Secret Server Release Notes 10.5.000000

Release Date: 7/10/2018



  • Added a new SAML configuration page so SSO providers can be configured without modifying the saml.config file.

UI Updates

  • Subfolders can now be created within a user's Personal Folder.
  • The login screen domain dropdown menu can now be disabled for customers that wish to hide the list of domains.
  • Added auditing for the following configuration changes: Character Sets, Password Requirements, Event Subscriptions, Role names, Backups, Custom Password Changers, Licenses, and Database Connections.
  • Added export functionality for Heartbeat logs, Remote Password Changing logs, Discovery logs, and Computer Scan logs.
  • Failed password changes now display an error within the Secret View UI and a link to a Remote Password Changing Errors KB article.
  • If using multiple devices per user in Duo Security for two factor logins, Secret Server will now show the Device Name set in the Duo admin portal next to each device.


  • Added Discovery settings to scan for open ports on target machines, connect to specific ports, and set a default timeout for port scanning.
  • Added a Discovery scanner setting for excluding services, tasks, or application pools by name.
  • Added new Diagnostic logs to address duplicate Discovery Scan items.

Password Changing

  • Auto Change Schedules can now be configured so that they will trigger a password change even if the Secret is not expired.
  • Added the ability to rotate SSH Keys with no passphrase required.


  • Added Session Revocations to the User Audit report.

  • Added IP addresses to the login failure report.

  • Added new chart options for custom SQL reports.

  • Added the ability to configure AS400 Password Changers.

  • Enhanced Secret Server's ability to process larger message sizes. Secret Server'

  • Distributed Engines now send operation results back to Secret Server through the Site Connector instead of sending them via website.

  • Ticket System Integration can now be configured to work over Distributed Engine.

  • Improved System Log Searching in active environments.

  • Added new Syslog event messages for SIEM integration and enhanced log messaging.

Security Enhancements

  • Added a configuration setting to change the default role that a new user receives.
  • Added the ability to audit certificate verification errors for Active Directory calls over LDAPS and syslog connections using Secure TCP.
  • Added the ability to send a client certificate with Active Directory calls over LDAPS or syslog connection using Secure TCP.

Bug Fixes

  • Fixed issue where Secret Policy changes would not apply to all Secrets.
  • Fixed issue where Service Account Discovery could timeout and flag Secret Dependencies for removal.
  • Fixed issue where Two Factor could prevent a "Login Failed" audit on the user; added new logging details in the Audit User Log if errors do occur from Two Factor authentication.
  • Fixed issue where excluding OUs from Discovery scans prevented computers from being deleted when they were removed from AD.
  • Fixed condition in certain environments where the auto-change Secrets were not changing properly.
  • Improved performance of the Discovery Stored Procedure for specific OUs scanning to avoid timeout in large environments.
  • Fixed a logging exception in Monitor Logging.
  • Resolved a permission error in certain environments that occurred during Local Account Discovery Scans.
  • Fixed issue where integrated Windows login requests were building up in the tbOauthExpiration table.
  • Fixed issue where columns could not be sorted in Discovery Network View.
  • Fixed issue where queued RabbitMQ messages were lost if RabbitMQ was restarted.
  • Fixed bug where an email config port change was logging the new port as the old port.
  • Fixed an issue with SQL Replication where indexes on indexed views were not replicated.
  • Fixed issue where a DependencyResolutionException could occur on the Login page and prevent use of site until an IIS reset was performed.
  • Fixed issue with SSH password rotation/Heartbeat connections that were reporting "Unexpectedly inactive."
  • Fixed issue where the Secret Server Clipboard Utility could not be installed with Chrome 67.
  • Fixed issue where the dashboard Add Content dropdown displayed below the Secrets table.
  • Fixed null reference bug that occurred when autocomplete textboxes were used in lieu of a dropdown for the Group/User selector.
  • Fixed bug in Password Changing where a large number of Secrets targeting the same resource for certain password changers could prevent processing.
  • Fixed issue where root folders could be created through the CSV import process while that user did not have the Create Root Folders role permission.
  • Fixed an issue that could cause occasional black flickering to appear in Session Recording videos.
  • Fixed issue where users could be logged out of Secret Server due to inactivity while actively browsing certain pages.
  • Fixed issue where new Secrets displayed the option to save to a user's Personal Folder even if Personal Folders were disabled.
  • Fixed issue where Discovery local account scans were parsing unnecessary data and taking more time than necessary in large Active Directory domains
  • Fixed issue where changes to Users would not save when extremely large numbers of AD groups were being synchronized.
  • Fixed issue with custom Powershell Ticket System integrations where entering a ticket number to view a Secret would produce an error.
  • Fixed issue where creating a new Event Subscription would fail when specifying a user or group.
  • Fixed issue where the REST API would not correctly implement the "Require Two Factor for Web Services" configuration option.
  • Fixed issue where Heartbeat could be stuck in Pending status.
  • Fixed issue where creating new Folders would fail when there were no other Folders.
  • Fixed condition in certain environments where the auto-change Secrets were not changing properly.
  • Fixed issue where Dashboard searching was slow in environments with large numbers of Secrets.
  • Use of SAML while Virtual Assist Keyboard is disabled no longer causes Virtual Assist Keyboard to appear.

Security Fixes

  • Fixed issue with Unlimited Admin permissions and managing Groups.
  • Deprecated TLS 1.0 in Security Hardening Check.
  • Fixed issue with script names.
  • Fixed issue with Upgrade Status log.