CA ControlMinder 12.8 - CumulativeFix-2 (CF2) Server FIXLIST

No. Severity Module Problem summary Package OS Cause of the problem Conditions Solution or workaround Reproduction steps
1 2 ENTM Fixes a SAM related issue where a user performs an auto login for the already checked out account the status appears as fail in the audit records AN01910 All If we try to perform auto login for the already checked out account, we check is account checked out or not, if the account state is checked out, so we can’t checkout the account, takes the previous password with that will logging into putty session then update checked out status as failed in audit as account already checked out. Changed the behavior.     1.Checkout the Privileged Account
2.Autologin putty session with already checked out account
3.After login into putty session go to Privileged Accounts-=^Audit-=^Audit Submitted task and check the status of this event will observe status as failed.
2 3 ENTM Fixes an issue where the password change by checkout via RDP login is not listed in “Show Previous Account Passwords” AN02051 All While doing RDP we are not executing CreateAccountPasswordHistoryEvent that makes an entry in the show previous account passwords.   changed in the method called while RDP and password changes are getting listed. 1. create endpoint with login application (RDP). 2. create account for the endpoint with [Change Password on Check out] checked 3. execute normal checkout for the account 4. check [Show Previous Account Passwords] for the account. The password change in step3 is listed in password history as expected 5. execute automatic login (RDP) for the account 6. check [Show Previous Account Passwords] for the account. The password change in step5 is not listed in password history This is the problem 7. logout from RDP and click Yes to checkin confirmation dialog 8. check [Show Previous Account Passwords] for the account -=^ the password change in step7 is listed in password history as expected The password change by check out via automatic login is not listed in password history in [Show Previous Account Passwords] while other password changes are listed.
3 2 ENTM Fixes an issue where the Check Out Expiration does not work in case the account is checked out by two users AN02054 All Trigger name was Overwritten in QRTZ_TRIGGER table, if we checkout same privileged account by two PUPM users within the first user privileged account checkout expiration time. Due to that trigger is firing only once. So privileged account is checked-in by one user.   Checkout the Privileged account by First PUPM user then Checkout the same privileged account by Second PUPM user then will observe both PUPM users have a Single JobName and Trigger(example:UniqueID-privilegedaccountname).Changed the JobName and Trigger name like UniqueID-privilegedaccountname-UserUniqueName. 1.Modify any Privileged Account(example: test privileged account) Go to PrivilegedAccounts-=^Accounts-=^Modify Privileged Account then set(example:5mns) the "Check out Expiration (Minutes):" and save it. 2.Create two PUPM users(example:test1,test2) 3.Checkout test privileged account by using test1. 4.Checkout test privileged account by using test2 5.Wait for 5mns after checkout. Observe test is checked-in after 5mns by test1 user successfully, but with test2, test privileged account will not be checked-in, even after timeout expiration.
4 3 ENTM Fixes an issue  where the "Checked-out By"  field is left empty for several checked out passwords in case the system locale is not English AN02056 All Date is not getting formatted based on the locale, if the locale is other than English.   Irrespective of the locale formatting the date in common format and displaying correctly. 1.Modify any Privileged Account Go to PrivilegedAccounts-=^Accounts-=^Modify Privileged Account then set(example:5mns) the "Check out Expiration (Minutes):" and save it. 2.Set browser language as Japanese(japan[ja-JP]) 3.Checkout the Same Privileged Account. 4.Click on Show Details then Observe Checked-out By: will be empty
5 3 ENTM Fixes an issue with creating a new policy through the UI, where the script gets truncated if writing the undeploy script or copying and pasting into the undeploy script box AN02062 All the text area in the undeploy script part in the jsp file doesn't have a max length attribute defined. By default it takes 255 characters as upper limit and doesn't allow any more characters to be added.   