[ Previous Page | Next Page | Table of Contents ]
Version 3.6.3, May, 2000
Endpoints and Gateways
Installing Security Gateway / Security Management R7720JUMBOHF.Error, Installation of Security Gateway / Security Management R7720JUMBOHF package failed!!! Failed to install package. Aborting Installation Program. Stack Exchange Network. Stack Exchange network consists of 176 Q&A communities including Stack Overflow, the largest, most trusted online community for developers to learn, share their knowledge, and build their careers.
- If an endpoint is allowed to broadcast for initial login, and the login request can reach multiple gateways in different TMRs, several of the gateways might receive the request and process it. This results in one endpoint logging into multiple TMRs. One login request is honored and the rest will return 'HMAC' errors on downcalls and upcalls. (CMVC-26857)
- APAR-IX80312, IX83059, IX82918: For Windows NT, a Tivoli Remote Access Account (TRAA) or 'password invalid' error is displayed the first time you install an endpoint with InstallShield if a user name is specified in the Remote Access dialog. This error is displayed even if the Administrator account is specified. (CMVC-43621) Workaround: Cancel the installation and log off from the target computer. Log on again and restart the installation. The TRAA account will then be recognized.
- For Windows NT, binary policies do not execute properly on Windows NT endpoint managers and gateways. (CMVC-42284) Workaround: You can invoke the binary in a policy script.
- Aborting a winstlcf installation with the n response at the Continue? prompt generates the following error: (CMVC-44256) Workaround: The message is harmless and can be avoided by responding with a for 'abort' instead of n for 'no.'
- APAR-IX82542, IX82870: When the endpoint is running in console mode (lcfd -s) and an attempt is made to distribute a file package to an endpoint, the endpoint might fail with the following message: (CMVC-42993) Workaround: Run the endpoint as a service, rather than in console mode.
- Installations of NetWare 4.x endpoints with the InstallShield report that the endpoint does not log in, even when it does. (CMVC-44272) Workaround: Disregard the InstallShield message and verify if the endpoint installation directory contains the /dat/1/lcf.dat file. If the file exists, the endpoint logged in successfully. If it does not, refer to the lcfd.log file in the same location for information.
- Sixteen-bit programs (batch files) executed by an endpoint or an application that is a client of an endpoint can fail when the Pathenvironment variable is too long. Most endpoint programs are 32-bit programs and run correctly with any setting of Path. However, problems can arise when a 16-bit program is run and the Pathvalue is greater than the limit supported by Microsoft Windows 3.1. The Microsoft Windows 3.1 command interpreter limits the size of any environment variable string (VAR=VALUE) to 127 characters. With this limitation, a Pathenvironment value cannot exceed 118 characters in length. (CMVC-43537) The endpoint automatically sets the Pathfor processes (lcfd.exe). By default, the endpoint adds the following directories to Pathwhen it starts:
- The path to the endpoint library directory
- The path to the endpoint cache library directory
- The path to the endpoint tools directory
Examples of Tivoli applications and services that invoke 16-bit programs are the following:- Tivoli Software Distribution (configuration program scripts)
- Tivoli Inventory
- Tivoli Task Library (batch files)
When the endpoint executes a sixteen-bit program or batch file, the MS-DOS command interpreter (COMMAND.COM) is invoked to run the program or batch file. If the Pathvalue that is passed to COMMAND.COM is too long, the command interpreter will fail to execute correctly. The endpoint will detect this situation and log a warning to the endpoint log file (lcfd.log) if the endpoint log threshold level is set to level 1 (the default) or higher. The message logged is as follows:Workaround: To avoid this problem, install the endpoint in the Tivoli recommended default location (C:TIVOLILCF). Using this path means that the three values that are added to the endpoint path at startup will not cause the Pathvariable to exceed the 118 character limit.Using a short installation path occasionally is not enough. The endpoint also passes the Windows 3.1 system environment (from AUTOEXEC.BAT) to child processes. This can create problems if the system Pathon the user's computer has been modified to contain additional entries. This can happen when the user has installed other software packages on the system that have updated the Pathin AUTOEXEC.BAT.If a path is too long, perform one of the following actions:- Reinstall the endpoint to a location on the system with a shorter path.
