Host Access Management and Security Server - Release Notes

June 2021

Management and Security Server (MSS) version 12.7.2 released June 2021.

1.0 What’s New

Management and Security Server 12.7.2 released with Host Access for the Cloud version 2.6.2.

All MSS releases are cumulative, and contain the features introduced in earlier releases. For previous versions, see MSS Documentation.

1.1 Features and Fixes

  • Security updates and multiple bug fixes (12.7.2)

  • TLS 1.3 is now supported and enabled on core components in MSS. Clients that do not yet support TLS 1.3 will fall back to earlier TLS versions. (12.7.1)

  • Assigned Sessions list. Users of Host Access for the Cloud, Reflection Desktop, InfoConnect Desktop, and Reflection for the Web can launch their sessions from an HTML-based portal (no Java required). (Introduced in 12.6.11; improved in 12.7)

    The Assigned Sessions portal replaces the Java-based links list. For more information, including the product version requirements, see Providing Access to Sessions in the MSS Administrative Console help.

  • Added the ability to adjust SAML Service Provider settings: session timeout and assertion signing. (12.7)

1.2 Changes in Behavior and Usage

  • As a result of updated encryption libraries, customers who use headless server-based installations may experience system delays if system entropy is too low. Insufficient entropy may lead to the installation process hanging or degraded server performance. Some platforms already install and enable an entropy service by default, and the issue will not be noticed. If needed, a hardware or software solution can remedy the issue. See the Knowledge Base article 7025092, Ensuring Sufficient Entropy to Avoid System Delays.

  • Upon upgrading the Security Proxy, if a proxy port has only a DSA certificate, the port will not support TLS 1.3; however, it will continue to allow TLS 1.2 and lower protocols. TLS 1.3 is not compatible with a DSA certificate.

    To adjust the configuration to support the desired TLS protocols, use the Security Proxy Wizard. The Security Proxy Wizard, as well as the Security Proxy Server log files, will indicate any configuration mismatches that prevent TLS 1.3 operation.

2.0 Known Issues

If you encounter these or other issues with Management and Security Server, contact Micro Focus Support.

  • NTLM. Customers using Single Sign-on through Windows Authentication (NTLMv2) as their authentication method are subject to the “Netlogon Elevation of Privilege Vulnerability” (CVE 2020-1472). (12.7)

    To mitigate this vulnerability, use a different authentication method such as LDAP, SAML, Single Sign-on through IIS, X.509, or SiteMinder. For more information see Knowledge Base article 7024851.

  • Authentication to the MSS Server using Single Sign-on through Windows (NTLMv2) with Internet Explorer (IE) 11 does not work in this release. Attempts to access the Assigned Sessions list or Administrative Console result in an unrelenting spinner. (12.7.2)

    Workarounds: Use another supported browser, such as Microsoft Edge or Google Chrome—OR—use a different authentication method, as mentioned above.

3.0 Contacting Micro Focus

Check these online resources.

For specific product issues, contact Micro Focus Support.