Skip to main content

General

A general place for Privileged Remote Access conversations.

  • 136 Topics
  • 312 Replies
136 Topics
B
Community Manager
BeyondTrust CommunicationsCommunity Manager
published in General
Monthly Buzz - June - Privileged Remote Access

What’s New in BeyondTrust Privileged Remote Access 25.1: Enhanced Security & Stability for Privileged Access Everywhere BeyondTrust continues to raise the standard for privileged access security. Version 25.1 of BeyondTrust Privileged Remote Access (PRA) delivers critical behind-the-scenes upgrades, doubling down on BeyondTrust’s mission to deliver the most dependable, secure privileged remote access platform on the market. This maintenance release focuses on providing stronger security, improved reliability, and more seamless control of privileged sessions. Version 25.1 rolls up recent security patches, runs them through an exhaustive regression test suite, and layers in targeted stability improvements and key performance refinements for both cloud and on-prem environments. This update is available whether you run a cloud or on-prem deployment of Privileged Remote Access. Cloud users receive updates automatically. On-prem customers can download and apply version 25.1 from the appl

200
B
Community Manager
B
Community Manager
BeyondTrust CommunicationsCommunity Manager
published in General
Monthly Buzz - May - Privileged Remote Access

RS/PRA failover configuration Can RS or PRA failover be configured so a specific appliance automatically reclaims the primary role once it comes back online? No, once a failover occurs, the IP address associated with the hostname is assigned to the backup appliance. This IP address is no longer available without manual intervention. When the former primary appliance comes back online, it checks to see if the hostname and IP address are available. If they are not available, because they are being used by the backup appliance, it will not reclaim them and will not switch back to primary.After a failover, all connections are established with the backup appliance, which is acting as the primary. Additionally, configuring one appliance to always assume the primary role could lead to further disruptions after a failover, as everything is still connected to the backup appliance.Read more here Latest Available Version:Privileged Remote Access 25.1.1 - April 2025 Beekeepers Hot Topics PRA - AD

340
B
Community Manager
Sean Cashin
BeyondTrust Employee
Sean CashinBeyondTrust Employee
published in General
BeyondTrust Remote Support SaaS Service Security Investigation

As a result of our investigation into the Remote Support SaaS Security Incident detailed in our Security Advisory (link below), we have proactively completed an update for our Secure Remote Access (Remote Support and Privilege Remote Access) Cloud customers, fortifying the security of their solution overall. More information can be found as it becomes available via the Security Advisory on our website found here. Please note that we have updated the security investigation as of 28-Jan-25, 5:45 PM Eastern Time. Please follow the link for additional details.

5975
Sean Cashin
BeyondTrust Employee
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in General
Privileged Remote Access - Knowledge Article Publications (Jul 14 - Jul 21)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0021472 - Sync failed. Unable to bind as account@domain.com Can't contact LDAP server. Verify hostname and port. KB0021941 - TCP Tunnel, Web Jump and Remote RDP connection types show as unavailable after upgrade KB0022595 - How to register a different device for MFA in RS or PRA KB0022666 - Is Remote Support or Privilege Remote Access vulnerable to CVE-2022-22978 Spring Security? KB0022667 - Unable to make custom certificate default in RS or PRA /appliance KB0022669 - How to get crash dump logs for Remote Support and Privileged Remote Access KB0022673 - Tabs missing from /login for some users in RS and PRA KB0022677 - RS and PRA Jump Client switches and command line parameters glossary KB0022685 - Issues connecting to macOS Sequoia - Connection failed error

20
GloriaB
BeyondTrust Employee
B
bt101Veteran
asked in General
PRA web jump credential injection times out

Hello, we have set up PRA web jump for multiple websites including some Cisco device GUIs. With Cisco DNA / Catalyst center website it is timing out. This website uses HTML tags that change for each page refresh. Based on the jump point logs , PRA successfully detects the tags for username, password and submit button but at the end it gives credential injection timed out error. We have the timeout set to max value of 30 seconds. PRA version is 23.1.2. If we select no credential the website opens fine as PRA web jump. I can log in by manually entering the password. The webpages before and after login are different\. (I see a KB that says it may timeout of URL doesnt chnage after password injection). I read in another post that the ‘inject credentials in current URL’ doesn’t work for web-jumps .Is there any workaround method using PRA. Like RDP to a server , open browser and click on inject creds button. Or anything needs to be changed in web jump backend config on jump-point which can p

1142
B
P
PowApprentice
asked in General
PRA Jump Approval - User can still self-approve by mail

Hi everyone,I have an problem when configuring Jump Approval in my PRA and I would like to know if it’s a bug or if I missed something.I've created a Jump Policy requiring users to request approval to access machines.In the approvers, I've set up a team called the “IT Team” and I've indicated that they can't approve their own requests.There are two members in “IT Team”.When one of the members tries to connect to a machine, a form asks him to enter a reason and a duration. In the Remote Access Console, the user who made the request does not see any notification and cannot self-approve. The second team member can. It works in the other way round.The problem here is that the user who made the request, who normally can't self-approve, still receives an approval link by e-mail, and this link works. The parameter is half-operational, so. Please note that these are Entra users and not local users of the solution (I'm pointing this out even though I don't think it's related).