added max length attribute (equal to 8192) in the jsp file for undeployed a result a large script file is not getting accepted without truncation. the issue affects only the undeploy script part in CM 12.8 web UI. Steps: - connect to Enterprise Management - go to Policy Management-=^ Policy-=^ Create Policy and then Create a new Policy - After naming the policy in the general tab,go to policy script tab and add the deploy script using copy and paste or writing manually. - then trying to add the undeploy script using copy and paste or typing, this is not working, since the copy and past is truncated or because we cannot write after a certain number of characters. sample script: rr LOGINAPPL ("BIN_LOGIN") rr LOGINAPPL ("DTGREET") rr LOGINAPPL ("DTLOGIN") rr LOGINAPPL ("ETC_CRON") rr LOGINAPPL ("ETC_GETTY") rr LOGINAPPL ("FTP") rr LOGINAPPL ("LIB_SSH") rr LOGINAPPL ("REXEC") rr LOGINAPPL ("RLOGIN") rr LOGINAPPL ("RSH") rr LOGINAPPL ("SBIN_CRON") rr LOGINAPPL ("SBIN_MINGETTY") rr LOGINAPPL ("SSH") rr LOGINAPPL ("TELNET") rr LOGINAPPL ("TTYMON") rr LOGINAPPL ("USR_BIN_LOGIN") rr LOGINAPPL ("USR_SBIN_CRON") rr LOGINAPPL ("VFTP") rr LOGINAPPL ("XDM") rr LOGINAPPL ("XRDB") rr LOGINAPPL ("XSET") rr LOGINAPPL ("ZLOGIN")
6 3 ENTM Fixes an issue where the system failed to change a password according to the password policy setting. AN02065 All       1. create endpoint via rest API 2. browse to View endpoint page at Privileged Accounts-=^ENDPOINT-=^View Endpoint the password is shown as clear text at password field
7 3 ENTM Fixes an issue where an Internet Explorer browser is showing GMT time instead of browser time AN02209 All IE does not support crossDomain = true for Ajax request   code changes to supprot cross platform in java script Login as superadmin, create endpoint and discover accounts. Login to IE as a normal user and request and account. During request the time taken is GMT and not the machine time. Expected result: It should take the browser machine time.
8 3 ENTM Fixes an issue where the search does not return the results according the defined criteria AN02194 All It is taking default * , i.e. previous search criteria to get the results   It is expected not to show any results unless user clicks on search button. So, auto triggering functionality of results for drop down accounts type is removed. In the home / search accounts : As soon as I select "breakglass" in the combobox the form is sent without any care of the criteria I entered : a global search is done with a warning as a result : narrow your criteria (we have hundreds of accounts in production ) I have to re-enter the criteria (which have been cleared except the "breakglass" combo) and push "search" to get my results.
9 3 ENTM Fixes an alignment issue in the UI where in Endpoint Password Restore Point: screen, Vertical position for "No Password history yet" should be same with "Password Date:". AN02195 All padding and alignment for all the fields not done properly in the jsp page   include code for padding ad alignment for the out put text. Navigate to Privileged Accounts-=^Endpoint Password Restore Point-=^[Search]-=^[Select]
10 3 ENTM Fixes an issue where a SQL query is displayed in the server.log file during a password reset through password policy AN02196 All        
11 3 ENTM Fixes an issue with the Create Password Consumer task where the "Name:" field a in Japanese environment is incorrectly placed. The field should be displayed in 1 line AN02197 All found out that column for label "name" has been defined as a result for Japanese environment, the translation is displayed on 2 separate lines. only when the environment is Japanese. i.e. Japanese UI. change column for "name" label to 1. In japaese ENTM,Navigate to Privileged Accounts-=^Password Consumers-=^Create Password Consumer-=^[OK]
12 3 EM Fixes an issue where the host name and service name (port) for incoming connection events are not displayed properly on audit event list in Endpoint Management AN02198 All     The value in the audit field if not null are used to populate the value for the terminal and Object/resources. [REPRODUCTION STEPS] Prepare Endpoint Management environment. 1. secons -s 2. Deploy "seos.audit.bak.20-Aug-2014.132832" file under AC log folder. 3. seosd -start 4. start Browser, http://^=EPM server=^:18080/acem 5. login with user "^=EPM server=^=^Administrator" pass xxxxxxx host ^=EPM server=^ 6. Click "Audit Events" 7. select "seos.audit.bak.20-Aug-2014.132832" at "Audit Events FUle:" 8. click "Create filter" Filter Name: HOST Audit Event Records: List exactly these conditions Select Switches: Lict INET audit records of Host and Service Click "Next" Click "Next" Click "Finish" [Actual Result] You can see "Inbound Network Connection" records on Audit Records Result screen, but "Object/Resource" and "Terminal" fields are blank. Click an event on top of list. Then "Event Details" screen is shown up. You can see; Service name "microsoft-ds" at "event_details_field_service" and IP address "" at "event_details_field_host_name". [Expected result] "event_details_field_service" should be displayed at "Object/Resource". "event_details_field_host_name" should be displayed at "Terminal".
