Community
- Command Central
- MVP Program
- Monthly Mission
- Blogs
- Groups
- Events
- Media Vault
Products
- Observability
- Network Management
- Application Management
- IT Security
- IT Service Management
- System Management
- Database Management
Content Exchange
- SolarWinds Platform
- Server & Application Monitor
- Database Performance Analyzer
- Server Configuration Monitor
- Network Performance Monitor
- Network Configuration Manager
- SQL Sentry
- Web Help Desk
Free Tools & Trials

Experiences with ver 15.4.2.126 - Are there any Early adopters feed back?

jeffpahf

Seeking any feedback challenges or successes with 15.4.2 ?

Find more posts tagged with

Accepted answers

All comments

chrisrow

So far at least one of our customer reported that users can't login reliable anymore since the update. (SFTP, Web UI)

Sometimes it shows a "Login was not successfull" Error, sometimes it just hangs with the hourglass spinning and seldom it works.

Dsis

15.4.2 with the same issue here.

ldelt

Even the local administrator cannot connect on a fresh install. it is very buggy.

chrisrow

ok, even "anonymous" logins were no longer possible.... (tried ftp, sftp, http)

when I set a new password for the user(s), it seems to work again

are we really back to the time when users with passwords that still use the old MD5 encryption are no longer allowed to log in?

maeh

Hot Fix 1 for 15.4.2 is out and should address these problems:

* Inconsistent HTTP session authentication when the password used contains special characters.
* Group administrators can create access to restricted file system directories.
* Sporadic failure to establish SSH connection under specific network conditions.
* New web client corrupts the user's password when the user's password is changed.

best regards,

Markus

chrisrow

thanks for the heads up, just installed it. (already had the previously mentioned "buddy drop" installed, that solved our login problems)

epcc

Hi, we applied the 15.4.2 HF1 which moved the version to 15.4.2.147 but the login issue still persisted, do you know if anyone else who has applied the 15.4.2 HF1 is still experiencing the login issues?

calc2014

All tests I've done seem to be ok with 15.4.2 HF1 (15.4.2.147).

Is it possible that a password was changed / corrupted before you installed HF1?

epcc

Hi calc2014,

I was getting the same type of behaviour that was being presented on 15.4.2.126 where it would say operation not permitted or just a spinning circle and hitting refresh would let you log in.

For the time being I've reverted back to 15.4.1 and that seems to be working without issue.

Wacked

Can someone post 15.4.2 HF1 please

epcc

@Wacked , I picked up 15.4.2 HF1 from the SolarWinds Customer Portal under Hot Fixes

jeffpahf

Well, based solely on the number of hot-fixes for 15.4.2x it's a nope waiting for next full release

maeh

There is only one Hotfix for 15.4.2 or am I missing something?

best regards,
Markus

Wacked

A recently patched high-severity vulnerability in SolarWinds' Serv-U file transfer software is being actively exploited by malicious actors. The flaw, identified as CVE-2024-28995 with a CVSS score of 8.6, is a directory traversal bug that allows attackers to read sensitive files on the host machine. Affecting all previous versions and including Serv-U 15.4.2 HF 1, the vulnerability has been resolved in the recently released Serv-U 15.4.2 HF 2 (15.4.2.157).

dfeeney18

Hi there, if I'm on 15.3.0 can I simply just update to the newest version 15.4.2.157? Od do I need to update to 15.4.2 first, then apply the Hot Fix 2?

Also as I'm new to this, are there any videos on how to do this for Windows?

Wacked

I would Update and then add the hotfix

dfeeney18

Thanks, and do you know if this update is needed if using ServU only for SFTP?

dodster

Now on 15.4.2.157

Like Some others here our Org was alerted to CVE-2024-28995

Upgraded from SERV-U 15.3.1 to 15.4.2.126

Applied Hotfix 1 - 15.4.2.147

Applied Hotfix 2 - 15.4.2.157

This meant I needed to Create Server Identity as per 15.3.2

Was then alerted to 2 Customers with the Java RFC Non Compliance SSH issue as per the following articale

SFTP connection not established for legacy Java clients (site.com)

I happen to Have a Multi MFT Domain Config, so Have applied the Java Complance fix "Allow Non Compliant SSH Protocol Exchange" against the Domains where needed.

Challenges but seems to be working thus far

dodster

Hello@"dfeeney18" You need to 1st upgrade to 15.4.2.126 1st, then Apply the relevant hot fixes in order, 15.4.2 HF1, then 15.4.2 HF2.

FYI as you are coming from 15.3.0, you will need to know about Serv-U Server Identity

Server Identity (solarwinds.com)

Long story short, the high-level process:

1) Backup the MFT Config from your install location: Users Folder, Serv-u.archive and Serv-UID files and serv-u.dll files

2) you may need to grant the windows acct you do the upgrade with Ownership and full control of Serv-u.dll file as it get overwritten.

3) Run the extracted Updrade 15.4.2 with Admin credentials

4) Extract the Hotfixes, depending on x86 or x64 bit browse to the relevant extracted files

5) Stop Serv-u and quit the Serv-U Task Tray

6) Copy the Extracted HF1 Files, paste the copied HF1 files into your install location, overwriting the existing files

7) Copy the extracted HF2 files, paste the copied HF2 files into your install location, overwriting the existing files

8) remeber to set the Server Identity, if you have HA pair of Serv-u, export the Server identity and import to the 2nd node

9) In order ensure that your MFT configs are exactly the same remember to backup Users Folder, Serv-u.archive and Serv-UID files again after the upgarde and import to your 2nd node.

Hope this helps you!

jeffpahf

good job... I still bristle at the "non-compliance" RFC 4. literally says see next section for backward compatibility, I mean you barely have to scroll to see the RFC say perfectly Okay to maintain backward compatibility (expecting a crLF (13,10), not a LF (10))