- Edit the AUTOEXEC.BATfile.
- Add the following line:
- Create virtual drives for long directory names in Path as follows:
- Reboot the computer to apply the changes.
- Upgrade Windows 3.1 systems to Microsoft Windows 95 or Microsoft Windows NT. These versions of Windows do not have Pathlimitation problems when running 16-bit programs.
- If you uninstall an endpoint from a NetWare system and fail to remove the LCF.SYS file, a new installation will use the old file and rely on the previous DAT directory location. (CMVC-44108) Workaround: Follow the 'Removing Endpoints' procedure in the TME 10 Framework Planning and Installation Guide.
- When you install some OS/2 endpoints from a mounted drive on a remote computer (OS/2 Software Installer), the installation times out and causes the installation to fail. (CMVC-41705) Workaround: Copy the directory to the target computer and perform the installation locally.
- The silent InstallShield template provided for NetWare 4.x endpoints is missing information and does not work. (CMVC-42769) Workaround: You can create a new Setup.iss file with the following command:
- The encryption of task data passed between servers and endpoints is disabled. (Task data between servers and managed node clients is still encrypted.) (CMVC-26589)
- The Edit button on the Gateway List dialog is disabled. (CMVC-27074)
- For OS/2, silent install of an OS/2 endpoint locks out the use of the keyboard. (CMVC-24920)
- Upgrades of Version 3.2 UNIX endpoints fail if you do not set the lib_dir variable. Workaround: Install the 3.2 EP. Edit the last.cfg file and add the line:Restart the endpoint and the upgrade is succesfull. (CMVC-88723)
- Gateways on HP-UX managed nodes sometimes fail. This problem occurs when large numbers of endpoints log in and the login_policy script is set to automatically upgrade endpoint software. (CMVC-84043)
- Endpoint tasks, jobs, and methods running on Windows 2000 systems may experience restricted system access due to changes in the default security settings between Windows NT 4.0 and Windows 2000. (CMVC-81288) Workaround: You can overcome this new restriction by adding the tmersrvd account (the Tivoli Unprivileged Operations Account) to the Power Users group for Windows 2000 Professional or to the Server Operators group for Windows 2000 Server. If you are concerned about the possible misuse of the tmersrvd account for interactive logins, you can disable the account.Windows NT and Windows 2000 provide both GUI and CLI utilities for account management. The NET.EXE CLI utility can be invoked from a TMA task to manage the tmersrvd account on multiple endpoints. You must execute this task with administrator privileges to successfully alter groups or accounts.The following examples illustrate group management on Windows NT 4.0 Workstation or Windows 2000 Professional. Substitute NET GROUP for NET LOCALGROUP when dealing with a domain controller. Use NET GROUP HELP (or NET LOCALGROUP HELP) for detailed usage information.To view current group membership, run the following command:To add the tmersrvd account to the Power Users group, run the following command:To remove the tmersrvd account from Power Users group, run the following command:The next examples illustrate user account management on Windows 2000. Use NET HELP USER for detailed usage information.To view current account information for the tmersrvd account, run the following command:To disable interactive logins for the tmersrvd account, run the following command:To enable interactive logins for the tmersrvd account, run the following command:
- After you upgrade a NetWare endpoint using the wadminepep_nameupgrade command, the last line of the LCF.NCF file on the NetWare endpoint may become corrupted. The NCF file works correctly, but a command not found message is displayed. (CMVC-82090)
- The wepep_label command does not work on Version 3.6.1 OS/2 managed nodes in a Version 3.6.3 TMR. Patch 3.6.1-TMF-0064 corrects this problem. (CMVC-83963)
- If an administrator with a user role tries to perform the wepset_label command, the command fails without displaying an error message and returns a zero return code. (CMVC-84172)
- If an administrator with the global senior role runs the wepmgrstop command, that administrator will not be able to run the wepmgrstart command. An error message is displayed stating that the administrator is not authorized to run the command. (CMVC-84402)
[ Top of Page | Previous Page | Next Page | Table of Contents ]
[ Previous Page | Next Page | Table of Contents ]
Version 3.6.3, May, 2000
Endpoints and Gateways
The Refind Binary File Is Missing Aborting Installation Guide
- If an endpoint is allowed to broadcast for initial login, and the login request can reach multiple gateways in different TMRs, several of the gateways might receive the request and process it. This results in one endpoint logging into multiple TMRs. One login request is honored and the rest will return 'HMAC' errors on downcalls and upcalls. (CMVC-26857)
- APAR-IX80312, IX83059, IX82918: For Windows NT, a Tivoli Remote Access Account (TRAA) or 'password invalid' error is displayed the first time you install an endpoint with InstallShield if a user name is specified in the Remote Access dialog. This error is displayed even if the Administrator account is specified. (CMVC-43621) Workaround: Cancel the installation and log off from the target computer. Log on again and restart the installation. The TRAA account will then be recognized.
