Release date: October 2021
Latest service release: February 2022, 2021.4.2
These release notes were last updated on February 15, 2022.
Download a translated PDF: ARM 2021.4 Release Notes (Versionshinweise, deutsch)
These release notes describe the new features, improvements, and fixed issues in Access Rights Manager 2021.4. They also provide information about upgrades and describe known issues.
If you are looking for previous release notes for Access Rights Manager, see Previous Version documentation.
New features and improvements in ARM
Extended Configuration Wizard
With the enhancements in the Configuration Wizard, you are now able to add resources to ARM, manage monitoring or change configurations using the Configuration Wizard. New features, such as filtering for failed scans, make it easier to manage the included resources.
New resource view in the web client - analyze permissions as a Data Owner
DataOwners can now view the permissions for the resources they are responsible for in the WebClient. Access to the Windows application is no longer required for this function. Learn more
Improvements for data owners
For recertification, DataOwners are shown the changes since the last recertification. This makes the repeated process much more efficient and makes it possible to identify changes that are still pending since the last recertification and to remind them if necessary.
Changed behavior for ARM users who have a Change role assigned and have no resources assigned in the Data Owner configuration. Previous behavior: The user could see and modify all resources in ARM. New behavior: The ARM user can only see information about their own account. Resources must now be explicitly assigned in the data owner configuration, as well as the right to modify.
Improved scanning performance for distributed file systems (DFS)
For distributed file system scanning, the ability to scan DFS namespaces and also their sites separately via assigned collectors has been added. By splitting, by the possibility to run the scans locally and by the omitted resolution requests to the DFS, the scanning performance is significantly improved.
Configuration for the new DFS scanner is only possible via the new Configuration Wizard.
- The navigation in the web client has been renewed to match the look and feel of other SolarWinds products.
New customer installation
ARM and Orion Platform products must be installed on separate servers. Note that ARM is not an Orion Platform product.
How to upgrade
The ARM server is renamed from pnServer.exe to armServer.exe. Please note this if you have set up appropriate firewall rules.
|789512, 622105, 705962, 779895||
Fixed a problem with setting the maximum requestable file server directory depth in GrantMA.
|650599||Fixed an issue with OneDrive/SharePoint Online scanning.|
|750882||Fixed an issue with scanning teams.|
|753835||An issue with the account view when the number of configured file server scans is very high was fixed.|
|745370, 777125||An issue with changing permissions on SharePoint Online was fixed.|
|784559, 785530, 814936||An issue where the installation process hung was fixed.|
|745330, 767629||A connection issue with RabbitMQ was fixed.|
|785567||Fixed an issue where under certain circumstances AD logga events were not recorded in the logbook.|
|761012||Fixed an issue where the Users and Groups report could no longer be generated from the Dashboard.|
|774319||The StrongAuthicationPhoneAppDetail attribute is now considered by the Azure AD logga. As a result, it is now possible to filter events based on this attribute.|
|654319||An issue where scans took significantly longer after an update than before has been fixed.|
|813958||The size of Exchange mailboxes is displayed again.|
|749300||The possibility to configure the option ReferralChasingOption has been added. This can greatly reduce a possibly long login time in special Active Directory configurations.|
|805438, 808827, 809901, 806262||Fixed an issue where the Exchange logga caused high RAM usage.|
|740140, 660047, 533587, 491560||An issue that prevented an existing collector configuration from being deleted has been resolved.|
|649520||An issue with the Exchange Logga was fixed.|
|711879||Fixed an issue where FS Logga was consuming too much disk space.|
|756729, 691513||Fixed an issue where the global search for Exchange Online did not work properly if the initial domain was different from the default domain.|
|746035, 794265||Fixed an issue where settings in the File Server Change configuration could not be saved persistently.|
|742907||The LDAP attributes lastLogon and lastLogonTimestamp are now usable in Analyze & Act Scenarios in the web client.|
|650729, 740571||In the DataOwner configuration, under certain conditions, organizational categories could no longer be created if all organizational categories had previously been deleted.|
|767811||Under certain conditions, group memberships for nested groups were not correctly displayed during recertification.|
|775570||A user with a DataOwner role with no assigned resources in the DataOwner configuration, can only see its own account in the ARM applications.|
|766888||It is now possible to identify the purpose group name if you know the Active Directory name of this group.|
|764844||Fixed an issue where FS-Logga did not work if the path consisted of only one character.|
|394904||Removing permissions in the web client has been optimized.|
|709107||Fixed an issue where under certain conditions the FS logga did not record a folder move action.|
|756757||Fixed a problem with the Users and Groups report, which contained information that was supposed to be hidden (blacklisted).|
|746306||When group memberships cannot be created in Azure AD due to group type restrictions, a corresponding error message is now displayed before execution, rather than after an attempted, unsuccessful execution as before.|
|785179||The security of communication with RabbitMQ has been increased.|
When computer objects are added to AD and the AD logga is active, these objects are displayed in the ARM applications. An additional AD scan is no longer required for this.
