General

We recently encountered a recurring issue impacting the accessibility of Jumpoints, which we have traced back to behaviors described in KB0021363. The root of the problem appears to be interference between the old and new network management features, particularly when IP assignments are modified either through binding on virtual machines' NICs or via IP changes on bare metal systems.ObservationsWhen these changes occur, the resulting network configuration across the multiple management interfaces becomes inconsistent. This inconsistency causes the Jumpoint to: Attempt to resolve to its own address, Become entirely unresolvable, or Exhibit packet fragmentation or corruption during analysis. Network inspection tools and bomgar logs show erratic behavior. Logs typically reveal incomplete packets or generalized packet errors, but offer no definitive indicators as to the root cause. The symptoms include: Dropped connections, Fluctuating tunnel availability, Inconsistent routing beha

Hi We have proxy enabled for external applications in jump point, the web jump is not working when proxy set manually in the system or when PAC is used. Any way to get this working? or is it a bug? is it in road map?

The following articles were published last week. New Knowledge Base Articles: KB0022962 - How to create a Remote RDP Jump Shortcut in Privileged Remote Access KB0022994 - Approving vendor registration fails "forbidden" KB0023001 - Let's Encrypt certificate shows expired. Clicked Force Renew button but it does not work. KB0023013 - Can tags be assigned to Jump Clients automatically? KB0023016 - What is Session Forensics? KB0023017 - How to gather ping and diagnostic stats via the Access or Representative Console KB0023020 - Unable to invite external users "There are no session policies available for use as an Access Invite profile. "

This might be a bit too big of a question for this forum. However, I am not sure where to start. We are still somewhat new to PRA. I am wanting to start using Docker containers for our jumpoints instead of putting them on Linux instances. First, where do I go to download the container image? I heard that there is a stock image that we would use and then just input the key to start the connection to our system. Second, can we put the container in a service like AWS container service or Azure container service? Third, and this will show my very beginner level of experience with containers, would we do the firewall rules for the containers the same way that we do them for the Linux servers that are jumpoints?I have a feeling there are other items that I am totally missing, but I figured this is a good start. If you know of documentation you can point me to I am more than happy to start reading and testing things out. 

Hi all Does anyone has the same issue with Jump Policies set directly on Jump Items not having an effect.In general, we set the Jump Policy on Jump Groups via a Group Policy so each Jump Item within that Jump Group gets the same Jump Policy. There is the ability to set a Jump Policy directly on the Jump Item which should take effect for this single Jump Item and overrite the Jump Policy assigned by the Group Policy. It looks like in the version 25.1.4, 25.2.1 and 25.2.2 this does not work anymore. Has anyone else the same issue?

The following articles were published last week. New Knowledge Base Articles: KB0021693 - Jump Client screen share graphic issue (artifacting) when no monitor is connected to the machine (headless) - Not refreshing screen KB0021780 - SEC_ERROR_EXPIRED_CERTIFICATE error when accessing appliance through Firefox browser KB0021808 - Vault interface not pulling in Password Safe connected credentials through ECM integration when executing SQL Tunnel in Privileged Remote Access KB0022133 - Unable to create new Jump Client. Error - The total number of deployable Jump Clients for this site has been reached KB0022784 - Privileged Remote Access and Remote Support 25.2 operating system certification matrix KB0022958 - Multiple warnings appear during Jump Client installation on Linux machines "Failed to start transient service unit" KB0022961 - PRA Password Safe connection error "Error validating connection inf

We are looking for new ways to upgrade our BTRS environment due to after every update we face new issues we like to avoid. This time due to our deployment through Microsoft Intune we had several file detections in place which all have been made obsolete due to drastic changes in the install behaviour of the Jump Client into new directory and other file changes inside, causing an automated reinstallation of the jump client duplicating and consuming more licenses until of course we run out of licenses. In the past we always did uninstall and install where we also had auto update on causing extreme license consumptions which we try to avoid. If the application is still properly detected even updated or not, it will not trigger a new install and does not duplicate a license, in 1 case I even found a device consuming 29 licenses because it kept trying to install and not detected retriggering the install. The last time we did not use so called Intune supersedence and tried to stay within the

I am experiencing an issue with the Bring Your Own Tool (BYOT) option when attempting to open a Remote RDP session using an external tool. For some endpoints, the session initiates but terminates within 1-2 seconds. This behavior is inconsistent, as it works fine for other endpoints. Based on the link below, we have upgraded our appliance to 25.1.4 but this did not resolve.https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0022851Any assistance would be appreciated.

