 7 operating system WIN7 1 11 271
Windows 2008R2 operating system 2008R2 1 11 272
Windows Server 2012 operating system Windows
Server 2012
1 11 273
Windows 8.1 operating system Windows
8.1
NA 11 274
Windows Server 2012 R2 operating system Windows
Server 2012
R2
NA 11 275
Windows 10 operating system Windows 10 NA 11 276
Windows Server 2016 operating system Windows
Server 2016
NA 11 277
3.2 Checking for Available Updates
As mentioned above, when the ISO is mounted on a target system, the Update Manager
invokes the following window.
UPDATE MANAGER
SUIT ISO December 2019 34
A left click on Check All Updates would enable the Update Manager to read the
configuration file from the local directory and parse the information to determine a list of
Security/Non-Security updates that have been qualified for a particular node. Additionally,
the Update Manager checks whether the updates have already been installed on the
system.
If the updates are not installed, they are included in a custom batch file which is used for
automatic installation there by making sure that only those updates are listed as Required
Updates which are not installed on a target system, as shown in the screenshot below.
A left click on the Load Updates which is placed at the bottom of Required Updates
window; this will initiate an installation of all the Required Updates listed above. If an
update is already installed on the target system, then the Update Manager does not list
that update in the Required Updates window.
After initiating the load updates, a command line window opens up to process the
installation of updates as shown below. It is recommended to read information inside this
window before the user acknowledges by pressing any key.
UPDATE MANAGER
SUIT ISO December 2019 35
UPDATE MANAGER
SUIT ISO December 2019 36
ATTENTION
Update Manager tools in May 2019.ISO and May1 2019.ISO rerun the
installer automatically post reboot and check if all the required updates
are installed or not. If all the required updates are installed, then user will
be prompted with a message “No more updates are required for this
node”.
In addition, the SQL Server and the DST Security updates are not installed
automatically on servers and users must install manually by following the
special instructions available below.
\SPECIALHANDLING\ directory.
Please note that, in case if the SQL Server or the DST security updates are
not installed on the system, the Update Manager tool lists those updates
on restart until these updates are installed.
A check box has been added for the user’s input if a reboot is required.
• Selecting this check box before applying the updates will result in
automatic restart of the system, after installing all the updates.
• Not selecting this check box will result in waiting for the user
confirmation, to reboot the system after applying all updates.
All activities are logged into the following files:
• %windir%\honeywell_mspatches.txt - This log file is for auditing
only and contains all information about what is required to be on
the node and what was installed. This file is appended each time
whenever the application is run. If there is an issue with the Update
Manager application, please contact TAC for further assistance.
• %windir%\honeywell_required_updates.log - This log file is for
auditing only and contains a log of required updates for a specific
node. This file is overwritten whenever the application is run.
• %windir%\honeywell_installed_updates.log - This log file is for
auditing only and contains a log of installed updates for a specific
node. This file is overwritten whenever the application is run.
NOTE
%windir% is the directory that you installed windows.
For example, C:\Windows.
Log file location for EPKS R5xx nodes will be at:
<SoftwarePath>\Honeywell\Experion PKS\Install.
If you do not wish to load the patches, click Cancel and no changes will be
made to the system. The batch file will not be deleted from the system.
UPDATE MANAGER
SUIT ISO December 2019 37
3.3 Validating Security Updates
As mentioned above, when the ISO is mounted on a target system, the Update Manager
invokes the following window.
A left click on Check Security Updates Only lists only the security updates which are
qualified to be installed on that node. The Update Manager finds the security updates
which are installed on the system and it is ensured that only those updates which are not
present on the system are listed in the Required Updates window as shown below.
A left click on Load Updates starts installing the required security updates.
3.4 Validating Non-Security Updates
As mentioned above, when the ISO is mounted on a target system, the Update Manager
invokes the following window.
UPDATE MANAGER
SUIT ISO December 2019 38
A left click on Check Non-Security Updates Only lists only the Non-Security updates
which are qualified to be installed on that node. The Update Manager finds the Non-
Security Updates which are installed on the system and it is ensured that only those
updates which are not present on the system are listed in the Required Updates window
as shown below.