13 3 ENTM Fixes a time related issue where while creating a copy of an existing user, the 'start date' attribute in the tblUsers table receives the date of the original user (from which the copy was created) rather than the current date. AN02169 All we are directly copying the attribute startdate while creating copy of a user instead of initializing with current date.   while creating a user check if this is a new user or copy from old user.In case of latter, initialize the startdate attribute with current date . 1Login to ENTM as admin 2)users and groups-=^create user. 3)select Create a copy of a user and select any user which has been created previously on another date 4)provide details of the new user 5)Run the query: select loginid, startdate from tblusers where loginid='^=insert user id of new created user here=^'; 6)the startdate value has the old value of original user instead of current date.
14 3 EM Fixes an issue with embedded Endpoint Management where up/down triangle arrow icons for data sorting at column header are not displayed at many places e.g. Audit Events tab AN02178
All the castyles.ear file does not contain the required image that is being searched for.   adding required search images in castyles.ear file 1)Login as administrator on a EPM with ENTM machine. 2)Go to Users-=^Go. or Audit-Events. The sorting images for columns are missing.
15 3 ENTM Fixes an issue where If the "Owner" attribute of a privileged account is set to a group with group Name includes Kanji character, and a user who is a member of that group logs in ENTM WEB UI, and navigate to "My Privileged Accounts", then the privileged account is not listed AN02183 All The database query was not appropriate for the Japanese character.   The database query was changed to incorporate languages other than English. Steps to Reproduce: 1. Login in ENTM with superadmin and create two user.(user1 and user2) 2. Create two group one with kanji character in its name and other in English e.g. (今日は今日は, new_grp). 3. add users to each group. 4. Modify privilege accounts and add 今日は今日は group to the owner filed of the accounts. 5. Modify another privilege account add new_grp to the owner field of the the account. 6. Login with the users to check if accounts are added to "My privilege Accounts". Actual Results: A user who is a member of that group 今日は今日は , does not have privileged account listed in "My Privileged Accounts".
16 3 ENTM Fixes an issue where Observe Approve, Reject and Refresh buttons are enabled for non-admin users AN02188 All Disabling Approve, Reject and Refresh buttons for non-admin users.     1.Login into ENTM 2.Go to Users and Groups-=^Roles-=^Manage Work Items-=^Manage User's Work Items-=^ Select a non adminlogin User 3.Observe Approve, Reject and Refresh buttons were enabled.
17 3 ENTM Fixes an issue where time is incorrectly displayed when Requester and Approver are in a different time zones while DST is enabled AN02150 All 1.While printing out the Last updated time on work item list, directly server time instead of client side browser time is being sent. 2.While displaying the time in show password details, server time, without being converted to client side browser time, is being sent as data.   1.While printing out the Last updated time on work item list, server time is converted to client time first and then displayed. 2.While displaying the time in show password details, server time is converted to client side browser time and then being sent for display. 1. When a privileged account is requested , Request appears on Approver's Home page / Waiting for Approval page . "Last Updated On" time is Enterprise Management server time and not browser time . 2.In Show previous Account passwords page , When "Show Password" is clicked , Password is displayed on top of the screen , Time displayed here is Server time .
18 2 ENTM Fixes an issue where modifying accounts causes the container named “SSH Accounts” to change to "Accounts" which causes the Discovery operation to return incomplete results AN02161
All JCS is sending container name for Linux EP for "AC for PUPM" Endpoint as "SSH Accounts". On modification we are changing container name to "Accounts".   Change the container name to "Accounts" while account is discovered. [Steps to Reproduce] 1. Create an Linux Endpoint as Access Control for PUPM Endpoint Type. 2. Discover an Account from the created EP. 3. Check the container name for the discovered account: "SSH Accounts" 5. Modify the Account and Submit. 6. The container name changes to "Accounts" from "SSH Accounts"
