APAR status
Closed as duplicate of another APAR.
Error description
Problem: When installing software packages on client PCs where nobody is logged on, TAM E-SSO login screen does not allow Reboot or Shutdown command. Some of the software packages which we create contain a Reboot command in the start, but with the TAM E-sso login screen it is not possible to perform a reboot, and the installation of the software then already fails at this early point. This means, that we need to log on to the PC s manually to reboot them or shut them down! Therefore this I fatal for all our remote distribution of new software packages, therefore we need a solution to this problem, so that we also after TAM E-SSO is installed on all our client PC s are able to distribute software packages remotely. More Info: 1. from command line on your remote server issue the following command - shutdown -m //machinename -r - to your client machine and confirm if its shuts down ? ANSWER: We have made some further test which gave us more information. We tested the commands in several scenarios 1) Up against a laptop(T500) running windows XP SP2 and TAM-ESSO RESULT: This laptop was able to receive the shutdown ?r command and the test therefore was succcesfull 2) Up against a laptop(T61) running windows XP SP3 and TAM-ESSO RESULT: This laptop was not able to receive the shutdown ?r command as long as the TAM-ESSO login screen was active and nobody was logged on. - But when the laptop entered screensaver mode(still nobody was logged on) where were able to send the shutdown ?r command to the machine and it worked successfully 3) Up against a desktop running windows XP SP3 and TAM-ESSO RESULT: This desktop was not able to receive the shutdown ?r command as long as the TAM-ESSO login screen was active and nobody was logged on. - But when the desktop entered screensaver mode (still nobody was logged on) where were able to send the shutdown ?r command to the machine and it worked successfully - We then uninstalled SP3 on this desktop, and then this desktop machine was able to receive the shutdown ?r command 4) Up against a desktop running windows XP SP3 and TAM ESSO not installed 5) RESULT: This laptop was able to receive the shutdown ?r command and the test therefore was successful. It therefore seems that it has something with SP3 to do, and the security settings. Can it have something to do with the Gina files and Security settings in SP3 regarding this? The strange thing here is, that the problem does not exist when the machines are i screensaver mode, and is nobody logged on. 2. Also perform a remote shutdown with gui enabled - shutdown -i ANSWER: we also tried the shutdown -i in our test above. 3. Can you also supply your server and client event logs for the period of your testing ANSWER: We have taken a look at the logs, and there was nothing to see at the machines, which did not reboot with success. So therefore I have not uploaded the logfiles. 4. Can you also confirm the user being used to perform the shutdown and the local permissions this has on the client machine. ANSWER: The shutdown commands have been performed with several users, both an DOMAIN ADMIN user and an LOCAL ADMIN USER. We have tried the command with the parameter -f on several machines, and the result was the same. A summary of the test carried out is listed here: 1) A machine with XP Servicepack 3 and the AA installed RESULT: we are still not able til reboot the machine remotely. 2) A Machine with XP and SP2 and AA installed RESULT: we are able til reboot the machine remotely. 3) A Machine with XP, Servicepack 3 and the AA not installed RESULT: we are able to remotely reboot the machine. When a user is logged into windows and can see his desktop, the SHUTDOWM command works fine. on a XP SP3 machine. Steps to Duplicate: N/A Desired Behavior: For this situation to work Business impact ( BusImpact ) We are not able cannot continue with remote distribution of new software packages or updates for all systems after TAM-E-SSO is installed on the client machines Environment: Commands are you using to do the reboot - first SHUTDOWN -m \\name of machine -r, and then when package is installed SHUTDOWN -m \\name of the machine software are you using to do the remote install - using GPO push or similar to accomplish this Version of the Product - Client Access Agent vers. 8.0.1.0011, IMS Serververs. 8.0.1.0.10 OS the IMS Server is running on - Windows Server 2003 Standard SP2 OS the AccessAgent is running on - Windows XP SP3 Enterprise Directory - AD and yes we have IMS password synchronization enabled. Type of configuration is the AccessAgent - Personal Desktop Database - DB2 vers. 9.5.0.808
Local fix
N/A
Problem summary
Problem conclusion
Temporary fix
Comments
This APAR is a duplicate of IZ63198
APAR Information
APAR number
IZ66793
Reported component name
SSO ACCESS AGEN
Reported component ID
5724V67AG
Reported release
801
Status
CLOSED DUB
PE
NoPE
HIPER
NoHIPER
Special Attention
NoSpecatt
Submitted date
2009-12-15
Closed date
2009-12-31
Last modified date
2009-12-31
APAR is sysrouted FROM one or more of the following:
APAR is sysrouted TO one or more of the following:
Fix information
Applicable component levels
[{"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSZU8Q","label":"IBM Security Access Manager"},"Component":"","ARM Category":[],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"801","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}}]
Document Information
Modified date:
23 September 2020