2025.4 Release Notes

Build Number: 25.4.0.9 Last updated: 30/10/2025

What's New in 2025.4

We’re introducing exciting new features, enhancements, and critical fixes to improve usability, security, and performance. Here’s a preview of what’s expected in the 2025.4 release.

Agent Compatibility Update

N-central agents running a version earlier than 2020.1 will no longer be able to communicate with the N-central server after this release.

To ensure uninterrupted monitoring and management, please upgrade all agents to version 2020.1 or later before applying this update.

Legacy API Availability Changes

As part of our ongoing commitment to strengthening the security posture of N-central, we are deprecating certain legacy API functionalities and removing access to APIs originally intended for internal use only.

  • The public SOAP EI API will no longer be accessible.

  • The public SOAP EI2 API will remain available

  • The public REST API will remain available

    • The below features will cease to function post-upgrade until they are migrated to newer APIs in future releases. Features impacted :

    • N-central Mobile APP

    • N-central Mobile Device Management (MDM)

    • External Data Feed (A new API is available under EI2 that is not affected)

To support transitional needs, we’ve introduced a new setting under:

Administration > Mail and Network Settings > Network Security > LEGACY APIS

This setting allows administrators to temporarily re-enable deprecated APIs.

 

Please note that re-enabling these APIs will expose the N-central server to potential malicious exploits.

 

EDF API Changes

As part of the removal of the EDF API users will need to start using the EI2 API in order to continue to access EDF functionality. Instructions can be located through our javadocs in the EI2 API documentation under the “edfsubmit” section.

<serveraddress>/dms/javadoc_ei2/com/nable/nobj/ei2/ServerEI2_PortType.html

Identity & Access Management (IAM)-Multi-Factor Authentication (MFA) Enforcement for SSO Accounts

Multi-Factor Authentication (MFA) is now mandatory for all SSO accounts using N-able Login (formerly MSP SSO), beginning November 2025.

All SSO clients using N-able Login (formerly MSP SSO) starting

  • MFA is now mandatory for both new and existing users in the staging environment. Users without MFA configured will be prompted to set it up during their next login. This enforcement is part of our broader roadmap for global MFA adoption and is aligned with ISO-certified security standards.

  • Impact:

    • All users must complete MFA setup to continue accessing N-central via N-able Login including Product Admin.

    • MFA setup is integrated into the standard onboarding and authentication flows.

    • Administrators retain the ability to reset MFA for users; recovery codes may be required in some cases.

Native HaloPSA and Autotask REST API Support

The following two integration features are now available to all partners from this release:

  • HaloPSA Native Integration

  • Autotask REST API Support

These features were previously available only through a controlled rollout starting from 2025.2.1, but are now open for full partner adoption to support improved service workflows and API flexibility.

Dedicated native integration with HaloPSA (Professional Services Automation) inside N-central

Why we developed this?

While the existing HaloPSA integration was functionally complete, it introduced friction because it was managed across two separate platforms. Partners and Sales Engineers consistently highlighted the need for a simpler, faster, and more cohesive experience.

Also, having a native integration positions N-central as a centralized hub for ITSM/PSA integrations, aligning with the vision of a unified, modernized platform.

Features include:

  • Unified User Experience

    • All configuration and operations are managed directly within N-central.

    • No need to switch between HaloPSA and N-central or use third-party connectors

  • Device & Customer Mapping: Easily map devices and customers between N-central and HaloPSA for accurate service tracking and streamlined workflows.

  • Automated Ticketing:

    • Automatically create and update tickets in HaloPSA based on N-central alerts.

    • Two-way sync ensures ticket statuses remain aligned across both platforms.

  • Credential Management:

    • Securely store and manage HaloPSA API credentials in N-central.

    • Includes a "Test Connection" feature to validate your integration setup.

  • Optimized via HaloPSA APIs: All integration operations - ticketing, asset sync - leverage HaloPSA API endpoints.

  • Improved Time Entry User Matching: The integration now supports listing API-only users from HaloPSA.

With HaloPSA’s robust native billing capabilities - including support for billing based on the number of devices managed - the need to manage billing profiles directly in N-central has been eliminated.

While partners had shown strong interest in this features, critical issues were uncovered during testing with early adopters and as a result the GA was postponed until we fix critical issues in both NFR and Production environments.

The following are the changes we implemented:

Device Export & Asset Sync

Bulk Device Sync

  • Issue: Currently, only 15–25 devices can sync in a single job before failures or timeouts occur.

  • How we fixed it: Under engineering review.

Asset Uniqueness

  • Issue: The Halo setting “Asset tag must be unique” caused problems - if enabled, exports were blocked; if disabled, exports went through but created duplicates.

