NetIQ Privileged Account Manager 3.2 P1 includes few enhancements and resolves some of the previous issues.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Privileged Account Manager Community Support Forum on NetIQ Communities, our online community that also includes product information, blogs, and links to helpful resources.
The documentation for this product is available on the NetIQ website in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click the comment icon on any page in the HTML version of the documentation posted at the Privileged Account Manager Documentation Web site. To download this product, see the NetIQ Downloads Web site website.
The following sections outline the enhancements and issues resolved in this release:
OpenSSL library in Privileged Account Manager is upgraded to 1.0.2l to eliminate OpenSSL security vulnerabilities.
This patch update includes enhancements to the Change Management report and the report now provides the following additional information:
Name of the Command Control object, when you delete an object to identify the object that was deleted.
All the attributes of the object before and after modification, when you modify a command control object. Using this you can verify the values of the object after modification.
Session capture feature now captures all the user activities such as keystrokes and mouse clicks in the Command Control Keystroke reports in the form of screen shots and keystroke logs. This helps the administrator to track all the user keystrokes in the RDP session.
Privileged Account Manager 3.2 P1 includes software fixes for the following issues:
Privileged Account Manager User Authentication Through Active Directory Fails with an Error
Error Message Is not Displayed When Unauthorized Users Configure Syslog Server Connection
Applications Hang When You Access Multiple Application Simultaneously in an RDP Relay Session
SQL Server Management Studio 2008 Crashes with an Error in an RDP Relay Session
Video Audits of Multi-Display Setup Are Not Captured Properly
Reporting Console Does Not Display Any Error Message for Audit Failure
Issue: When there are large number of user objects in the AD domain, Privileged Account Manager user authentication through Active Directory (AD) fails with the error message Warning, LDAP search failed, error 1 (Operations error).
Fix: Privileged Account Manager user authentication through AD is now successful. (Bug 1054000)
Fix: SSH Relay now accepts username with special characters such as period (.), hyphen (-), and underscore (_). (Bug 1052756)
Fix: Command Control Reports now do not display SSH relay password. (Bug 1045751)
Issue: When an unauthorized user configures syslog server connection, the success message is displayed in the UI even though the update fails. (Bug 1047149)
Fix: Error message is displayed when unauthorized users configure syslog server connection.
Issue: When you access multiple application simultaneously with session and video capture on in an RDP session, the application hangs. This issue occurs only on Windows 7 and Windows 10 platforms. (Bug 1047045)
Fix: RDP relay session works successfully when accessing multiple applications in Windows 7 and Windows 10.
Fix: SQL Server Management Studio 2008 does not crash in an RDP relay session. (Bug 1055320)
Issue: The video audits of the multi-display setup contains a black area instead of the extended display content when you change the resolution by connecting or disconnecting the display. (Bug 1047047)
Fix: Video audits of multi-display setup are now captured properly.
Issue: When there is an audit failure for Direct RDP session due to incorrect command control policy, the Reporting Console does not display any error message. (Bug 1057691)
Fix: Reporting Console now displays appropriate error messages for audit failure.
For information about hardware requirements, supported operating systems and browsers, and software requirements, see Installation Requirements
in the NetIQ Privileged Account Manager 3.2 Installation Guide.
Privileged Account Manager supports two ways to install the patch update. You can use any of the following ways:
WARNING:When you install this patch update on versions less than 3.2, Privileged Account Manager agents and framework managers on Windows reboot automatically. This happens as some of the Windows components required by Privileged Account Manager are updated in this patch update. Therefore, plan for a system downtime before installing this patch update.
NOTE:When you are installing this patch update on Windows Server 2008 R2, ensure that the Windows Server contains the security update 3033929 or any update that supersedes it. This security update is required to support SHA-2 signing and verification. For more information, see Rexec package offline after updating to 3.2.0.1 on Windows 2008 R2.
You can configure your system to use the NetIQ Customer Center (NCC) and use the Package Manager to distribute the patch update. See Section 3.1, Using the Package Manager with NCC.
You can download the patch update from the download site, install it on a local system, then use the Package Manager to distribute the patch update. See Section 3.2, Using the Package Manager with a Local Server.
This patch includes the following packages:
Command Reporting Console (report command)
Command Control Manager (cmdctrl)
Registry Manager (registry)
SSH Relay Agent (sshrelay)
Framework Patch (spf)
Privileged Credential Manager (prvcrdvlt)
Command Control Agent (rexec)
Reporting Console (audit)
Administration Manager (admin)
Access Manager (auth)
Audit Manager (audit)
Configure the Package Manager by using the Novell Update Server:
Log in to the Framework Manager console.
Click Package Manager > Settings.
From the drop-down, select Novell Update Server.
Configure the following fields:
User name: Specify the user name that allows you to log in to the NetIQ Customer Center.
Password: Specify the password that is associated with this account.
To view the update server information, select Advanced Settings.
Select the Packages checkbox, the following URL is configured:
https://nu.novell.com:443/PUM/packages
Click Finish.
(Conditional) Configure the Package Manager by using the Local Package Manager:
Log in to the Framework Manager console.
Click Package Manager > Settings.
From the drop-down, select Local Package Manager.
Fill in the following fields:
Host name: Specify the DNS name of the host.
Port: Specify the communication port. The default is 29120.
The Local Package Manager is a Framework host that has been configured to store the packages.
(Conditional) If you do not have the Framework patch loaded in your Package Manager:
Click Package Manager on the home page of the console, then click Add Packages.
Configure the Package Filter to display the packages you need.
