ProjectWise Security Notification
Required Steps for ProjectWise Design Integration (PWDI) User Organizations
In accordance with the industry-wide effort to deprecate support for older Transport Layer Security (TLS) versions 1.0 and 1.1 in favor of TLS 1.2 by early 2020, we want to communicate the impact this change will have to the ProjectWise products and cloud services, as well as the necessary steps required for a seamless transition for your user community.
For user organizations using ProjectWise Design Integration (PWDI) 3.1 or earlier with Bentley IMS and/or Bentley cloud services, this change necessitates an upgrade to the latest versions of ProjectWise client/server software or a patch to existing installations.
Impact Date: May 31, 2020
Configuration: ProjectWise Design Integration Servers Utilizing IMS Authentication
Impact: Users are not able to login using IMS Authentication for ProjectWise Explorer
Resolution: Upgrade ProjectWise Design Integration server to 3.2 server, 10.00.03.280, or patch an existing pre-3.2 Design Integration server. Note that if your implementation is hosted in Bentley Systems MANAGEDServices, Bentley will be performing the patching as part of your managed service.
Impact Date: July 1, 2021
Configuration: ProjectWise Deliverables Management connector for ProjectWise Explorer
Impact: Users are not able to use ProjectWise Deliverables Management service
Resolution:
- ProjectWise Explorer Clients: Upgrade to 3.2 ProjectWise Explorer or patch pre-3.2 ProjectWise Explorer
- ProjectWise Deliverables Management connector for ProjectWise Explorer: Upgraded to Deliverables Management connector Update 6 (10.06.00.242)
The following application versions natively support TLS 1.2 and require no action:
- ProjectWise Design Integration Servers Update 3.2 (10.00.03.280)
- ProjectWise Explorer Update 3.2 (10.00.03.280)
- iCS for PDF Update 3.2 (10.00.03.280)
- ProjectWise Explorer Update 3.2 (10.00.03.280)
- Bentley Automation Services (10.00.03.277)
- Bentley Web Services Gateway with PWDI 3.2 Plugin (10.00.03.280)
- ProjectWise Deliverables Management connector for ProjectWise Explorer (10.06.00.242)
- ProjectWise Analytics Data Upload Service (01.00.01.78 and later)
Bentley Hosted ProjectWise – Managed Services
The MAS Team will address the configuration of the ProjectWise Servers.
Patching Existing ProjectWise Installation Instructions
Patching Existing ProjectWise Design Integration Server Installations, Version 10.00.02.96 and Later
If you cannot upgrade your ProjectWise Design Integration Server installation at this time, use the following steps to patch your existing installation so that it will use TLS 1.2.
- Enable TLS 1.2 in Windows (A computer restart will be required):
You must first enable TLS 1.2 in Windows before you can complete the next steps.
TLS 1.2 is disabled by default in Windows Server 2008 R2 and is enabled by default in later versions of Windows Server.
- Patch your ProjectWise Design Integration Servers:
- Download patched configuration files
- For ProjectWise Design Integration Server 10.00.03.140 and earlier:
- Copy the updated dmskrnl.exe.config file to the %Program Files%\Bentley\ProjectWise\Bin directory
- For ProjectWise Design Integration Server 10.00.03.262 and earlier:
- Copy the updated DmsManagedHost.exe.config file to the %ProgramFiles%\Bentley\ProjectWise\Bin directory
- For ProjectWise Design Integration Server version 10.00.03.140 and earlier that are using automated file processing features (including full text, thumbnail, and file properties):
- Copy the updated DmsAfpHost.exe.config file to the %ProgramFiles%\Bentley\ProjectWise\Bin\AfpHost director
- Restart the ProjectWise Orchestration Framework Service
- For ProjectWise Orchestration Framework Database Setup
- Direct connections (OLE) are not supported with TLS 1.2
- ODBC driver that support TLS 1.2 is needed. ODBC Native Client 11 is recommended
- Wait about 5 to 10 minutes for changes to take effect.
- Patch your ProjectWise Design Integration Servers:
**Note: PWDI Updates 1 and earlier, 10.00.01.xxx, do not support IMS Authentication and are not impacted by the change to IMS authentication.
Patch Existing ProjectWise Explorer Installations 10.00.03.167 or earlier
If you cannot upgrade your ProjectWise Explorer installation at this time, use the following steps to patch your existing installation so that it will use TLS 1.2. Note that these steps are only needed if you are using ProjectWise Explorer add-ons that communicate with Connect services (i.e. Deliverables Management connector) in a version 10.00.03.140 or earlier.
- A. Install an updated ProjectWise Explorer configuration file on all machines running ProjectWise Explorer 3.1 or earlier.
OR
- B. Copy a pwc.exe.config file from an existing PW Explorer 3.2 installation to all of the pre 3.2 machines,
C:\ProgramFiles(x86)\Bentley\ProjectWise\bin\pwc.exe.config
Compatibility Information
Patch for ProjectWise Explorer If Still Using Bentley Transmittal Services
Bentley Transmittal Services is not supported with ProjectWise DI Server 10.00.03.271. All users that are still using Bentley Transmittal Services should use the patch described above for the ProjectWise Server instead of upgrading their ProjectWise Design Integration Server.
ProjectWise V8i Servers and PW V8i Explorer
- ProjectWise Integration V8i does not support TLS 1.2.
- ProjectWise Web Server V8i does not support TLS1.2 or connections to a server that has been patched to use TLS 1.2