Supplemental Install Instructions for the NetIQ VigilEnt Security Agent for iSeries (VSAi) v7.5 to be used in conjunction with instructions found in the Installation Guide provided with the product. Some time prior to installation, check the following items in addition to the steps noted in the Installation Guide:
- If your iSeries O/S is V5R2 or higher and exit point QIBM_QTMT_WSG still exists, please remove it before installing v7.5. Use command WRKREGINF QIBM_QTMT_WSG to check if exit point exists and if it does, refer to knowledge base article NETIQKB46825, which you can access using the following URL: https://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB46825 .
- If the VSAi was ever installed but not completely uninstalled, the installation process may instead attempt to upgrade. To check for remnant objects, at a command entry line, run command
WRKLIB PS*. The VSAi libraries are PSAUDIT, PSCOMMON, PSDETECT, PSINSTALL, and PSSECURE. These should be deleted if you intend to do an install of VSAi, as opposed to an upgrade.
- Delete directories ?reportlet? and ?pentasafe? from IFS root, as well as sub-directory PENTASAFE.SECURITY from
/QIBM/UserData/GUIPlugin. If you intend to do an install of VSAi, as opposed to an upgrade, use option 4 (=Remove) after running each command below.
If the install process issues inquiry message CPA3DD6 Library XXXXXXXXXX not registered to product 1PSxxxx...or CPA3DE4 Directory not registered. (C G), please reply with 'G'.
- Note the value of system value
QALWOBJRSTbefore and after the install as the installation program might change it.
- Note the value of system value
QFRCCVNRSTand change it to
1 (CHGSYSVAL QFRCCVNRST VALUE('1'). Make note to change it to its original value after the install or upgrade.
- If you use Help/Systems? Robot Job Scheduler, list the Robot scheduled jobs because the install may hold some Robot jobs. After the install, list the Robot jobs again and compare to the pre-install listing to determine if any jobs were held so you can release them.
- Change the job description specified in user profile of the person who will run the install or upgrade to specify
INQMSGRPY(*RQD) LOG(4 0 *MSG) LOGCLPGM(*YES). Be sure to revert to original values after completion of install.
PSINSTALL, be sure to prompt it with F4 and change the ?Submit install to batch? (BATCH) parameter to ?*YES?. There have been instances of problems attempting to install interactively when a workstation device has an I/O error. You may need to start a batch subsystem to run the install job (PSINSTALL). The installation process will install all products and their corresponding libraries (PSAudit, PSSecure, PSDetect, and PSPasswordManager). After install:
- All products will have a 30-day temporary license. After the 30 days expire, products will revert to original licensing.
- After the install of v7.5, be sure to load and apply v7.5 PTFs that are applicable to your installation.
1A02001 - resolves an issue where Data Auditing and Reporting (DAR) displays the error ?The call to FFD ended in error (C G D F)? from the Work with Files screen.
1A02002 - resolves an issue where the DAR Changed Data Report (DDRPT) generates the error ?The call to CEEGTST ended in error (C G D F).?
1A02003 - resolves an issue where the System Auditing and reporting Database Load does not update library QSYS and new libraries are not included on reports.
1C02003 - resolves an issue where the
PSCYCLESVRcommand did not end the QSERVER subsystem and the error ?Parameter OPTION specified more than once" was returned.
1C02004 - resolves an issue where editing Secured or What If entries using the F4 (Prompt) feature causes an error. This PTF also resolves an issue where an error occurs if you edit two or more Secured Entries consecutively.
1C02005 - resolves an issue where the Purchase and Demo screen is displayed when users who have a permanent PSAudit license code applied select Option 1 (PSAudit) from the NetIQ Product Access Menu.
1C02006 ? This is a High-Impact Pervasive (HIPER) PTF for the VSAi Communication Agent, which processes requests from VigilEnt Security Manager (VSM), VigilEnt Password Manager (VPM), and VigilEnt Log Analyzer (VLA). If you use VSM, VPM, or VLA, apply this PTF to your system at the earliest opportunity. NOTE: This PTF is superceded by PTF 1C02009 (below) for OS version V5R3. Do not apply 1C02006 if you are already on V5R3. If you do apply it prior to going to V5R3, it must be applied permanently before attempting to apply 1C02009.
