Environment
Situation
NetIq Vulnerability Manager cannot access the iSeries agent.
Resolution
To check the agent connectivity:
- Verify that subsystem ZPSE in library PSCOMMON is active and it has at least job PSEAGENTD active.
From a command line, Enter command
WRKACTJOB SBS(ZPSE).If not active, please use command
STRSBS SBSD(PSCOMMON/ZPSE)to start the subsystem or call NetIQ Tech Support for further assistance. - Verify Licensing on your machine.
From a command line, Enter command
PSMENUand take option 80.Please note that there should be a Y in front of product VSM agent in order for the iSeries connectivity to work.
If this is not the case, please contact NETIQ Tech Support.
- Check PTFs for our product.
For V5R3 systems running VSAi v7.5, PTF 1C02008 or 1C02009 must be loaded and applied.
For systems lower than V5R3 running VSAi v7.5, PTF 1C02006 must be loaded and applied.
From a command line, Enter command
DSPPTF LICPGM(1PSC001).Please note if the PTFs for your appropriate level are present.
If the appropriate PTFs are not present, you can download them from the site noted below.
https://www.netiq.com/support/iseries/extended/hotfixes.asp For V5R3 systems running VSAi v7.5, the following objects of type *SRVPGM must exist in library QSYS: QYPPOC370, QZCCCP370, QZCCDA370, QZCCDB370, QZCCDQ370, QZCCPR370, and QZCCUS370.
From a command line, enter command
WRKOBJ OBJ(QSYS/QYPPOC370)and repeat for all service programs listed above.If not all present, review the Special Instructions portion of PTF 1C02008 or 1C02009 and complete the steps relative to obtaining the object noted form IBM. The object contains further instructions from IBM to complete the process. If still an issue, please contact NETIQ Tech Support.
- Make sure that there is a job listening on port 1622.
From a command line, Enter command
NETSTAT *CNNand press F14.Scroll down to local port 1622.
If not present, please contact NETIQ Tech support.
- Please check if users PSOBJOWN and PSOBJOWNS are *ENABLED.
From a command line, Enter command
WRKUSRPRF PSOBJOWN*and take option 5 for profile PSOBJOWN and PSOBJOWNS. Make sure they have status *ENABLED.If not enabled, please use Option 2 - change to enable these userprofiles or call NetIQ Tech Support for further assistance.
Please check if user PSOBJOWNS has all special authorities. User profile PSOBJOWNS should have Special authority = *ALLOBJ *AUDIT *IOSYSCFG *JOBCTL *SAVSYS *SECADM *SERVICE *SPLCTL
- Please check if the PSOBJOWN and PSOBJOWNS message queue's are present.
From a command line, Enter command
WRKOBJ OBJ(*ALL/PSOBJOWN*) OBJTYPE(*MSGQ). Two message queue's, PSOBJOWN and PSOBJOWNS should show up.Make sure you attempt this command using a user profile with sufficient authority.
Call NetIQ Tech Support for further assistance is these message queue's are not there.
Please check if the Agent subsystem jobqueues are released.Use command WRKJOBQ to verify that Jobqueue's ZPSE1 and ZPSE2 in library PSCOMMON are not held.
- Verify if the correct default authorities to our product are present.
From PSMENU, select option 70 (Utilities menu), select option 11 (Display PSAudit authorized users) and option 14 (Display PSCOMMON authorized users), and ensure user PSOBJOWNS has *ALL object authority and also List Mgt and that user PSOBJOWN has *CHANGE object authority.
- Check for 0.0.0.0 under the VigilEnt Agent Access Control.
From a command line, Enter command
PSMENUand take Options 70 and 3.Note if IP 0.0.0.0 is present.
If not present, please contact NETIQ Tech support.
- Check if QGPL is in the system library list.
Use command
WRKSYSVAL QSYSLIBLto verify that library QGPL is in the library list. If it is, please contact NETIQ Technical Support. - Check for 0.0.0.0 under the VigilEnt Agent Access Control.