Skip to main content

General

A general place for Privileged Remote Access conversations.

  • 132 Topics
  • 305 Replies
132 Topics
B
Community Manager
BeyondTrust CommunicationsCommunity Manager
published in General
Monthly Buzz - June - Privileged Remote Access

What’s New in BeyondTrust Privileged Remote Access 25.1: Enhanced Security & Stability for Privileged Access Everywhere BeyondTrust continues to raise the standard for privileged access security. Version 25.1 of BeyondTrust Privileged Remote Access (PRA) delivers critical behind-the-scenes upgrades, doubling down on BeyondTrust’s mission to deliver the most dependable, secure privileged remote access platform on the market. This maintenance release focuses on providing stronger security, improved reliability, and more seamless control of privileged sessions. Version 25.1 rolls up recent security patches, runs them through an exhaustive regression test suite, and layers in targeted stability improvements and key performance refinements for both cloud and on-prem environments. This update is available whether you run a cloud or on-prem deployment of Privileged Remote Access. Cloud users receive updates automatically. On-prem customers can download and apply version 25.1 from the appl

50
B
Community Manager
B
Community Manager
BeyondTrust CommunicationsCommunity Manager
published in General
Monthly Buzz - May - Privileged Remote Access

RS/PRA failover configuration Can RS or PRA failover be configured so a specific appliance automatically reclaims the primary role once it comes back online? No, once a failover occurs, the IP address associated with the hostname is assigned to the backup appliance. This IP address is no longer available without manual intervention. When the former primary appliance comes back online, it checks to see if the hostname and IP address are available. If they are not available, because they are being used by the backup appliance, it will not reclaim them and will not switch back to primary.After a failover, all connections are established with the backup appliance, which is acting as the primary. Additionally, configuring one appliance to always assume the primary role could lead to further disruptions after a failover, as everything is still connected to the backup appliance.Read more here Latest Available Version:Privileged Remote Access 25.1.1 - April 2025 Beekeepers Hot Topics PRA - AD

320
B
Community Manager
Sean Cashin
BeyondTrust Employee
Sean CashinBeyondTrust Employee
published in General
BeyondTrust Remote Support SaaS Service Security Investigation

As a result of our investigation into the Remote Support SaaS Security Incident detailed in our Security Advisory (link below), we have proactively completed an update for our Secure Remote Access (Remote Support and Privilege Remote Access) Cloud customers, fortifying the security of their solution overall. More information can be found as it becomes available via the Security Advisory on our website found here. Please note that we have updated the security investigation as of 28-Jan-25, 5:45 PM Eastern Time. Please follow the link for additional details.

5825
Sean Cashin
BeyondTrust Employee
nemer.scafutto
nemer.scafuttoApprentice
asked in General
Concurrent Web Jump Limit

Hello,I have a customer who is having a question about the Vendors section of the PRA.In the customer's environment, there is only one group of Vendors, and they are complaining that they can only perform Web Jumps in 3 sessions simultaneously. Is this the limit or is there a way that can be configured so that they can perform more jumps?

312
Paulo144
H
HamzaTrailblazer
asked in General
PRA Base 7.4.0 Supports PRA Site 24.x.x

can we only upgrade PRA base to 7.4 while on 24.x.x or it’s must to upgrade PRA site to 25.x.x after upgrading Base to 7.4 ?

181
P
BeyondTrust Employee
M
MRossiNewcomer
asked in General
Strange behavior of network tunnel jumps after upgrading to 25.1.2

Hi all,we upgraded our PRA cloud instance from 24.3.x to 25.1.2 one week ago.After the activity we are facing some issues in connecting to our resources using network tunnel jumps. No modification of configuration of firewalls, network, jumpoint and jump items. Starting a debug activity, errors that occurring are the following:IPT:ERROR>Exception enumerating filter rules while getting IP address for name server pointers. failed to convert IP address stringException - failed building the DNS PTR list Do we need to create lookup zones and PTR record for every target that we need to reach through network tunnel jumps? No issues before the upgrade. Thanks in advance,Massimo

251
P
BeyondTrust Employee
M
MassimoGApprentice
asked in General
Automate Login and Jump Tunnel

Hi everyone,I'm looking into ways to automate some actions with BeyondTrust PRA. Specifically, I'm wondering if anyone has managed to: Automatically log in to the BeyondTrust console Launch a "Tunnel" type Jumpoint automatically, without manual intervention. The goal would be to have a script or integration that, once authenticated, can open a tunnel through a pre-configured Jumpoint — useful for automations or third-party tool integrations.Has anyone done something similar, or knows if this is possible using the BeyondTrust API or any other method?

