NetIQ Privileged Account Manager 3.2 P5 resolves some of the previous issues.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Privileged Account Manager Community Support Forum on NetIQ Communities, our online community that also includes product information, blogs, and links to helpful resources.
The documentation for this product is available on the NetIQ website in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click the comment icon on any page in the HTML version of the documentation posted at the Privileged Account Manager Documentation website. To download this product, see the NetIQ Downloads website.
The following sections outline the enhancements and issues resolved in this release:
The REST call for SSH agent module has been implemented to get the SSH host key of the target server.
Session Recordings are Trimmed when Screen Scaling is Set to 125% or Higher
Intermittent Connectivity Issues and Client Timeout from WinSCP SFTP through SSH Relay
SSH connection Fails to a Target Server when Banner is Enabled on the Target System
Command Control Authorization fails when the Command included in Rule is not Enclosed in Asterisks
Enhanced Access Control Capability to Control Kill Command does not Work
All Registered Agents become Unregistered after License is Added to Privileged Account Manager
Rewind and Forward Buttons do not work when an Auditor plays an SSH Tunnel Session Recording
X11 Enable Check Box is Displayed Only when Account Domain is SSH Type
Issue: Privileged Account Manager does not monitor the following on Windows server:
Windows Explorer intermittently.
Folder and File operations from Windows Explorer at the command level.
In a reconnected session, applications that were running prior to the disconnection. (Bug 1100730)
Fix:
During a fresh login in Windows session or a reconnected Windows session, PAM agent monitors the operations done using Windows Explorer.
PAM agent monitors the activities done in applications that were already running in a reconnected session.
File or folder operations such as creation of a file are monitored at command level, like CreateFile <filename>. For delete operations on a file or folder in the Windows GUI, the operation is monitored using GUI audits such as Delete menu clicks.
You can use the Run as Privileged formatting option to get elevated access to a target application, based on user’s policy defined in Privileged Account Manager. (Bug 1099605)
Issue: When screen scaling is set to 125% or higher on the computer from where RDP session is initiated to the target system, the videos captured for the monitored session are trimmed and the entire screen is not captured. (Bug 1100822)
Fix: Even when screen scaling is set to 125% or higher, Privileged Account Manager records the entire screen in video captures. Ensure that the latest Microsoft Windows patches are installed on the computer for this feature to work as expected.
Issue: Secure Shell Relay (SSH Relay) connection fails with the following error: no matching mac found (Bug 1099646)
Fix: SSH relay connections work as expected and does not display an error.
SFTP connections using WinSCP now works as expected even when the target system is slow.(Bug 1099649)
SSH connection to a target server is now successful even when a SSH banner is enabled on the target system. (Bug 1099648)
Command control authorization can now be done by either entering the full path of the executable or including the executable name inside asterisks as per your requirement. You need to enclose the path of executable in double quotes if the file path includes space. (Bug 1099651)
The Enhanced Access Control (EAC) feature now controls the Kill command using the capability argument. (Bug 1101034)
Install PAM License immediately after deploy PAM manager. If License is added later, re-register the agents after you add a new license. (Bug 1100050)
The Rewind and Forward buttons now work as expected. (Bug 1099650)
You can enable or disable X11 for a policy with Credentials as Run User@Run Host and without specifying an account domain. (Bug 1102406).
For information about hardware requirements, supported operating systems and browsers, and software requirements, see Installation Requirements
in the NetIQ Privileged Account Manager 3.2 Installation Guide.
Before installing this patch update, ensure the following:
Privileged Account Manager must be on version 3.2 or later. To upgrade from versions prior to 3.2, you must first upgrade to 3.2. To install this patch, follow the instructions in Publishing the Packages on the Package Manager and Installing the Packages on Host Machines.
For more information about upgrading to Privileged Account Manager 3.2, see Upgrading NetIQ Privileged Account Manager in the NetIQ Privileged Account Manager 3.2 Installation Guide.
Windows Server 2008 R2 must contain the security update 3033929 or any update that supersedes it. This security update is required to support SHA-2 signing and verification. For more information about the security update, see Rexec package offline after updating to 3.2.0.1 on Windows 2008 R2.
Windows operating systems must be updated to latest patches for the fix of Bug 1100822 to work.
Privileged Account Manager does not monitor active Windows sessions during this patch update. So, ensure that there are no active sessions during this patch update.
The modules (packages) updated in this patch are:
Framework Patch
Command Control Agent
Command Control Console
SSH Agent
SSH Relay Agent
Administration Manager
Command Reporting Console
My Access Console
Installing the patch update includes publishing the packages on the Package Manager and installing the published packages to the Hosts.
You can publish the packages on the package manager in the following ways:
By configuring your system to use the NetIQ Customer Center (NCC) and use the Package Manager to distribute the packages. See Using Package Manager with NCC.
Download the patch update from the download site, install it on a local system, then use the Package Manager to distribute the packages. See Using Package Manager with a Local Server.
Configure the Package Manager by using the Novell Update Server:
Log in to the Administration console.
Click Package Manager > Settings.
From the drop-down, select Novell Update Server.
To view the update server information, select Advanced Settings.
Select the Packages check box.
Ensure that https is selected in the drop-down list.
Specify the entire URL for download as follows:
nu.novell.com/PUM/packages
Ensure that the port number is 443.
Leave the last text field blank since /PUM/Packages is already added in the previous text field.
NOTE:Ensure that you retain the default settings for other fields in this screen.
Click Finish.
For more details and alternate options to download packages to Package Manager, see Downloading Packages to Package Manager.
To push the packages to your host machines, continue with Installing the Packages on Host Machines.
