Connecting to the Tivoli Enterprise Portal when using cryptographic services
If the monitoring server is configured to use cryptographic services, but the ICSF address space is not running in the same LPAR as the monitoring server, the portal server might not be able to connect to the HUB monitoring server.
This issue can be resolved in one of two ways: by starting the ICSF address space on the same LPAR as the HUB monitoring server or by reconfiguring the monitoring server to not use ICSF services.
The following messages are displayed when the portal server
cannot connect to the monitoring server:
Call to KLE_CryptoGetFP failed with exit code 8. Cannot get CSNBXAE function pointer
Logon validation did not complete - system error. User:username
keyfile:key ip:ip_address
If
you see these failed connection messages, take corrective action to
enable the Tivoli Enterprise Portal Server to
connect to the Tivoli Enterprise Portal.You
can take this action in one of two ways:
- By starting the ICSF address space manually. This action fixes the problem temporarily until you restart IBM® Tivoli® Monitoring.
- If you do not want to run the ICSF address space, you can reconfigure, by using either the Configuration Tool or PARMGEN.
To reconfigure using the Configuration Tool, perform the
following steps:
- From the Configuration Tool Configure the Tivoli Enterprise Monitoring Server step, select Specify configuration values > Integrated Cryptographic Service Facility (ICSF) installed.
- Specify N in the Integrated Cryptographic Service Facility (ICSF) installed? field.
- Complete the configuration.
To reconfigure using PARMGEN, do the following:
- Locate the configuration profile for this instance of the monitoring agent. See Step 1 under Cannot connect to location server or find running CMS on CT_CMSLIST to determine how to locate the configuration profile.
- In the configuration profile, locate the following
KDS_TEMS_SECURITY_KDS_VALIDATE
parameter and set the value to N. Save the configuration profile. - If you change any of these values, you must update the configuration values in the RTE. See PARMGEN Step 4 underCannot connect to location server or find running CMS on CT_CMSLIST.
After the Tivoli Enterprise Monitoring Server
configuration is complete and the server is running, you must modify
the portal server configuration to use an older, less robust encoding
algorithm by performing the following steps:
- Edit the kfwenv file in install_dir\CNPS (where install_dir is C:\IBM\ITM by default) with a text editor.
- Uncomment the following text:
USE_EGG1_FLAG=1
- Save the file and exit.
- Stop the Tivoli Enterprise Portal Server, if it is running, and then start it.