19 3 ENTM Fixes an issue where in the View Submitted Tasks and PUPM audit, "Last Checked-Out By" attribute has a number as a value rather than displaying the actual user name AN02167 All Code to convert ID to short name is not available   Code Changes to convert ID to Short name 1. Login to ENTM as a PUPM user. 2. Perform auto login of a windows account. 3. Check VMST as the PUPM user or check the VST/PUPM audit as the superadmin for the check out event. Expected Output: =============== The checked out password event audit shows a number for "Last Check-Out By" instead of displaying the name of the PUPM user who performed the check out operation. EG: Attribute old Value New Value Last Check-Out By Sam1 Sam2 Actual Output: ============== Attribute old Value New Value Last Check-Out By 21 104
20 3 ENTM Fixes an issue where Privileged Accounts, Audit, Audit Privileged Accounts screen displays English strings that should be updated from "Session Details" to "Replay recorded session" AN02129 All     changes in properties files. Steps to reproduce: Navigate to Privileged Accounts-=^Audit-=^Audit Privileged Accounts [Expected] English string should be updated from "Session Details" to "Replay recorded session".
21 3 ENTM Fixes an issue with the endpoint type search result screen, where the description of the endpoint type is changed when returning from the "View Endpoint Type: " screen AN02132 All After returning to Search from Endpoint Type details page, description is not properly formatted.   Proper formatting for Endpoint Type description is added after returning to Search from Endpoint Type details page. 1. Navigate to Privileged Accounts -=^ View Endpoint Type 2. Click "Search" 3. Click "Select" 4. Click "Return to Search" [Expected] Description for Endpoint Type is displayed correctly.
22 3 ENTM Fixes an issue where attribute names are listed with a "?" symbol in endpoint scope rule filter dropdown menu AN02133 All Property has not been removed from the dropdown   All the properties which are searchable in managedobject.xml will be displayed in scope rule, we need code changes to have searchable property as false or remove this attribute from the xml. By default property is not searchable. 1. go to "Member Policy" screen of "Privileged Account Request" role, 2. Try adding new scoping rule and select "endpoint" 3. then following attribute names are listed on drop down for attribute selection. ???key: attribute.displayName.endpoint.LAST_FAILED_CONNECTION_OP??? ???key: attribute.displayName.endpoint.LAST_FAILED_CONNECTION_REASON???
23 3 ENTM Fixes an issue that while searching for the Net Bios Name the hardcoded value "cn=Partitions,cn=Configuration," is appended to the search root provided while installing CA Control Minder. When the search root is set to “OU=MYOU,dc=ac-dev,dc=com” the product appends the hardcoded cn’s to the search root and the user is not available in the provided directory. AN02135 All Fixes an error "LDAP: error code 32.. " in the Server log that appears when user is logging in to the Ui   Need to remove the hardcoded values "cn=Partitions,cn=Configuration," from the search base in case root org contains Organization Unit. Make sure root org contains OU along with DC e.g. 'OU=ashisuto,DC=mlitad,DC=local'. You can check the same @ ac-dir in ^=^=ENTM_SERVER=^=^\idmmanage 1. Login to ENTM WebUI. check for the error in the server.log javax.naming.NameNotFoundException: [LDAP: error code 32 - 0000208D: NameErr: DSID-0310020A, problem 2001 (NO_OBJECT), data 0, best match of:'OU=ashisuto,DC=mlitad,DC=local' ]; remaining name 'cn=Partitions,cn=Configuration,OU=ashisuto,DC=mlitad,DC=local'
24 2 ENTM Fixes an issue that occurred when aborting a clean up submitted tasks at a point where records were copied to the archive table before they were deleted from the run time table. Therefore, the next time the task is executed an error message is received AN02103 All     this fix catch this specific error and continue the clean up task. This problem is not easy to reproduce. customer invoke clean up submitted tasks and check the Archive check box. than he got an error: Violation of PRIMARY KEY constraint 'PK_archive_object12'. Cannot insert duplicate key in object 'dbo.archive_object12'. The duplicate key value is.... this fix catch this specific error and continue the clean up task.
25 2 ENTM Fixes a potential vulnerability issue AN02114 All        
26 2 ENTM Fixes an issue with Sybase endpoint where under the "Discovered Accounts" Column Discovers privileged accounts shows with a checkmark but once modified those accounts and assign them to a group they no longer have a check under the "Discovered Account" column AN02123 All The Container Name for Sybase Endpoint on Endpoint side is "SYBASE Accounts" but in our configuration file we have container name as "Sybase Accounts".   The Container Name for Sybase Endpoint is changed from "Sybase Accounts" to "SYBASE Accounts" in configuration file. Steps to Reproduce: 1. Discover two accounts. 2. After Discovery rerun the discovery and you will see two check boxes showing the accounts have been discovered. 3. Modify the Privileged Account and give it a group owner. 4. Discover the accounts again and you will see that the checkbox has been removed.
