Reflection for Secure IT Windows Server 7.1 Service Pack 2 (SP2) Release Notes

  • 7022020
  • 16-Jul-2009
  • 02-Mar-2018

Environment

Reflection for Secure IT Windows Server version 7.1

Situation

Reflection for Secure IT Windows Server 7.1 Service Pack 2 (SP2) is available for maintained customers (released October 2009). This technical note provides information about how to obtain your service pack and a list of features and fixes included in SP2, as well as those originally included in SP1 (released July 2009).

Resolution

Before you apply the service pack, note the following:

  • This document references a Reflection service pack. Service packs are available to licensed Attachmate customers with current maintenance plans for these products. For information about logins and accessing the Download Library, see KB 7021965.
  • Reflection for Secure IT Windows Server version 7.1 SP2 is a full product installation and does not require 7.1 to be installed.
  • For a list of features originally included in Reflection for Secure IT Windows Server 7.1, see KB 7022018.
  • For information about the Reflection PKI Services Manager 1.1 release, see KB 7021872.
  • Reflection for Secure IT version 8.0 is available beginning in November 2012. For a list of new features in 8.0, see KB 7022023.

This note is organized into the following sections:

Obtaining Service Packs or Updates

Maintained customers are eligible to download the latest product releases, service packs, and updates from the Attachmate Download Library web site: https://download.attachmate.com/Upgrades/. For more information about logging into and using the Download Library, see KB 7021965.

Installing the Service Pack

Reflection for Secure IT Windows Server version 7.1 SP2 is a full product installation and does not require 7.1 to be installed.

If you are upgrading an existing copy of Reflection for Secure IT version 7.1 or 7.1 SP1, note the following:

  • If the server is running when you apply the upgrade, the installer stops the service and any existing client connections will be disconnected.
  • We recommend that you back up your server configuration file before upgrading. This may be useful if you want to revert to an earlier version at some point in the future.
  • After applying the service pack, you need to restart Windows to complete the installation.

New Features and Fixes in Reflection for Secure IT 7.1 SP2

The following new features and resolved issues are included in Reflection for Secure IT Windows Server version 7.1 Service Pack 2.

New Features in 7.1 SP2

  • The debug log file now contains the server’s time zone setting and timestamp at the beginning of the file.
  • Failed authentication attempts are written to the Windows Event Viewer's application log once maximum password attempts or maximum keyboard-interactive attempts have been reached.

Additional Features in 7.1 SP2

  • The client cipher list is logged to the server debug log.
  • Provide support for the user@host syntax in the User Access Control.

Resolved Issues in 7.1 SP2

  • This service packs addresses vulnerabilities described in Microsoft Security Bulletin MS09-035 and Microsoft Security Advisory 973882: Vulnerabilities in Microsoft Active Template Library (ATL) Could Allow Remote Code Execution.
  • Windows IDs were always sent in uppercase causing public key authentication to fail. This issue has been resolved.
  • Transferring an identical file to the server from a UNIX client now updates the file timestamp.
  • Password authentication now works when using an interactive user who is a member in a three level deep nested group.
  • File transfers now work if the virtual sftp directory contains dashes.
  • File transfers now work if the file is located in a directory ending with the Japanese character “hyo”.
  • Secure Shell connections now allow Japanese characters to be entered.

Supported Platforms in 7.1 SP2

For information about platform support in Reflection for Secure IT, see KB 7022010.

New Features and Fixes in Reflection for Secure IT 7.1 SP1

The following new features and resolved issues are included in the Reflection for Secure IT Windows Server version 7.1 Service Pack 1.

New Features in 7.1 SP1

  • Configure Reflection for Secure IT to run in a Microsoft cluster environment.

The Microsoft cluster service helps ensure that client users have continuous access to your server, even if one computer within the cluster becomes unavailable. For configuration information, refer to the User Guide available at https://support.microfocus.com/manuals/rsit_win_server.html.

Note: Active client sessions are disconnected when a failover occurs. Clients need to initiate a new session.

  • Apply custom SFTP directory settings to scp transfers from OpenSSH hosts.

From the Permissions pane, enable the new setting, "Use SFTP accessible directory settings for SCP1."

  • Prevent non-interactive users from being able to connect to the server.

Non-interactive users are those who do not have the right to "Allow log on locally" (or "Log on locally") as configured in the local computer Security Policy. From the Permissions pane, clear the new setting, "Allow non-interactive users to log on."

Resolved Issues in 7.1 SP1

  • Public key authentication correctly supports double nesting of Active Directory global groups.

Note: Modifications to group membership made using Active Directory may take up to 20 minutes or more to be apparent to Reflection for Secure IT, depending on your Active Directory configuration.

  • Server console starts up correctly when running non-English versions of Windows.
  • When creating a group sub-configuration, you can now clear the “Allow SCP1” setting and save the change.

Supported Platforms in 7.1 SP1

For information about platform support in Reflection for Secure IT, see KB 7022010.

Reflection PKI Services Manager 1.0 SP1

Attachmate Reflection PKI Services Manager 1.0 provides X.509 certificate validation services for Reflection for Secure IT 7.1. The PKI Services Manager service pack is available as a separate, optional download.

Note: For information about the Reflection PKI Services Manager 1.1 release, see KB 7021872

Installing the Reflection PKI Services Manager Service Pack

Reflection PKI Services Manager version 1.0 SP1 is a full product installation and does not require 1.0 to be installed.

Note the following:

  • If the service is running when you apply the upgrade, the installer stops the service.
  • The service does not start automatically after the installation is complete. To start, either restart Windows, or run the following command from a DOS command window:
winpki start
  • If you are upgrading an existing copy of PKI Services Manager, the upgrade does not change the existing contents of your PKI Services Manager configuration directory (typically C:\Documents and Settings\All Users\Application Data\Attachmate\ReflectionPKI\config or C:\ProgramData\Attachmate\ReflectionPKI\config).

Resolved Issue in PKI Services Manager 1.0 SP1

  • Unrecognized OIDs no longer cause an ASN error.

Additional Information

Legacy KB ID

This document was originally published as Attachmate Technical Note 2446.