PROXY Prov10.5 Hotfix #1 is now available!

Hello Friends of Proxy Networks,

We have just released PROXY Pro v10.5 Hotfix #1!

The new software version is available from the Download page on our website and our upgrade guides are located on the Documentation page.

Several enhancements, reliability improvements, bug fixes and even some new functionality has made its way into this Hotfix.

Major changes in this release:

• Windows Server Core PROXY Pro v10.5 Hotfix #1 now supports installation on “Windows Server Core” (also known as “Windows Server (without Desktop Experience)”). Specifically, the PROXY Pro Server components, and the PROXY Pro Host, can be installed and operate correctly on Windows Server without Desktop Experience. Note that without the Desktop Experience, the server must be administered remotely or via command line at the console. Some PROXY Pro Server management and configuration utilities must be run on the console and are harder to launch without the Start menu. Server “Core” installations are only recommended for IT organizations that are familiar with and comfortable with that environment.

• OpenSSL: latest OpenSSL release (v1.1.1q) incorporated throughout the product.

• New Feature – Host on Demand Auto-Timeout: a new Server setting allows an administrator to set a maximum time a Host on Demand instance can remain reporting to the Gateway Server after a remote control session with it ends (or, if it’s never controlled, the time is from when it first reports in). A Host on Demand instance that “times out” is stopped, as if the “Stop Host Instance” administration function is used. This feature works for both Windows and Macintosh Host on Demand instances, transparent to the Host itself. (Note that installation default value is to disable this functionality; it can be set in General settings as a number of hours up to 672 = 28 days.)

• Host for Macintosh: significant stability and functional improvements in the Host for Macintosh. All customers using Host for Macintosh v10.5 are encouraged to upgrade to this new release.

o Support for the “TLS Certificate Security Model” relationship between the Host and Gateway Servers.

o Host for Macintosh has important fixes to Permission to Connect, including proper handling of login, logout, and user-switching desktop transitions.

o Host for Macintosh now supports multiple desktops, and Host windows automatically appear on, or move to, the active desktop.

o Host for Macintosh installer improvements. The StationName and HostNotifications settings can now be set via the hostsettings.json file if present at install time. Also, Host settings from a Windows Host can now be used ("phsetup mode:exportjson") to initialize Mac Host settings via the Installer.

• Master for Macintosh has some improvements. Improved performance when multiple Masters view the same Host; “Send clipboard as keystrokes” feature now consistently sends the plain text on the clipboard and not any formatting information, and auto-reconnect to Host is more reliable.

• PROXY Pro Master “caption bar” showing tab name and trial expiration information now defaults to not being shown on new/clean installations, and if dismissed (via “x” close box in bar) or hidden via View menu, that setting is reliably saved and the bar will correctly remain hidden.

• Server Products installer updated to distribute/install Microsoft SQL Server Express 2016 SP3 in “Quick Install” mode. Also, installer now has much better error reporting if there is a problem with installing SQL Server Express.

• Server Configuration Check (SCC) utility enhancements, including SSL certificate check for necessary SAN entry. More uniform reporting of SSL certificate information. Will not allow selecting a certificate where the Common Name matches the FQDN of the server, but that name is not mentioned in the Subject Alternative Name list.

• More proactive Host status updating when a remote control connection attempt succeeds or fails unexpectedly, that is contrary to the display status in the Web Console, the out-of-date status will be updated accordingly.

• AzureAD Integration: AzureAD requires the domain name and Client ID strings to be lower case. Identity Manager now automatically lowercases these strings as necessary.

• Web Console custom branding template had an incorrect PNG. The correct PNG now appears in the CustomTemplate directory.

• Host Settings Updater utility improves its behavior if not all Hosts to be updated are online consistently. The utility has always retried to reach Hosts that are offline, but the retry logic has been updated to avoid excessive retries. These excessive retries put unnecessary load on the system, and could generate a large amount of audit data, potentially filling the database.

• SSL Certificate handling improvements: the PROXY software, including the installers, Server Configuration Check utility, and certificate utilities, have been updated to show more consistent information about certificates, and to evaluate certificate validity consistent with recent standards/conventions. Specifically, Google Chrome requires that the DNS name used to access a server be listed in the server’s Subject Alternative Names list, and the certificate “Common Name” is ignored. PROXY now conforms to this rule, and will prevent a certificate from being selected that does not meet this requirement.

• Improved PROXY System Information Report (prxsinfo.exe). Improved information around PIM settings, Azure AD integration, and SSL certificates not in the machine’s “Personal” certificate store but selected for use in IIS and/or Gateway.

• Static and Dynamic Application Testing: informational alerts identified by SAST and DAST scanners have been addressed, providing much cleaner scan results. This includes updating libraries that were older but had no known security vulnerabilities, and other changes to mitigate false positives.

• PROXY Pro Server reliability and functional improvements include:

o Rare issue where Gateway Server, or Server system in general, could display a blank AccountID. This was a symptom of a failed login where the Identity Manager didn’t cache information for later use properly.

o Web Console has some UI improvements, notably in the Edit Host Settings functionality. The addition and editing of Gateway Configurations on a remote Host is more reliable and presents a better user experience.

We’ll be back again with more before you know it - thanks for keeping up with us!

Ryan Gallager

Proxy Networks Support Team