Skip navigation
1 2 3 Previous Next


69 posts

Hello Track-It! Community!


The BMC Engage user conference Sept 6-9 in Las Vegas is fast approaching and we have been hard at work putting together some great sessions for you.engage.png


Have you registered for the conference yet? Register Now

Check out this Bubble Agenda to see all the sessions available by day!

BMC Engage 2016 Bubble Agenda -


There is still time to take advantage of the early bird rate which expires August 11.


Need to justify the trip? Here is a sample letter to help you justify it to your management - Justification Letter


Here are the Track-It! activities that have been planned so far:




Evening with the Engineers:

A chance to geek out with the people behind the products you use. This is a casual, unstructured event where Track-It! product representatives and other users can chat about products and technology, without the stuffy slide decks and formal presentations. Dress is casual and snacks and drinks will be served.


1:1 Meetings with the Track-It! team


Fun Events!

There are also plenty of chances to have some fun, including a Charity Run, Pub Crawl on the Showcase floor and the BMC Jam Party!


This is a great opportunity to learn more about Track-It! and learn best practices and network with the Track-It! product team and other Track-It! users.


Hope to see you there!!


Track-It! 11.4 Hotfix 3 ( addresses two high severity Security Vulnerabilities.

Track-It! 11.4 Security Vulnerability: unauthorized access thru Track-It! Service components

Exploit published in CVE-2014-4872 was addressed in 11.4 Hotfix 02 ( The new exploit that is specific for 11.4 Hotfix 02 was recently reported. This new exploit can traverse to parent paths of Track-It! server, upload a file and execute code under the IIS user.

The exploit leverages ConfigurationService and FileStorageService services, which allows uploading a file anywhere in the Track-It! server’s file system by means of parent path traversal and execute arbitrary code via a .NET Remoting request to (1) FileStorageService or (2) ConfigurationService


More details on this vulnerability can be found in Track-It! knowledge base here:

We have reviewed and prioritized the issue as High (1). We highly recommend that you apply the 11.4 Hotfix 3 cumulative patch.


These vulnerabilities are addressed in Track-It! 11.4 Hotfix 3 (

This Track-It! product updates are available in “Product Downloads” section on

Download Instructions:

Please refer to instructions on Electronic Product Download - to know more about how to get your product, patches and documentation downloads.

Should you still wish to contact support regarding this issue, please reference TL1069845 & TL1069846

This security Vulnerability was found & reported by “Pedro Riberio working with Beyond Security's SecuriTeam Secure Disclosure program”


This reminds me of one of my favorite Christmas movies of all time, Elf.


In one of the early scenes of the movie, Santa returns from his journey delivering presents for Christmas and announces to the elves that their hard work has paid off and made Christmas a great success. This of course is followed by cheers from all the elves. He then goes on to say its time to start getting for next Christmas which results in even more cheering.


Even though it seems Engage 2015 just ended, it's already time to start planning for Engage 2016. The Engage team has put out the call for topics/papers in the blog post below and we need your help.


If you have ideas for topics you would like to share or you would like to see shared at Engage 2016, please submit them for consideration. If you are chosen as a presenter at Engage 2016, you will receive free conference admission!


start now.jpg


BMC training schedule is posted for January and February.  We want you to be successful in BMC solutions.  We run classes year round and worldwide across the BMC product lines.  Below are the classes listed by class/product name.

Review the below and register today.  Please check BMC Academy for latest availability, BMC reserves the right to cancel/change the schedule.  View our cancellation policy and FAQs.   As always, check back in BMC Academy for the most up to date schedule.

To see all our courses by product/solution, view our training paths.

Also, BMC offers accreditations and certifications across all product lines, learn more.


For questions, contact us

Americas -


Asia Pacific -


BMC Track-It! 11.1: Administering13 January / Americas / McLean, VA
BMC Track-It! 11.1: Boot Camp

20 January / Americas / Online

17 February / Americas / Houston, TX

BMC Track-It! 11.1: Using11 January / Americas / McLean, VA

It has been a few weeks since Engage and we are already starting to think about next year. I just wanted to take a moment to thank those that attended this years event. The feedback from everyone has been extremely positive and the overall feeling is that everyone learned a lot during the event. If you received a Survey from us, please fill it out as we are always looking to improve these events and your feedback helps.