  • How we fixed it: Devices with the same name are now handled cleanly by appending all device names with N-central Device IDs.

Customer Mapping Validation

  • Issue: Devices that weren’t linked to a customer in N-central were still being synced, which confused PSA systems and created orphaned records.

  • How we fixed it: The Customer Name / Site Name is now mandatory during Customer Mapping. A warning message is displayed on the Customer Mapping page if no valid customer name is selected.
    If an export is triggered without a complete mapping, the export fails gracefully with a clear error explaining why.

Smarter Error Messaging for Failed Device Exports

Issue: When device exports to Halo failed, the error messages were too vague or generic, making it hard to understand the root cause.

How we fixed it: Improved the export error messages so failures are clearly explained, helping admins quickly diagnose and resolve issues. The "Last Failure Timestamp" column shows the time of the error attempt, and the "Last Error Message" column contains a clear, user-friendly message explaining the failure.

  • 400 Validation Errors – Clear guidance when fields are missing (e.g., “Device serial number missing”).

Error message after update:

  • 401 Unauthorized Errors – Friendly messages when API credentials are invalid, with instructions to check the HaloPSA client secret.

  • 429 Rate Limit Errors – User-friendly messages explain when too many exports were triggered and advise when to retry.

Ticketing Improvements

Issue: Tickets were mapped to wrong types and noted that required fields often blocked syncs.

Alert-Partners please ensure this setting is on your Halo side

All ticket type fields are configured as Visible – Not Required.

(Configuration → Tickets → Ticket Types → Edit → Field list → set to Visible – Not Required)

Approval process is disabled.

(Configuration → Tickets → Approval Processes → uncheck “Allow choice of CAB members when an approval step begins”).

Ensured that now the correct Ticket Types Are Assigned During Ticket Creation From N-central to HaloPSA.

Show & Download Error Messaging for Failed Device Exports

Issue: Previously, when a device export failed, the error message shown in the modal box was often too long, truncated, or unreadable.

How we fixed it: Partners can quickly capture and share error details without digging into logs.

  • Once users select the filter by Failed exports, only failed device export rows appear.

  • Long error messages in the Export Results table are now truncated with an ellipsis (…) for a cleaner view. Hovering over a truncated error shows the full message in a tooltip, so details are never lost.

  • Added two quick-action icons next to each error message: Copy to Clipboard – instantly copies the full error text for troubleshooting or sharing & Download as Text File – saves the full error (with device details and timestamp) as a .txt file for easy reference or support tickets.

Known Limitation:

  • At this time, errors can only be copied or downloaded one at a time. Bulk copy/download is not yet supported.

For detailed information on capabilities for Autotask REST API Support, see: N-central 2025.2.1 Release Notes

N-central SSO Enhancements – Stronger Security, More Control

This release strengthens SSO session security, administrator control by

  • Providing more flexibility to configure how N-central enforces token expiry to balance strict session security against compatibility with different identity provider (IdP) implementations.

  • Adding emergency controls with one-click session revocation when high security concerns arise.

Token Validity Check (new setting) for Microsoft Azure AD and Generic Identity Providers:

  • The "Enable token" validity check option is checked by default for new providers.

  • When enabled, N-central validates the token’s expiry claim on every request, ensuring immediate access termination once a token expires.


    • This setting applies only to active SSO sessions.

  • Existing IDP configurations upgrading to this version → validation defaults to off unless explicitly enabled.

  • For N-able Login (MSP SSO), token validity check is always enforced (not configurable in the UI).

Polling Interval (Added a new input bar)

The Polling interval setting defines how often N-central checks externally with the identity provider to confirm a token is still valid.

  • Default value is 5 minutes; range is 1 to 1,440 minutes.

  • Polling is independent of the token validity check. Even if you disable token claim validation, you can still configure external polling.

  • Tokens issued by N-able Login are time-limited (60 minutes), so sessions naturally expire if not refreshed.

    • The Polling Interval is updated for both new and existing IdPs.

Revoke All Sessions (Added a new button)

  • A new “Revoke all SSO sessions” button is available for Azure AD and Custom (OIDC) providers which forces all users authenticated with that provider to log in again. Use this when applying sensitive security changes or responding to access concerns.

  • Other providers and local authentication remain unaffected.

  • Clicking on this button will display a confirmation modal with message “You are about to revoke all active sessions for users authenticated via this SSO provider. This will force all linked users to log in again. Are you sure you want to continue?”

  • When the user clicks on the Confirm button, it invalidates all active sessions for users authenticated through this SSO provider. The user will be logged out and prompted to Login again.

