Recently active topics

I would like to connect to a specific computer by hostname to perform queries via API. The problem I’m running into is the API requires the jump client ID, not the host name. And there is no server side filtering for the hosts to find the jump client ID. I then tried to pull a list of all hosts and jump client IDs to filter on my end, but the maximum number of results I get is 13. I have extensively consulted with chatgpt and it came to this conclusion:Ah — that clarifies things. The reason your earlier scripts didn’t work is the Command API only supports listing all connected clients; it does not support a server-side filter by hostname. That’s why trying to query a single host returns nothing — the API only gives batches of connected clients, and without paging through, your host might not be in the first page.Ah — now it’s clear why you’re still only seeing 13 Jump Clients: the BeyondTrust Cloud Command API get_connected_client_list does not return all connected clients at once. On

we have 2 PRA appliance in cluster.  The primary appliance was initially deployed as stand alone in 2020 and only in 2022 ,the second appliance was deployed. So, in secondary appliance, we can see the data encryption is already enabled but in Primary , this is not enabled and says we need to free up space. we needed a confirmation, if we fail over to current secondary, will we face issue in this scenario with one appliance data encrypted and other not?  Also, in the documents and in KB, it says secret store is required to be added but since in secondary its already enabled without external secret store, we can assume the encryption keys are stored locally? since only AWS is supported for external secret store, we are unable to add external secret store.  

All our workstations are managed through Intune in User Mode, which means that there are no Admin rights on the workstations by default as part of our security hardening. Applications to be installed is dictated through the Company Portal. However we do have some apps that are very difficult to package for Company Portal deployment and BTRS is then the route to go through and through the session the engineer has the ability to elevate command prompt/powershell prompt to install the particular application. Also for admin elevated tasks, BTRS is the lifeline. Of course we do detect left and right that engineers “abuse” the rights and install apps without proper approval which in turn could be a security risk. Is there an “easy” way through any of the reports (haven't found any so far) to see who did elevation of command prompts/powershell prompts which can then be evaluated if it was correct use or abuse.  

The following articles were published last week. New Knowledge Base Articles: KB0021907 - Remote Support presentation feature missing from Rep Console

The following articles were published last week. New Knowledge Base Articles: KB0023181 - How to uninstall EPM-UL

The following articles were published last week. New Knowledge Base Articles: KB0023197 - How to add Entra ID groups or users in BI Password Safe integrated WPE

The following articles were published last week. New Knowledge Base Articles: KB0021853 - Deploying a SQL free or SQL-less U-Series appliance shows duplicate names for Session Agent and password changes not occurring KB0022527 - AWS marketplace U-Series appliance configuration wizard failing with error "Page Cannot be Displayed" KB0022767 - "Error 1722 there is a problem with this Windows installer package" when upgrading BeyondInsight Password Safe KB0022877 - Unable to view or create new installer activation key "No such host is known." http 500 errors KB0023137 - Secrets Cache Port listening error Rest Server Failed to listen on KB0023162 - Non-admin AD users cannot access PMR and EPM Policy Editor in the BI web console KB0023190 - RemoteApp sessions in Password Safe are not fully terminating which creates RDP session overlap risk KB0023198 - Web console administrator user not seeing

Hello everyone,I am currently encountering an issue when performing a managed account password change on F5 BIG-IP. I would like to describe the issue as follows:On the F5 BIG-IP device, I created a user named "btfunctional" and configured this user in PAM as a Functional Account (FA). I performed a Test Functional Account, and it completed successfully. However, when I attempt to change the password of another managed account, I encounter the following error:[btfunctional@ltm01:Active:Disconnected] ~ # Thread was interrupted from a waiting state. Password change failed.I would greatly appreciate your support and assistance with this issue.Thank you very much.

Hello everyone,We have encountered a challenging requirement during our discovery scans for a range of IP addresses. In the scan results, some assets appear with their asset names as IP addresses instead of hostnames.We need to filter out these assets and prevent them from being added to Password Safe. Does anyone know how we can filter out assets without hostnames that are still being added to Password Safe? Thank you,Prasad

Hello!We are using PRA Jump Client to rotate local account password on a workstation.  Is there a way to update it in auto-logon configuration . Preferably by running sysinternals auto-logon via a batch script. I think we can update the password in a service (log-on user) using PRA vault but not auto-logon .Is there a way to pass this vaulted password to a script via Endpoint automation ?

Hello Team, We have one requirement for deletion of 1000+ managed systems without any Managed account.Is there any easy way to delete them in bulk? Can someone help with API script or DB Query to do so. Thanks,Prasad

Hello! Is there any news or a roadmap regarding the implementation of Direct Connect within the Pathfinder portal? This feature would significantly reduce connection time and greatly improve productivity.Unfortunately, I don’t have access to the Ideas Portal to open a request about this, but if anyone knows anything, I would be very grateful.Thanks!

Hi Team, is there any way to clean/flush the password  stored in clipboard “when you do a copy of credentials from password safe , it does not get cleared automatically from your clipboard. The clipboard storers the credentials rather than clearing the clipboard after a short period of time”

The following articles were published last week. New Knowledge Base Articles: KB0021938 - API script containing start_session.ns call fails KB0022125 - Is Remote Support and Privileged Remote Access Affected by CVE-2025-27636 ? KB0022377 - Windows Clients going offline after upgrade from RS and PRA 22.1 or earlier KB0022574 - PRA and RS SaaS Google Cloud console next button not working on web jump KB0022583 - Unable to access the website for the cloud appliance KB0022748 - Local users are unable to log in to the Representative Console. Error "418 Failed to decrypt" KB0022808 - Jump Client Direct Download link does not work. Incorrectly prompts for Pathfinder authentication KB0023006 - Unable to install Jump Client on 64-bit Raspberry PI OS. Error "Setup failed: the binary will not execute" KB0023059 - LDAP security provider sync failed after upgrading to 25.2.1 or above "fail