Not only did everyone learn a lot, we all had a great time getting to know each other and getting some exercise as well. For everyone who attended, I hope you had a great time and can make it again next year.


For those who didnt make it, pre-registration for Engage 2016 has already begun so there is plenty of time to get approval from your boss to attend next year!


I am enclosing a few photos from this years event and I look forward seeing you all back at the Aria next year at Engage 2016.


2015-09-08 19.52.40 HDR-2.jpg20150909_061724.jpg20150909_063732.jpg2015-09-10 09.07.21.jpg

2015-09-10 20.52.31.jpg

Lance Paulauskas, Michael Johnson, Serena Lambiase, Nasrin Azari, Douglas Hynes, Matt Laurenceau, Mrinalini Wankhede


Things are changing with Track-It! and we have some good news to share with you today.


As you may already know, we are hard at work on a new version of Track-It! that is based on a completely new platform, is 100% browser based and will provide you the most significant increase in functionality that we’ve released in well over 5 years.


This is an extremely exciting development project for us and we would like you to be a part of it.


We are pleased to announce the start of our new Track-It! Developers Circle program.  This program replaces all of our legacy beta programs and will provide members with an unprecedented ability to influence the development of Track-It! going forward. We’ve designed the Track-It! Developers Circle to be very different than traditional beta programs.  Most beta programs provide customers with access to a product after its development is nearly complete and when the opportunity for significant customer input is limited.  The Track-It! Developers Circle, on the other hand, will give you access to the product, the developers, and the product managers throughout the process of designing, developing, and releasing the product.


If you are accepted into the program, the Track-It! development team will provide you access to new functionality as it is developed. This includes the new user interface, form customization tools, business rules, full browser based client, enhanced email integration and other components as they complete their initial development.  You will then have the opportunity to review and provide us with your thoughts on this new functionality and to help us make this upcoming version of Track-It! better than ever.


There is no cost to be part of this program and it is available to all Track-It! customers, regardless of size or how long you have been using the product. All we ask is that you try out new functionality as it becomes available and share your feedback with us.


If you are interested in joining this program, complete these 2 steps:


  1. Visit this link to sign the online non disclosure agreement
  2. Request access to the Developers Circle community here Track-It! Developers Circle


After doing this, most applications will be reviewed and accepted within 1-2 business days.

If you have any questions about the program, please email


This new program will provide you with unprecedented ability to influence the future of Track-It! and help us deliver an amazing product.


We hope you will join us.


Thank you for your ongoing support of Track-It!




The information contained in this letter is the confidential information of BMC Software, Inc. and is being provided to you with the express understanding that without the prior written consent of BMC, you may not discuss or otherwise disclose this information to any third party or otherwise make use of this information for any purpose other than for which BMC intended.  All of the future product plans and releases described herein relate to BMC’s current product development considerations, which are at the sole discretion of BMC and are subject to change and/or cancellation at any time.  BMC cannot and does not provide any assurance as to whether these plans will result in any future releases of the nature described.  These future product plans should not be viewed as commitments on BMC’s part and thus should not be relied upon in customer purchase decisions.


We are excited to inform you that Track-It! will be represented at BMC Engage for the 2nd year in a row. The Track-It! sessions for the 2015 BMC Engage User Conference have now been posted to the Engage website. We look forward to meeting you and helping you get the most out of Track-It!  Early bird registration pricing is still in effect until August 7th so register soon!

For information about Engage, a list of all the Track-It! sessions available or to register today, visit


We hope to see you there!!


SQL Server CALs are Client Access Licenses and are required by Microsoft licensing in order for client computers to access a SQL Server. Seems simple enough. However, you don't need CALs in some scenarios. Sometimes they are covered by Software Assurance. What's that you ask? It is like a free upgrade maintenance program for Microsoft software that you can subscribe to. Sometimes CALs are covered by MSDN subscriptions. Sometimes, you don't need CALs at all. If you use Server, Processor or Core based licensing, you may already have what you need. If you are using Core+CAL licensing or Server+CAL licensing for your SQL server, you may or may not need CALs depending on how many you already have and how many you need. If you are using SQL Express edition, you don't need Core, Server or CAL licenses because Express Edition is free.


