CA ControlMinder 127-CumulativeFix-3 CF3 FIXLIST - CA Technologies
{{search ? 'Close':'Search'}}

CA ControlMinder 12.7 - CumulativeFix-3 (CF3) FIXLIST

Severity Module Problem summary Package OS Cause of the problem Conditions Solution or workaround Reproduction steps
2 ENTM Fixes an issue with Sybase endpoint where under the "Discovered Accounts" Column Discovers privileged accounts shows with a checkmark but once modified those accounts and assign them to a group they no longer have a check under the "Discovered Account" column AC1271047 All The Container Name for Sybase Endpoint on Endpoint side is "SYBASE Accounts" but in our configuration file we have container name as "Sybase Accounts".   The Container Name for Sybase Endpoint is changed from "Sybase Accounts" to "SYBASE Accounts" in configuration file. 1. Discover two accounts.
2. After Discovery rerun the discovery and you will see two check boxes showing the accounts have been discovered.
3. Modify the Privileged Account and give it a group owner.
4. Discover the accounts again and you will see that the checkbox has been removed.
3 ENTM Fixes an issue where the priority column is missing from the privileged accounts, audit search results in case the filter is used for task priority. AC1270958 All Trigger name was Overwritten in QRTZ_TRIGGER table, if we checkout same privileged account by two PUPM users within the first user privileged account checkout expiration time. Due to that trigger is firing only once. So privileged account is checked-in by one user.   Checkout the Privileged account by First PUPM user then Checkout the same privileged account by Second PUPM user then will observe both PUPM users have a Single JobName and Trigger(example:UniqueID-privilegedaccountname).Changed the JobName and Trigger name like UniqueID-privilegedaccountname-UserUniqueName. 1.Modify any Privileged Account(example: test privileged account) Go to PrivilegedAccounts-=^Accounts-=^Modify Privileged Account then set(example:5mns) the "Check out Expiration (Minutes):" and save it. 2.Create two PUPM users(example:test1,test2)
3.Checkout test privileged account by using test1.
4.Checkout test privileged account by using test2
5.Wait for 5mns after checkout.
Observe test is checked-in after 5mns by test1 user successfully, but with test2, test privileged account will not be checked-in, even after timeout expiration.
3 ENTM Fixes an issue where the account and endpoint details were missing from the audit search results. AC1270960 All It was because port number is not assigned for apache's friendly URL as per the documentation and we have released a fix T5P0158 which was designed considering our documentation in mind.   Code Changes: To support apache server configured without port Configure apache without port
1. Setup Primary ENTM and LB ENTM and configure it with apache
2. Create a user and mark to change password on login.
3. Access the URL with friendly URL and login with the created user at step 2
Actual Result: User details are empty Expected Result: user details must be filled
3 ENTM Fixes an issue where while adding a user account, it was possible to add string as  phone number instead of digits. AC1270968 All     Inheriting custom fields from endpoint just in case they were not filled in the new created account 1. create privileged account
2. fill the Information tab fields (Department and Custom 1 - Custom 5 fields)
3. Submit
4. View the new created account the custom fields were not saved
2 ENTM Fixes an issue with the privileged account feeder where the CHECKOUT_ONLY_AUTO_LOGIN property was not properly updated AC1270979 All Problem occur because we are converting date to Long value which will be the number of seconds since January 1, 1970, 00:00:00 GMT. The date stored in DB is in UTC when we are converting that date to Long value we are converting it to the long value of the server's time zone as a result value sent to audit queue is wrong.   Code Changes: Need to consider date as UTC and need to convert date to long value considering the UTC time zone. After upgrading CM to version 12.8, the client's SAM events are being created with an incorrect time stamp. - SAM events in 12.8 are reported by UAR to occur in the future. - UAR has not used any special offsets for TIBCO in the past. An account was checked out at 3:56 PM. UAR reports it as 8:55:54 PM because we are in GMT -5 Epoch , Event_Date = 1392429354 Friday, February 14, 2014 8:55:54 PM GMT-5 Epoch, Checkout Date = 1392429373 Friday, February 14, 2014 8:56:13 PM GMT-5 EST Eastern Standard Time GMT-5:00 -18000
3 ENTM Fixes an issue with the Endpoint Management where an error message appears while attempting to create a TCP resource AC1270982 All Login Application Job does cleanup activity of invalid tickets which are leftover,  every 60 seconds.      
2 ENTM Fixes an issue where SAM events were not sent to the Message Queue audit queue AC1271035 All     Code Change- keep the base url host name as the host the request came from 1. Setup Primary ENTM
2. Setup LB ENTM
3. Create a user and mark to change password on login.
4. Go to the LB ENTM and login. the user details remained empty
3 ENTM Fixes an issue where the time to live value that was specified was wrongly calculated. Rather than calculating the value as minutes, the value was calculates as seconds. AC1271039 All When retrieving the user password and associating it with a span id, the function assumes '^=' character as a start of an html tag, and hence all the characters after it are ignored.     1. ENTM WebUI Login