373
P
C
ChrisYApprentice
asked in General
Upgrade PRA from 23.3.3 to 25.1.2

Has anybody got any experience of upgrading PRA from 23.3.3 to 25.1.2 with regards to the jumpclient on Windows 2008R2 and 2012R2.  We have a few legacy servers which for various reasons we don’t want to switch to RDP Jumps.  I appreciate running the jumpclient on 2008R2 and 2012R2 is officially unsupported but I’d be interest if anyone has the experience of running the client on these OS’s.

42
C
B
bt101Veteran
asked in General
app parameters for PRA - BT Desktop Agent based app launch and cred injection

Hello! is there any documentation that includes example parameters/strings that should be used while launching apps using PRA BT desktop agent. Admin guide has details of configuration options but nothing further e.g. example strings. I am able to connect to RDP using first set of  credentials , at one time was able to launch web browser but later started seeing error in chat windows that says file name/path could not be found. 

1372
B
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in General
Privileged Remote Access - Knowledge Article Publications (Jul 7 - Jul 14)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022312 - How to set up a CNAME with Remote Support and Privileged Remote Access in Pathfinder KB0022641 - How to configure shared IP failover KB0022643 - Jump client add button missing for adminstrators KB0022650 - How to add additional traffic nodes to an existing Atlas cluster KB0022660 - Is it possible to change the resolution of RDP Jumps within the Web Access Console?

60
GloriaB
BeyondTrust Employee
nemer.scafutto
nemer.scafuttoApprentice
asked in General
Concurrent Web Jump Limit

Hello,I have a customer who is having a question about the Vendors section of the PRA.In the customer's environment, there is only one group of Vendors, and they are complaining that they can only perform Web Jumps in 3 sessions simultaneously. Is this the limit or is there a way that can be configured so that they can perform more jumps?

952
Paulo144
H
HamzaTrailblazer
asked in General
PRA Base 7.4.0 Supports PRA Site 24.x.x

can we only upgrade PRA base to 7.4 while on 24.x.x or it’s must to upgrade PRA site to 25.x.x after upgrading Base to 7.4 ?

341
P
BeyondTrust Employee
M
MRossiNewcomer
asked in General
Strange behavior of network tunnel jumps after upgrading to 25.1.2

Hi all,we upgraded our PRA cloud instance from 24.3.x to 25.1.2 one week ago.After the activity we are facing some issues in connecting to our resources using network tunnel jumps. No modification of configuration of firewalls, network, jumpoint and jump items. Starting a debug activity, errors that occurring are the following:IPT:ERROR>Exception enumerating filter rules while getting IP address for name server pointers. failed to convert IP address stringException - failed building the DNS PTR list Do we need to create lookup zones and PTR record for every target that we need to reach through network tunnel jumps? No issues before the upgrade. Thanks in advance,Massimo

441
P
BeyondTrust Employee
M
MassimoGApprentice
asked in General
Automate Login and Jump Tunnel

Hi everyone,I'm looking into ways to automate some actions with BeyondTrust PRA. Specifically, I'm wondering if anyone has managed to: Automatically log in to the BeyondTrust console Launch a "Tunnel" type Jumpoint automatically, without manual intervention. The goal would be to have a script or integration that, once authenticated, can open a tunnel through a pre-configured Jumpoint — useful for automations or third-party tool integrations.Has anyone done something similar, or knows if this is possible using the BeyondTrust API or any other method?

212
P
BeyondTrust Employee
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in General
Privileged Remote Access - Knowledge Article Publications (Jun 9 - Jun 16)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022174 - Best practices for Remote Support and Privileged Remote Access KB0022301 - Integration Client does not work and retrieved no data KB0022540 - Is there any effect when changing SMTP authentication from Legacy to Oauth2 with the Integration Client? KB0022545 - Windows 11 Jump clients showing as Windows 10 in the Representative console and Access Console KB0022553 - What operating system can BeyondTrust SRA Integration Client be installed on? KB0022556 - Linux Debian 11 Jumpoint down after update

120
GloriaB
BeyondTrust Employee
K
Kevin MUApprentice
asked in General
General EPM knowledge

If i use PASM to access my servers, do I need EPM on those servers ? 

252
K
B
bt101Veteran
posted in General
Log Retention Period for Session Recordings

Just trying to see what is your current data retention period for Session Recordings. I understand this depends on various factors - compliance requirements, deployment size/usage , cost-benefit, Org maturity level   etc. But posting this to get a sense of how other users are managing it . We have around 60-90 days live on appliance, plus another 90 days on a network share. As the usage increases the session recordings data is growing exponentially. But at the same time investigations may require some historical data as well. 

2166
P
BeyondTrust Employee
P
pvermaNewcomer
asked in General
Inspect /dev tools on a Web Jump on PRA

Does anyone know if we can leverage inspect /dev tools on a Web Jump on PRA? We have developers trying to inspect and open dev tools on the web page but looks like it doesn’t work?

