General

The following articles were published last week. New Knowledge Base Articles: KB0023016 - What is Session Forensics? KB0023084 - Unable to Jump to the unattended machine. Error "failed to lock session singleton... exiting" KB0023094 - Users can see other team reports despite "View their teams' sessions" policy being set

Hi Team,We’ve a use case as mentioned below:a user initiated a web jump from BT PRA to vSphere portal and was logged in successfully. Within the vSphere portal, user selects a VM wherein vSphere gives 2 types of logins- 1.Remote & 2.Web Console. User selects web console access which then launches a new tab within the Jump Item requiring password to be entered again. The key option is disabled and looking for suggestions to enable it.  

The following articles were published last week. New Knowledge Base Articles: KB0023090 - What does Patch HELP-11956 do? KB0023092 - Unable to deploy Jump Clients through Zone Proxies error "HTTP: Failed response code: 403" KB0023098 - Can OpenID Connect be used for authenticating Jump Items in a session?

Has anyone else experienced issues with Windows Search or indexing not functioning properly following the latest patch? We've observed that removing the PAM agent seems to restore search and indexing functionality.Has anyone else seen similar behavior or found a workaround?

Hello, the company have started to use a OpenID Connect as a auth source on several JumpItems.I saw that per 25.2.1 version of PRA there is support for OpenID Connect as a security provider but that is for logging into the PRA? or can it be used to successfully login to a target system while using LDAPS as a security provider to login to the PRA?  

The following articles were published last week. New Knowledge Base Articles: KB0021820 - How to restrict access to /appliance KB0022976 - Jump Client features do not work as expected when laptop lid is closed KB0023006 - Unable to install Jump Client on 64-bit Raspberry PI OS. Error "Setup failed: the binary will not execute"

The following articles were published last week. New Knowledge Base Articles: KB0021737 - How to use group policies and session policies to apply permissions in Secure Remote Access KB0021943 - Not able to login with LDAPS Security Provider - Failed to test the provider KB0022085 - How to disable session recordings for specific Jump Policies or for all users

Hello we are on PRA 24.3.4. I see that now we cannot install multiple jump clients on same machine. We have a use case where users have multiple computers (laptop\workstations) and use PRA to connect to those. For provisioning, we had made the Personal jump client option available per user and they were instructed to download client under their PRA login and install on their machine. Same machine has second instance of client which is pushed via SCCM. This is for IT support use case. Now that the multiple installations are not working , we need to find a way to copy existing jump client when a new user requests this type of access. We already have large number of computers and groups which are handled by API , trying to figure out a way to copy existing client when new users gets access to personal Jump item. Anyone else faced similar challenge any suggestions

In AWS, we created a Global Accelerator service and associated the Windows machines used by the Risk-Team with this accelerator service.Then, the Risk Team will access the Windows machine using the IP provided by the acceleration service.In terms of user experience, it is much smoother than directly connecting to a Windows machine, and it is convenient to operate on a Windows machine.However, after connecting to the Windows machine via PRA-Console, the fluidity decreases, operations become sluggish, which is not conducive to data processing actions. So, I would like to know if PRA has its own built-in acceleration service. Or, can I configure AWS Global Accelerator for PRA? T

Hi All,In PRA, we have a SAML security provider configured for user authentication and provisioning. User will only be provisioned when they first-time logged in.Is there anyway we can pre-provision the users by LDAP/AD Group synchronization similar functionality as Password Safe (without using SCIM). Thanks, 

We recently encountered a recurring issue impacting the accessibility of Jumpoints, which we have traced back to behaviors described in KB0021363. The root of the problem appears to be interference between the old and new network management features, particularly when IP assignments are modified either through binding on virtual machines' NICs or via IP changes on bare metal systems.ObservationsWhen these changes occur, the resulting network configuration across the multiple management interfaces becomes inconsistent. This inconsistency causes the Jumpoint to: Attempt to resolve to its own address, Become entirely unresolvable, or Exhibit packet fragmentation or corruption during analysis. Network inspection tools and bomgar logs show erratic behavior. Logs typically reveal incomplete packets or generalized packet errors, but offer no definitive indicators as to the root cause. The symptoms include:

The following articles were published last week. New Knowledge Base Articles: KB0022853 - Is it possible for RS or PRA users to see credentials injected to a remote session from Password Safe? KB0023031 - Can a Jump Client use daisy-chained Jumpoints as a proxy?

