Tivoli Framework Patch 4.1.1-LCF-0076

Installation Instructions

Applying the Patch:

1) Extract the patch:

On a Unix system:

Extract the contents into a scratch directory. For the purpose
of this release note, assume that the symbol $PATCH points to
this directory.

# cd $PATCH
# tar xvf 4.1.1-LCF-0076.tar

On a Windows system:

Extract the contents into a scratch directory. For the purpose
of this release note, assume that the symbol %PATCH% points to
this directory.

> %SystemRoot%\system32\drivers\etc\Tivoli\setup_env
> X:
^-- 'X' is drive letter where %PATCH% is found
> cd %PATCH%
> tar xvf 4.1.1-LCF-0076.tar

NOTE: If you are extracting the tar image on a Windows
system, you will find an executable for tar in the TME
installation on Windows under bin/w32-ix86/tools/tar.exe.

2) If this patch is to be installed on a release level of 3.6 or
greater, follow these instructions for using Software
Installation Service (SIS). If not, skip to step 3 below.

NOTE: SIS can install Tivoli products on any hardware
platform supported by Tivoli, but there are some
hardware platforms on which SIS cannot be run. Please
check your SIS User's Manual for the list of platforms
on which SIS can be run.

NOTE: You must have the install_product and super authorization
roles to successfully install this patch.

a) From the Tivoli Desktop, pull down
Desktop --> Install --> Software Installation Service.
b) SIS will initialize, and bring up the Get Installation
Password Dialog. Enter your Installation Password.
c) Click the Install Button on the dialog which contains
the Tivoli image.
d) Click the Select Product Button on the Install Spreadsheet
Dialog.
e) Click the Import Product Button on the Select Product
Dialog.
f) Locate the media to 4.1.1-LCF-0076 using the file browser,
and select the PATCHES.LST file by double-clicking it.
g) Select 4.1.1-LCF-0076 in the Import Product Dialog, and
click the Import Button.
h) When the import is complete, click the OK Button on the
Global Progress Dialog.
i) Select 4.1.1-LCF-0076 in the Select Product Dialog, if it
is not already selected, and click the OK Button.
j) Now click the Select Machine Button on the Install
Spreadsheet Dialog.
k) Select the machine(s) you would like to install
4.1.1-LCF-0076 on and click the OK Button.
l) Click the appropriate cell(s) in the Install Spreadsheet
Dialog. (NOTE: This should yield an "X" in the cell(s)
for the machines you want to install 4.1.1-LCF-0076 to).
m) Click the Install Button.
n) Select the install algorithm you want to use on the
Installation Algorithm Dialog, and click OK.
o) SIS will perform the installation(s) you designated
in the Install Spreadsheet Dialog.
p) Installation is complete. Check the Additional
Installation Instructions section below.

3) Use the following steps to install the patch using the Tivoli
GUI install mechanism.
NOTE: You must have the install_product and super authorization
roles to successfully install this patch.

a) Select the "Install -> Install Patch..." option from the
"Desktop" menu to display the "Install Patch" dialog.
b) Press the "Select Media..." button to display the "File
Browser" dialog.
c) Enter the path to the directory containing the patch,
$PATCH, in the "Path Name:" field.
d) Press the "Set Media & Close" button to return to the
"Install Patch" dialog.
e) The patch install list now contains the name of the patch.
Select the patch by clicking on it.
f) Select the clients to install this patch on. This patch
needs to be installed on gateway machines.
g) Press the "Install" button to install the patch.

Additional Installation Instructions:

This patch upgrades the endpoints from earlier versions to version
41176. In order to upgrade your endpoints:

1) Make sure the endpoint has logged into the TMR.

2) Verify that the endpoint has logged in by using the "wep ls"
command.

3) Before the upgrade, do:

wadminep <ep_name> view_version

The version number returned should be a value less than 41176,
depending on which other patches affecting endpoint code have
been applied.

4) For Framework 4.1 or 4.1.1, perform step 4a) below. For Framework
3.7 or 3.7.1, perform step 4b) below.

4a) (Framework 4.1 / 4.1.1) From the Tivoli region server or the
gateway that the endpoint is logged into, enter the following
command:

wepupgd <ep_name>

NOTE: For Framework 4.1, the wepupgd command will upgrade the
endpoint to the 4.1 binaries in lcf_bundle.41000 by default,
and not to the 4.1.1 binaries in lcf_bundle.41100. To upgrade
an endpoint to the 4.1.1 binaries in lcf_bundle.41100, the
path to the lcf_bundle.41100 directory should be specified on
the wepupgd command. For example,

wepupgd -p <path to lcf_bundle.41100> <ep_name>

4b) (Framework 3.7 / 3.7.1) From the Tivoli region server or the
gateway that the endpoint is logged into, enter the following
command:

wadminep <ep_name> upgrade

NOTE 1: The wadminep command will use binaries from the
machine on which the upgrade command is executed. So, for
example, if wadminep is executed on a Tivoli region server
and the endpoint's gateway is a different machine, then the
binaries on the Tivoli region server (not the endpoint's
gateway) will be used for the upgrade.

NOTE 2: For Framework 3.7 / 3.7.1, the wadminep command will
upgrade the endpoint to the 3.7.1 binaries in lcf_bundle.40
by default, not to the 4.1.1 binaries in lcf_bundle.41100.
To upgrade an endpoint to the 4.1.1 binaries in
lcf_bundle.41100, the path to the lcf_bundle.41100 directory
should be specified on the wadminep command. For example,

wadminep <ep_name> upgrade <path to lcf_bundle.41100>

5) After the upgrade, do:

wadminep <ep_name> view_version

It should return a 41176.