Confused yet?  Most people are at this point.


In very general terms, SQL Server is a database server, which users can access directly or indirectly through an application. In either case, whether accessed directly or indirectly, users require licenses.


In the case of Track-It!, you have Help Desk Technicians and End Users. Those 2 groups of people access the SQL Server indirectly through either the Track-It! Windows Client, Track-It! Web Client or Track-It! Mobile Client. If you have 5 help desk technicians and 100 end users that they support, you will either need 105 CALs or a version of SQL Server that has Processor or Core licensing to cover those users. You might be curious about the Track-It! Audit or the Track-It! Discovery or other products. Those products collect data that is copied up to the Track-It! Server as XML and the Track-It! Server imports that data into the SQL server so you do not need CALs for all the systems being scanned or audited.


The best answer to this question is to contact a Microsoft dealer in your area or speak with whomever you purchase your Microsoft licenses from already.


If you don't know who to contact, visit the site below and chat with a Microsoft licensing expert who can help you.

SQL Server 2014 | Microsoft


Here is a great blog on Microsoft Licensing that also helps explain this.

Licensing How To: When do I need a Client Access License (CAL)? - Microsoft Volume Licensing Blog - Site Home - TechNet…


There are some important changes coming for the Track-It! Support team that will allow them to take advantage of some of the infrastructure we have here at BMC. The full details of the changes are documented in the letter below from our director of Track-It! support.


April 2015 Changes to Track-It! Support Processes


I receive this question from users periodically and I hate to start off by saying "It depends", but it does.


This type of setup, while fairly common, is not something to be taken lightly nor something that our Track-It! technical support team has expertise in. Please bear in mind that the things discussed in this article are necessary considerations for any public facing website that must interface with an internal network. These cautions and suggestions are not specific to Track-It! Web and involve a number of systems and settings that are outside of the context of Track-It! Web. There are many factors involved with setting up this type of scenario and doing so in a way that is appropriate and secure for your environment. The setup will involve important decisions and configurations in your environment which our technical support team will not have knowledge of or be able to answer for you. While they may be able to guide you in best practices and examples of what most people do, they cannot make the decision for you or configure the system for you.


To begin, there are several different ways you can accomplish this task depending on your technical ability, the resources you have available at your company/location, how you want to present this information to the users (raw IP address vs. pretty domain name) and how secure your system needs to be.


Generally speaking, this type of setup should not be attempted by someone without experience with these types of configurations as you could potentially expose your network and internal systems to external intruders. This type of setup normally requires assistance from someone who is experienced with advanced network security, working with a DMZ, IIS web server setup, domain registration, domain hosting, DNS configuration, Proxies, SSL and firewall/switch configuration. The process can be fairly involved depending on the configuration used.


Normally, working with someone with IIS Admin experience and network security, Track-It! Web is installed on a separate IIS Web server placed in a DMZ. That server is given an external IP address so that users out on the internet can access it. It is best practice to also obtain an SSL cert and install it on the web server so that all connections to the Track-It! Web site are performed securely over HTTPS. If you want a nice domain name like then you would need to work with a website administrator to get that URL/Domain setup and pointed to the public IP address or to add a /helpdesk virtual directory entry that points to your Track-It! Web server. The Track-It! Web server also has to have access to the Track-It! server and to the Track-It! SQL server. This can be done by opening ports, using proxies and other methods that people much smarter than I have come up with and understand how to set up. However you do it, at the end of the day, the Track-It! Web server needs to have a public IP address, be segregated outside your internal network for security and still have access to the SQL and Track-It! servers.

Once you have this set up, your users should be able to connect to the IP address or URL that you have setup in order to get to Track-It! outside your company network. Other things to consider are the Technician/Mobile Web site and the Self Service site.  You will need to have two different public links pointing to each of these if you are exposing both applications outside your network.