142
P
BeyondTrust Employee
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in General
Privileged Remote Access - Knowledge Article Publications (Jun 9 - Jun 16)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022174 - Best practices for Remote Support and Privileged Remote Access KB0022301 - Integration Client does not work and retrieved no data KB0022540 - Is there any effect when changing SMTP authentication from Legacy to Oauth2 with the Integration Client? KB0022545 - Windows 11 Jump clients showing as Windows 10 in the Representative console and Access Console KB0022553 - What operating system can BeyondTrust SRA Integration Client be installed on? KB0022556 - Linux Debian 11 Jumpoint down after update

70
GloriaB
BeyondTrust Employee
K
Kevin MUApprentice
asked in General
General EPM knowledge

If i use PASM to access my servers, do I need EPM on those servers ? 

232
K
B
bt101Veteran
posted in General
Log Retention Period for Session Recordings

Just trying to see what is your current data retention period for Session Recordings. I understand this depends on various factors - compliance requirements, deployment size/usage , cost-benefit, Org maturity level   etc. But posting this to get a sense of how other users are managing it . We have around 60-90 days live on appliance, plus another 90 days on a network share. As the usage increases the session recordings data is growing exponentially. But at the same time investigations may require some historical data as well. 

1986
P
BeyondTrust Employee
P
pvermaNewcomer
asked in General
Inspect /dev tools on a Web Jump on PRA

Does anyone know if we can leverage inspect /dev tools on a Web Jump on PRA? We have developers trying to inspect and open dev tools on the web page but looks like it doesn’t work?

441
M
BeyondTrust Employee
R
rrueschjjApprentice
asked in General
PRA Shell Jump sudu/su and credential injection so that our admins can use sudo without needing to know their password.

In the ideas portal A10-I-249 someone suggested being able to re-inject credentials when running a sudo or su command. The idea was marked as already implemented. Is there any documentation on how to achieve this or can anyone provide steps to accomplish this without setting the sudoers file to passwordless?

243
Paulo144
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in General
Privileged Remote Access - Knowledge Article Publications (Jun 2 - Jun 9)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022421 - Is the IP address assigned to the RS or PRA Cloud instance static? Can it be provided? KB0022428 - RDP Jumps failing when using xRDP or FreeRDP "Unknown connection error. 2001C" KB0022444 - Can USERID and DATETIMESTAMP be used in the Integration Client recording file format name? KB0022452 - Using an AD vault account to launch an SQL tunnel fails - Login failed. The login is from an untrusted domain and cannot be used with Integration authentication. KB0022475 - Jump Client prompts for application selection after upgrade despite configuration KB0022483 - Is the recording session retention configurable? KB0022488 - Is there a way to stop sessions from being recorded? KB0022495 - How to uninstall a Jump Client from a Linux system KB0022505 - Unable to OIDC authenticate in Access Console -

170
GloriaB
BeyondTrust Employee
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in General
Privileged Remote Access - Knowledge Article Publications (May 29 - Jun 5)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0021833 - How to enable in-session two factor authentication in Remote Support and Privileged Remote Access KB0022201 - Managed System external Jump items are missing KB0022264 - How to turn PID logging on and off for RS and PRA on Mac or Linux systems KB0022453 - What is the retention for RS and PRA Vault password history? KB0022465 - Warning message: Installing more than one Jump client being phased out KB0022484 - Is there a maximum screen resolution for an RDP Jump session? KB0022485 - Is Session Recordings required at all times, or only in specific cases? KB0022486 - Is there a mechanism to verify the deletion of recordings after 90 days? KB0022489 - Should the same upgrade package be used if appliances are in failover for RS and PRA?

70
GloriaB
BeyondTrust Employee
S
SFARising Star
asked in General
PRA-DATA AT REST ENCRYPTION INBUILT AVAILABLE?

Hello is there data at rest encryption available in PRA inbuilt? or need to configure with key management solutions? Found whitepaper etc but it just mentions steps to integrate with KMS.

191
A
BeyondTrust Employee
T
timbrigham-ocApprentice
asked in General
Netbios name when connecting via PRA not available?

Can the netbios name be made available for PRA and Password Safe, not just the domain name? domainname\username doesn’t work on all applications; some legacy platforms it has to be the netbios name. 

597
T
M
MudupuriApprentice
asked in General
On Privilege Remote access how can I link the Session policy to a bulk group policy with the help of API. I do not see any parameter of Session policy in Group policy

On Privilege Remote access how can I link the Session policy to a bulk group policy with the help of API. I do not see any parameter of Session policy in Group policy

91
R
BeyondTrust Employee
M
MatsuNewcomer
posted in General
Network Tunnel drops connectivity on Jumpoint temporary fix, KB0021363 related

We recently encountered a recurring issue impacting the accessibility of Jumpoints, which we have traced back to behaviors described in KB0021363. The root of the problem appears to be interference between the old and new network management features, particularly when IP assignments are modified either through binding on virtual machines' NICs or via IP changes on bare metal systems.ObservationsWhen these changes occur, the resulting network configuration across the multiple management interfaces becomes inconsistent. This inconsistency causes the Jumpoint to: Attempt to resolve to its own address, Become entirely unresolvable, or Exhibit packet fragmentation or corruption during analysis. Network inspection tools and bomgar logs show erratic behavior. Logs typically reveal incomplete packets or generalized packet errors, but offer no definitive indicators as to the root cause. The symptoms include: Dropped connections, Fluctuating tunnel availability, Inconsistent routing beha

811
DMITRI
BeyondTrust Employee
R
Rohit NikamApprentice
asked in General
Issue with BYOT Option – Remote RDP Sessions Terminating

Hello,I am experiencing an issue with the Bring Your Own Tool (BYOT) option when attempting to open a Remote RDP session using an external tool. For some endpoints, the session initiates but terminates within 1-2 seconds. This behavior is inconsistent, as it works fine for other endpoints.Could you please assist in identifying the cause of this issue and suggest a resolution?