------------------------------------------------------------------

This patch contains the Windows library TivoliAP.dll. Since
TivoliAP.dll may already be in use by Windows, the Windows system
must be rebooted after an upgrade (or a new installation where an
older version of TivoliAP.dll was in use) so that this new version
of TivoliAP.dll will be loaded into memory. If you do not reboot,
then Windows will continue to use the older TivoliAP.dll that was
previously loaded.

(The TivoliAP.dll being replaced is used by the Windows security
service. Due to this library being locked, we must follow the
Microsoft solution for handling locked libraries. This solution
dictates that we must reboot the Windows system to allow the locked
library to be replaced at boot time.)

Note: The version of TivoliAP.dll supplied in this patch is the same
as the version (28) supplied 4.1.1-LCF-0040LA except for timestamp
information, but is different from all earlier endpoint versions.
Thus, if you are upgrading from 4.1.1-LCF-0040LA (or later) to this
patch, then it is not necessary for the Windows endpoints to be
rebooted. For earlier endpoint versions, however, there is no
problem in continuing to run with an older version of TivoliAP.dll
on Windows except that certain fixes will not be available. Thus,
this endpoint reboot does not have to be done when an endpoint is
upgraded and can be deferred until a later time.

------------------------------------------------------------------

Installing Components using Software Package Blocks (SPBs)

Before installing images from software package blocks, the Software
Distribution version 4.1 (or later) component of IBM Tivoli
Configuration Manager must be deployed. (Software Distribution
version 4.0 is not supported.) To install an image from a software
package block (SPB) to an existing endpoint, perform the following
steps:

1) From the Tivoli desktop, double-click the appropriate policy
region icon to display the Policy Region window.
2) In the Policy Region window, double-click the appropriate
profile manager icon to display the Profile Manager window.
3) Select Profile from the Create menu to display the Create
Profile window.
4) Create a software package profile.
5) Right-click the new software package profile and select Import
to display the Import window.
6) In the Location of Input File group box, select Managed Node
from the drop-down list.
7) Click the Browse (...) button to display the Select Input File
window.
8) In the Select Input File window, perform the following steps:
a) In the Managed Node list, select the machine where tar file
was extracted.
b) In the Input File Path list, select the 411LCF76/SPB
directory.
c) Select the image to import.
d) Click Set File & Close to return to the Import window.
9) In the Location of Source Host group box, perform the following
steps:
a) Ensure that the Build check box is selected.
b) In the Source Host Name text box, type the source host name.
c) In the SPB Path text box, type the path to the software
package block.
10) Click Import & Close to return to the Profile Manager window.
11) Right-click the software package profile, and select Install to
display the Install Software Package window.
12) In the Available Subscribers list, select the endpoints where
you want to install the image.
13) Click Install & Close to begin the installation. The window
remains open until the operation is submitted.

------------------------------------------------------------------

To install a new endpoint on an iSeries machine, run the following
command from the gateway:

w4inslcf.pl -g gateway_name
-L 'log_threshold=3 lcs.machine_name=ep_name' \
iSeries-machine-name-or-IP-address

To install an iSeries endpoint with multiple network cards from a
gateway that has multiple network cards, as shown by the following
example of a desired configuration:

Gateway NIC to use : 146.84.36.37
AS/400 TMA Network card : 146.84.39.126
Endpoint HostName : cheese (146.84.39.126)
Endpoint name is : queso
AS/400 TMA local port : 18752
Log threshold is : 3

then the following command can be used to install that endpoint:

w4inslcf.pl -L 'local_ip_interface=146.84.39.126 \
lcs.machine_name=queso log_threshold=3' -l 18752 \
-g ibmtmp1+8752 -T 146.84.36.37 cheese

------------------------------------------------------------------

NOTE: The Linux endpoints do not support the following monitors:

* Client RPC timeouts
* NFS bad calls
* RPC bad calls
* Jobs in print queues
* Total size queued
* Page -scans

Installation of an endpoint using the winstlcf command with its
default options may fail or hang. This problem affects Red Hat 6.2
(and higher). The default winstlcf endpoint installation uses the
Linux rexecd daemon on both the source and the target for
communication. On the Linux operating systems mentioned above, the
rexecd daemon contains a defect which prevents Tivoli endpoints from
installing. Because of security policy in Red Hat 6.2 (and higher),
root access via the rexecd has been disabled, which prevents Tivoli
endpoints from installing.

Workaround: Install the endpoint using the winstlcf command with the
-e Trusted Host option as follows:

Follow operating system instructions to configure the target's
.rhosts file to allow trusted host root access for the gateway from
which the installation is being performed. If configured properly,
the following command executed from the gateway should return
"hello":

rsh target_machine_name -l root echo hello

If "Permission Denied" is returned, consult operating system
documentation on how to correctly configure trusted host access and
repeat the above test.

From the gateway in which you successfully ran the test above,
install the target endpoint using the Trusted Host access method as
follows:

winstlcf -e target_machine_name

Contact the appropriate vendor to obtain the following service patch
which corrects rexec:

Red Hat 7.0: Patch "glibc-2.2-12" as described in Red Hat Service
Advisory "RHSA-2001:001"

Turbolinux: Contact vendor to obtain a rexec fix or use the
workaround.

Follow operating system instructions to properly enable rexec to
allow root access to the target since, due to security
considerations, many operating system vendors disable rexec by
default. Tivoli strongly recommends that once the Tivoli
installation is complete, rexec access to the target be disabled or
restored to a configuration recommended by the operating system
vendor.