Info: Venafi Trust Protection Platform 17.3.4 Patch Is Released

Applies To:



17.3.4 includes fixes to address the Trust Protection Platform ( TPP ) server.  NOTE: This patch contains a database script (mssql_update_17.3_to_17.3.2.sql) that MUST be run on your Database server by an Database Administrator.   If you have a custom log channel, you will also need the optional mssql_custom_log_channel_migration_17.3_to_17.3.2.sql script.  If you wish to create a new custom log channel, you will need to use the updated mssql_log_structure_SP.sql script. 

To successfully install this script:

  1. Ensure all TPP services are stopped on all TPP servers reference the Database server.
  2. Unzip the 17.3.4 patch file, which will install a copy of the necessary script file to your TPP server's file system where you unzipped the file.
  3. Copy the script files .\Database Scripts\mssql_update_17.3_to_17.3.2.sql to your MSSQL Server.  If you need either of the other two scripts mentioned above, copy them also.
  4. As the Database Administrator, run this script, which will update existing Stored Procedures. 
  5. After the database script(s) have been run, then install the 17.3.4 patch package on all servers in your TPP environment.
  6. Restart TPP services on all previously stopped servers

More Information:

Fixes contained in this patch:

  • New or renew certificate against OpenTrust results in 700 (Retrieving certificate from CA) and never completes (VEN-38979, @33247)
  • Policy not being inherited correctly using queryable (VEN-39393. 30492)
  • Multiple concurrent sub-tree delete deadlocks (VEN-39556, @34568)
  • If SSH key annotation has special symbols we are not parsing it correctly (VEN-39590, @32978)
  • When enrolling against Comodo CCM, it intermittently errors out with server type is not specified (VEN-39764, @14384)
  • Gemalto KeySecure client unnecessarily requires end-entity to appear first in JKS (VEN-39955, @34538)
  • Missing AD Write Permission causes access denied error in user portal certificate download (VEN-40047, @34514)
  • Symantec Private SSL product can't retrieve domains (VEN-40654, @33196)
  • GSK - Workflow command injection is breaking due to TPP inserting escaping backslashes. (VEN-40675, @30453)
  • Provisioning with GSK fails when the keystore password contains a dollar sign (VEN-40677)
  • Unable to run reports in WebAdmin (VEN-40682, @29625)
  • F5 - Onboard Discovery giving timeout (VEN-40818, 32431)
  • Unable to override maximum count of certs in a custom report (VEN-40822, @31832)
  • Private key and certificate chain, the chain will not provision unless a chain file already exists on the server. (VEN-40682, @34551)
  • Aperture does not show previous user provided CSR anymore (VEN-40879, @35983)
  • Log Storm potential: Certificate Verification Warning (VEN-40920)
  • Using Client/Delete with “DeleteAssociatedDevices”: “false” will still delete device and application (VEN-41463, @35409)
  • DataPower Onboard Discovery error with Validation Credentials if <1 certs are associated to Credential (VEN-41488, @35405)
  • VedSDK calculating Revoke permission differently than VedAdmin (VEN-41522, @36950)
  • Certificate Manager is attempting to access Vault IDs that do not exist (VEN-41976, @32360)
  • IBM DataPower provisioning using CyberArk credentials fails (VEN-42014, @36349)
  • Aperture 500 error “failed to execute query” when viewing inventory or specific cert (VEN-42313, @33558)
  • Aperture login is blocked due to leaked database connections after system runs for awhile.
  • Aperture dashboard collation conflict exception (VEN-37318, @30568)
  • Network validation is taking a long time to complete as part of the daily tasks (VEN-37500, @26345)
  • Wildcard character in object name issues infinite number of workflow tickets (VEN-37810, @31888)
  • Aperture “Validation failed” error on Renew Now wizard error after submitting if duplicate CN/SANS not allowed (VEN-37942, @32057)
  • After a restart of the TPP server following a Windows update, error is shown: The specified cryptographic algorithm is not supported on this platform. (VEN-37965, @20152)
  • After setting permissions for 120 users, permission tab returns Unknown Error Occurred (VEN-37967, @27052)
  • Symantec updated their API, breaking CA integration (VEN-38061, @32486)
  • Symantec 'Attempt Renewal' rules not followed when calling 'POST /certificates/request' API (VEN-38155, @32338)
  • Database Driver error is being displayed when trying to move or delete objects (VEN-38321, @31292, @21507, @31208)
  • Entitlement report returning null collection (VEN-38324, @21872)
  • TPP events are not inserted into the db in a timely manner [SQL Script required] (VEN-38595)
  • F5 - All existing profiles are removed from virtual server if new profile specifies the same SNI server name as one already assigned (VEN-38622, @32468)
  • CyberArk driver forces connection through proxy (VEN-38711, @32042)
  • Logs not being purged from DB (VEN-38717, @33381)
  • Certificate with invalid public key modulus (VEN-39126, @34000)
  • Adaptable CA driver doesn't work with SCEP (VEN-39297, @34183)
  • GSK Trust Store driver unable to user CyberArk user/password credential: Invalid Type (VEN-39315, @34089)
  • Readonly License Report is not sending email (VEN-37270)
Was this article helpful?
0 out of 0 found this helpful