Applies To:
17.3.x
Summary:
17.3.4 includes fixes to address the Trust Protection Platform ( TPP ) server. NOTE: This patch contains a database script (mssql_update_17.3_to_17.3.2.sql) that MUST be run on your Database server by an Database Administrator. If you have a custom log channel, you will also need the optional mssql_custom_log_channel_migration_17.3_to_17.3.2.sql script. If you wish to create a new custom log channel, you will need to use the updated mssql_log_structure_SP.sql script.
To successfully install this script:
- Ensure all TPP services are stopped on all TPP servers reference the Database server.
- Unzip the 17.3.4 patch file, which will install a copy of the necessary script file to your TPP server's file system where you unzipped the file.
- Copy the script files .\Database Scripts\mssql_update_17.3_to_17.3.2.sql to your MSSQL Server. If you need either of the other two scripts mentioned above, copy them also.
- As the Database Administrator, run this script, which will update existing Stored Procedures.
- After the database script(s) have been run, then install the 17.3.4 patch package on all servers in your TPP environment.
- Restart TPP services on all previously stopped servers
More Information:
Fixes contained in this patch:
-
New or renew certificate against OpenTrust results in 700 (Retrieving certificate from CA) and never completes (VEN-38979, @33247)
-
Policy not being inherited correctly using queryable (VEN-39393. 30492)
-
Multiple concurrent sub-tree delete deadlocks (VEN-39556, @34568)
-
If SSH key annotation has special symbols we are not parsing it correctly (VEN-39590, @32978)
-
When enrolling against Comodo CCM, it intermittently errors out with server type is not specified (VEN-39764, @14384)
-
Gemalto KeySecure client unnecessarily requires end-entity to appear first in JKS (VEN-39955, @34538)
-
Missing AD Write Permission causes access denied error in user portal certificate download (VEN-40047, @34514)
-
Symantec Private SSL product can't retrieve domains (VEN-40654, @33196)
-
GSK - Workflow command injection is breaking due to TPP inserting escaping backslashes. (VEN-40675, @30453)
-
Provisioning with GSK fails when the keystore password contains a dollar sign (VEN-40677)
-
Unable to run reports in WebAdmin (VEN-40682, @29625)
-
F5 - Onboard Discovery giving timeout (VEN-40818, 32431)
-
Unable to override maximum count of certs in a custom report (VEN-40822, @31832)
-
Private key and certificate chain, the chain will not provision unless a chain file already exists on the server. (VEN-40682, @34551)
-
Aperture does not show previous user provided CSR anymore (VEN-40879, @35983)
-
Log Storm potential: Certificate Verification Warning (VEN-40920)
-
Using Client/Delete with “DeleteAssociatedDevices”: “false” will still delete device and application (VEN-41463, @35409)
-
DataPower Onboard Discovery error with Validation Credentials if <1 certs are associated to Credential (VEN-41488, @35405)
-
VedSDK calculating Revoke permission differently than VedAdmin (VEN-41522, @36950)
-
Certificate Manager is attempting to access Vault IDs that do not exist (VEN-41976, @32360)
-
IBM DataPower provisioning using CyberArk credentials fails (VEN-42014, @36349)
-
Aperture 500 error “failed to execute query” when viewing inventory or specific cert (VEN-42313, @33558)
- Aperture login is blocked due to leaked database connections after system runs for awhile.
-
Aperture dashboard collation conflict exception (VEN-37318, @30568)
-
Network validation is taking a long time to complete as part of the daily tasks (VEN-37500, @26345)
-
Wildcard character in object name issues infinite number of workflow tickets (VEN-37810, @31888)
-
Aperture “Validation failed” error on Renew Now wizard error after submitting if duplicate CN/SANS not allowed (VEN-37942, @32057)
-
After a restart of the TPP server following a Windows update, error is shown: The specified cryptographic algorithm is not supported on this platform. (VEN-37965, @20152)
-
After setting permissions for 120 users, permission tab returns Unknown Error Occurred (VEN-37967, @27052)
-
Symantec updated their API, breaking CA integration (VEN-38061, @32486)
-
Symantec 'Attempt Renewal' rules not followed when calling 'POST /certificates/request' API (VEN-38155, @32338)
-
Database Driver error is being displayed when trying to move or delete objects (VEN-38321, @31292, @21507, @31208)
-
Entitlement report returning null collection (VEN-38324, @21872)
-
TPP events are not inserted into the db in a timely manner [SQL Script required] (VEN-38595)
-
F5 - All existing profiles are removed from virtual server if new profile specifies the same SNI server name as one already assigned (VEN-38622, @32468)
-
CyberArk driver forces connection through proxy (VEN-38711, @32042)
-
Logs not being purged from DB (VEN-38717, @33381)
-
Certificate with invalid public key modulus (VEN-39126, @34000)
-
Adaptable CA driver doesn't work with SCEP (VEN-39297, @34183)
-
GSK Trust Store driver unable to user CyberArk user/password credential: Invalid Type (VEN-39315, @34089)
- Readonly License Report is not sending email (VEN-37270)
Comments