User Audit Syslog Export – Additional Audit Events for Ecoverse Features

In earlier releases, the audit coverage for Ecoverse included:

  • Patch Management events (e.g., patch install/uninstall logs).

  • Reboot actions initiated from the Asset View.

This release significantly expands coverage to additional high-impact activities:

Take Control & Advanced RBM

  • Remote control session start/end (from Asset View, native session).

  • Remote background session start/end.

  • Remote background file transfer (upload, download).

  • Process termination.

  • Registry edits.

  • System shell command execution.

    • Script executed.

    • Script added.

    • Script edited.

    • Script cloned.

    • Script deleted.

    • Script downloaded.


    Scripting is currently in development and will be available for Limited Technology Preview (LTP) this December.

Asset Tags

  • Tag created.

  • Tag edited.

  • Tag assigned/unassigned to Assets.

  • Tag deleted.

Cloud Commander

  • Tenant connects, disconnect, remove.

  • Cloud users add, edit, delete.

  • Cloud user password reset.

  • Cloud user MFA reset.

  • Cloud user session revoked.

  • Cloud user disabled.

  • Cloud user license assigned/unassigned.

  • Cloud user assigned/unassigned to groups.

  • Cloud user assigned/unassigned to roles. To configure Syslog export and take full advantage of these features, see: Configure Syslog Export.

Applying Asset Tags in Asset View

Easily categorize and organize devices with greater precision using the new Asset Tag capabilities in N-central. This enhancement brings more flexibility and control to how partners manage and track devices across distributed environments.

  • Apply custom tags to devices across all levels: Partner, SO, Customer, and Site.

  • Assign tags directly from the Asset View to enable consistent device labeling to support filtering, reporting, and workflow automation.

  • Manage Tags-Create, edit, and delete tags via the new Tag Management screen (admin-only access).

  • Tag visibility and usage are controlled through a combination of feature flags, user role permissions, and organizational hierarchy.

See also:

What’s new: Quick Navigation

Navigating N-central is now simpler. The Quick Navigation search bar indexes all destinations available in the left-hand navigation menus, helping users quickly locate pages and configuration screens without manually expanding panels.

  • Global Search now displays all pages and actions visible in the left-hand navigation menus across all modules (System, Actions, Integrations, etc.).

  • Search results are permission-aware, showing only pages the logged-in user has access to.

  • Results are now consistent with what is displayed in the UI, no hidden, backend, or deprecated links.

Why it matters

Previously, the users were limited to the currently visible menu panels, requiring users to drill through multiple layers to find a page. This enhancement delivers a unified search experience for faster access to any navigable page or action.

Known limitations / Future iterations

The current release focuses on search visibility based on role and feature access. Future releases will introduce:

  • Customer Tree Level Filtering: refining results based on the selected customer or site context.

  • Searching for filters, devices, services, profiles, or other system entities remains outside the current Global Search scope and is still in the design and planning phase.

Analytics Updates

Issue Type Issue key Summary Release Notes Release Date
Enhancement DW-494 N-central Hardware Inventory Report Added a column to the FACT_PHYSICAL_STORAGE_LATEST' in the 'Hardware Inventory (Physical Disk)' data model called 'DSS_IS_DELETE' that indicates if the record was deleted. This can be used to exclude removed storage devices from queries for reporting on disk size. 29-Oct-2025
Bug DV-7816 N-central Last Boot-Up Time and Logged-In User Report Fixed an issue where the Last Boot-Up Time and Logged-In User report sometimes showed an incorrect last logged-in user. This resolves NCIP-14082. 29-Oct-2025
Bug DV-7705 N-central Last Boot-Up Time and Logged-In User Report Fixed an issue where the Last Boot-Up Time and Logged-In User report sometimes displayed devices more than once. 29-Oct-2025

Continued Development on CMMC-Compliant Version of N-central for On-Premises Partners

We are continuing development on the CMMC-compliant version of N-central, specifically designed for on-premises partner-hosted instances. This work is part of our broader initiative to ensure CMMC Level 2 compliance, supporting partners managing environments aligned with U.S. Department of Defense (DoD) cybersecurity requirements.

Important Notice for OnPrem partners upgrading to 2025.4 from a version earlier than 2025.1

N-central 2025.1 replaced the underlying operating system on N-central from CentOS to AlmaLinux.

If you are upgrading from a version of N-central earlier than 2025.1 you will be doing a complete operating system migration.

This is a significant upgrade to N-central with new system requirements and the upgrade will take longer than a normal upgrade.

We highly recommend reviewing the updated system requirements and release notes for essential details before proceeding with the upgrade.

