Host Access Management and Security Server - Release Notes

March 2018

Host Access Management and Security Server version 12.4 SP1 Update 4 (12.4.14) released March 2018.

This document lists the product’s features, resolved issues, and known issues since version 12.4 SP1 released.

What’s New

Host Access Management and Security Server 12.4 SP1 Update 4 (12.4.14) includes the following features and upgrades (in addition to the features in 12.4 SP1):

  • When using the X.509 authentication method, the ability to fall back to LDAP authentication is optional on the Configure Settings- Authentication & Authorization panel.

  • The configuration for the Micro Focus Advanced Authentication Add-On includes the ability to Verify the server identity and test the connection.

  • Updated Java to 1.8.0_161

  • Updated Apache Tomcat to 8.5.24

  • Note: In a future update, the infrastructure for the Metering and Terminal ID Manager servers will no longer use war files. Standalone installation will be supported by using the shared services container instead of the meter.war or tidm.war files.

  • Check the Known Issues for potentially incompatible secure protocol settings.

Caution: Be sure to upgrade

Micro Focus strongly recommends upgrading to Host Access Management and Security 12.4 SP1 or higher at the earliest opportunity to use the latest cryptographic module.

Failing to upgrade could cause you to be

  • out of compliance with regulatory requirements, such as PCI-DSS, which require that critical security libraries be up to date and supported.

  • at risk if a new security vulnerability is announced. (Security patches are not expected to be available for the older cryptographic modules.)

Resolved Issues

  • The Entropy Gathering Device (EGD) was changed to/dev/urandom to resolve issues where installation and starting of applications may be slow or appear to hang on headless UNIX systems.

    If the use of /dev/urandom is not acceptable or permitted in your environment, you can configure the applications to use dev/random. See the alternative solutions detailed in the Management and Security Server Installation Guide.

Known Issues

  • After installing the Windows Desktop Emulation activation file in Management and Security Server, the browser instance running the administrative console needs to be closed and restarted to complete and enable activation.

  • Incompatible secure protocol settings. New installations of the Security Proxy Server are set to use TLS 1.2 for secure connections. When the client, such as Reflection Desktop, is set to use a security protocol other than TLS 1.2, the setting is incompatible.

    Resolution: Either the client (Reflection Desktop) can be configured to use TLS 1.2 (more secure), or the Security Proxy Server can be configured to use TLS v1.1 or TLS v1 (less secure).

    Note: Existing protocol configurations are preserved when Management and Security Server and the Security Proxy Server are upgraded, and sessions continue to work as expected.

  • In the Administrative Console, the NTLM configuration option, Fall back to Basic authentication, was removed. If this setting is needed, you can set a property. Contact Support for details.

  • If you are installing or upgrading from Reflection ZFE version 2.1.1 or 2.1.0, contact Support.

    A workaround is needed to resolve version compatibility between Reflection ZFE and Management and Security Server 12.4.10.

  • If you use LDAP with TLS (LDAPS): After you upgrade Management and Security Server, you must re-establish trust of your LDAPS server. See details in the Installation Guide - Upgrading section.


Security Updates:

Product Documentation:

Technical Resources, including documentation and technical notes:

Product information, including the Management and Security Server (MSS) Add-Ons:

Updated Cryptographic Modules in Host Access Management and Security Server