27 3 ENTM Fixes an issue where a Label in the Create Endpoint page is mentioned as "Deny Exclusive Break-glass" rather then "Exclusive Break-glass" AN02127 All     Change the String value in properties file. 1. Navigate to Privileged Accounts-=^Create Endpoint 2. [OK]-=^%7BEnter "Name" and Select "Windows Agentless"%7D [Expected] Deny Exclusive Break-glass should be changed to Exclusive Break-glass.
28 3 ENTM Fixes an issue where the information of an account displayed as "Name:" instead of "Account Name:" AN02128 All     Changes in properties files. 1. Navigate to Privileged Accounts-=^Manual Password Reset 2. [Search] and [Select] an account Actual: Manual Password Reset: name: "root" on "ankam01-I113686" SSH Accounts ("SSH Device") Expected: Manual Password Reset: Account name: "root" on "ankam01-I113686" SSH Accounts ("SSH Device")
29 2 ENTM Fixes an issue where in load balancing environment when setting a user password profile as PASSWORD MUST CHANGE, user is redirected to the primary machine to reset password page however gets page without the user's details and there is no way to provide user login details AN02066 All port number is not assigned for apache's friendly URL as per the documentation and we have released a fix T5P0158 which was designed considering our documentation in mind.   Code Changes: To support apache server configured without port Configure apache without port 1. Setup Primary ENTM and LB ENTM and configure it with apache 2. Create a user and mark to change password on login. 3. Access the URL with friendly URL and login with the created user at step 2 Actual Result: User details are empty Expected Result: user details must be filled
30 3 ENTM Fixes an issue where an account in a localized environment is deleted when deleting the endpoint although the account is checked out. AN02067 All Account is stored in localized format but database query is not handling localized comparison   handle Localized comparison in Database properly 1 Create and Endpoint and discover the Privileged accounts in localized environment (Japanese) 2. do check-out for few accounts then try to delete check-out accounts. NOTE: The same scenario working if we create endpoint and discover the privileged accounts through English browser. Expected result: System must throw error saying account is checked out. Actual result: System is deleting the account though it is checked out.
31 2 ENTM Fixes an issue where the job that handles the 'In progress' tasks does not handle all task sessions In progress, rather it only updated the events. Therefore, some existing tasks at task session table shows "In Progress" state. AN02074 All        
32 2 ENTM Fixes an issue where SAM events were not sent to the Message Queue audit queue AN02076 All     Code Change- keep the base url host name as the host the request came from 1. Setup Primary ENTM
2. Setup LB ENTM
3. Create a user and mark to change password on login.
4. Go to the LB ENTM and login. the user details remained empty
33 3 ENTM Fixes an issue where a string index out of bound error message appears when resetting a user password with the "Password Must Change" checked. AN02089 All There is no validation for Phone numbers.   Added validation for both Business Phone and Cell Phone fields. 1. Log in to EntM. 2. Go to Users and Groups-=^Users-=^Create User 3. Provide necessary details (Use ID, password, First name, Last name) 4. Enter String in Business Phone and Cell Phone fields(for example : test) 5. submit. Expected : User should not be create and some error should be given for invalid phone number. Actual : User is created without any error.
34 2 ENTM Fixes an issue where the system failed to change a password according to the password policy setting. AN02090 All At the time of password policy execution   Fixed time calculation using the "to time" in password policy. Reproduction Steps: 1. create a Password Policy. 2. With Password Expiration Interval 1 days. 3. Set Time Interval from 00:00 to 01:00 on everyday. 4. Modify some account and set password policy as newly created password policy. Expected Result: Everyday password of accounts must change at 00:00. Actual Result : Password changes after 2 days.

Chat with CA

Just give us some brief information and we'll connect you to the right CA ExpertCA sales representative.

Our hours of availability are 8AM - 5PM CST.

All Fields Required


We're matching your request.

Unfortunately, we can't connect you to an agent. If you are not automatically redirected please click here.

  • {{}} will be helping you today.

    View Profile

  • Transfered to {{}}

    {{}} joined the conversation

    {{}} left the conversation

  • Your chat with {{$storage.chatSession.messages[$index - 1]}} has ended.
    Thank you for your interest in CA.

    Rate Your Chat Experience.


agent is typing