I know this article has not explained specific setup steps in order to set up this type of configuration but that is on purpose. Something like this should not be set up by someone who does not fully understand network security, the structure of the network and the policies and regulations of your company and/or industry. In the end I hope this information has been helpful.


I am excited to announce that Track-It! 11.4 is now available! This release is another great step in improving the utility of Track-It! and the productivity of the people who use it. This release contains a few enhancements to existing features, some enhancements that were requested by Track-It! users in the Ideas area here on the Track-It! Community and some defect corrections. Here are some highlights of the release.


  • Self-Service ImprovementsTrack-It! Technician Client.png
    • Track-It! users can now save time by approving or rejecting change requests via email
    • Track-It! users can also request more information about a change request via email before approving/rejecting
    • The self-service portal can now be customized to hide features that administrators don’t want their end-users to use
    • The Password Reset Kiosk application has a new silent install feature allowing it to be easily distributed to end users computers


  • Administrative and Usability Improvements
    • Track-It! Survey add on was integrated into the Track-It! product to provide easier implementation/updates for customers who own this module
    • The user interface was updated with a newer flat look and feel to give the application a more modern look
    • Work order notes can now be shown chronologically in email notifications
    • Users can now quickly access work order tickets in Track-It! Web using direct URL links. These links are also included in email notifications
    • Support for TLS has been added for email communications
    • Help documentation was redesigned into a single source web help system which works on all screen types/sizes
    • The support integration feature allows Track-It! administrators to submit requests for technical support directly to the BMC Track-It! support team from within the product
    • Addressed all recently reported security vulnerabilities


Current Track-It! customers can download the 11.4 update from the support portal at



The purpose of this advisory is to inform you of recently discovered security vulnerabilities in Track-It! and how to address them.  


Please note that for an attacker to take advantage of any of these issues, the attacker must have direct access to the Track-It! application server. If the application server is not exposed to the internet, an attacker would first have to gain access inside your internal network in order to exploit them.  However, even if your Track-It! system is not exposed outside your firewall, we still recommend you take the necessary steps to secure the application as soon as possible.


Update to Track-It! 11.4

Due to the nature and complexity of some of the issues, a full version update is required to address all of them. The vulnerabilities in this bulletin are addressed in Track-It! version 11.4, which is now available on the Track-It! support site here.  Upgrading to 11.4 is the only way to address all of the discovered vulnerabilities.

Short term remediation

If for some reason you cannot immediately update to Track-It! 11.4, it is recommended to block all communications from untrusted networks (e.g. the Internet) at the firewall, specifically to TCP/UDP ports 9010 to 9020 and to the Track-It! Web webserver. Blocking the above mentioned ports/site to secure the server will also block the use of the Self Service feature and Track-It! Technician Web from external networks.  In other words, the Track-It! system will continue to function only within the Intranet network.


Due to the nature of issues 1, 2 and 6 below, we were able to produce individual hotfixes for Track-It! version 11.3. Since these hotfixes do not resolve all the identified issues, we strongly recommend upgrading your Track-It! system to the 11.4 version that includes fixes for all of the identified vulnerabilities.


Resolved Issues:

For more information on each of the items addressed, see the Knowledge Articles listed below.

  1. 1. Article ID TIA07453 - Arbitrary file download – Attackers can download files from the underlying server operating system remotely through the product.   
  2. 2. Article ID TIA07454 - Blind SQL injection – Insufficient input validation can allow attackers to inject SQL code and gain control of the underlying database engine.
  3. 3. Article ID TIA07455 - Hardcoded DB credentials - This issue is limited to demo install only.
  4. 4. Article ID TIA07456 - Credential disclosure - Domain administrator & SQL server user credentials.
  5. 5. Article ID TIA07457 - Code execution – Remote code upload and execution via file upload.
  6. 6. Article ID TIA07508Password Reset – Reset passwords of accounts with just the user ID.