Platform: Select required platforms. Make sure you select Cross Platform, which displays the console packages that run on all platforms.
Types: Select at least Console, Module, and Patch.
Components: Select all of them: Command Control, Framework, and Miscellaneous.
Select all the packages that are listed. Make sure you select the Framework Patch.
Click Next, then click Finish when the packages have been successfully downloaded.
To ensure that all packages are up-to-date, click Check for Updates.
Select any packages that are listed.
Click Next, then click Finish when the packages have been successfully downloaded.
Load the updates:
In the Package Manager page, click Check for Updates.
If updates are listed, select the packages, then click Next.
After the patch update is loaded, click Finish.
To push the patch update to your host machines, continue with Section 3.3, Installing the Patch Update on Host Machines.
Download the patch update manually:
On the NetIQ Downloads site, select the Basic Search tab.
On the right pane, select Search Patches.
On the Patch Finder page, select Privileged User Manager from the list of products.
Click Search, then click Privileged Account Manager 3.2.
This displays the current patch update.
Download Privileged Account Manager 3.2 Patch Update 1.
Extract and publish packages into the Framework:
Copy the netiq-npam-packages-3.2.0.1.tar.gz file to any of the Privileged Account Manager machines.
Extract netiq-npam-packages-3.2.0.1.tar.gz into a temporary location, for example, /tmp/framework/ directory.
tar -xvf netiq-npam-packages-3.2.0.1.tar.gz
Use the following command to publish the packages to the Package Manager:
Replace <admin> with the name of your admin user.
For Linux and UNIX platforms:
/opt/netiq/npum/sbin/unifi -u <admin> distrib publish -d /tmp/framework
NOTE:If you are using PUM 2.3.3 or earlier versions, run the following command:
/opt/novell/npum/sbin/unifi -u <admin> distrib publish -d /tmp/framework
For Windows platforms:
c:\Program Files\netiq\npum\bin\unifi -u <admin> distrib publish -d c:\tmp\framework
NOTE:If you are using PUM 2.3.3 or earlier versions, run the following command:
c:\Program Files\novell\npum\bin\unifi -u <admin> distrib publish -d c:\tmp\framework
When prompted, enter the name and password for the administrator.
To push the patch update to your host machines, continue with Section 3.3, Installing the Patch Update on Host Machines.
During the process of installing the packages through the Framework, you can create a backup of the existing packages that you are replacing. To create the backup, you need to leave the Create backup option enabled when installing the patch update. Then, if you want to remove the update, you can use the Rollback Packages option.
You can choose to install the patch update on all hosts or on selected hosts.
Log in to the Framework Manager console.
To install the patch update on all hosts (if you want to install the patch update on only selected hosts, skip to Step 3):
On the Home page, click Hosts.
Select the root domain.
In the left pane, select Update Domain Packages.
Select the desired packages for the respective hosts.
Click Next.
Click Finish.
To install the patch update on selected hosts:
Click Hosts > Update Packages on the home page of the console.
Select the desired packages for the respective hosts.
Click Next.
Click Finish.
Reboot all the hosts in which you have installed this patch update.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Section 4.2, The Run as privileged user Option Is Not Displayed on a Windows 2012 Server
Section 4.5, The Changes to the Syslog Settings Do Not Get Applied
Section 4.6, Cannot Uninstall Privileged Account Manager 3.2 Through Windows Add/Remove Programs
Section 4.7, NPAM Service Commands Does Not Work In SUSE Linux Enterprise Server 12 or Later
Issue: Selecting and moving multiple objects by using the Shift/ Ctrl key does not work.
Workaround: To move multiple objects, you can use shift + select the required objects, or use Select All. (Bug 915307)
Issue: When you right-click Start on a Windows 2012 server, the Run as privileged user option does not get displayed. (Bug 901032)
Workaround: To workaround this issue, right-click the application in the folder where the application is installed to execute Run as privileged user.
Issue: When Command Control Objects are added simultaneously in large numbers, the objects do not appear in the console. This is an intermittent behavior. (Bug 908307)
Workaround: No Workaround.
Issue: In the administration console, when you search for unregistered hosts by clicking Hosts > List Unregistered Hosts > IP Range, the Failed to list unregistered agents error is displayed. (Bug 832747)
Workaround: Ensure that when you install Agents, you register it with the Manager for Privileged Account Manager.
Issue: In the Reporting console of Privileged Account Manager when you save the changes to syslog settings, such as select SSL, or Allow Persistent Connections, the changes are not applied. (Bug 895993)
Workaround: To workaround this issue, restart Privileged Account Manager.
Issue: Uninstalling Privileged Account Manager 3.2 through Windows Add/Remove Programs displays an error. This issue occurs only when the Privileged Account Manager is upgraded to 3.2 using Privileged Account Manager 3.2 installer. (Bug 1029461)
Workaround: Uninstall Privileged Account Manager through command line or Privileged Account Manager 3.2 installer.
Issue: The NPAM service commands such as start, stop, restart and status does not work in SUSE Linux Enterprise Server 12 or later. (Bug 1041284)
Workaround: To workaround this issue, perform one of the following:
Reboot the system using the following command:
reboot
(or)
shutdown -r now
Kill and restart the NPAM process using the following command:
pkill unifid
/etc/init.d/npum start
After performing one of the preceding steps, you can verify the NPAM process running status by executing the following command:
/etc/init.d/npum status
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information website.
For general corporate and product information, see the NetIQ Corporate website.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
Copyright © 2017 NetIQ Corporation. All Rights Reserved.