- For Windows NT, binary policies do not execute properly on Windows NT endpoint managers and gateways. (CMVC-42284) Workaround: You can invoke the binary in a policy script.
- Aborting a winstlcf installation with the n response at the Continue? prompt generates the following error: (CMVC-44256) Workaround: The message is harmless and can be avoided by responding with a for 'abort' instead of n for 'no.'
- APAR-IX82542, IX82870: When the endpoint is running in console mode (lcfd -s) and an attempt is made to distribute a file package to an endpoint, the endpoint might fail with the following message: (CMVC-42993) Workaround: Run the endpoint as a service, rather than in console mode.
- Installations of NetWare 4.x endpoints with the InstallShield report that the endpoint does not log in, even when it does. (CMVC-44272) Workaround: Disregard the InstallShield message and verify if the endpoint installation directory contains the /dat/1/lcf.dat file. If the file exists, the endpoint logged in successfully. If it does not, refer to the lcfd.log file in the same location for information.
- Sixteen-bit programs (batch files) executed by an endpoint or an application that is a client of an endpoint can fail when the Pathenvironment variable is too long. Most endpoint programs are 32-bit programs and run correctly with any setting of Path. However, problems can arise when a 16-bit program is run and the Pathvalue is greater than the limit supported by Microsoft Windows 3.1. The Microsoft Windows 3.1 command interpreter limits the size of any environment variable string (VAR=VALUE) to 127 characters. With this limitation, a Pathenvironment value cannot exceed 118 characters in length. (CMVC-43537) The endpoint automatically sets the Pathfor processes (lcfd.exe). By default, the endpoint adds the following directories to Pathwhen it starts:
- The path to the endpoint library directory
- The path to the endpoint cache library directory
- The path to the endpoint tools directory
Examples of Tivoli applications and services that invoke 16-bit programs are the following:- Tivoli Software Distribution (configuration program scripts)
- Tivoli Inventory
- Tivoli Task Library (batch files)
When the endpoint executes a sixteen-bit program or batch file, the MS-DOS command interpreter (COMMAND.COM) is invoked to run the program or batch file. If the Pathvalue that is passed to COMMAND.COM is too long, the command interpreter will fail to execute correctly. The endpoint will detect this situation and log a warning to the endpoint log file (lcfd.log) if the endpoint log threshold level is set to level 1 (the default) or higher. The message logged is as follows:Workaround: To avoid this problem, install the endpoint in the Tivoli recommended default location (C:TIVOLILCF). Using this path means that the three values that are added to the endpoint path at startup will not cause the Pathvariable to exceed the 118 character limit.Using a short installation path occasionally is not enough. The endpoint also passes the Windows 3.1 system environment (from AUTOEXEC.BAT) to child processes. This can create problems if the system Pathon the user's computer has been modified to contain additional entries. This can happen when the user has installed other software packages on the system that have updated the Pathin AUTOEXEC.BAT.If a path is too long, perform one of the following actions:- Reinstall the endpoint to a location on the system with a shorter path.
- Edit the AUTOEXEC.BATfile.
- Add the following line:
- Create virtual drives for long directory names in Path as follows:
- Reboot the computer to apply the changes.