If you have any questions regarding this security notification, please contact Track-It! Support by opening a case at: BMC Track-It! Support


Since part 1 and part 2 of this series of blogs, I had been building up, reading and preparing for a post where I discuss the steps of building a report from scratch. However, in conversation with quite a few customers who wish to create their own reports, we often advise that they use one of the standard reports from the Track-It! Reports module.


Here’s a basic but useful report that contains both a graph to highlight activity that may need to be reviewed and detail to drill down to individual issues, Overdue Work Orders by Technician.

rep pg1.jpg

rep pg2.jpg

We can edit the report in Crystal. In Teach yourself Track-It!... Reports. Part 2 Crystal Reports and other useful tools I described where to obtain a licensed copy of Crystal Reports from your support profile, if you are a supported Track-It! customer.

In Track-It!, in the Reports module, with a report I wish to edit select, I can click Export Report from the Tasks list in the top left of the screen in the Technician Client and save to the desktop.


When we open the report in Crystal, this is what we see…


… perhaps a little daunting. Let’s go through what we are presented with here in some detail.


On the left is the Design tab. This is where we do the initial formatting and place objects in the sections you want them to appear in. You can configure how particular data is sorted, grouped and how totals are presented.

This is handled quite cleanly as the data is represented in the Design view, rather than having the data appear itself. It also means that while you are dragging groups around or calculating totals, the data is not actively being retrieved so you are not drawing on resources on the database server or the wider network when doing this.


By default, a report is divided into five areas. In the report we are working with, there are some sub sections in some of the sections – you can see, for example, that the Report Header in Overdue Work Orders by Technician has a Report Header divided into Report Header a, b and c. But as a simple summary of these sections you can refer to this;


Report Header

Usually the title or any information printed at the top of the first page. Track-it! reports use this section to return if no records are found when run (Report Header b) and to place the bar chart (Report Header c)

Page Header

Information repeated at the top of each page is placed in the Page Header. This section type is not in use in our example.


The main body of the report

Report Footer

This appears once at the end of the report. Used, for example, for “grand totals”.

Page Footer

Usually page numbers. Any other information that needs to be repeated at the foot of each page.


There are some additional sections used for groupings, summaries and subtotals, as follows;


Group Header

Printed once at the beginning of the group, use it for a title or for charts made of data held in the group

Group Footer

                Appears once at the end of the group. Can be used for charts and cross tabs.


Crystal Reports contains various “Expert” dialogue boxes to assist with organising various aspects of the report in one place. So in order to see a preview of the structure of the sections, click Tools in the menu bar and select “Section Expert”…

section expert.jpg

Another “Expert” view to look at, which leads in to my next post, click Database from the menu bar and select “Database Expert”. This is where we can add tables to our amended report via their data source (an ODBC connection to the Track-It! database). We can also see, in the Links tab, a visualisation of the matching of records of one table with the corresponding records of another table.

database expert links view.jpg

… and this is a nice link back to the tool I discussed in the last post in this series, the Entity Relationship Diagram of the Track-It! database. This gives us a similar visual representation of the relationship between the tables so that we are able to produce reports, such as this one showing data from “Table A” organised by data held in a “Table B” that has a direct correlation with “Table A” (in this case the WorkOrderStatusId, the numeric value given to Statuses in a Work Order).


So now we’ve seen some aspects of editing an existing report in Crystal Reports, next time I’ll develop this further by going through editing an existing report as a basis for a new report.


A slightly belated Happy Easter to you! I hope you had as enjoyable break as I did!!


This month, I wanted to take the opportunity to hopefully bring to prominence some of the useful material that has been published in the Track-It! Product page that may take some scrolling to eventually find as more and more members of the Track-It! community post new discussions and ideas. So here’s a chance for you to bookmark some of these posts if you missed them first time round.


Customers with a maintenance contract will have access to our Knowledge Base at;


… although much has been posted here in the community with more of an emphasis on “how to” rather than publishing resolutions and work arounds to known issues. There is content I have used when investigating faults with customers, just to ensure I am being thorough, leaving no stone unturned and I have often sent links to some of these posts to customers who have logged a call with our Technical Support team. All the material I’d like to highlight today was published by members of the Support team or by Product Management.