2237
I
P
ParshwaNewcomer
asked in General
Proof of applying bt24-10 and bt24-11 on RS

We had applied patches bt24-10 and bt24-11.Our Security team is asking for a proof that we had applied the security patch to mitigate the subjected vulnerabilities.Please advise where we can get this proof that the patch was applied on RS appliance/ console

201
H
BeyondTrust Employee
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in General
Privileged Remote Access - Knowledge Article Publications (May 19 - May 26)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0021363 - Network Tunnel jumps cause Jumpoint host inaccessibility KB0022325 - Protocol Tunnel Jump unavailable after upgrade. TCP is greyed out KB0022393 - Is Local Jump supported for Linux Server OS? KB0022422 - Is there a way to request a password reset for the /appliance admin account in RS and PRA? KB0022423 - How often does BeyondTrust update RS and PRA Cloud Appliances? KB0022427 - Unable to update. Error: An error occurred installing this update KB0022430 - Can SAML users be migrated to another provider in Remote Support or Privileged Remote Access? KB0022438 - Web Jump fails and times out. Error - The connection attempt timed out KB0022440 - Can port forwarding be used on the SRA appliance for Remote Support or Privilege Remote Access ? KB0022455 - Is it possible to automatica

280
GloriaB
BeyondTrust Employee
T
TZoltanTrailblazer
asked in General
Deploy Jump Clients within a golden image

Hi,I would have a question to anyone, who has experience with installing Jump Clients with a golden image.The question would be, will the installers be still valid after each PRA upgrade? Is there any best practice or guide how this should be done properly?Many thanks for any answer.

324
T
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in General
Privileged Remote Access - Knowledge Article Publications (May 12 - May 19)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0021333 - Cannot change the name of a traffic node in Remote Support or Privileged Remote Access "Internal Server Error" KB0021344 - Unable to communicate with Jump Clients or security providers in IP ranges 172.17.0.0/16 or 172.18.0.0/16 after upgrading to Base 7.0 KB0022321 - What application parameters are available for the PRA BeyondTrust Desktop agent? KB0022324 - Where is the API configuration found? KB0022353 - Why can some accounts view password history and others cannot? KB0022358 - Is there a way to prevent screenshots being taken when in session? KB0022373 - Unable to download Access Console from PRA environment KB0022374 - Do session recordings have audio? KB0022377 - Windows Clients going offline after upgrade from RS and PRA 22.1 or earlier KB0022379 - Failed to convert

170
GloriaB
BeyondTrust Employee
J
BeyondTrust Employee
Johnli AzucenaBeyondTrust Employee
posted in General
Privileged Remote Access: Group Policies Interactive Workshop

Hop on and join our interactive workshop, where you can gain hands-on experience and handle different use case scenarios. Title: Privileged Remote Access: Group Policies Interactive WorkshopDate: 29 April 2025 Time: 9 am Eastern and 2 pm UK and 9 pm SGTDuration: 90 minutes  Workshop AimThis interactive workshop enables participants to learn the aim and process of configuring Group Policies in Privileged Remote Access. There will be an opportunity to collaborate and study a Use Case to configure a Group Policy within a virtual test environment.  Learning Objective:Learn how to create and configure Group Policies in Privileged Remote Access according to best practices. In this session we will cover:Why would you use Group Policies?     How do users get assigned?     What does Group Policy control?     Best practice guidance     Defined and Final Settings Click here to enroll!For more information on workshops or to make suggestions, please navigate here.

902
Levi
BeyondTrust Employee
R
rrueschjjApprentice
asked in General
SRA Web Jumps and non standard ports

Many times sites will use a unique port other than the standard 443 and 80. Is there a way to utilize web jumps with non standard ports? Sites are SSL enabled. Example: https://site.com:12345/login

1713
R

Badge Earners

  • BCA: AD Bridge
    Abdelaziz-Ahmedhas earned the badge BCA: AD Bridge
  • BCIE: Password Safe
    LuigiChas earned the badge BCIE: Password Safe
  • BCA: Endpoint Privilege Management - Linux
    jasmithhas earned the badge BCA: Endpoint Privilege Management - Linux
  • BCA: Privileged Remote Access
    mfahmyhas earned the badge BCA: Privileged Remote Access
  • BCA: Endpoint Privilege Management - Windows
    Connor McFarlanehas earned the badge BCA: Endpoint Privilege Management - Windows
Show all badges
Terms & ConditionsCookie settings