16.3.4 includes fixes to address the Trust Protection Platform ( TPP ) server. NOTE: This patch contains a database script (RefreshConfigObjectChildRels.sql) that MUST be run on your Database server by an Database Administrator. To successfully install this script:
- Ensure all TPP services are stopped on all TPP servers reference the Database server.
- Install the 16.3.4 patch on all servers, which will install a copy of the necessary script file to your TPP server's file system. (Click here to see the product documentation for more information on how to use the Venafi Updater Utility)
- Copy the attached script file .\Venafi\Scripts\RefreshConfigObjectChildRels.sql to your MSSQL Server.
- As the Database Administrator, run this script, which will create a new Stored Procedure and related data types in the TPP database environment.
- Restart TPP services on all previously stopped servers
Note that this script only applies to Microsoft SQL server.
If your TPP installation uses a minimum rights user for database access, then you will also need to modify and execute the sample-grants.sql script found in the same location as the script referenced above.
Fixes contained in this patch:
- DSN options are not passed to DB Schema validation function (VEN-30680, @23080)
- Valid To filter on cert discovery result tab causing exceptions (VEN-31097, @22852)
- Set validation option is available in Aperture even though it is locked at the policy level (VEN-31227, @23649)
- Scanning symbolic link fails to pull back keys (VEN-31228, @23498)
- Connection attempts coming from TPP server does not honour the 30 minutes definition in the SSH job (VEN-31230, @23913)
- Some security issues were resolved (VEN-31231, VEN-31232, VEN-31233)
- Impossible to stop VPlatform if agentless discovery hangs (VEN-31234)
- Reporting Schedule not updating schedule in memory with more than one engine (VEN-31244, @22708)
- Agent inventory has load more button that doesn't work (VEN-31265)
- Adaptable App - Specific.Pkcs12 parameter is not a PKCS#12 byte array (VEN-31342)
- Auto-renewal certificates were issued and deployed to app twice in some cases (VEN-31345)
- GSK store has password expired if default settings are used (VEN-31359)
- Several notifications sent when validation goes from success to failure or failure to success (VEN-31372)
- "Agent or agentless record is already registered for this hostname" when connecting to the Device without Sudo (VEN-31407, @22791)
- Adding user permissions to an object is logged incorrectly (VEN-31978, @24697)
- End User Portal: Download limit reached returns 400 error display page (VEN-31985, @23013)
- 500 error encountered when downloading discovery results. (VEN-32108, @23893)
- Symantec MPKI Private Server Credits are reset to 0 after save (VEN-32122, @22837)
- Log Processing Hanging waiting for DB Thread (VEN-32130, @24481)
- Processing and UIs stop working when large numbers of objects are being moved/renamed (VEN-32202, @23489)
- Object reference not set error on SSH discovery when tty request is rejected by host (VEN-32223, @23370)
- vplatform using all available RAM (VEN-32246, @23679)
- Certificate-name may be too long for chain certs provisioned to Palo Alto devices (VEN-32309, @24780)
- WebSDK API will crash if specific request is sent (VEN-32325, @24672)
- SSH code is leaking DB connections (VEN-32873)
- Log Messages are lost and event viewer spammed with exceptions (VEN-32914, @25652)
- Unlimited Allowed Download count not applicable for userportal/certificaterequest (VEN-32933, @23013)