2. Home-=^My Privileged Accounts
3. checkout against a user
4. select "Copy to Clipboard" In this case: If the generated password has '^=' char, all chars after ^= are not copied .
3 ENTM Fixes an issue where the Cleanup Submitted Tasks ends with an error message after upgrading from 12.7 CF2 to 12.8 GA AC1271041 All     Code Changes: Need to put validation in place while deleting the account. 1. Checkout an account.
2. Go to Delete privileged account and delete the checked out account
Expected Result: System must throw error saying account is checked out. Actual Result: System is deleting the account though it is checked out.
3 ENTM Fixes an issue where the Business Phone and Cell Phone fields validation did not work properly. AC1271027 All MS functions SetForegroundWindow and SetFocus does not bring the putty window to front and the putty window cant get the keyboard focus, therefore the first char of the password is not sent to the putty window. In order to bring the window to front need to simulate keyboard event right after the call to SetForegroundWindow and SetFocus     try to auto login through putty session continuously then observed sometimes “Access denied” even though password and username is correct(printed the password and username in putty.vbs).
3 ENTM Fixes an issue where the system failed to change a password according to the password policy setting. AC1271028 All       1. create endpoint via rest API
2. browse to View endpoint page at Privileged Accounts-=^ENDPOINT-=^View Endpoint the password is shown as clear text at password field
3 ENTM Fixes an issue where an account in a localized environment is deleted when deleting the endpoint although the account is checked out. AC1271029 All Account is stored in localized format but database query is not handling localized comparison   handle Localized comparison in Database properly 1 Create and Endpoint and discover the Privileged accounts in localized environment (Japanese)
2. do check-out for few accounts then try to delete check-out accounts. NOTE: The same scenario working if we create endpoint and discover the privileged accounts through English browser.
Expected result: System must throw error saying account is checked out. Actual result: System is deleting the account though it is checked out.
2 ENTM Fixes an issue where the job that handles the 'In progress' tasks does not handle all task sessions In progress, rather it only updated the events. Therefore, some existing tasks at task session table shows "In Progress" state. AC1271033 All        
2 ENTM Fixes an issue where the system failed to change a password according to the password policy setting. AC1271034 All At the time of password policy execution    Fixed time calculation using the "to time" in password policy. 1. create a Password Policy.
2. With Password Expiration Interval 1 days.
3. Set Time Interval from 00:00 to 01:00 on everyday.
4. Modify some account and set password policy as newly created password policy.
Expected Result: Everyday password of accounts must change at 00:00. Actual Result : Password changes after 2 days.
3 ENTM Fixes an issue  where the "Checked-out By"  field is left empty for several checked out passwords in case the system locale is not English AC1271018 All Date is not getting formatted based on the locale, if the locale is other than English.   Irrespective of the locale formatting the date in common format and displaying correctly. 1.Modify any Privileged Account Go to PrivilegedAccounts-=^Accounts-=^Modify Privileged Account then set(example:5mns) the "Check out Expiration (Minutes):" and save it.
2.Set browser language as Japanese(japan[ja-JP])
3.Checkout the Same Privileged Account.
4.Click on Show Details then Observe Checked-out By: will be empty
3 ENTM Fixes an issue where resetting a user password using the Password Must Change open, results in an error string index out of bound. The behaviout was observed in case the base URL in the CA IdentityMinder Management Console is missing the port number. AC1271019 All       1. Configure ENTM with Apache reverse proxy or with IIS such a way that you don't need to provide port number while accessing ENTM Apache Reverse Proxy: Listen on port number 443 or 80 in httpd.conf so that you can access the ENTM URL without providing port number
2. Update Base URL in IDMMANAGE Access ENTM URL without port number
3. Login with superadmin and reset password for any sam user and select change password on next login
4. logout as superadmin and login as sam user Expected Result: it must redirect to page to reset password Actual Result: Page show String index out of bound exception
3 ENTM Fixes an issue where the password change by checkout via RDP login is not listed in “Show Previous Account Passwords”  AC1271022 All While doing RDP we are not executing CreateAccountPasswordHistoryEvent that makes an entry in the show previous account passwords.   I changed in the method called while RDP and password changes are getting listed. 1. create endpoint with login application (RDP).
2. create account for the endpoint with [Change Password on Check out] checked
3. execute normal checkout for the account
4. check [Show Previous Account Passwords] for the account. The password change in step3 is listed in password history as expected
5. execute automatic login (RDP) for the account
