Host Access Management and Security Server (MSS) version 126.96.36.199 released December 2021.
All MSS releases are cumulative, and contain the features introduced in earlier releases. For previous versions, see MSS Documentation.
Log4j library updated to version 2.17.0 to mitigate CVE 2021-45105 (188.8.131.52)
Log4j library updated to version 2.16.0 to mitigate CVE-2021-44228 and CVE-2021-45046 (184.108.40.206)
TLS 1.3 is supported and enabled. Clients that do not yet support TLS 1.3 will fall back to TLS 1.2. (12.8)
Windows Authentication - Kerberos is available for end users launching HACloud sessions via the session server or Reflection Desktop when configured for centralized management. (12.8)
Management and Security Server (MSS) has been made more secure by using only HTTPS. (12.8)
Communication from the Security Proxy to MSS when exporting settings has been upgraded to HTTPS. (12.8)
Rumba+ Desktop 10.1 SP1 (or higher) sessions may now be launched from the Assigned Sessions list. (12.8)
If the Metering administrator password is forgotten, you can easily reset it to the Administrative Console password. (12.8)
You can add Subject Alternative Names to certificates while installing HACloud and MSS. (12.8)
MSS now uses HTTPS exclusively to increase security. HTTP has been disabled on all endpoints.
NOTE: In upgrades, where clients had been configured to access Metering or the Terminal ID Manager over HTTP, those clients must be updated to use the HTTPS port. The MSS Certificate also needs to be imported to the appropriate certificate / trust store, if not already done. (12.8)
TLS 1.0 and TLS 1.1 have been removed. Both TLS 1.2 and TLS 1.3 are available. (12.8)
As a result of updated encryption libraries, customers who use headless server-based installations may experience system delays if system entropy is too low. Insufficient entropy may lead to the installation process hanging or degraded server performance. Some platforms already install and enable an entropy service by default, and the issue will not be noticed. If needed, a hardware or software solution can remedy the issue. See the Knowledge Base article, Ensuring Sufficient Entropy to Avoid System Delays. (12.7.2)
Upon upgrading the Security Proxy, if a proxy port has only a DSA certificate, the port will not support TLS 1.3; however, it will continue to allow TLS 1.2 and lower protocols. TLS 1.3 is not compatible with a DSA certificate. (12.7.2)
Use the Security Proxy Wizard to adjust the configuration to support the desired TLS protocols. The Security Proxy Wizard, as well as the Security Proxy Server log files, will indicate any configuration mismatches that prevent TLS 1.3 operation.
If you encounter these or other issues with Management and Security Server, contact Micro Focus Support.
NTLMv2. Customers using as their authentication method are subject to the “Netlogon Elevation of Privilege Vulnerability” (CVE 2020-1472). (12.7).
To mitigate this vulnerability, use a different authentication method such as Windows Authentication - Kerberos, LDAP, SAML, Single Sign-on through IIS, X.509, or SiteMinder. For more information see Knowledge Base article 7024851.
NOTE: With the addition of, support for NTLMv2 will be removed in an upcoming release.
Authentication to the MSS Server using Internet Explorer (IE) 11 does not work in MSS 12.7.2 or higher. Attempts to access the Assigned Sessions list or Administrative Console result in an unrelenting spinner. (12.7.2)with
Workarounds: Use another supported browser, such as Microsoft Edge or Google Chrome—OR—use a different authentication method, as mentioned above.
Check these online resources.
For specific product issues, contact Micro Focus Support.
© Copyright 2021 Micro Focus or one of its affiliates
The only warranties for products and services of Micro Focus and its affiliates and licensors (“Micro Focus”) are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Micro Focus shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice.