Info: Venafi Trust Protection Platform 16.4.2 Patch Is Released

Applies To:



16.4.2 includes fixes to address the Trust Protection Platform ( TPP ) server.  NOTE: This patch contains a database script (RefreshConfigObjectChildRels.sql) that MUST be run on your Database server by an Database Administrator.  To successfully install this script:

  1. Ensure all TPP services are stopped on all TPP servers reference the Database server.
  2. Install the 16.4.2 patch on all servers, which will install a copy of the necessary script file to your TPP server's file system.
  3. Copy the attached script file .\Venafi\Scripts\RefreshConfigObjectChildRels.sql to your MSSQL Server.
  4. As the Database Administrator, run this script, which will create a new Stored Procedure and related data types in the TPP database environment.
  5. Restart TPP services on all previously stopped servers


  • This script only applies to Microsoft SQL server.
  • The "RefreshConfigObjectChildRels.sql" script is called "mssql_update_16.4_to_16.4.4" for patches 16.4.4 and above.

More Information:

Fixes contained in this patch:

  • Auto-renewal certificates were issued and deployed to app twice (VEN-31349)
  • Enrolling a DSA CSR causes the enrollment to hang at stage 0 and causes 100% CPU utilization on SQL server (VEN-31805, @24663)
  • Adding user permissions to an object is logged incorrectly (VEN-31981, @24697)
  • Reports do not get run everytime from Custom Reporting page: Certificate Type (VEN-31982, @24837)
  • Download limit reached returns 400 error display page (VEN-31984, @23013)
  • 500 error encountered when downloading discovery results (VEN-32107, @23893)
  • Symantec MPKI Private Server Credits are reset to 0 after save (VEN-32121, @22837)
  • Log Processing Hanging waiting for DB Thread (VEN-32138, @24481)
  • Processing and UIs stop working when large numbers of objects are being moved/renamed (VEN-32201, @23489)
  • Excluding keys from search using Exclude paths makes TPP think they are gone (VEN-32215)
  • Object reference not set error on SSH discovery when tty request is rejected by host (VEN-32222, @23370)
  • Getting error during F5 provisioning "Config Sync failed with error: The local device was not found" (VEN-32293,@13836)
  • Certificate-name may be too long for chain certs provisioned to Palo Alto devices (VEN-32310, @24780)
  • API will crash if specific request is sent. (VEN-32324, @24672)
  • Keys are marked for revival when custom search path contains keys that were previously discovered (VEN-32630)
  • Unlimited Allowed Download count not applicable for userportal/certificaterequest (VEN-32642, @23013) 
Was this article helpful?
1 out of 1 found this helpful