6. check [Show Previous Account Passwords] for the account. The password change in step5 is not listed in password history This is the problem
7. logout from RDP and click Yes to checkin confirmation dialog
8. check [Show Previous Account Passwords] for the account -=^ the password change in step7 is listed in password history as expected The password change by check out via automatic login is not listed in password history in [Show Previous Account Passwords] while other password changes are listed.
2 ENTM Fixes an issue where the Check Out Expiration does not work in case the account is checked out by two users. AC1271023 All Trigger name was Overwritten in QRTZ_TRIGGER table, if we checkout same privileged account by two PUPM users within the first user privileged account checkout expiration time. Due to that trigger is firing only once. So privileged account is checked-in by one user.   Checkout the Privileged account by First PUPM user then Checkout the same privileged account by Second PUPM user then will observe both PUPM users have a Single JobName and Trigger(example:UniqueID-privilegedaccountname).Changed the JobName and Trigger name like UniqueID-privilegedaccountname-UserUniqueName. 1.Modify any Privileged Account(example: test privileged account) Go to PrivilegedAccounts-=^Accounts-=^Modify Privileged Account then set(example:5mns) the "Check out Expiration (Minutes):" and save it.
2.Create two PUPM users(example:test1,test2)
3.Checkout test privileged account by using test1.
4.Checkout test privileged account by using test2
5.Wait for 5mns after checkout. Observe test is checked-in after 5mns by test1 user successfully, but with test2, test privileged account will not be checked-in, even after timeout expiration.
2 ENTM Fixes an issue where in load balancing environment when setting a user password profile as PASSWORD MUST CHANGE, user is redirected to the primary machine to reset password page however gets page without the user's details and there is no way to provide user login details  AC1271026 All It was because port number is not assigned for apache's friendly URL as per the documentation and we have released a fix T5P0158 which was designed considering our documentation in mind.   Code Changes: To support apache server configured without port Configure apache without port 1. Setup Primary ENTM and LB ENTM and configure it with apache 2. Create a user and mark to change password on login. 3. Access the URL with friendly URL and login with the created user at step 2 Actual Result: User details are empty Expected Result: user details must be filled
3 ENTM Fixes an issue where data in the custom information fields in the create  privileged account page are overridden by endpoint information data AC1271011 All     Inheriting custom fields from endpoint just in case they were not filled in the new created account 1. create privileged account
2. fill the Information tab fields (Department and Custom 1 - Custom 5 fields)
3. Submit
4. View the new created account the custom fields were not saved
2 ENTM Fixes an issue where after upgrading to 12.8, the SAM events are created with an incorrect time stamp. 
SAM events in 12.8 are reported by UAR to occur in the future.
AC1271014 All Problem occur because we are converting date to Long value which will be the number of seconds since January 1, 1970, 00:00:00 GMT. The date stored in DB is in UTC when we are converting that date to Long value we are converting it to the long value of the server's time zone as a result value sent to audit queue is wrong.   Code Changes: Need to consider date as UTC and need to convert date to long value considering the UTC time zone. After upgrading CM to version 12.8, the client's SAM events are being created with an incorrect time stamp. - SAM events in 12.8 are reported by UAR to occur in the future. - UAR has not used any special offsets for TIBCO in the past. An account was checked out at 3:56 PM. UAR reports it as 8:55:54 PM because we are in GMT -5 Epoch , Event_Date = 1392429354 Friday, February 14, 2014 8:55:54 PM GMT-5 Epoch, Checkout Date = 1392429373 Friday, February 14, 2014 8:56:13 PM GMT-5 EST Eastern Standard Time GMT-5:00 -18000
3 ENTM Fixes an issue where a string index out of bound error message appears when resetting a user password with the "Password Must Change" checked. AC1271015 All When reset user password with Password Must Change is checked, page is throwing error string index out of bound, this will occur only if base url in idmmanage is not having the port number     1. Configure ENTM with Apache reverse proxy or with IIS such a way that you don't need to provide port number while accessing ENTM Apache Reverse Proxy: Listen on port number 443 or 80 in httpd.conf so that you can access the ENTM URL without providing port number
2. Update Base URL in IDMMANAGE Access ENTM URL without port number
3. Login with superadmin and reset password for any sam user and select change password on next login
4. logout as superadmin and login as sam user Expected Result: it must redirect to page to reset password Actual Result: Page show String index out of bound exception
3 ENTM Fixes a problem during Checkout Operations via AutoLogin (i.e. RDP) where third party tools such as RDP and PUTTY are not launched and it repeatedly checks-out silently.  AC1271000 All Login Application Job does cleanup activity of invalid tickets which are leftover,  every 60 seconds.      
