Skip to main content

General

A general place for Privileged Remote Access conversations.

  • 113 Topics
  • 273 Replies
113 Topics
B
Community Manager
BeyondTrust CommunicationsCommunity Manager
published in General
Monthly Buzz - April - Privileged Remote Access

Looking to automatically backup your PRA / RS appliance on a schedule?BeyondTrust's Integration Client can help facilitate this (free of charge!). The BeyondTrust Integration Client is used to transfer session logs and recordings from the BeyondTrust Appliance B Series to an external system. Two external systems are currently supported: Microsoft SQL Server and Windows-based file systems. The BeyondTrust Integration Client supports plugins for these systems. A plugin defines the transfer details, such as the destination directory/file name or database to use. Plugin details and the standard SQL Server Schema are defined in this guide. Latest Available Version: PRA 25.1.1– April 2025 Beekeepers Hot Topics PRA Deployment Questions“Appreciate your feedback on the below queries. For PRA Cloud what is the communication matrix (firewall ports) that needs to be allowed for Jump Points, Jump clients and PRA to work smoothly?   For PRA Jump Points, what is the recommended hardware sizing (CPU

290
B
Community Manager
Sean Cashin
BeyondTrust Employee
Sean CashinBeyondTrust Employee
published in General
BeyondTrust Remote Support SaaS Service Security Investigation

As a result of our investigation into the Remote Support SaaS Security Incident detailed in our Security Advisory (link below), we have proactively completed an update for our Secure Remote Access (Remote Support and Privilege Remote Access) Cloud customers, fortifying the security of their solution overall. More information can be found as it becomes available via the Security Advisory on our website found here. Please note that we have updated the security investigation as of 28-Jan-25, 5:45 PM Eastern Time. Please follow the link for additional details.

5725
Sean Cashin
BeyondTrust Employee
J
BeyondTrust Employee
Johnli AzucenaBeyondTrust Employee
posted in General
Privileged Remote Access: Group Policies Interactive Workshop

Hop on and join our interactive workshop, where you can gain hands-on experience and handle different use case scenarios. Title: Privileged Remote Access: Group Policies Interactive WorkshopDate: 29 April 2025 Time: 9 am Eastern and 2 pm UK and 9 pm SGTDuration: 90 minutes  Workshop AimThis interactive workshop enables participants to learn the aim and process of configuring Group Policies in Privileged Remote Access. There will be an opportunity to collaborate and study a Use Case to configure a Group Policy within a virtual test environment.  Learning Objective:Learn how to create and configure Group Policies in Privileged Remote Access according to best practices. In this session we will cover:Why would you use Group Policies?     How do users get assigned?     What does Group Policy control?     Best practice guidance     Defined and Final Settings Click here to enroll!For more information on workshops or to make suggestions, please navigate here.

542
Levi
BeyondTrust Employee
R
rrueschjjApprentice
asked in General
SRA Web Jumps and non standard ports

Many times sites will use a unique port other than the standard 443 and 80. Is there a way to utilize web jumps with non standard ports? Sites are SSL enabled. Example: https://site.com:12345/login

313
R
P
PurushothamApprentice
asked in General
Remoteshell failed (error code-2rs) in PRA console

For one of the end user is not able to access Linux machine and getting below error, tried uninstalled & Installed Desktop access but getting same error however it is working in Web console able to access the server.Could someone please assist to fix the issue?

1032
R
T
timbrigham-ocNewcomer
asked in General
Netbios name when connecting via PRA not available?

Can the netbios name be made available for PRA and Password Safe, not just the domain name? domainname\username doesn’t work on all applications; some legacy platforms it has to be the netbios name. 

40
T
C
Carlos MendonçaRising Star
asked in General
Privileged Remote Access

Hello,Please, has anyone faced or is going through this? At first, it works normally on the local server, but not on the PRA application. It is impacting a lot to continue with visibility. The screen goes white when loading.  

303
C
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in General
Privileged Remote Access - Knowledge Article Publications (May 5 - May 12)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022284 - Linux Jumpoint installation error - Failed at step EXEC spawning /home/beyondtrust/jumpoint/init-script: Permission denied KB0022322 - Can RS or PRA failover be configured so a specific appliance automatically reclaims the primary role once it comes back online? KB0022323 - Unable to remove users from a Jump Group KB0022325 - Protocol Tunnel Jump unavailable after upgrade. TCP is greyed out KB0022345 - Where is the download license usage report? KB0022348 - Unable to override Jump Policy. Error - The Jump Policy's schedule does not permit a session to start at this time KB0022353 - Why can some accounts view password history and others cannot? KB0022366 - How many concurrent sessions does a Jump Client Support? KB0022374 - Do session recordings have audio? KB0022375 - Can ses

90
GloriaB
BeyondTrust Employee
Prudhvi Keertipati
Prudhvi KeertipatiVeteran
asked in General
PRA - AD Group Synchronization (Pre-Provisioning)

Hi All,In PRA, we have a SAML security provider configured for user authentication and provisioning. User will only be provisioned when they first-time logged in.Is there anyway we can pre-provision the users by LDAP/AD Group synchronization similar functionality as Password Safe (without using SCIM). Thanks, 

10014
Prudhvi Keertipati
L
lineVeteran
asked in General
Integrate SQL management studio with credential injection on PRA

Jump SQL management studio with credential injection on PRA

1756
L
A
AndyHTrailblazer
asked in General
Incorrect Timestamp on Failover Sync

Hello,I’ve encountered an unusual issue with the failover backup instance. Under the "Sync Now" section, the timestamp for the last data sync displays as:"The last data-sync was successfully pulled at 01/01/1970 12:00:00 AM."Has anyone seen this behavior before? Could you please advise on how to resolve it?Thank you. 

423
MikeK
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in General
Privileged Remote Access - Knowledge Article Publications (Apr 28 - May 5)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022237 - After upgrading to 25.1.1, cannot send emails after upgrade. Error - Test email failed. SMTP authentication error [535] KB0022243 - Privileged Remote Access report types and how to create them KB0022246 - Missing Login Prompt on Headless Linux System with Jump Client KB0022250 - Canned scripts option missing for macOS remote sessions KB0022251 - Vault account fails to check in post-use, becomes unusable KB0022254 - Upload Update option removed in Remote Support and Privileged Remote Access Cloud 25.1.1 KB0022255 - Issue opening sra-pin.exe - The application could not be started 0x0000364 KB0022262 - File transfer not working for macOS remote session KB0022264 - How to turn PID logging on and off for RS and PRA on Mac or Linux systems KB0022265 - How many characters can the pa

80
GloriaB
BeyondTrust Employee
H
HamzaTrailblazer
asked in General
PRA External Invite

I have multiple questions regarding PRA External invite feature if anyone has used it.is the invite is only for the session the user has created for or external user can also view other session in the console once joined through invite? once external user joins the session , can he will be able to see even if the I minimize the console for some other work ?

191
MikeK
A
AndyHTrailblazer
asked in General
PRA failover: Is there a way to automatically have the first appliance reclaim the primary role once it comes back online?

Hello,I am currently testing our PRA failover setup, which uses the DNS Swing method.Configuration:Setting Primary site setting Backup site setting Enable Backup Operations off on Auto data-sync interval 5 minutes 5 minutes Bandwidth limiting unlimited  unlimited Enable Automatic Failover on on Primary site instance timeout 5 minutes 5 minutes Below are the test steps and observations:Test Steps:1. Both appliances synchronized successfully.2. Shut down the primary appliance.3. The load balancer automatically updated the DNS to point to the secondary appliance.4. After a few minutes, the secondary appliance became the primary.5. Powered the first appliance back on.6. The load balancer automatically updated the DNS back to the first appliance.7. However, after waiting for 10 minutes, the primary role remained with the second appliance.Question:Is there a way to automatically have the first appliance reclaim the primary role once it comes back online?Thank yo

542
A
B
bt101Veteran
asked in General
app parameters for PRA - BT Desktop Agent based app launch and cred injection

Hello! is there any documentation that includes example parameters/strings that should be used while launching apps using PRA BT desktop agent. Admin guide has details of configuration options but nothing further e.g. example strings. I am able to connect to RDP using first set of  credentials , at one time was able to launch web browser but later started seeing error in chat windows that says file name/path could not be found. 

1121
GloriaB
BeyondTrust Employee
A
ArnoApprentice
asked in General
Enhance performance for PRA

Hi Community,Is there any experience that latency times increase as longer as a PRA appliance runs?Subjectively, we have the impression that the PRA connection is getting slower, even within the sessions.Are there ways of measuring this objectively?What can be done to improve it? More RAM in the jump points or something similar? RegardsArno

674
I
H
HamzaTrailblazer
asked in General
PRA Multiple approvers

Can there be multiple approvers in PRA to approve jump session?if yes, how it works, any one to approve or all must approve?