|826382||Fixed an issue with the configuration of Exchange resources where DAGs were not found.|
|841877||Fixed an issue with scanning PublicFolderClientPermissions and the ForwardingAddress in Exchange.|
|838345||Assigning group memberships when creating a new user account can now also be done via the WebAPI.|
|788600||An error in SharePoint scanning was fixed. Changes to SharePoint group memberships were accelerated.|
|823768||In the Account view, the default view for groups in the right panel has been changed to Parents.|
|654302||Fixed an issue with notification emails when starting a recertification.|
|808264||An issue with retrieving events when monitoring Active Directory has been fixed by making it possible to specify a value for a timeout in the configuration files.|
|790832||A problem with monitoring NetApp file servers has been fixed, so it is now possible to retrieve the events without HTTPS by adjusting the configuration files.|
|760362||Fixed a problem with very slow login in ARM due to reference chasing in LDAP query.|
|868393||Fixed a problem with the login.|
|737499||Fixed an issue with the account selection for actions in the rich client. Account selection can now be saved separately in each application area.|
The 2017 SQL Express version previously included in Express Setup has been replaced by the 2019 version. Thus, installation of ARM with the Express installation is possible only on Windows Server 2016 or later.
|-||Fixed an issue with the web client where the activation date could not be set.|
|757758||An issue with the login to the ARM applications was fixed.|
|917792||An issue with the WebAPI was fixed.|
|906726||Fixed a performance issue that occurred when changing configurations.|
|916184||Fixed an issue with the ordering process in GrantMA where an approver could no longer modify a request.|
|930146, 911970||Fixed an issue with Single Sign On (SSO) in the web client.|
|842830||Entering multiple folders that are not allowed to be ordered in GrantMA is now possible again.|
|-||The setting for filtering an AD scan to specific OUs in the Configuration Wizard is now saved permanently.|
|913086, 921919, 922135, 927890||An issue with sending notification emails when changing the data owner configuration was fixed.|
|942498||Fixed an issue with FS Logga that flooded the log with error messages.|
|939193, 940392, 953348||A problem with the ARM service startup has been fixed. The problem occurred only when processing scan data from a distributed DFS scan.|
|931901||An issue where a complete SharePoint scan failed even though only the permissions for a part of the sites to be scanned were missing.|
|941185||Fixed an issue where a script could not be executed after a triggered alert.|
|Issue: When using user-defined templates, AccountSearchTextField does not work for manager assignment.|
|Resolution/Work-around: Use a standard input field or, if possible, a drop-down menu.|
|Updating FS Logga components on Windows file servers|
|Issue: In some cases, automatic or manual updating of FS-Logga components on Windows file servers may fail.|
|Resolution/Work-around: Start the setup on the Windows file server and select the Repair option. The repair function removes the installation and reinstalls the components.|
|Active Directory accounts not resolved|
|Issue: In some cases, new installations may experience Active Directory scanning issues when scanning through a collector or ARM server installed on a domain controller (DC). This can result in AD accounts not resolving correctly under these conditions. Existing installations are not affected.|
|Resolution/Work-around: Install the ARM server or collector service on a different server, not on DCs.|
Issue: You may encounter issues when upgrading from version 2019.4 to version 2021.4.
|Resolution/Work-around: Perform an interim update with version 2020.2.7. Please refer also to the chapter Perform an update installation.|
|SharePoint on-premise selection of elements to be scanned|
Issue: In the Configuration Wizard, the selection of items to be scanned from a SharePoint server does not work yet.