If there is anything posted by a customer/end user that people use as a point of reference to help them with their everyday running of Track-It!, please do link to it in the comments section below this blog. Also, if anybody working with Track-It! has a particular approach or “aide-memoire” that they think would be useful to others, please do post a discussion. Even if it is something that has been covered in BMC Communities before, it still has value since we are all coming from our own unique perspectives.



I vaguely knew what this meant from my ceaseless addiction to American movies and TV. But I had to use Wikipedia to get a proper definition;


101 (term), The first course in a subject taught at a college or university in Australia, Canada, South Africa, or the United States. By extension, "Topic 101" is used generally to indicate the basics of any subject. Used this way, it is always pronounced "one-oh-one".

My colleague Keith Scarborough posted a series of "101s" on the Track-It! Inventory module. They are a really useful source of reference on the subject and while covering off the basics, they go some way to help develop a more advanced understanding of this module.

Track-It! Inventory 101

Track-It! Inventory 101 – Discovery

Track-It! Inventory 101 - Workstation Manager

Track-It! Inventory 101 - Initiating an Audit

Track-It! Inventory 101 - Audit and Merge

In a similar vein, last September I blogged about triggering audits externally from Track-It!, utilising Group Policies in Active Directory so that a user’s PC is audited each time they log in;

Next up, Keith and another colleague, Chris McLane have written some really useful notes and tips on the subject of incoming and outgoing email…

This is by Chris. I found it useful to refer to in a support call the other day, not for intended purpose but just as a reminder about how Track-It! appends replies to Work order notifications to the relevant Work Order when the Email Conversation feature is used;

E-mail replies cause new work orders to be created even though "RE:" rules are in place

This post serves as my reminder that;The "Use E-mail Monitor Address for e-mail" option should ONLY be enabled in environments where it is necessary to have multiple help desk e-mail addresses that are forwarded to the main E-mail Monitor inbox. Even then, the option should only be enabled if it is absolutely necessary to have notification e-mails appear to come from the address to which e-mails were originally sent."

Notification e-mails from Track-It! appear to be sent from a user rather than the address configured in the Administration Console

As for this setting – I didn’t know about this when I set out to draft this article. I usually advise customers that the Track-It! Event policies cover off most notification requirements and, on balance probably negate the need for an “auto-reply” to mails to the monitor. But now I have seen this setting in the config file, I can think of one or two recent conversations where this change to the config file will be of use;
How to disable the auto-response e-mail sent to the user after successfully appending additional information

Keith has made contributions about database and server management. This piece discusses the warnings generated by Track-It!;

Track-It! Database 101: Index Health Unsatisfactory warning

… this summarises some of the back-end configuration of the SQL database;Track-It! Database 101:

Transaction Logs and Recovery Model

… and here he devised a more user friendly way of moving a Track-It! installation to new hardware;

How to Move or Copy Track-It!; the newer, simpler method

Benny Morrison worked with the Track-It! Product for a number of years. I have enjoyed his whimsical blogs about Track-It! that he wrote before moving on to our Footprints Product team;

What is Track-It!?


Track-It! is our baby...

… as well as the more conceptual, high level articles he’s written about managing Help Desks in general and how Track-It! may fit into your plans

Getting organized with Track-It! - The top 3 myths about organizing your Help Desk


Cris Coffey is still very much involved in the Product Management of Track-It! and in driving this product page in BMC Communities. You can get a sense of his history with the product here;

15 years. How things have changed.

… and I wanted to emphasise this post Cris made to give you a sense of how important this community to the future evolution of Track-It! and how your Ideas are actively being selected to be integrated in future releases;

First Track-It! release after Ideas module


Finally, more from me. The latest version of Track-It! released is v11.2. If you are planning to upgrade to this version any time soon, you should consider the following;

The Pulse: Track-It! 11.2 Cool Stuff

The Pulse - Track-It! 11.2... Countdown to upgrade

The Pulse - Track-It! 11.x - Office 365 and SMTP and more general Notification troubleshooting tips

Filter Blog

By date:
By tag: