General

Hi All,I have got the PWS to PRA connection working, I can see my managed test account in PRA but when I try and use the cred store to connect, I get the following error. (Could not find a schedule to use with this release request)I have followed the guide (BeyondInsight / Password Safe - Unable to pull Password Safe Credential via ECM. Error: "Could not find a schedule to use with release request".)Any ideas where I can start to look? log? or have I missed something simple?

we have 2 PRA appliance in cluster.  The primary appliance was initially deployed as stand alone in 2020 and only in 2022 ,the second appliance was deployed. So, in secondary appliance, we can see the data encryption is already enabled but in Primary , this is not enabled and says we need to free up space. we needed a confirmation, if we fail over to current secondary, will we face issue in this scenario with one appliance data encrypted and other not?  Also, in the documents and in KB, it says secret store is required to be added but since in secondary its already enabled without external secret store, we can assume the encryption keys are stored locally? since only AWS is supported for external secret store, we are unable to add external secret store.  

The following articles were published last week. New Knowledge Base Articles: KB0023138 - Vault Password Safe discovery stuck in running status KB0023183 - Can TLS 1.0 and 1.1 be disabled on the SRA appliance?

All our workstations are managed through Intune in User Mode, which means that there are no Admin rights on the workstations by default as part of our security hardening. Applications to be installed is dictated through the Company Portal. However we do have some apps that are very difficult to package for Company Portal deployment and BTRS is then the route to go through and through the session the engineer has the ability to elevate command prompt/powershell prompt to install the particular application. Also for admin elevated tasks, BTRS is the lifeline. Of course we do detect left and right that engineers “abuse” the rights and install apps without proper approval which in turn could be a security risk. Is there an “easy” way through any of the reports (haven't found any so far) to see who did elevation of command prompts/powershell prompts which can then be evaluated if it was correct use or abuse.  

Has anyone else experienced issues with Windows Search or indexing not functioning properly following the latest patch? We've observed that removing the PAM agent seems to restore search and indexing functionality.Has anyone else seen similar behavior or found a workaround?

Hello!We are using PRA Jump Client to rotate local account password on a workstation.  Is there a way to update it in auto-logon configuration . Preferably by running sysinternals auto-logon via a batch script. I think we can update the password in a service (log-on user) using PRA vault but not auto-logon .Is there a way to pass this vaulted password to a script via Endpoint automation ?

The following articles were published last week. New Knowledge Base Articles: KB0022012 - Unable to RDP Jump when using diacritics with Linux Jumpoint - Authentication failed error KB0022037 - Web Jump no longer working with new VMWare versions when using "Enhanced Authentication Plugin" (EAP) KB0022125 - Is Remote Support and Privileged Remote Access Affected by CVE

Hello!We are running version 24.3.4 and have observed multiple Jump Clients going offline intermittently. Upon investigation, most affected clients show that the service has stopped.We’ve been using PRA for several years and have performed multiple upgrades from 20.x versions. This issue started appearing after the last 1–2 upgrades. Based on the support KBs, our current version does not appear to be impacted by any documented known issue.I’ve opened a support ticket and will provide logs, but the behavior is random and difficult to predict when it will occur again.Other users seem to have reported similar issues, and a scheduled service restart is suggested as a workaround. However, this approach is not scalable for us since we manage thousands of endpoints and have 24/7 user activity, which could negatively impact user experience. I also noticed recommendations to restart the site software. Fresh re-install will

Good morning.I'm trying to inject the credentials of a Linux system into a domain that's password safe, but it connects using PRA.In PRA, when I inject the credentials, it does so without the domain.If I manually enter the username, domain, and credentials, it connects.I'd like to know how to inject the username with the full domain.Regards.

The following articles were published last week. New Knowledge Base Articles: KB0022643 - Jump client add button is missing for administrators KB0023153 - Unable to create Jump Client using Pathfinder "Internal authorization error deploying to specified group: The user is not allowed to use Jump Item's public portal."

I would to like to know the any limitation for copying file from  local to remote by using shell jumpafter updating the PRA 25.2.3 users are unable to copy the file from local to remote by using shell jump but vise versa it is possible.if file size is less than 32 kb its copying fine but it its bigger then its corrupted to 32kbI am using  Copy paste only.

Hello,we just started with PRA and Vendors, and i wanted to add a new vendor group. When i want to choose the according group policy, i cannot pick the one i want ( it does not appear in the drop down menu). And there is that warning that states:Group Policies that grant administrative permissions are not available for Vendors.What is regarded a administrative permission? How can i find out what to change?Best regards,Sven

PRA requires a user to login a first time in order to be available in PRA for example to assign vault accounts.Unfortunately this is causing problems with new employees which are onboarded into PRA.Unless they have never logged in, administrators cannot assign personal vault accounts. If the user logs in, and does not see his/her vault account, they create tickets. This is a very large customer and it is difficult to orchestrate / communicate such a process and they would like to automatically provision new users (from AD). How do other customers provision users up-front and define vault accounts, etc. and not depend on a user’s first login?  

Jump SQL management studio with credential injection on PRA

I have multiple Database admins I need to give access to our database for. We have no resources for PAW or Internal Admin machines. Is it the purpose of Beyondtrust SQL server tunnels to be ran on BYOD device and have them tunnel SQL Studio traffic to my on prem SQL server? Has anyone done this? I believe I have the tunnel up. How do you use Management studio? My “Open datasource Client” is grayed out. How do the credentials work? Do the credentials I use for the tunnel work for everyone using the tunnel? Or do I need to create one tunnel per person? 

The following articles were published last week. New Knowledge Base Articles: KB0022556 - Linux Debian 11 Jumpoint down after update - error while loading shared libraries KB0022857 - Representatives cannot see Remote RDP jump assigned to them KB0022870 - SQL Server Tunnel fails - Access Console SQL Jump error: "Unable to find suitable datasource client"

The following articles were published last week. New Knowledge Base Articles: KB0023016 - What is Session Forensics? KB0023084 - Unable to Jump to the unattended machine. Error "failed to lock session singleton... exiting" KB0023094 - Users can see other team reports despite "View their teams' sessions" policy being set

Hi Team,We’ve a use case as mentioned below:a user initiated a web jump from BT PRA to vSphere portal and was logged in successfully. Within the vSphere portal, user selects a VM wherein vSphere gives 2 types of logins- 1.Remote & 2.Web Console. User selects web console access which then launches a new tab within the Jump Item requiring password to be entered again. The key option is disabled and looking for suggestions to enable it.  

The following articles were published last week. New Knowledge Base Articles: KB0023090 - What does Patch HELP-11956 do? KB0023092 - Unable to deploy Jump Clients through Zone Proxies error "HTTP: Failed response code: 403" KB0023098 - Can OpenID Connect be used for authenticating Jump Items in a session?

Hello, the company have started to use a OpenID Connect as a auth source on several JumpItems.I saw that per 25.2.1 version of PRA there is support for OpenID Connect as a security provider but that is for logging into the PRA? or can it be used to successfully login to a target system while using LDAPS as a security provider to login to the PRA?  

The following articles were published last week. New Knowledge Base Articles: KB0021820 - How to restrict access to /appliance KB0022976 - Jump Client features do not work as expected when laptop lid is closed KB0023006 - Unable to install Jump Client on 64-bit Raspberry PI OS. Error "Setup failed: the binary will not execute"

The following articles were published last week. New Knowledge Base Articles: KB0021737 - How to use group policies and session policies to apply permissions in Secure Remote Access KB0021943 - Not able to login with LDAPS Security Provider - Failed to test the provider KB0022085 - How to disable session recordings for specific Jump Policies or for all users

Hello we are on PRA 24.3.4. I see that now we cannot install multiple jump clients on same machine. We have a use case where users have multiple computers (laptop\workstations) and use PRA to connect to those. For provisioning, we had made the Personal jump client option available per user and they were instructed to download client under their PRA login and install on their machine. Same machine has second instance of client which is pushed via SCCM. This is for IT support use case. Now that the multiple installations are not working , we need to find a way to copy existing jump client when a new user requests this type of access. We already have large number of computers and groups which are handled by API , trying to figure out a way to copy existing client when new users gets access to personal Jump item. Anyone else faced similar challenge any suggestions

In AWS, we created a Global Accelerator service and associated the Windows machines used by the Risk-Team with this accelerator service.Then, the Risk Team will access the Windows machine using the IP provided by the acceleration service.In terms of user experience, it is much smoother than directly connecting to a Windows machine, and it is convenient to operate on a Windows machine.However, after connecting to the Windows machine via PRA-Console, the fluidity decreases, operations become sluggish, which is not conducive to data processing actions. So, I would like to know if PRA has its own built-in acceleration service. Or, can I configure AWS Global Accelerator for PRA? T