This PTF resolves an issue that causes communications to fail if the ?Packet Signatures? setting in the PSEnterprise Agent Configuration (PSECONFIG) is set to ?Y? on the iSeries server. All iSeries tasks and reports will return the error, ?Unexpected End of File ?1?, as a result of this communication failure.
This PTF also resolves an issue where some iSeries tasks fail in VSM, VPM, and VLA and return the error ?Unexpected End of File ?1? regardless of the ?Packet Signatures? setting. 1C02007 - resolves an issue where transactions with any segment of the path beginning with an asterisk (*) or percent sign (%) collect the subsequent path segments with an asterisk for the object or member name instead of the actual name. A path segment should only be collected with an * as the library, object, or member name if the first character of that segment is an * or %. This PTF also resolves an issue where collected entries display an asterisk for the object or member name if the object the transaction is attempting to access does not exist on the system. 1C02009 - resolves an issue where the Agent Communication (ZPSE) Subsystem is active on i5/OS (V5R3), but no jobs are running. If you do not apply this PTF, the Agent Communication (ZPSE) Subsystem cannot enable communication between VSA for iSeries 7.5 on i5/OS (V5R3) and other NetIQ Enterprise products. This PTF also resolve.
s an issue where VigilEnt Password Manager displays error CEE9901 when users change their passwords from the Self-Service menu. This error occurs when the VigilEnt Security Agent (VSA) for iSeries 7.5 is running on i5/OS (V5R3). This PTF also resolves an issue where the Remote Request Management Collected Entries report does not complete normally on an i5/OS (V5R3) system. Subsystem ZPSE must be ended prior to installing PTF 1C02009.
PLEASE NOTE THE SECTION "SPECIAL INSTRUCTIONS/NOTES" IN THE COVER LETTER FOR PTF 1C02009 - IT ALSO REQUIRES DOWNLOADING SERVICE PROGRAMS FROM AN IBM WEB SITE.
1C02010 - resolves a Remote Request Management (RRM) issue where swap profiles defined in RRM rules are ignored for FTP transactions on V5R3 systems. On servers that have IBM PTF SI14206 applied, this PTF also resolves an issue where FTP transactions generate error message :"PSCOMMON/NW0032E TYPE PGM MUST BE CHANGED IN THE NEXT 99 DAYS. THE LENGTH AND CCSID PARAMETERS MUST BE ADDED ON THE CALL TO API QSYGETPH.".
1C02012 - addresses potential level check issues in the NetIQ Security Solutions for iSeries products after applying operating system level PTFs on V5R1, V5R2, or V5R3. These errors can occur throughout the NetIQ Security Solutions for iSeries products, but are specifically found in the PSAudit SQL/QRY Auditing feature and in the PSSecure Remote Request Management Work with Secured Entries and Work with Collected Entries screens. If you have not received level check errors in the NetIQ Security Solutions for iSeries products, you do not need to apply this PTF.1S02000 - allows the Object Authority Management (OAM) Non-Compliance Report and compliance job to run regardless of the QSECOFR user profile status. 1S02001 - corrects the following issues with SFE (Secure File Editor):
- Pressing F6 from the Maintain File Authorities screen does not access a window to add a record.
- Opening or paging down to the end of a file generates the error ?MCH1210 Receiver value too small to hold result.?
- Paging down through a file generates the error ?Pointer not set for location referenced.?
- Editing a packed data field corrupts data in other packed data fields.
- Editing tables, files, or views containing 1 billion or more records or rows generates an error. The maximum size of a table, file, or view is 999,999,999.
1S02002 - resolves an issue where accessing a file through Secure File Editor (SFE) on a server running i5/OS (V5R3) returns a session or device error message.
1S02003 - allows the Object Authority Management (OAM) Non-Compliance Report and compliance job to run using the STROAMAPI command regardless of the QSECOFR user profile status.
PTFs may be downloaded from the site noted below (registration required).
Open each downloaded PTF zip file and follow the instructions in each PTF cover letter (
- Before restarting your system, run the following 3 co.
mmands from a command entry line:
ADDLIBLE PSCOMMON CALL NW0099E CALL NW0089CProgram NW0099E sets pointers to user indexes. Program NW0089C attaches trigger programs to files.
- You should not delete any installed licensed programs for products 1PS*.