471
M
BeyondTrust Employee
R
rrueschjjApprentice
asked in General
PRA Shell Jump sudu/su and credential injection so that our admins can use sudo without needing to know their password.

In the ideas portal A10-I-249 someone suggested being able to re-inject credentials when running a sudo or su command. The idea was marked as already implemented. Is there any documentation on how to achieve this or can anyone provide steps to accomplish this without setting the sudoers file to passwordless?

373
Paulo144
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in General
Privileged Remote Access - Knowledge Article Publications (Jun 2 - Jun 9)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022421 - Is the IP address assigned to the RS or PRA Cloud instance static? Can it be provided? KB0022428 - RDP Jumps failing when using xRDP or FreeRDP "Unknown connection error. 2001C" KB0022444 - Can USERID and DATETIMESTAMP be used in the Integration Client recording file format name? KB0022452 - Using an AD vault account to launch an SQL tunnel fails - Login failed. The login is from an untrusted domain and cannot be used with Integration authentication. KB0022475 - Jump Client prompts for application selection after upgrade despite configuration KB0022483 - Is the recording session retention configurable? KB0022488 - Is there a way to stop sessions from being recorded? KB0022495 - How to uninstall a Jump Client from a Linux system KB0022505 - Unable to OIDC authenticate in Access Console -

300
GloriaB
BeyondTrust Employee
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in General
Privileged Remote Access - Knowledge Article Publications (May 29 - Jun 5)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0021833 - How to enable in-session two factor authentication in Remote Support and Privileged Remote Access KB0022201 - Managed System external Jump items are missing KB0022264 - How to turn PID logging on and off for RS and PRA on Mac or Linux systems KB0022453 - What is the retention for RS and PRA Vault password history? KB0022465 - Warning message: Installing more than one Jump client being phased out KB0022484 - Is there a maximum screen resolution for an RDP Jump session? KB0022485 - Is Session Recordings required at all times, or only in specific cases? KB0022486 - Is there a mechanism to verify the deletion of recordings after 90 days? KB0022489 - Should the same upgrade package be used if appliances are in failover for RS and PRA?

70
GloriaB
BeyondTrust Employee
S
SFATrailblazer
asked in General
PRA-DATA AT REST ENCRYPTION INBUILT AVAILABLE?

Hello is there data at rest encryption available in PRA inbuilt? or need to configure with key management solutions? Found whitepaper etc but it just mentions steps to integrate with KMS.

191
A
BeyondTrust Employee
T
timbrigham-ocApprentice
asked in General
Netbios name when connecting via PRA not available?

Can the netbios name be made available for PRA and Password Safe, not just the domain name? domainname\username doesn’t work on all applications; some legacy platforms it has to be the netbios name. 

1117
T
M
MudupuriApprentice
asked in General
On Privilege Remote access how can I link the Session policy to a bulk group policy with the help of API. I do not see any parameter of Session policy in Group policy

On Privilege Remote access how can I link the Session policy to a bulk group policy with the help of API. I do not see any parameter of Session policy in Group policy

121
R
BeyondTrust Employee
M
MatsuNewcomer
posted in General
Network Tunnel drops connectivity on Jumpoint temporary fix, KB0021363 related

We recently encountered a recurring issue impacting the accessibility of Jumpoints, which we have traced back to behaviors described in KB0021363. The root of the problem appears to be interference between the old and new network management features, particularly when IP assignments are modified either through binding on virtual machines' NICs or via IP changes on bare metal systems.ObservationsWhen these changes occur, the resulting network configuration across the multiple management interfaces becomes inconsistent. This inconsistency causes the Jumpoint to: Attempt to resolve to its own address, Become entirely unresolvable, or Exhibit packet fragmentation or corruption during analysis. Network inspection tools and bomgar logs show erratic behavior. Logs typically reveal incomplete packets or generalized packet errors, but offer no definitive indicators as to the root cause. The symptoms include: Dropped connections, Fluctuating tunnel availability, Inconsistent routing beha

971
DMITRI
BeyondTrust Employee
R
Rohit NikamApprentice
asked in General
Issue with BYOT Option – Remote RDP Sessions Terminating

Hello,I am experiencing an issue with the Bring Your Own Tool (BYOT) option when attempting to open a Remote RDP session using an external tool. For some endpoints, the session initiates but terminates within 1-2 seconds. This behavior is inconsistent, as it works fine for other endpoints.Could you please assist in identifying the cause of this issue and suggest a resolution?

2387
I

Badge Earners

  • BCIE: Privileged Remote Access
    jamadohas earned the badge BCIE: Privileged Remote Access
  • BCIE: Endpoint Privilege Management - Windows
    Rajesh Jaganathan1has earned the badge BCIE: Endpoint Privilege Management - Windows
  • BCIE: Endpoint Privilege Management - Windows
    Jamil Ur Rehmanhas earned the badge BCIE: Endpoint Privilege Management - Windows
  • BCA: AD Bridge
    omarmohy98has earned the badge BCA: AD Bridge
  • BCA: Password Safe
    Josh Quaneyhas earned the badge BCA: Password Safe
Show all badges
Terms & ConditionsCookie settings