Deep Freeze 8.70 - Withdrawn from release.

Update - 9:20 AM 2/23/2023

Further investigation of this issue has determined that a race condition exists during the process of upgrading the Deep Freeze Service in Deep Freeze Cloud. This race condition can result in Deep Freeze Service being unable to suppress a Secure Channel Password change on a workstation joined to an Active Directory Domain.

This issue does not apply to you if:

• You are a Deep Freeze Enterprise or Standard customer. Those customers are not affected by the v8.70 withdrawal. 

• Your devices are not joined to an Active Directory Domain.

This issue may be relevant to you if the following conditions apply:

• You are a Deep Freeze Cloud customer 

• Your Deep Freeze service was upgraded to version 8.70 when it was released on production between Fri, Feb 17, 4:20 PM (PST) and Mon, Feb 20, 10:21 AM (PST)

• Your computers are experiencing Domain Trust issues and using the Secure Channel Feature of Microsoft AD Domain Services

This condition is limited to the process of performing a version upgrade of Deep Freeze from the Deep Freeze Cloud platform. 

If your computer has experienced this issue and you have re-connected the device to your domain then no further action is required as the issue only occurs during the upgrade process. 

If you are not currently experiencing the Domain Trust issues, we recommend:

Reboot the computer into a Thawed state at least once if it has never been Thawed after it was upgraded to v8.7. You can reboot Frozen shortly afterward. 

If you are currently experiencing Domain Trust issues, we recommend:

The script below can be used to repair the Secure Channel Password on the client device. This script will need to be run from an elevated command prompt and will need to be updated to include s set of credentials that have the appropriate rights to bind a device to your Active Directory environment. 

As this script does require that the credentials be embedded in the script we recommend creating a service account that is only used for the purposes of running this script and that you disable the account once the process is complete.

If you’re using Deep Freeze Cloud, use one of the options below;

1. Schedule a Batch File Workstation Task from within your Deep Freeze policy. 

2. Execute a Custom Script from the Applications page if you’re an Ultimate bundle subscriber (we’re happy to extend a trial license if necessary). 

3. Use the Push & Launch or Remote Execute functionality on the Deep Freeze on Demand page.

4. Push the script from a 3rd party management tool.

Note: While this script can be run on a machine while Frozen, the changes will be lost after a reboot. Deep Freeze Workstation Task will automatically handle the Thaw and Freeze. Other methods of running this script will require that you manually Thaw the device, run the script, and then return the computer to a Frozen state. 

@echo off
set domain=<replace with the name of your domain controller>
set username=<replace with the username and password for a domain admin eg domain\user>
set password=<replace with the password for the user referenced above>
ECHO Resetting domain password.
powershell.exe -Command "& {Reset-ComputerMachinePassword -Server %domain% -Credential (New-Object System.Management.Automation.PSCredential ('%username%',(ConvertTo-SecureString '%password%' -AsPlainText -Force)))}"
ECHO Script Complete

If you need help with this, please feel free to contact the Faronics Support team for more help. The team can be reached via email at support@faronics.com, through this portal, or at +1 800-943-6422 or +1 604-637-3333. 

--ORIGINAL POST--

We have received several reports regarding the Deep Freeze 8.70 release and its ability to manage the Secure Channel Password changes on the client devices. Out of an abundance of caution, we are therefore pulling back the 8.70 release while we investigate and address these reports. 

If you have not yet upgraded then no action is required and we will provide further updates once we have a fix in place to address this issue and the 8.71 release once available.

If you have already updated please open a support ticket with us via email at support@faronics.com and we will provide further guidance on what the next steps are for your case.

On behalf of the Faronics Team, we apologize for this inconvenience and thank you for your patience while we look into this matter further. Further updates will be posted here as they become available.