Migration Paths

Pre-2025 Upgrade Path: CentOS to AlmaLinux (2025.1)

  • 2024.4.0.0

  • 2024.6.0.0

  • 2024.6.1.0

  • 2024.6.2.0

2025 Upgrades: Systems already running AlmaLinux

  • 2025.1.0.0

  • 2025.2.0.0

  • 2025.2.1.0

  • 2025.3.0.0

  • 2025.3.1.0

  • 2025.4.0.0

Bug Fixes

A range of high-impact bugs have been resolved in this release. Be sure to review the full list included below for more details.

Category

Updated Summary

Issue Key

Integration and Remote Support

Core

Remote desktop sessions blocked in some networks

 

Issue: Partners couldn’t connect via Remote Desktop (RDP) when traffic passed through a proxy/firewall.

Fix: Updated agent handling so remote desktop works reliably through proxies.

 NCCF-767051

Core

PSA integrations disrupted after content validation change

 

Issue: A recent change stopped allowing line breaks (newlines) in notification templates. Many partners relied on those newlines to format alerts for their PSA systems, so the change broke PSA notification processing.

Fix: Restored support for newlines in templates, ensuring PSA integrations and notifications work as expected.

NCCF-712085

Performance & Task Reliability

Core

Device services sometimes showed as “stale” for several minutes

 

Issue: AMP-based services showed as stale for 4–5 minutes before returning to normal, confusing monitoring dashboards.

Fix: Corrected status reporting so services update in real time.

NCCF-736090

Core

Maintenance checks delayed other system tasks

 

Issue: Maintenance refreshes ran too long, delaying other actions.

Fix: Optimized refresh logic so tasks no longer get stuck.

NCCF-714640

Core

Errors when scheduling automation tasks at site level

 

Issue: Site-level scheduled tasks for automation returned system errors when running on AMPs.

Fix: Fixed task handling so scheduled tasks run reliably.

NCCF- 597747

Core

Asset info update task profile not working correctly

 

Issue: The “Update Asset Info When Finished” task profile didn’t behave correctly when bulk asset updates were used.

Fix: Adjusted the profile so asset info updates run as intended.

NCCF-204273

Core

System delays caused by internal counter

 

Issue: Partners experienced delays tied to TimeElapsedCounter wait logic.

Fix: Adjusted calculation logic to remove unnecessary wait times.

NCCF-404466

Security & Certificates

Core

Password policy option not applying

 

Issue: The “Do not allow username-based passwords” option in Password Settings could not be enforced, weakening security policies.

Fix: Fixed the password validation so the option now works.

NCCF-649150

Core

Outbound communication blocking did not fully apply

 

Issue: Outbound communications continued even after being disabled, causing unexpected data flow.

Fix: Updated logic so outbound communication is fully blocked when configured

NCCF-571471

Core

Root certificate store created invalid entries

 

Issue: Upgrades built the root certificate store with invalid records, creating trust issues.

Fix: Cleaned up store building process to ensure only valid records are included.

NCCF-572685

Core

Security and stability improvements with Jetty update

 

Issue: Jetty version (9.4.54) contained known issues.

Fix: Upgraded to Jetty 9.4.56 to improve stability and security.

NCCF-427410

Monitoring & Data Accuracy

Core

Endpoint Detection & Response (EDR) status displayed incorrectly

 

Issue: EDR monitoring showed “No Data” in the UI even though API calls were retrieving data.

Fix: Corrected UI reporting so service status is displayed accurately.

NCCF-542099

 

 

Core

Linux agent crash during log monitoring

 

Issue: On some devices, a math error made the Linux agent crash when reading logs.

Fix: Fixed the error so the agent no longer crashes.

NCCF-789878

 

Backup & Credentials

Core

Backups failed when password contained special characters

 

Issue: Backups would fail if your FTP password had the “%” symbol in it.

Fix: Backups now work even if your password includes special characters.

NCCF-789183

Core

ESXi login failed if credentials contained a hyphen

 

Issue: Logging in to ESXi failed if your username or password had a “-” (hyphen).

Fix: Logins now work with hyphens in usernames and passwords.

NCCF-709175

MSAD

AM Agent crash on app domain unload

 

Issue: The AM Agent crashed when the AppDomain was unloaded with unhandled exceptions.

Fix: Stabilized the unload process to prevent agent crashes.

MSAD-5149

MSAD

Misconfigured services due to AM Engine unload

 

Issue: Unloading the AM Engine app domain caused service misconfigurations and agent instability.

Fix: Adjusted handling during unload to avoid misconfiguration.

MSAD-5148