NetIQ Privileged Account Manager 3.6 P1 resolves several previous issues.
Many of these improvements were made in direct response to suggestions from our customers. We thank you for your time and valuable input. We hope you continue to help us ensure that our products meet all your needs. You can post feedback in the Privileged Account Manager Community Support Forum, our online community that also includes product information, blogs, and links to helpful resources.
The documentation for this product is available on the NetIQ website in HTML and PDF formats on a page that does not require you to log in. If you have suggestions for documentation improvements, click the comment icon on any page in the HTML version of the documentation posted at the Privileged Account Manager Documentation website. To download this product, see the Micro Focus Downloads website.
Privileged Account Manager 3.6 P1 includes software fixes that resolve the following issues:
Section 1.2, Error When Launching Application SSO with Session Capture Turned off on RemoteApp
Section 1.3, Direct Access Mode Sessions are Misplaced in the User Console
Section 1.4, Application SSO Fails when You Enable Secondary Authentication in the Rule
Section 1.5, RemoteApp Application Spans across the Monitors when Multiple Monitors are Connected
Section 1.7, Application SSO is not Authorized When You Disable it in the Parent Rule
Section 1.9, Script Values are not Saved when you Create and Modify a Script
Section 1.11, Intermittent Windows Stop Error on the Windows Agent
Section 1.12, The Linux Password Change Script does not Change the Password for the root User
Section 1.13, Video Conversion Fails Intermittently with an Error
Privileged Account Manager 3.6 P1 resolves the random agent crash issue observed on multiple Windows servers.(Bug 1129917)
Privileged access to applications are monitored and session capture is now supported for application SSO policy on remoteApp.(Bug 1106942)
Issue Direct access mode sessions are misplaced within Access > Sessions in the user interface.
Fix: Direct access mode of privileged SSO sessions is now shown separately in the user console so that the users get a view of what applications to use with privileged access. Users can use this functionality only through direct RDP or RDP relay and they cannot launch it from the user interface.(Bug 1123614)
Application SSO for remoteApp now supports secondary authentication.(Bug 1121836)
Even when you connect multiple monitors to the machine, the RDP session now opens only in the primary monitor by default. User has to select the Enable Multiple Monitor option before starting the multiple monitor session.(Bug 1107532)
Run Host is now non-editable in the application SSO rule and is always set to All Hosts. Run host is set to All hosts because Privileged Account Manager automatically does load balancing and starts the session in one of the Application SSO module servers for remoteApp.(Bug 1107528)
Now it is not necessary to enable application SSO option in all the rules in the nested rule. Application SSO is authorized even when the appropriate child rule alone has the option enabled.(Bug 1105060)
Privileged Account Manager now supports RDP resolution options for both single and multi-monitor RDP for remote application SSO sessions.(Bug 1137412)
Adding a new script and changes to existing scripts are saved successfully.(Bug 1136967)
While changing the password for Active Directory, the password management script now connects to the host of the Active Directory.(Bug 1137582)
This patch update provides a potential fix to address this error.(Bug 1132216)
The Linux password change script now changes the password of the root user even if root is the reconcile account.(Bug 1138515)
Issue: Privileged Account Manager terminates video processing after a 10 minute timeout period. The retry of the action also fails because the intermittent file still exists.
Fix: This patch update deletes the intermittent WebM file before the retry.(Bug 1135861)
For information about hardware requirements, supported operating systems, and browsers, see Privileged Account Manager 3.6 System Requirements.
You can upgrade to Privileged Account Manager 3.6.0.1 only from version 3.6. For information about upgrading Privileged Account Manager, see Upgrading Privileged Account Manager.
NOTE:Privileged Account Manager does not monitor active Windows sessions during this patch update. So, ensure that there are no active sessions when installing this patch update.
This version of Privileged Account Manager 3.6 P1 updates the following modules:
Access control <myaccess>
Remote execution for the command control agent <rexec>
Command control manager module <cmdctrl>
Administration interface <admin>
Framework package <spf>
Provides secure management for privileged credentials <prvcrdvlt>
Command control console module <cmdctrl>
Scheduling and managing tasks <taskmanager>
Micro Focus strives to ensure our products provide quality solutions for your enterprise software needs. The following issues are currently being researched. If you need further assistance with any issue, please contact Technical Support.
