BeyondTrust U-Series Appliance Software 4.3.0 Release Notes
4 months ago
September 26, 2024
Requirements
- .NET 8.0.0 or later (available through BT Updater via Supporting Software SUPI subscription)
- SUPI 3.2 (available through BT Updater)
- BeyondInsight 24.1
New features
Dependency management provides visibility into the underlying frameworks that supports BeyondTrust’s product suite. The frameworks are updated by the Security Update Package Installer (SUPI) as part of the monthly Supporting Software update, which automatically:
- removes unnecessary .NET frameworks, freeing up resources and reducing potential security risks.
- processes new additions and upgrades.
- processes removals without dependent products.
Note
For more information, see Manage product dependencies.
Enhancements
OAuth authentication is available as an authentication method when configuring the Discovery Agent on the Features page.
Set the event service (local or remote) and the authentication method.
- New appliance on version 4.3: The only authentication method is OAuth Authentication.
- Appliance on an earlier version: The authentication method is Certificate + User Authentication. If you are working on BeyondInsight 24.1 and database version 24.2.0.150 or later, then you can select OAuth Authentication.
- Appliance upgraded from an earlier version to 4.3: Displays both authentication types.
Note
For more information, see Configure U-Series Appliance features
Issues resolved
| Product Area | Description | Resolution |
|---|---|---|
| Appliance Features page | Cannot change the port to a number greater than 9999 for the BeyondInsight for Unix & Linux database. | Updated the maximum port number to 49151. |
| Client connections | Removing HHRS entries from the appliance UI does not remove the configuration from IIS. | When removing HHRS entries in the appliance removes the entry from IIS. |
| High availability | On the High Availability page, the database size is reporting 10 places after the decimal. | The database size show the value in a unit that is proportional to the size. (e.g. MB, KB, GB, etc.) |
| Upgrades | Appliance Management Update from 4.1 to Version 4.2 fails on Hyper-V. | Upgrades are successful from 4.2. to 4.3 on a Hyper-V environment. |
| Licensing | The Expiry Date field is blank on the License page is blank when the BIPS license expires. | The Expiry Date field displays the date when the license expired. |
| Email settings | On the Email page, an error displays when a valid port number greater than 2056 is enter. | Valid port numbers are confirmed and added successfully. |
| SQL free appliance | The SQL Server Database Password page fails to load in SQL free appliances. | Credentials aren't required on a SQL free appliance. The prompt is removed. |
| SQL free appliance | When configuring database access on the Appliance Feature Configuration page, an unclear error notification displays when the server name is wrong. | A readable error notification displays when there are configuration errors. |
| Backup configuration | The 15-character password requirement is not enforced when adding a password on the Backup page. | The 15-character limit is enforced on the Backups page. |
| SQL free appliance | BeyondTrust Instance unique ID does not get regenerated during Configuration wizard. | |
| SQL free appliance | The Configure Performance Counter Thresholds page displays incorrect values on the usage sliders. | The usage counters display correct values. |
| High availability | Unnecessary text on High Availability configuration page. Text exists to describe a functionality in area on page that doesn’t apply. | The text is removed. |
| Installed Software page | Error occurs when selecting a product name listed on the Software and Licensing > Installed Software page. | Errors no longer occur when selecting a product in the list. |
| SQL Server | The SQL Server service (MSSQLSERVER) doesn't restart from Service Status page. | All SQL Server services restart correctly: SQL Server agent, SQL Server Launchpad, and SQL Server service. |
| Backup and Restore | Adding a backup location with an invalid path returns an error that one or more fields are invalid but does not indicate the invalid field. | A message displays with more accurate information on the error. |
| Backup and Restore | Editing an existing backup location can delete all backup files in the old location without warning. | The existing folder with existing backup files is deleted and created new folder with the same title. |
| Backup and Restore | A change to the backup location was not refreshing after editing the location a second time. | The changes to a backup location refresh after every change. |
| Network, IP Settings | Changing to DHCP network setting returns an error message that provides no information. | A warning message indicates it is not possible to redirect to the new IP address. |
| HA - Scheduler Service | On a passive node in a high availability pair (version 4.1), the Schedule Service was in a state of running but the status alert stated "Expected to be Stopped as a High Availability service". |
Known issues
| Product Area | Description | Workaround | |
|---|---|---|---|
| SECURITY UPDATES - check mark icons showing under each step of a SUPI package | Blue arrow icons are appearing in step details of SUPI packages. | No workaround | |
| HHRS - 404 page presented after updating HOST HEADERS | When you enter and save a value into Host Headers, you are taken to a 404 page. | No workaround | |
| Appliance: Discovery Agent displays a notification error during switching it ON although the changes are saved successfully | In certain cases, Discovery Agent shows the following incorrect error message when switching it to ON: Failed to save all or some feature configuration. Please see details: Phoenix: Error execution some configuration commands: Command returned Error | Error 403: Forbidden. | No workaround |
| User is not notified if subscribing to hardware alerts fails | Appliance Service uses an eEyealert.exe to subscribe and listen for events from the hardware. There was an instance where this .exe was missing, and no errors or messages displayed to alert the user. | ||
| EPM - HA - when secondary is promoted to Primary, PMR reports will not work because configuration has primary's IP address | This issue only applies to a HA node set up as the PMR Database host, in a multi-node EPM deployment (i.e. has nodes other than the secondary attempting to access the database). A multi-node deployment typically uses the IP/machine name of the database host in the shared EPM config file, and this pointer will continue to point at the failed primary, causing the problem. | If the EPM solution is only made up of the HA pair itself, the config should be pointing to localhost, and will work with HA. | |
| Appliance: Is not possible to create new local location with requires authentication option | When you create a new location with option Credentialed=Yes, the new location is actually created with option Credentialed=No. |
| |
| Appliance: BT EPM Event Collector Service is missing in the log file if there are no files. | If there are no log files, on the Export Logs and Appliance Logs pages, in the Log File Export options section, the BeyondTrust EPM Event Collector Service option may be missing. | No workaround | |
| EPM/PMR - HA - HA requires that the source EPM accounts match on each appliance, so how will we handle this since accounts require manual intervention to rename | Pre-existing accounts cannot be automatically paired because the EPM accounts don’t match. | You must manually create the EPM/PMR SQL Users in the database on the Secondary node. | |
| LastPass can interfere with Config / Deployment Wizard | In v4.0 and 4.1, both Standard and SQL Free can be affected. When you run the Config and Deploy Wizard on an appliance with the LastPass extension installed, the Next button on the Configure Backups Page is broken. | Disable or log out of LastPass, OR configure the appliance in incognito mode in the browser so that the browser extensions are not interfering with the wizard. | |
| Appliance - The beyondtrust_user is locked out after changing the Auth SQL Server password | The beyondtrust_user is locked out after changing the Auth SQL Server password. | No workaround | |
| Appliance Self-signed certificate does not have subject alternate name (which does not support HSTS) | For Chrome 58 and later, only the subjectAlternativeName extension (not commonName), is used to match the domain name and site certificate. This will cause various validation problems. | Disable the check in Chrome. |
Notes
- Security Management Appliance Installer 4.3 is dependent on BeyondInsight 24.1.
- Security Management Appliance package in BT Updater is dependent on BeyondInsight 24.1.
- This update is available through BT Updater or as a manual installer from the download tool.