A left click on Load Updates starts installing the required Non-Security Updates.
3.5 Validating Latest ISO
If an older version of ISO is used, the Update Manager displays a message as shown
below. It is always recommended to use the latest version of ISO available at Honeywell
OLS.
UPDATE MANAGER
SUIT ISO December 2019 39
If the system is already installed with the latest updates, then the Update Manager
notifies the user that the system is already installed the with latest security updates as
shown below.
When the ISO is mounted on a system which is not supported, then the Update Manager
informs a user with the message shown below. It is recommended to contact the local TAC
for further details.
ATTENTION
The Update Manager is disabled if Auto Logon feature of Windows is
enabled on the local node. This is done to ensure that the user must log in
to the computer with their credentials and not with administrator
privileges.
Contact Honeywell, if you have any comments or problems with the
Update Manager or with the installation of Microsoft updates. Ensure
that you have downloaded the latest ISO image from OLS.
If you continue to have problems, log on to the OLS site and click Contact
Honeywell Process Solutions.
3.6 Viewing ISO Configuration File
As mentioned above, the Update Manager invokes the following window, when the ISO is
mounted on a target system.
UPDATE MANAGER
SUIT ISO December 2019 40
A click on View Config in Notepad launches the ISO configuration file with a notepad and
the user can look in to this file for details on ISO configuration.
ATTENTION
The configuration file provides information on an application level and it
is not recommended to open the configuration file unless required.
3.7 Known Issues and Workarounds
This section provides information on the list of known issues and the corresponding
workarounds to address them.
3.7.1 Known Issue: Updates fail to install due to USB lockdown enabled. Ex: KB982018, KB2775511
Workaround: When usbstor.inf and usbstor.pnf files have non-inherited rights, the
workaround is as follows.
Disable USB Lockdown policy:
1. Go to Start > Run, type “regedit” and press enter to open the registry editor.
2. Navigate to the following key.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\USBSTOR
3. In the right pane, select Start and change the value to 3.
NOTE
The value 4 will disable USB to OK. This will re-enable USB Ports and
allow you to use USB or Pen drives.
UPDATE MANAGER
SUIT ISO December 2019 41
4. If you cannot find Start under USBSTOR, right click USBSTOR and then select
Permission.
5. Click Advanced.
6. Remove non-inherited rights from the Permissions tab.
7. Check if right permissions are granted for usbstor.inf and usbstor.pnf files:
a. Log in as local administrator
b. Navigate to C:\Windows\inf
c. Change the owner of usbstor.inf to administrators (local pc)
d. Edit the security and set to inherit from parent folder Remove non-inherited
rights from the file
e. Repeat step 2 – 5 for usbstor.pnf file
f. Install KB3139398 Patch only and then restart the PC
8. Install MS ISO.
3.7.2 Known Issue: SUIT ISO DVD is taking hours to deploy when a system has WSUS, but the user wants to use the SUIT ISO to align the system.
Workaround: When WSUS is used, please perform the following steps on the system
before running the SUIT ISO.
Export and remove the below registry key bookmark
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate
For more information, refer to the guide, Steps to clear windows services logs .docx
UPDATE MANAGER
SUIT ISO December 2019 42
Steps to clear Windows History on Windows Operating System.
1. Press Windows+R, enter services.msc in the Run dialog, and then click OK to open
the Services window.
2. Select and right-click on the Background Intelligent Transfer Services, and then
click Stop service.
3. Run the SUIT ISO.
4. Reboot the System.
5. Import the exported registry key from Export and remove the below registry key.
6. Reboot the System.
UPDATE MANAGER
SUIT ISO December 2019 43
3.7.3 Known Issue: DVM R500/R600/R620 and EBI R430
Security Update for Group Policy: KB 3163622 Issue found with this update.
MS16-072: Security update for Group Policy is causing issues for many customers. Some
possible problems caused by the update:
• Drive mappings don’t work
• Settings changed through GPO are no longer retained
• Shortcuts to applications on user's desktops are missing
Reference: http://windowsitpro.com/patch-tuesday/patch-tuesday-security-
updategroup-policy-breaks-gro policy
Workaround: If the update is installed and the issues mentioned are observed, uninstall
this update.