Hi We have proxy enabled for external applications in jump point, the web jump is not working when proxy set manually in the system or when PAC is used. Any way to get this working? or is it a bug? is it in road map?

The following articles were published last week. New Knowledge Base Articles: KB0022962 - How to create a Remote RDP Jump Shortcut in Privileged Remote Access KB0022994 - Approving vendor registration fails "forbidden" KB0023001 - Let's Encrypt certificate shows expired. Clicked Force Renew button but it does not work.

This might be a bit too big of a question for this forum. However, I am not sure where to start. We are still somewhat new to PRA. I am wanting to start using Docker containers for our jumpoints instead of putting them on Linux instances. First, where do I go to download the container image? I heard that there is a stock image that we would use and then just input the key to start the connection to our system. Second, can we put the container in a service like AWS container service or Azure container service? Third, and this will show my very beginner level of experience with containers, would we do the firewall rules for the containers the same way that we do them for the Linux servers that are jumpoints?I have a feeling there are other items that I am totally missing, but I figured this is a good start. If you know of documentation you can point me to I am more than happy to start reading and testing things out. 

Hi all Does anyone has the same issue with Jump Policies set directly on Jump Items not having an effect.In general, we set the Jump Policy on Jump Groups via a Group Policy so each Jump Item within that Jump Group gets the same Jump Policy. There is the ability to set a Jump Policy directly on the Jump Item which should take effect for this single Jump Item and overrite the Jump Policy assigned by the Group Policy. It looks like in the version 25.1.4, 25.2.1 and 25.2.2 this does not work anymore. Has anyone else the same issue?

The following articles were published last week. New Knowledge Base Articles: KB0021693 - Jump Client screen share graphic issue (artifacting) when no monitor is connected to the machine (headless) - Not refreshing screen KB0021780 - SEC_ERROR_EXPIRED_CERTIFICATE error when accessing appliance through Firefox browser KB0021808 - Vault interface not pulling in Passwor

We are looking for new ways to upgrade our BTRS environment due to after every update we face new issues we like to avoid. This time due to our deployment through Microsoft Intune we had several file detections in place which all have been made obsolete due to drastic changes in the install behaviour of the Jump Client into new directory and other file changes inside, causing an automated reinstallation of the jump client duplicating and consuming more licenses until of course we run out of licenses. In the past we always did uninstall and install where we also had auto update on causing extreme license consumptions which we try to avoid. If the application is still properly detected even updated or not, it will not trigger a new install and does not duplicate a license, in 1 case I even found a device consuming 29 licenses because it kept trying to install and not detected retriggering the install. The last time we did not use so called Intune supersedence and tried to stay

I am experiencing an issue with the Bring Your Own Tool (BYOT) option when attempting to open a Remote RDP session using an external tool. For some endpoints, the session initiates but terminates within 1-2 seconds. This behavior is inconsistent, as it works fine for other endpoints. Based on the link below, we have upgraded our appliance to 25.1.4 but this did not resolve.https://beyondtrustcorp.service-now.com/csm?id=kb_article_view&sysparm_article=KB0022851Any assistance would be appreciated.

The following articles were published last week. New Knowledge Base Articles: KB0021345 - RS or PRA SAML errors "Authentication failed " "NameID format does not match the recommended settings of the service provider" KB0022838 - How to extend the expiration date of vendor users KB0022953 - Upgrade for Linux Jumpoints fails - unresolved library dependencies - missing

Hi everyone,we’re currently running BeyondTrust PRA 25.1.x and are looking for a way to delegate vendor management tasks to an internal operations team.We have several vendors in PRA, and we’d like to have an internal team that’s responsible for managing a subset of them. Ideally, this internal team should be able to: Create and delete vendor user accounts Extend or reactivate expired vendor accounts Send password reset emails to vendor users Basically, they should act as vendor administrators for specific vendor groups — but without being full PRA admins.We’ve looked through the admin console and documentation, but it seems there’s currently no privilege or role that grants “vendor admin” rights — i.e., no way to delegate vendor user management without also granting global admin access.Questions:

The following articles were published last week. New Knowledge Base Articles: KB0022143 - Jumpoint install fails on some Ubuntu distributions. Error GLIBCXX_3.4.30' not found KB0022428 - RDP Jumps failing when using xRDP or FreeRDP "Unknown connection error. 2001C" KB0022944 - Does BeyondTrust need to be involved with updating or upgrading RS or PRA Cloud Appliances?