Download the patch update manually:
On the NetIQ Downloads site, select the Basic Search tab.
On the right pane, select Search Patches.
On the Patch Finder page, select Privileged User Manager from the list of products.
Click Search, then click Privileged Account Manager 3.2.
This displays the current patch update.
Download all the Superseded Patches and Current Patches for Privileged Account Manager.
Repeat the following steps for all the patches that is 3.2.0.2, 3.2.0.3, 3.2.0.4, and 3.2.0.5 in a sequential order:
Copy the netiq-npam-packages-3.2.0.x.tar.gz file to any of the Privileged Account Manager machines.
Extract netiq-npam-packages-3.2.0.x.tar.gz into a temporary location, for example, /tmp/framework/ directory.
tar -xvf netiq-npam-packages-3.2.0.x.tar.gz
Use the following command to publish the packages to the Package Manager:
Replace <admin> with the name of your admin user.
For Linux and UNIX platforms:
/opt/netiq/npum/sbin/unifi -u <admin> distrib publish -d /tmp/framework
For Windows platforms:
c:\Program Files\netiq\npum\bin\unifi -u <admin> distrib publish -d c:\tmp\frameworkWhen prompted, enter the name and password for the administrator.
To push the packages to your host machines, continue with Installing the Packages on Host Machines.
Before installing the patch update, disconnect all the Privileged Account Manager sessions to the host on which you are installing this patch.
You can install the updated packages on all the hosts or selected hosts in the following ways:
You can install the packages on a Windows, LINUX, or UNIX through command line. For more information about the commands for installing the updated packages, see Upgrade and Rollback Packages section in the NetIQ Privileged Account Manager 3.2 Administration Guide.
When you are installing the packages through the Administration Console, you can create a backup of the existing packages that you are replacing. To create the backup, you need to leave the Create backup option enabled when installing the patch update. Then, if you want to remove the update, you can use the Rollback Packages option.
When you are installing the packages through the Administration Console, you must first install the Framework Patch (spf) and then install other updated packages. Thus, these updated packages are listed in the Host Console only after installing the Framework patch.
To install the packages, perform the following:
Log in to the Framework Manager console.
(Conditional) If you want to install the patch update on all the hosts, perform the following:
On the Home page of the console, click Hosts.
Select the root domain.
In the left pane, click Update Domain Packages.
Select the latest Framework Patch (spf), then click Next.
In the left pane, click Update Domain Packages.
Select all the listed packages, then click Next.
Click Finish.
Repeat Step e, f, and g till no more packages are listed.
(Conditional) If you want to install the patch update on selected hosts, perform the following:
On the Home page of the console, click Hosts.
Select the host on which you want to install this patch.
In the left pane, click Update Packages.
Select the latest Framework Patch (spf), then click Next.
In the left pane, click Update Packages.
Select all the listed packages, then click Next.
Click Finish.
Repeat Step e, f, and g till no more packages are listed.
NetIQ Corporation strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Section 4.2, The Run as privileged user Option Is Not Displayed on a Windows 2012 Server
Section 4.5, The Changes to the Syslog Settings Do Not Get Applied
Section 4.6, Package Update Fails with an Error in Windows Client Operating System
Section 4.7, Performance Drop in Privileged Account Manager Monitored Windows System
Issue: Selecting and moving multiple objects by using the Shift/ Ctrl key does not work.
Workaround: To move multiple objects, you can use shift + select the required objects, or use Select All. (Bug 915307)
Issue: When you right-click Start on a Windows 2012 server, the Run as privileged user option does not get displayed. (Bug 901032)
Workaround: To workaround this issue, right-click an application in the folder where the application is installed to execute Run as privileged user.
Issue: When Command Control Objects are added simultaneously in large numbers, the objects do not appear in the console. This is an intermittent behavior. (Bug 908307)
Workaround: No Workaround.
Issue: In the Administration console, when you search for unregistered hosts by clicking Hosts > List Unregistered Hosts > IP Range, the Failed to list unregistered agents error is displayed. (Bug 832747)
Workaround: Ensure that when you install Agents, you register it with the Manager for Privileged Account Manager.
Issue: In the Reporting console, when you save the changes to Syslog settings, such as select > SSL, or Allow Persistent Connections, the changes are not applied. (Bug 895993)
Workaround: To workaround this issue, restart Privileged Account Manager.
Issue: Package update in Windows 7, 8.1, or 10 fails with the message Failed to copy PUMCredProv.dll. Ensure LogonUI.exe process is not running on the target host and try again. (Bug 1072645)
Workaround: Perform the following on all the hosts in which you are updating the packages:
Disconnect all the RDP sessions to the host.
Log in to the console of the host.
Continue with the steps in the Installing the Packages on Host Machines.
Issue: System performance of Privileged Account Manager monitored Windows machine is slow when the video fps value is set to 10. This is apparent on Windows machine having a single CPU. (Bug 1074472)
Workaround: Click Command Control > Video Settings and set the value of Video fps to 5 or lower.
Our goal is to provide documentation that meets your needs. If you have suggestions for improvements, please email Documentation-Feedback@netiq.com. We value your input and look forward to hearing from you.
For detailed contact information, see the Support Contact Information website.
For general corporate and product information, see the NetIQ Corporate website.
For interactive conversations with your peers and NetIQ experts, become an active member of our community. The NetIQ online community provides product information, useful links to helpful resources, blogs, and social media channels.
For information about legal notices, trademarks, disclaimers, warranties, export and other use restrictions, U.S. Government rights, patent policy, and FIPS compliance, see https://www.netiq.com/company/legal/.
Copyright © 2018 NetIQ Corporation. All Rights Reserved.