The following articles were published last week. New Knowledge Base Articles: KB0021345 - RS or PRA SAML errors "Authentication failed " "NameID format does not match the recommended settings of the service provider" KB0022838 - How to extend the expiration date of vendor users KB0022953 - Upgrade for Linux Jumpoints fails - unresolved library dependencies - missing libraries KB0022960 - Vulnerability report for RS or PRA returns misconfigured CORS policy KB0022963 - What version of PRA supports the Password Safe connection for Vault discoveries?

Hi everyone,we’re currently running BeyondTrust PRA 25.1.x and are looking for a way to delegate vendor management tasks to an internal operations team.We have several vendors in PRA, and we’d like to have an internal team that’s responsible for managing a subset of them. Ideally, this internal team should be able to: Create and delete vendor user accounts Extend or reactivate expired vendor accounts Send password reset emails to vendor users Basically, they should act as vendor administrators for specific vendor groups — but without being full PRA admins.We’ve looked through the admin console and documentation, but it seems there’s currently no privilege or role that grants “vendor admin” rights — i.e., no way to delegate vendor user management without also granting global admin access.Questions: Is there any supported method to delegate vendor user management (create / extend / reset) to internal users without giving them full administrative rights? Has anyone implemented somet

The following articles were published last week. New Knowledge Base Articles: KB0022143 - Jumpoint install fails on some Ubuntu distributions. Error GLIBCXX_3.4.30' not found KB0022428 - RDP Jumps failing when using xRDP or FreeRDP "Unknown connection error. 2001C" KB0022944 - Does BeyondTrust need to be involved with updating or upgrading RS or PRA Cloud Appliances?

The following articles were published last week. New Knowledge Base Articles: KB0022232 - Unable to re-establish failover. Error - The remote appliance blocked the request KB0022851 - External RDP tool for Windows 11 disconnecting when "Open remote RDP sessions with an external tool" is checked KB0022922 - How to configure SMTP via Oauth2 for Office 365 mail in Entra ID KB0022923 - Jump Items exceeding 50 not updating for associated Vault account when deleted KB0022926 - Unable to see external tool feature settings in Access Console. "No additional external tools are available."

I’m wondering if anyone has found a way to use a Kubernetes Cluster Tunnel effectively within BeyondTrust PRA, as documented here: https://docs.beyondtrust.com/pra/docs/jump-shortcuts#create-a-kubernetes-cluster-tunnelPrimarily what I’m curious about is how to use the temporarily generated KubeConfig and actually authenticate to a cluster? The KubeConfig that is generated doesn’t appear to do credential injection from PRA, nor can I utilize Azure CLI to get credentials for my AKS cluster injected. It seems like it would be a very poor user experience to have to have locally stored cluster credentials which must be added to the generated KubeConfig every time a connection is made. In addition, this is completely divergent from the patterns of PRA and Remote RDP where a user doesn’t have access to privileged credentials at all (due to credential injection). I have searched through documentation and opened a support ticket without getting any real answers, so I thought I’d reach out to th

Hi team,I’ve deployed a Jump Client installer with the "Maximum Offline Minutes Before Deletion" parameter set to zero, specifically to prevent the clients from being removed due to offline status. However, I’m seeing three systems currently marked as "Pending Removal" in the console.These systems have been offline since deployment, and I haven’t manually marked them for deletion. Could this be related to appliance updates, license limits, or some backend policy?Is there a way to cancel the pending removal status without reinstalling the Jump Client?Thanks in advance for your support! 