The following articles were published last week. New Knowledge Base Articles: KB0022012 - Unable to RDP Jump when using diacritics with Linux Jumpoint - Authentication failed error KB0022037 - Web Jump no longer working with new VMWare versions when using "Enhanced Authentication Plugin" (EAP) KB0022125 - Is Remote Support and Privileged Remote Access Affected by CVE-2025-27636 ? KB0022377 - Windows Clients going offline after upgrade from RS and PRA 22.1 or earlier KB0022574 - PRA and RS SaaS Google Cloud console next button not working on web jump KB0022748 - Local users are unable to log in to the Representative Console. Error "418 Failed to decrypt" KB0022808 - Jump Client Direct Download link does not work. Incorrectly prompts for Pathfinder authentication KB0023006 - Unable to install Jump Client on 64-bit Raspberry PI OS. Error "Setup failed: the binary will not execute"

The following articles were published last week. New Knowledge Base Articles: KB0021758 - LDAP binding to Active Directory on EPM-UL fails with error - pbrun23.1.2-04[947719]: 3005 Request ended unexpectedly KB0021817 - Errors assigning EPM-UL license key - 3802.6 This host is not the Primary License server or 6025.78 Host is incorrect in the Registry Name Service Cache database KB0022177 - Unable to to use pbrun after upgrade to OEL 8.9 "8057.01 PAM SESSION Error: PAM session start failure"

The following articles were published last week. New Knowledge Base Articles: KB0021822 - Local passwords not rotating after upgrade to Endpoint Privilege Management for Mac 24.5.3 KB0021840 - How to add and use a local AD connector in EPM Cloud KB0021899 - How to block users from accessing Users & Groups with EPM-M KB0021937 - EPM-W block message replaced by Windows 11 message - This app has been blocked by your system administrator KB0022167 - EPM Cloud 25.3 change - Admin role required to edit API accounts KB0022181 - Endpoint Privilege Management Cloud rules not applying when using the type criteria KB0022905 - Incorrect OS name, description and version displayed in EPM Cloud for macOS Tahoe KB0023060 - Siemens Tia portal fails to install with EPM-W application rules - Setup Package's result file not found KB0023192 - EPM-M policy fails to update - PMCAdapter: Error d

The following articles were published last week. New Knowledge Base Articles: KB0021206 - Appliance self-signed certificate does not have Subject Alternate Name KB0021697 - Registering FIDO2 authenticator fails - Could not create credentials KB0021739 - Resource Broker SAML error - GetGroupForADUser for domain cred failed KB0021827 - Users are not able to ssh from Password Safe with AD account when using Centrify SSHD service KB0021846 - Onboarding Managed Accounts or Assets via a Smart Rule issue - Disassociation from DC when directory query is used KB0021872 - Secrets Cache pspca logs error "A timeout occurred" KB0021909 - What AD permissions should a bind account or directory credential have? KB0021972 - After upgrading, no accounts are showing in the Password Safe tile. KB0022073 - Pathfinder and Password Safe Cloud 24.3.1 - SAML user is removed from the local group in P

The following articles were published last week. New Knowledge Base Articles: KB0021857 - How to configure multiple GPOs to use specific scripts with AD Bridge KB0022132 - Domain join fails with Error: ERROR_BAD_CONFIGURATION [code 0x0000064a] KB0022411 - Error - sudo: fatal error, unable to load plugins

Hi,Anyone else have a need to keep password history for more than one year? A problem we face is if we need to restore a windows server from more than a year ago, we won’t be able to log in via the local administrator password as it will be unknown. I know there are some workarounds where you can reset if it is an AzureVM, but having history more than a year is needed.Anyone have any smart ways to work around this limitation?Someone has already logged an idea for this if you want to vote.Allow Password History For More Than 360 | All Product Ideas - PublicThanks

Hello!We are running version 24.3.4 and have observed multiple Jump Clients going offline intermittently. Upon investigation, most affected clients show that the service has stopped.We’ve been using PRA for several years and have performed multiple upgrades from 20.x versions. This issue started appearing after the last 1–2 upgrades. Based on the support KBs, our current version does not appear to be impacted by any documented known issue.I’ve opened a support ticket and will provide logs, but the behavior is random and difficult to predict when it will occur again.Other users seem to have reported similar issues, and a scheduled service restart is suggested as a workaround. However, this approach is not scalable for us since we manage thousands of endpoints and have 24/7 user activity, which could negatively impact user experience. I also noticed recommendations to restart the site software. Fresh re-install will be a pain.Is there a known root cause for this issue? Has anyone success

Good morning.I'm trying to inject the credentials of a Linux system into a domain that's password safe, but it connects using PRA.In PRA, when I inject the credentials, it does so without the domain.If I manually enter the username, domain, and credentials, it connects.I'd like to know how to inject the username with the full domain.Regards.

Hi Team,I am looking for creating the script to automate Application onboarding in Beyondtrust Password Safe. We are using Cloud version of Password Safe.  I am exploring BT API However I dont see any API to create application in BT. I only see API to get application or to remove application or assign application to Manage account . From this List , I dont see any api to create application into BT. Requesting help here to guide how application can be created in BT using API.Regards,Imran Aliyani

Trying to get a handle on Microsoft Store installs. Microsoft Store apps can be blocked via GPO however there are many gaps around this. For example, using the web browser to go to Microsoft store. https://www.reddit.com/r/Intune/comments/1e44bkb/ms_store_block_bypassed_via_browser/Is there a way to block Msix files from installing in Beyond Trust? maybe prevent them from running from downloads folder?