|Resolution/Work-around: Use the Configuration Application to configure SharePoint scans.|
|Configure multiple Microsoft 365 resources in Configuration Wizard in one go|
|Issue: Adding multiple Microsoft 365 resources in one go in Configuration Wizard will lead to a problem in completing the wizard.|
|Resolution/Work-around: Select only one Microsoft 365 resource per pass.|
|Configure file server monitoring in Configuration Wizard|
|Issue: After adding file server monitoring using the configuration wizard, monitoring should be enabled by default. This is sporadically not the case.|
|Resolution/Work-around: Use the old configuration application to enable file server monitoring, if necessary.|
SolarWinds would like to thank our Security Researchers below for reporting on the issue in a responsible manner and working with our security, product, and engineering teams to fix the vulnerability.
|Insecure Web Configuration for RabbitMQ Management Plugin.||The HTTP interface was enabled for RabbitMQ Management Plugin in ARM 2020.2.6 and earlier. The ability to configure HTTPS was not available.||Medium||Chris Townsend|
End of life
With the release of ARM version 2021.4, the following versions of ARM are no longer supported:
See the End of Life Policy for information about SolarWinds product lifecycle phases. For supported versions and EoL announcements for all SolarWinds products, see Currently supported software versions.
End of support
This version of Access Rights Manager no longer supports the following platforms and features.
|Platform / Feature||Details|
|Operating system||Windows 7|
|Microsoft application||SharePoint 2010|
This version of Access Rights Manager deprecates the following platforms and features.
Deprecated platforms and features are still supported in the current release. However, they will be unsupported in a future release. Plan on upgrading deprecated platforms, and avoid using deprecated features. Customizations applied to a deprecated feature might not be migrated if a new feature replaces the deprecated one.
The operating system is considered deprecated for the ARM applications as of this version. Although you can still install ARM applications on Windows 8.x, this operating system version is outdated and will not be supported in future versions of ARM. It is possible that problems caused by the deprecated operating system version may not be resolved by SolarWinds. SolarWinds strongly recommends that you upgrade your operating systems at your earliest convenience.
|Windows Server 2012 / 2012 R2||The operating system is considered deprecated for the ARM applications as of this version. Although you can still install ARM applications on Windows Server 2012 / 2012 R2, this operating system version is outdated and will not be supported in future versions of ARM. It is possible that problems caused by the deprecated operating system version may not be resolved by SolarWinds. SolarWinds strongly recommends that you upgrade your operating systems at your earliest convenience.|
|SQL Server 2012||
SQL Server 2012 is considered deprecated as of this version. Although you can still use ARM with SQL Server 2012, this SQL Server version is deprecated and will no longer be supported in future versions of ARM. It is possible that problems caused by the deprecated SQL Server version may not be resolved by SolarWinds. SolarWinds strongly recommends that you upgrade your systems at your earliest convenience.
|SQL Server 2014||SQL Server 2014 is considered deprecated as of this version. Although you can still use ARM with SQL Server 2014, this SQL Server version is deprecated and will no longer be supported in future versions of ARM. It is possible that problems caused by the deprecated SQL Server version may not be resolved by SolarWinds. SolarWinds strongly recommends that you upgrade your systems at your earliest convenience.|
© 2021 SolarWinds Worldwide, LLC. All rights reserved.
This document may not be reproduced by any means nor modified, decompiled, disassembled, published or distributed, in whole or in part, or translated to any electronic medium or other means without the prior written consent of SolarWinds. All right, title, and interest in and to the software, services, and documentation are and shall remain the exclusive property of SolarWinds, its affiliates, and/or its respective licensors.
SOLARWINDS DISCLAIMS ALL WARRANTIES, CONDITIONS, OR OTHER TERMS, EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, ON THE DOCUMENTATION, INCLUDING WITHOUT LIMITATION NONINFRINGEMENT, ACCURACY, COMPLETENESS, OR USEFULNESS OF ANY INFORMATION CONTAINED HEREIN. IN NO EVENT SHALL SOLARWINDS, ITS SUPPLIERS, NOR ITS LICENSORS BE LIABLE FOR ANY DAMAGES, WHETHER ARISING IN TORT, CONTRACT OR ANY OTHER LEGAL THEORY, EVEN IF SOLARWINDS HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
The SolarWinds, SolarWinds & Design, Orion, and THWACK trademarks are the exclusive property of SolarWinds Worldwide, LLC or its affiliates, are registered with the U.S. Patent and Trademark Office, and may be registered or pending registration in other countries. All other SolarWinds trademarks, service marks, and logos may be common law marks or are registered or pending registration. All other trademarks mentioned herein are used for identification purposes only and are trademarks of (and may be registered trademarks) of their respective companies.