Info: Venafi Trust Protection Platform 16.3.4 Patch Is Released

Applies To:



16.3.4 includes fixes to address the Trust Protection Platform ( TPP ) server.  NOTE: This patch contains a database script (RefreshConfigObjectChildRels.sql) that MUST be run on your Database server by an Database Administrator.  To successfully install this script:

  1. Ensure all TPP services are stopped on all TPP servers reference the Database server.
  2. Install the 16.3.4 patch on all servers, which will install a copy of the necessary script file to your TPP server's file system. (Click here to see the product documentation for more information on how to use the Venafi Updater Utility)
  3. Copy the attached script file .\Venafi\Scripts\RefreshConfigObjectChildRels.sql to your MSSQL Server.
  4. As the Database Administrator, run this script, which will create a new Stored Procedure and related data types in the TPP database environment.
  5. Restart TPP services on all previously stopped servers

Note that this script only applies to Microsoft SQL server.

If your TPP installation uses a minimum rights user for database access, then you will also need to modify and execute the sample-grants.sql script found in the same location as the script referenced above.

More Information:

Fixes contained in this patch:

  • DSN options are not passed to DB Schema validation function (VEN-30680, @23080)
  • Valid To filter on cert discovery result tab causing exceptions (VEN-31097, @22852)
  • Set validation option is available in Aperture even though it is locked at the policy level (VEN-31227, @23649)
  • Scanning symbolic link fails to pull back keys (VEN-31228, @23498)
  • Connection attempts coming from TPP server does not honour the 30 minutes definition in the SSH job (VEN-31230, @23913)
  • Some security issues were resolved (VEN-31231, VEN-31232, VEN-31233)
  • Impossible to stop VPlatform if agentless discovery hangs (VEN-31234)
  • Reporting Schedule not updating schedule in memory with more than one engine (VEN-31244, @22708)
  • Agent inventory has load more button that doesn't work (VEN-31265)
  • Adaptable App - Specific.Pkcs12 parameter is not a PKCS#12 byte array (VEN-31342)
  • Auto-renewal certificates were issued and deployed to app twice in some cases (VEN-31345)
  • GSK store has password expired if default settings are used (VEN-31359)
  • Several notifications sent when validation goes from success to failure or failure to success (VEN-31372)
  • "Agent or agentless record is already registered for this hostname" when connecting to the Device without Sudo (VEN-31407, @22791)
  • Adding user permissions to an object is logged incorrectly (VEN-31978, @24697)
  • End User Portal: Download limit reached returns 400 error display page (VEN-31985, @23013)
  • 500 error encountered when downloading discovery results. (VEN-32108, @23893)
  • Symantec MPKI Private Server Credits are reset to 0 after save (VEN-32122, @22837)
  • Log Processing Hanging waiting for DB Thread (VEN-32130, @24481)
  • Processing and UIs stop working when large numbers of objects are being moved/renamed (VEN-32202, @23489)
  • Object reference not set error on SSH discovery when tty request is rejected by host (VEN-32223, @23370)
  • vplatform using all available RAM (VEN-32246, @23679)
  • Certificate-name may be too long for chain certs provisioned to Palo Alto devices (VEN-32309, @24780)
  • WebSDK API will crash if specific request is sent (VEN-32325, @24672)
  • SSH code is leaking DB connections (VEN-32873)
  • Log Messages are lost and event viewer spammed with exceptions (VEN-32914, @25652)
  • Unlimited Allowed Download count not applicable for userportal/certificaterequest (VEN-32933, @23013)


Was this article helpful?
0 out of 0 found this helpful