2 ENTM Fixes an issue with the LB environment where the retrieve base urn refers to the primary machine instead of the LB machine. AC1271001 LINUX     Code Change- keep the base url host name as the host the request came from 1. Setup Primary ENTM
2. Setup LB ENTM
3. Create a user and mark to change password on login.
4. Go to the LB ENTM and login. the user details remained empty
2 ENTM Fixes an issue where coping a password that contains '<' character results in all characters after '<' not being copied. AC1271005 All When retrieving the user password and associating it with a span id, the function assumes '^=' character as a start of an html tag, and hence all the characters after it are ignored. This happens only when if the password contains '^=' symbol followed by a alphabet.(not if ^= is followed by numeral or symbol).   1. ENTM WebUI Login
2. Home-=^My Privileged Accounts
3. checkout against a user
4. select "Copy to Clipboard" In this case: If the generated password has '^=' char, all chars after ^= are not copied .
3 ENTM Fixes a issue where spaces in ENTM passwords were not supported though Windows policy permitted spaces AC1271007 All     Code Changes: To allow spaces between characters for password 1. Create an windows Agentless Endpoint.
2. Create a disconnected privileged account for the same endpoint and provide the password with spaces.
Expected Result: Account must be created as windows policy is allowing spaces between characters.
Actual Result: Server is throwing error saying password does not match the policy requirements.
2 ENTM Fixes an issue where an admin is allowed to delete an account that is checked out AC1271009 All     Code Changes: Need to put validation in place while deleting the account. 1. Checkout an account.
2. Go to Delete privileged account and delete the checked out account Expected Result: System must throw error saying account is checked out. Actual Result: System is deleting the account though it is checked out.
2 ENTM Fixes an issue where Observe Approve, Reject and Refresh buttons are enabled for non-admin users AC1270984 All Disabling Approve, Reject and Refresh buttons for non-admin users.     1.Login into ENTM 2.Go to Users and Groups-=^Roles-=^Manage Work Items-=^Manage User's Work Items-=^ Select a non adminlogin User 3.Observe Approve, Reject and Refresh buttons were enabled.
3 ENTM Fixes an issue where time is incorrectly displayed when Requester and Approver are in a different time zones while DST is enabled AC1270991 All 1.While printing out the Last updated time on work item list, directly server time instead of client side browser time is being sent. 2.While displaying the time in show password details, server time, without being converted to client side browser time, is being sent as data. N/A 1.While printing out the Last updated time on work item list, server time is converted to client time first and then displayed. 2.While displaying the time in show password details, server time is converted to client side browser time and then being sent for display. 1. When a privileged account is requested , Request appears on Approver's Home page / Waiting for Approval page . "Last Updated On" time is Enterprise Management server time and not browser time .
2.In Show previous Account passwords page , When "Show Password" is clicked , Password is displayed on top of the screen , Time displayed here is Server time .
3 ENTM Fixes an issue where exporting  Shared Accounts with "endpoints with failures" option to a CSV file fails  AC1270994 All       1. In World View, select Shared Accounts
2.  Search: Endpoint Name = *
3. Click "endpoints with failures" "Export" link
It should download csv file and contain the required data
2 ENTM Fixes an issue where occasionally user receives an “Access denied” message when trying to log in using PUTTY even though password and username is correct AC1270998 All MS functions SetForegroundWindow and SetFocus does not bring the putty window to front and the putty window cant get the keyboard focus, therefore the first char of the password is not sent to the putty window. In order to bring the window to front need to simulate keyboard event right after the call to SetForegroundWindow and SetFocus     try to auto login through putty session continuously then observed sometimes “Access denied” even though password and username is correct(printed the password and username in putty.vbs).
2 ENTM Fixes an issue where creating an endpoint using REST API results in saving the password incorrectly in the database AC1270999 All       1. create endpoint via rest API
2. browse to View endpoint page at Privileged Accounts-=^ENDPOINT-=^View Endpoint the password is shown as clear text at password field

Chat with CA

Just give us some brief information and we'll connect you to the right CA Expert.

Our hours of availability are 8AM - 5PM CST.

All Fields Required

connecting

We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{message.agentProfile.name}} will be helping you today.

    View Profile


  • Transfered to {{message.agentProfile.name}}

    {{message.agentProfile.name}} joined the conversation

    {{message.agentProfile.name}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1].agentProfile.name}} has ended.
    Thank you for your interest in CA.


    How Did We Do?
    Let us know how we did so that we can maintain a quality experience.

    Take Our Survey >

    Rate Your Chat Experience.

    {{chat.statusMsg}}

agent is typing