Section 5.1, Privileged Single Sign-on to Microsoft Edge is not Supported
Section 5.2, Secure Shell Java Terminal Displays Random Characters Instead of the Typed Characters
Section 5.3, Unable to Refresh Data In Access page While Using Internet Explorer 11
Section 5.4, Time Zones Are Different In Reports and Keystrokes
Section 5.9, Newly Created Reports are not Listed Under My Reports in Internet Explorer 11 Browser
Section 5.10, New sessions are not Updated in Session Table in Internet Explorer 11 browser
Section 5.12, The Run as privileged user Option Is Not Displayed on a Windows 2012 Server Start Menu
Section 5.15, The Changes to the Syslog Settings Do Not Get Applied
Section 5.16, RDP Relay Does Not Work When Network Level Authentication Is Enabled
Section 5.17, NPAM Service Commands Do Not Work In SUSE Linux Enterprise Server 12 or Later
Section 5.18, Cannot Launch SSH Relay Session from User Console in FIPS mode
Workaround: Use any supported browser other than Microsoft Edge. (Bug 1079379)
Issue: SSH Java terminal displays random characters instead of the typed characters on Java SSH relay connection to certain network switches. (Bug 1086870)
Workaround: Use alternative SSH clients such as command line SSH or PuTTY, or MobaXterm, instead of Java SSH.
Issue: When you click Refresh in the Access page, the updated data is not displayed.(Bug 1095367)
Workaround: Click Refresh in Internet Explorer browser instead of Refresh in the Access page.
Issue: For certain Linux and Unix sessions, the time zone for Start Time is different in the Reports and Keystrokes. (Bug 1041802)
Workaround: There is no workaround at this time.
Workaround: Install PAM License immediately after deploying PAM manager. If license is added later, re-register the agents after you add a new license. (Bug 1100050)
Workaround: Use any of the other supported browsers to view Audit videos. (Bug 1037322)
Workaround: There is no workaround at this time.(Bug 1094124)
Issue: When you use Privileged Account Manager in Microsoft Edge or Firefox Quantum, after you install AAF 6.0, you are unable to enroll biometric devices. (Bug 1097960)
Workaround: There is no workaround for Firefox Quantum at this time. For the workaround while using Microsoft Edge, see the Privileged Account Manager 3.6 System Requirements.
Use browsers other than Internet Explorer 11. To view the list of supported browsers, see the Privileged Account Manager 3.6 System Requirements. (Bug 1100985)
Use browsers other than Internet Explorer 11. To view the list of supported browsers, see the Privileged Account Manager 3.6 System Requirements. (Bug 1100970)
Issue: Selecting and moving multiple objects by using the Shift/ Ctrl key does not work. (Bug 915307)
Workaround: There is no workaround at this time.
Issue: When you right-click Start menu on a Windows 2012 server, the Run as privileged user option does not get displayed. (Bug 901032)
Workaround: To workaround this issue, right-click the application in the folder where the application is installed to execute Run as privileged user.
Issue: When Command Control Objects are added simultaneously in large numbers, the objects do not appear in the console. This is an intermittent behavior. (Bug 908307)
Workaround: There is no workaround at this time.
Issue: In the administration console, when you search for unregistered hosts by clicking Hosts > List Unregistered Hosts > IP Range, the Failed to list unregistered agents error is displayed. (Bug 832747,790444, 1104360)
Workaround: Ensure that when you install Agents, you register it with the Manager for Privileged Account Manager. However, there is no workaround to register multiple unregistered hosts at the same time.
Issue: In the Reporting console of Privileged Account Manager when you save the changes to syslog settings, such as select SSL, or Allow Persistent Connections, the changes are not applied. (Bug 895993)
Workaround: To workaround this issue, restart Privileged Account Manager.
Issue: RDP Relay fails with the error The remote computer requires Network Level Authentication, which your computer does not support. when Network Level Authentication (NLA) is enabled on the host. (Bug 774061)
Workaround: Perform the following to disable NLA on the remote desktop session host:
Click Control Panel > System > Remote Settings.
Deselect Allow connections only from computers running Remote Desktop with Network Level Authentication and click OK.
For more information about using PAM application SSO where NLA can be enabled, see the Knowledge Base Article 7020137
Issue: The NPAM service commands such as start, stop, restart, and status do not work in SUSE Linux Enterprise Server 12 or later. (Bug 1041284)
Workaround: To workaround this issue, perform ONE of the following:
Kill and restart the NPAM process using the following command:
pkill unifid
/etc/init.d/npum start
Reboot the system using the following command:
reboot
(or)
shutdown -r now
After performing one of the preceding steps, you can verify the NPAM process running status by executing the following command:
/etc/init.d/npum status
Workaround: Launch SSH relay session using any other standard SSH clients.(Bug 1109771)
For specific product issues, contact Micro Focus Support at https://www.microfocus.com/support-and-services/.
Additional technical information or advice is available from several sources:
Product documentation, Knowledge Base articles, and videos: https://www.microfocus.com/support-and-services/
The Micro Focus Community pages: https://www.microfocus.com/communities/
© Copyright 2019 Micro Focus or one of its affiliates.
The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.
For additional information, such as certification-related notices and trademarks, see http://www.microfocus.com/about/legal/.