3.7.4 Known Issue: SUIT ISO failed on RAE node
SUIT ISO installation is getting failed on RAE Node for June ISO for RAE 61X.x AV/QCS Srv,
R700.X & RAE R701.x Opstn/Desktop (EPKS 500.x & EPKS 501.x)
Workaround: None.
3.7.5 Known Issue: DVM R600/R620/700 and EBI R500/600 On Windows 10/Windows Server 2016.
When the Load Updates button is clicked, an exception is thrown stating that
“MyPatchList.txt” is not found in C:\Windows directory.
Workaround: Following the steps below.
1. Close the Update Manager tool.
2. Go to C: drive.
3. Copy the “C:\MyPatchList.txt” file.
4. Go to “C:\Windows” directory.
5. Paste the “MyPatchList.txt” file in “C:\Windows”.
UPDATE MANAGER
SUIT ISO December 2019 44
6. Relaunch the Update Manager tool and install updates.
3.7.6 Known Issue: On certain scenarios installing MS update using Dec 2019 ISO may cause OS crash.
PAR DESCRIPTION
On certain scenarios installing MS update
using Dec 2019 ISO may cause OS crash.
Background: Honeywell testing found that
installing MS update using December 2019
ISO causes operating system crash on a
system where July 2019 ISO or prior version
of the ISO is used to install MS updates.
Workaround: First Install MS update using
Nov 2019 and then install MS update from
Dec 2019 ISO
Solution: Honeywell is working with
Microsoft for root cause and solution.
3.7.7 Known Issue: ELCN Nodes get stuck in LOC_LOAD after installing Security Update Nov ‘19 or later.
Problem Description:
On Experion R5xx with ELCN, we have identified that ELCN Nodes may get stuck in
LOC_LOAD after installing Security Update November, or later. Honeywell has identified
the problem and recommends modifying the Windows Firewall rules to include the
LCNP4Emulator process.
This only applies to the PC-based ELCN Nodes, and not the UEA/UVA-based ELCN
Appliance Nodes.
KB impacting the ELCN Nodes as follows
November - KB4525236
December - KB4530689
January - KB4534271
Any future KBs
UPDATE MANAGER
SUIT ISO December 2019 45
Applicable release and node type
Experion R5xx with ELCN
Node type: Applies to ESVT, ES-T, E-APP, ACE-T and ELCN HM
Resolution
Honeywell has produced a hotfix which automates the Windows firewall rules creation.
On the applicable ELCN nodes. Right click on the exe and Run as administrator
On successful completion, it provides a message “Experion PKS R5XX ELCN PAR1-
C6ISG33 Hotfix installation completed successfully”. Click on OK.
Note: If LNCNP4emulator is not present, then it will display a message “ This patch is not
applicable on this node”
Instructions for download:
Once logged in to www.honeywellprocess.com, you would go to the Support Section, then
search for 106148
3.7.8 Known Issue: Microsoft Security Update September ’19 ->Jan ‘20 might cause a memory leak in Experion Station on Experion R43x and R5xx.
Problem Description:
Microsoft is still working on resolution; the January 2020 is also impacted. It is safe to
deploy security updates with the script workaround found in article 105374.
Microsoft has informed us that the problem is also applicable to Windows 7/W2008,
therefore it also impacts Experion R43x and R400/410 with IE11. The workaround can be
safely used with the last KB installed.
HPS Technical Support would like to inform that Microsoft has introduced a product
anomaly in Windows 7/W2008, Windows 10 & Windows 2016 September 2019-> Jan
2020 security roll up affecting Station robustness on Experion R43x, R5xx. Customers
running with August 2019 (and earlier) are not affected.
The issue is triggered by the use of VBScript in HMIWeb displays causing Station
processes to accumulate memory (memory leak) and overtime impacting Station
operations.
Microsoft has acknowledged the problem and is working on a resolution. At this time,
Microsoft is not able to provide a resolution date, we would revise this notification once
Microsoft have communicated their plan to resolve the product anomalies
UPDATE MANAGER
SUIT ISO December 2019 46
Multiple triggers have been identified, it would be therefore complicated and impossible to
modify displays to mitigate the issue, we are recommending referring to the
“recommended actions” section for mitigation plans.