The following articles were published last week. New Knowledge Base Articles: KB0021556 - Missing command shell tab KB0021561 - How to enable virtual smart card logging KB0022292 - How to add or modify a tag and create or update nested sub-groups for Jump Items KB0022560 - All fields greyed out when creating a new remote jump shortcut or using the Jump to option KB0022855 - How to create a new vendor in PRA KB0022858 - Croatian (HRV) keyboard "@" symbol not working on Windows login screen for PRA KB0022870 - Access Console SQL Jump error: "Unable to find suitable datasource client" KB0022888 - After upgrade, RS and PRA triggering security warnings regarding Content-Security-Policy headers KB0022893 - Unable to remove other users from session as an Administrator KB0022897 - Does Vault support AWS secrets?

Hi, how are you?We're having trouble registering discovery for the AWS domain. Is there AWS support for Vault Discovery or only Microsoft? If so, what guidance or documentation is available, please provide.  

Hi,Could anyone explain how the Advanced Web Access feature in BeyondTrust PRA actually works?Additionally, what are the practical and technical differences between using Advanced Web Access and a traditional WebJump item for accessing web consoles or administration portals? 

I'm looking to see if I'm correct in how to read the Active Client licenses.When I look in our BTRS consol dasbhoard we see the amount of Client Agents purchased under: Total Active Jump Clients AllowedLet's say this amount is 20000 licenses.Now when I scroll down in this same page, I see a usage under: Remote Support Active Jump ClientLet's say this amount is 4500 licenses.When I navigate to the BeyondTrust Representative Consol I see at the bottom: 18000 Jump clients Total / 4500 online / 13500 offline.Would this mean I have only 2000 licenses left to use out of 20000, or do we have 15500 licenses left to use, ignoring how many installations we have, meaning for all we know, we can have 50000 Jump clients total installed, but we should never exceed 20000 online.

The following articles were published last week. New Knowledge Base Articles: KB0021581 - How to capture ACH logs for Remote Support and Privileged Remote Access KB0021589 - Restart options missing in Remote Support or Privileged Remote Access KB0022274 - Cannot jump to certain computers. Location for endpoints leverages a Jumpoint Proxy. Error - The operation timed out KB0022845 - Unable to connect to a Jump Item with "MFA required" Jump Policy applied. Error "authentication failure" KB0022846 - Unable to connect to MySQL database. Error "#42000: Unsupported plugin offered from server" KB0022848 - Can NTLMv2 be turned off for RS or PRA? KB0022853 - Is it possible for RS or PRA users to see credentials injected to a remote session from Password Safe? KB0022861 - Desktop Console keeps crashing KB0022868 - Loss of mouse control and black dot on remote sessions after upgrade to

I’ve noticed a couple annoying issues since updating PRA from 25.1.1 to 25.1.2. We only exclusively use Jump Clients to Windows Servers and Clients through the console, and here’s what I’ve noticed:During the connection process after logging into Windows, if you switch focus to a different tab/connection and then come back, the jump client will have connected, but you will not have mouse control. You can use keyboard control or use any of the quick commands from the Console, but in order to get mouse control back, you must fully disconnect and reconnect back into the jump client, ensuring you don’t switch focus to a different server. This one is pretty consistent and can be reproduced almost every time. This one is a little more random and doesn’t always happen, but I’ve noticed it happening often now since the PRA update. In order to launch applications in Windows, I have the habit and clicking the Windows Start key and immediately start typing the product/application I need to launch

The following articles were published last week. New Knowledge Base Articles: KB0021414 - Sign-in loops and shows an unexpected error occurred with SAML authentication due to UPN mismatch KB0022784 - Privileged Remote Access and Remote Support 25.2 operating system certification matrix KB0022822 - Newly deployed Jump Clients show disconnected KB0022824 - Unable to Jump to VNC Resource. "No security types supported." KB0022838 - How to extend the expiration date of vendor users KB0022844 - Why do some jump items continue to show an online status when the machine is switched off? KB0022859 - How does Network Tunnel Service work during PRA updates?

The following articles were published last week. New Knowledge Base Articles: KB0022808 - Jump Client Direct Download link does not work. Incorrectly prompts for Pathfinder authentication KB0022811 - How to run the session policy to simulator to check for permission issues KB0022815 - SAML IdP cloud groups showing as GUID's under Group Policies in Pathfinder KB0022820 - Vendor user cannot register recieves error: Email address from this domain is not allowed KB0022828 - What is the 'Verified Administrator' for RS or PRA? Can it be changed or updated?