242
Kenny Lyman
BeyondTrust Employee
Prudhvi Keertipati
Prudhvi KeertipatiVeteran
asked in General
PRA Access Console - Connection Issue

Hi Team,We have a PRA Cloud tenant deployed and there are NO network restrictions setup on /login console. From US, we are able to access the Access Console, but our users from India team are unable to access and getting below error. They can access /login console but not Access Console. Are there any logs that I can verify or what might be the cause?Thanks,Prudhvi

2245
Prudhvi Keertipati
T
tsipesNewcomer
asked in General
Accessing SRA API

This may have been asked already.  I have been working in the APIs for PWS with no issue.  Moving over to SRA, I cannot get the connection to work.  Tells me it is not allowed.  I have the account and API client/secret encoded.  I am using Powershell and tried it with/without the -Method POST option.  My code is $AuthKey = "Basic MyBase64Key"$AuthURI = "https://OURSITE.beyondtrustcloud.com/oauth2/token"$headers = @{ Authorization=$AuthKey}$Response = Invoke-RestMethod -URI $AuthURI -Header $headersWhat in the name of the sake of sanity am I missing?  Once I get this I know the rest falls into place. TIA

221
P
BeyondTrust Employee
A
AndyHTrailblazer
asked in General
Questions Regarding PRA Failover Implementation

Hello,I am currently implementing PRA failover using the guide available at BeyondTrust PRA Failover Documentation, and I have a few questions that I hope you can help with: I’ve attached our network diagram. Based on the failover guide, it seems that the only applicable method for our setup is DNS Swing. This is because the two appliances are located in separate data centers with different IP schemas, making the Shared IP method unfeasible. Additionally, since the data centers have different public IP addresses, NAT Swing would not work either. Could you please confirm if my understanding is correct? Regarding DNS Swing: When the primary PRA fails, do I need to manually log in to the DNS server and update the domain name to point to the backup PRA's public IP address? Do I also need to log in to the backup PRA to change its role to primary, and conversely, log in to the original primary PRA (once recovered) to switch its role to backup? The guide mentions the following no

323
T
BeyondTrust Employee
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in General
Privileged Remote Access - Knowledge Article Publications (Apr 14 - Apr 21)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0022212 - Unable to copy and paste from the Web Console KB0022228 - User cannot see credentials for injection Returning 0 credentials - Password Safe integration is not working.

70
GloriaB
BeyondTrust Employee
R
Rohit NikamApprentice
asked in General
Issue with BYOT Option – Remote RDP Sessions Terminating

Hello,I am experiencing an issue with the Bring Your Own Tool (BYOT) option when attempting to open a Remote RDP session using an external tool. For some endpoints, the session initiates but terminates within 1-2 seconds. This behavior is inconsistent, as it works fine for other endpoints.Could you please assist in identifying the cause of this issue and suggest a resolution?

1866
I
M
mjhallVeteran
asked in General
Updating the Jump Client

Is there a command line we can run on machines to prompt them to update the jump client? i.e.: Simulate right clicking on a jump client in the representative console and clicking update?  We just updated our site software, and I am wondering about the best way to slowly rollout the jump client updates. Generally, the process we take would be updating the IT department, the business pilot, then start staging it out to production. We deploy our jump client via the generic .msi install. There are a couple methods that I can think of, but each has their downsides. Selecting jump items through the console and clicking “Update”. Downsides: This would take forever to manually do for a few hundred pilot machines Deploying via the Jump Client Auto Update settings. Downsides: No control over who gets the updates Deploying via the .msi installer. Downsides: You must uninstall the old version, then install the new version (This resets all of the audit history for that jump client instance ID)What

6594
T
GloriaB
BeyondTrust Employee
GloriaBBeyondTrust Employee
published in General
Privileged Remote Access - Knowledge Article Publications (Apr 7 - Apr 14)Weekly KB Publications

The following articles were published last week. New Knowledge Base Articles: KB0021931 - How to create a team in Privileged Remote Access KB0022170 - Untrusted certificate warnings when using an RDP jump item KB0022174 - Best practices for Remote Support and Privileged Remote Access KB0022194 - How to create a registered app for Remote Support and Privileged Remote Access Vault KB0022195 - Error: This account has expired when trying to log into the administrative interface

130
GloriaB
BeyondTrust Employee
A
AndyHTrailblazer
asked in General
Document not found error when browsing /login

I tried to access my PRA /login page but got “Document not found” error. I followed https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&table=kb_knowledge&sys_kb_id=1d533ad2471ce290b77b3ddbd36d43d9&searchTerm=document%20not%20found but it doesn’t help.I still couldn't see any sites in the default site drop down list. Please help. thanks, 

1115
P
BeyondTrust Employee

Badge Earners

  • BCIE: Password Safe
    Shaikhas earned the badge BCIE: Password Safe
  • BCA: Privileged Remote Access
    JeremyGhas earned the badge BCA: Privileged Remote Access
  • BCIE: Password Safe
    Zubairhas earned the badge BCIE: Password Safe
  • BCA: Password Safe
    moliveirahas earned the badge BCA: Password Safe
  • BCSE: Identity Security Insights
    Jwarlandhas earned the badge BCSE: Identity Security Insights
Show all badges
Terms & ConditionsCookie settings