Resolving The Problem

When you encounter such errors, verify that the following prerequisites for Remote configuration are met:

On Microsoft Windows Server systems

For remote Windows systems, ensure the following requirements are met before installing the software:

• The user name that you provide to the installation program must exist as a local account on the remote machine and the user must be a member of the Windows Administrators group.

• The following Windows services must be started on the remote machine before you begin a remote installation and configuration; the control panel display names are in parentheses: winmgmt (Windows Management Instrumentation), RemoteRegistry (Remote Registry), and lanmanserver (Service).

• The SMB protocol must be enabled and configured. The SMB protocol can be configured to use NetBIOS over TCP/IP, by choosing to use port 139, or configure SMB to use TCP/IP as the transport protocol, without NetBIOS, by configuring it to use port 445.

• Be sure that any ports that you use for remote protocols are not blocked by firewalls or security policies. This includes ports 137 and 139 (port 139 is used if SMB is configured to run on NetBIOS over TCP/IP), and port 445 (port 445 is used if SMB is run directly on TCP/IP, without NetBIOS).

• Disable Simple File Sharing. Start Windows Explorer. Click Tools > Folder Options, and clear the check box next to Use Simple File Sharing.

• The Windows administrative share (C$) and the interprocess communications (IPC$) folder must be shared.

• For Windows Server systems that support password-protected sharing, password-protected sharing must be disabled. Shares must be shared for the Guest or Everyone accounts.

• For Windows systems that have User Account Control (UAC) enabled, it must be disabled before software is remotely installed and configured.

• If Cygwin is installed on the remote Windows system, the SSH daemon (sshd) must be uninstalled or disabled.

IPv6 support on Windows

IPv6 is supported by all protocols. However, you might encounter some issues using WindowsProtocol. In order for Remote Execution Access to support connections to Windows systems over IPv6, the server needs to be able to resolve the IPv6 address of the host. If that does not happen, the connection fails.

If you encounter problems with IPv6 connection, complete the following steps:

1. First, verify whether a port is blocked by entering the following command: telnet <IPv6 address> 445.
   
   If the connection to the host cannot be opened, the port is blocked. If this happens, complete the following steps:
   1. Start the Registry Editor (regedt32.exe).
   2. Locate the key in the Windows registry:
      
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Smb\Parameters
   3. Introduce the following entries to the registry key:

      DWORD key IPv6Protection
      
      Add with hex value 00000014 (0x00000014).
      
      DWORD key IPv6EnableOutboundGlobal
      
      Add with hex value 1 (0x1).

   4. Reboot your computer for the changes to take effect.
2. Verify whether the shared disks can be accessed by issuing the command:

   net use * \\<IPv6 host_domain_name>\c$

   If the command returns an error and you cannot connect to the share c$, it means that the disk cannot be accessed. If this happens, complete the following steps to use the IPv6 protocol:

   1. Start the Registry Editor (regedt32.exe).
   2. Locate the key in the Windows registry:
      
      HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters
   3. Introduce the following entry to the registry key:

      DWORD key DisableStrictNameChecking

      Add with value 1 (decimal) to enable file sharing.

   4. Reboot your computer for the changes to take effect.

Note the host name cannot contain any colons (":") because these characters are not supported by the SMB protocol.

If there is a need to use the IPv6 address directly, convert the IPv6 address to the "ipv6-literal" namespace format.

For example, the IPv6 address:

2001:4898:2b:4:bdb1:1c0:a5d8:438e

might work converted to:

2001-4898-2b-4-bdb1-1c0-a5d8-438e.ipv6-literal.net.

On UNIX systems

For remote UNIX systems, ensure the following requirements are met before installing the software:

• The user name that you provide to the installation program must exist as a privileged account (for example, root) on the remote machines.

• Ensure that a current version of OpenSSH is installed and running. Do not use OpenSSH 4.7.0.5302.
• If you plan to remotely configure software on remote UNIX or Linux machines, make sure that the UNIX and Linux machines have SSH installed. SSH is the only remote protocol currently supported for logging on to remote UNIX and Linux systems. You do not need to install SSH on the Windows administrative workstation because SSH support is provided by the IBM JRE.

Remote configuration does not support accessing network drives on the local or remote system.

McAfee antivirus blocks Remote Execution Access

McAfee antivirus may block Remote Execution Access(RXA). In order to ensure proper operation of RXA, you should disable the following rules:

• Anti-Virus Standard Protection: Prevent remote creation and modification of executable and configuration files

• Anti-virus Outbreak Control: Make all shares read-only

• Anti-virus Outbreak Control: Block read and write access to all shares

• Common Maximum Protection: Prevent creation of new executable files in the Windows folder

• Common Maximum Protection: Prevent programs registering as a service

Note: The settings described here refer to McAfee VirusScan Enterprise ver.sion8.5i. Later versions of the program might require different settings.

Known Workaround:

After verifying Remote Configuration prerequisites, if you are still getting failures, use to this workaround:

If on Windows machines, domain user is configured, "<domain>\<username>" usually works, but sometimes Windows does not allow using NetBIOS domain names. In that case, retry installation with the full DNS domain name:

<user>@<domain>.xxxx.xxxx

In some instances, if both IPV6 and IPV4 are configured on a machine, hostname is not resolved properly. To overcome this error, use this workaround:

Run "nslookup" command from command prompt and ensure IP address resolves with a proper hostname. An example for the same is mentioned below:

C:\>nslookup

Default Server: testdns.ibm.com

Address: 9.X.X.X

> <IP Address>

Server: testdns.ibm.com

Address: 9.X.X.X

Name: <Should return the hostname for IP Address specified>

Address: <IP Address>

> hostname.ibm.com

Server: testdns.ibm.com

Address: 9.X.X.X

Name: hostname.ibm.com

Address: <Should return the IP Address for hostname specified>

Remote Configuration also work when hosts file (C:\Windows\System32\drivers\etc) is updated with an entry as shown here.

# Copyright (c) 1993-2009 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97     rhino.acme.com          # source server
# 38.25.63.10     x.acme.com              # x client host

# localhost name resolution is handled within DNS itself.
127.0.0.1       localhost
# ::1             localhost
<IPV4 IP Address> <Fully qualified hostname>

If none of the workarounds mentioned here resolve the error, set the RXA trace option on command prompt as shown:

Windows Server: set ENABLE_RXA_TRACE=true
Unix: export ENABLE_RXA_TRACE=true

From same command prompt, invoke the installer and then collect the logzipper logs and send that to IBM support for further assistance.

Utility to verify Remote Configuration:

Run the testRXA.bat/sh available in the /IBM/SMP/onfigTool/scripts directory (substituting your home directory for <CCMDB HOME>).  To execute this TestRXA utility, Java 1.8 is required.