- Upgrade Windows 3.1 systems to Microsoft Windows 95 or Microsoft Windows NT. These versions of Windows do not have Pathlimitation problems when running 16-bit programs.
- If you uninstall an endpoint from a NetWare system and fail to remove the LCF.SYS file, a new installation will use the old file and rely on the previous DAT directory location. (CMVC-44108) Workaround: Follow the 'Removing Endpoints' procedure in the TME 10 Framework Planning and Installation Guide.
- When you install some OS/2 endpoints from a mounted drive on a remote computer (OS/2 Software Installer), the installation times out and causes the installation to fail. (CMVC-41705) Workaround: Copy the directory to the target computer and perform the installation locally.
- The silent InstallShield template provided for NetWare 4.x endpoints is missing information and does not work. (CMVC-42769) Workaround: You can create a new Setup.iss file with the following command:
- The encryption of task data passed between servers and endpoints is disabled. (Task data between servers and managed node clients is still encrypted.) (CMVC-26589)
- The Edit button on the Gateway List dialog is disabled. (CMVC-27074)
- For OS/2, silent install of an OS/2 endpoint locks out the use of the keyboard. (CMVC-24920)
- Upgrades of Version 3.2 UNIX endpoints fail if you do not set the lib_dir variable. Workaround: Install the 3.2 EP. Edit the last.cfg file and add the line:Restart the endpoint and the upgrade is succesfull. (CMVC-88723)
- Gateways on HP-UX managed nodes sometimes fail. This problem occurs when large numbers of endpoints log in and the login_policy script is set to automatically upgrade endpoint software. (CMVC-84043)
- Endpoint tasks, jobs, and methods running on Windows 2000 systems may experience restricted system access due to changes in the default security settings between Windows NT 4.0 and Windows 2000. (CMVC-81288) Workaround: You can overcome this new restriction by adding the tmersrvd account (the Tivoli Unprivileged Operations Account) to the Power Users group for Windows 2000 Professional or to the Server Operators group for Windows 2000 Server. If you are concerned about the possible misuse of the tmersrvd account for interactive logins, you can disable the account.Windows NT and Windows 2000 provide both GUI and CLI utilities for account management. The NET.EXE CLI utility can be invoked from a TMA task to manage the tmersrvd account on multiple endpoints. You must execute this task with administrator privileges to successfully alter groups or accounts.The following examples illustrate group management on Windows NT 4.0 Workstation or Windows 2000 Professional. Substitute NET GROUP for NET LOCALGROUP when dealing with a domain controller. Use NET GROUP HELP (or NET LOCALGROUP HELP) for detailed usage information.To view current group membership, run the following command:Download this app from Microsoft Store for Windows 10 Mobile, Windows Phone 8.1, Windows Phone 8. See screenshots, read the latest customer reviews, and compare ratings for Mobile Number Tracker. This easy-to-use phone locator can pinpoint the location of registered mobile devices and smart phones via the app's website, 24/7. This tracker works with all device types and on any carrier. Mobile phone location tracker software free for pc.To add the tmersrvd account to the Power Users group, run the following command:To remove the tmersrvd account from Power Users group, run the following command:The next examples illustrate user account management on Windows 2000. Use NET HELP USER for detailed usage information.To view current account information for the tmersrvd account, run the following command:To disable interactive logins for the tmersrvd account, run the following command:To enable interactive logins for the tmersrvd account, run the following command:
- After you upgrade a NetWare endpoint using the wadminepep_nameupgrade command, the last line of the LCF.NCF file on the NetWare endpoint may become corrupted. The NCF file works correctly, but a command not found message is displayed. (CMVC-82090)
- The wepep_label command does not work on Version 3.6.1 OS/2 managed nodes in a Version 3.6.3 TMR. Patch 3.6.1-TMF-0064 corrects this problem. (CMVC-83963)
- If an administrator with a user role tries to perform the wepset_label command, the command fails without displaying an error message and returns a zero return code. (CMVC-84172)
- If an administrator with the global senior role runs the wepmgrstop command, that administrator will not be able to run the wepmgrstart command. An error message is displayed stating that the administrator is not authorized to run the command. (CMVC-84402)