Recommended Actions:
Using the PowerShell script below ran from an Domain admin account, it would possible to
verify the Station memory usage, if the memory is usage is found to be > 300Mb, it would
be the time to log off/log in the affected Station.
The script enables you to provide a coma separated list of Station computer name to
monitor (in yellow).
Get-Counter -Counter "\Process(hscStationWindow*)\Private Bytes" -ComputerName
R501Srv,R510Srv | select -ExpandProperty CounterSamples | sort -Property CookedValue
–Descending.
We have identified a method to work around the issue with a simple Station script, it can be
found in article 105374. With the script, the memory leak is mitigated and there is no need
to log off every day.
3.7.9 Known Issue: KB3125574 install failed on Windows Server 2008 R2 and Windows 7 using August 2019 ISO or later
Symptoms
KB3125574 install failed on Windows Server 2008 R2 and Windows 7 using August 2019
ISO or later.
Context
• Experion Server R43x
• MS(SUIT) ISO
UPDATE MANAGER
SUIT ISO December 2019 47
Diagnosis
KB3125574 installation was completed successfully but status changed back to fail
after reboot.
Cause
3rd Party Application
Resolution
1. Go to UPDATES\MU19-010 folder inside ISO.
2. Double Click WINDOWS6.1-KB3125574-VW-X64.MSU to install manually.
3. When installation complete, don’t reboot the PC.
4. Click Windows Start button then type “msconfig” to run
5. On the Services tab of System Configuration, select Hide all Microsoft services, and
then select Disable all.
UPDATE MANAGER
SUIT ISO December 2019 48
6. Click OK then reboot the PC.
7. Confirm KB3125574 installation status is still Successful after reboot.
8. Click Windows Start button then type “msconfig” to run
9. On the Services tab of System Configuration, select Hide all Microsoft services, and
then select Enable all.
10. Click OK then reboot the PC.
TERMS AND DEFINITIONS
SUIT ISO December 2019 49
4 Terms and definitions
The table below lists the terms used in this document.
Terms Definitions
Update Manager This is a tool designed to manage all the Security and Non-Security
updates supported for all the HPS product nodes.
NOTICES
SUIT ISO December 2019 50
5 Notices
Documentation feedback
You can find the most up-to-date documents on the Honeywell Process Solutions support
website at:
http://www.honeywellprocess.com/support
If you have comments about Honeywell Process Solutions documentation, send your
feedback to: [email protected]
Use this email address to provide feedback, or to report errors and omissions in the
documentation. For immediate help with a technical problem, contact your local
Honeywell Process Solutions Customer Contact Center (CCC) or Honeywell Technical
Assistance Center (TAC).
How to report a security vulnerability
For the purpose of submission, a security vulnerability is defined as a software defect or
weakness that can be exploited to reduce the operational or security capabilities of the
software.
Honeywell investigates all reports of security vulnerabilities affecting Honeywell products
and services.
To report a potential security vulnerability against any Honeywell product, please follow the
instructions at:
https://honeywell.com/pages/vulnerabilityreporting.aspx
Submit the requested information to Honeywell using one of the following methods:
• Send an email to [email protected]; or.
• Contact your local Honeywell Process Solutions Customer Contact Center (CCC) or
Honeywell Technical Assistance Center (TAC).
Support
For support, contact your local Honeywell Process Solutions Customer Contact Center
(CCC). To find your local CCC visit the website, https://www.honeywellprocess.com/en-
US/contact-us/customer-support-contacts/Pages/default.aspx.
Training classes
Honeywell holds technical training classes that are taught by process control systems
experts. For more information about these classes, contact your Honeywell representative,
or see http://www.automationcollege.com.
<<DocumentID>>
April 2020
© 2020 Honeywell International Sàrl
Honeywell Process Solutions
1250 W Sam Houston Pkwy S #150, Houston,
TX 77042
Honeywell House, Skimped Hill Lane
Bracknell, Berkshire, RG12 1EB
Building #1, 555 Huanke Road, Zhangjiang
Hi-Tech Park,
Pudong New Area, Shanghai, China 201203
www.honeywellprocess.com