PROXY Pro v11.0 Hotfix #1 is now available!
Hello Friends of Proxy Networks,
We have just released PROXY Pro v11.0 Hotfix #1!
The new software version is available from the Downloads page on our website and our upgrade guides are located on the Documentation page. It is recommended that all customers upgrade to this release.
New Features
This Hotfix release includes significant new features, including:
• New Authentication Support: Cisco Duo MFA is now supported as an “add-on” MFA provider to any other configured identity provider.
• New Authentication Capability: Multiple EntraID directories can be registered as authentication providers; previously, only one could be registered.
• Future Capabilities: The internal structure of settings in Authentication Manager was reorganized to support generalized authentication providers, allowing for much more flexible configuration. Future PROXY Pro releases are expected to introduce support for additional providers.
• Installed Master End-to-End Authentication: The Master always attempts to “single sign-on” the Master’s identity to the Host when connecting for File Transfer or Remote Management, to satisfy end-to-end authentication, when the Master’s identity matches the identity used to authenticate to the Gateway Server. A new setting in Options > Master Settings > Other Services provides a checkbox “Always prompt for end-to-end credentials for FT and RM to Host, and do not SSO with Master identity” to change this behavior and force a credentials prompt to allow the technician to specify a different identity for access to the Host.
Other Enhancements, Fixes and Improvements
This Hotfix release also includes many bug fixes and performance improvements, including:
• Web Console Upgrade: Web Console UI customization (done consistent with the “PROXY Pro RAS White Label Guide”, aka PROXYPro-WCCustomization&Rebranding.pdf) was not preserved when upgrading from v10.X to v11.0. The installer now handles this automatically when upgrading to v11.0 HF#1 or later. Installations that have been upgraded to v11.0 already can be easily fixed to restore the customizations; please contact Technical Support for the necessary steps.
• Server Products Installer: the Server products installer has been improved to handle many more edge cases, esp. around SQL access both on clean installation and on upgrades. Installer now offers to upgrade local SQLExpress installations to SQL Express 2019 + Cumulative Update 32. Note this upgrade is not required, but is recommended, as future versions of PROXY Pro will (eventually) drop support for SQL Server 2016 and require SQL 2019 or later. Clean installation creates a larger initial PROXY Pro database, which avoids an installation issue in some configurations.
• Installed Master Web Login supports EntraID Conditional Access: Web-based login from native Windows apps, specifically the installed Master, uses the Microsoft Edge “WebView2” component as of v11.0 FCS. However, a missing configuration option in this usage prevented EntraID Conditional Access from querying the machine state, resulting in failed authentications. This is fixed in v10.5 HF#8 and v11.0 HF#1 and later.
• Remote Terminal: The Master Remote Terminal feature was unable to connect to Hosts via Peer-toPeer connections if the Host was in simple password mode, due to incorrect authentication. This is fixed, and this scenario is fully supported.
• Master Installation default setting changed: PROXY Pro Master v9 and later defaulted to automatically attempting a connection to the Host for the Remote Printing service; this could be turned off via a checkbox in the Master Options > Master Settings dialog. In PROXY Pro v11.0 FCS, this option was turned off by default for all users who had not explicitly used the Options > Master Settings dialog to set some preferences there. In HF#1, the behavior is fixed so that users who had used PROXY Pro Master prior to HF#1 kept this option turned on by default (i.e. to auto-connect Remote Printing), but new installations of PROXY Pro Master would default to not auto-connect Remote Printing. Note that users can and use the Options > Master Settings dialog to set the best default behavior for their environment, e.g. whether the Remote Printing feature is commonly available and used, or not.
• Require EntraID for Interactive Logins setting: The Authentication Manager setting “Require external IdP (e.g. EntraID) authentication for interactive browser-based logins” was not working in v11.0 FCS, and is fixed in Hotfix #1. This setting allows the installed Master and other SDK-based applications to use Windows Authentication credentials, while requiring Web Console and brower based activity to use EntraID authentication.
• OpenSSL: OpenSSL v3.0.18 is incorporated into this release.
• Host for RDS and Host for VDI license key issue: The license keys used for Host for RDS and Host for VDI in the v11.0 initial release did not support the ability to enable the new Remote Speaker and Remote Terminal capabilities. New license keys are available that work with v11.0 HF#1 and later v11 releases that enable these capabilities. Contact technical support if you have the original keys and would like to enable these capabilities.
• File Transfer regression issue: Starting in v10.5 Hotfix #6, File Transfer would not successfully copy an entire directory to the root folder of a destination drive. Individual file copies, and copies of directories to anywhere other than a drive root were unaffected. Either the Host or the Master must be upgraded to this version (or later) to get the fixed behavior. [Previously included in v10.5 Hotfix#8, but not in v11.0 initial release.]
• Gateway Server Auditing improvements [Previously included in v10.5 Hotfix #8, but not in v11.0 initial release]: The Gateway setting “Auditing > Only log failures” now only affects the writing of success events to the application Event Log. Success events are always written to the CSV text file. Additionally, the logic for “Maximum log file age (days)” was adjusted to ensure that the specified amount of audit data is preserved. Previously, the calculation was based on the audit file creation date, so on a weekly rollover, fewer days were preserved than expected.
• Screen Blanking [Previously included in v10.5 Hotfix#8, but not in v11.0 initial release]: The Host software now ensures that the Screen Blanking message is always on top of all other windows and popups on the screen. Previously, some system popups like Task View could appear to the console user. Note that with this fix, Screen Blanking is no longer supported for Session Host on Demand (but does work correctly in Pinned Host on Demand).
• Host Screen Capture [Previously included in v10.5 Hotfix#8, but not in v11.0 initial release]: Fixed specific instances where Host screen capture would not actually capture the screen. This was known to impact screen capture of RDP sessions, but could also rarely occur in other configurations.