Environment
NetIQ Security Solutions for iSeries
VigilEnt Security Agent for iSeries 7.5
Remote Request Management (RRM)
Situation
When I open file NW0004F, I receive error message CPF4131.
Error: ?Level check on file &2 in library &3 with member &4.?
Resolution
NetIQ Security Solutions for iSeries PTFs 1C02012 (version 7.5) and 1C03009 (version 8.0) address potential level check issues after applying operating system level PTFs on V5R1, V5R2, or V5R3. If you have not received level check errors in the NetIQ Security Solutions for iSeries products, you do not need to apply PTF 1C02012 or 1C03009. Please note you must install PTF 1C02012 or 1C03009 in restricted state to prevent file allocation issues.
PTFs 1C02012 and 1C03009 are available on the 7.5 and 8.0 tabs at https://www.netiq.com/support/iseries/extended/hotfixes.asp
If you cannot download and install these PTFs, you can use the following workaround to turn off level checking on physical or logical files created by SQL or any logical file over a physical file created by SQL. This workaround restores RRM functionality. PTFs 1C02012 and 1C03009 address more files than those included in the workaround.
To turn off level checking:
- End the ZPSSMON subsystem by typing
ENDSBS ZPSSMON
on the command line and pressing Enter. - Remove NetIQ exit programs from all exit points by performing the following steps:
- From the NetIQ Product Access Menu, type
2
(PSSecure) and press Enter. - Type
3
(Remote Request Management) and press Enter. - Type
8
(Work with Exit Points) and press Enter. - Type
4
(Rmv Exit) in the option field to the left of exit point DDMACC and pressF13
(Repeat). - Press Enter.
- From the NetIQ Product Access Menu, type
- Cycle your remote servers by performing the following steps. Cycling your remote servers may impact users on the system, end connections to mapped drives, end ODBC connections, and end active file transfer jobs.
- From the NetIQ Product Access Menu, type
2
(PSSecure) and press Enter. - Type
3
(Remote Request Management) and press Enter. - Type
30
(Manage RRM) and press Enter. - type
3
(Cycle Remote Servers) and press Enter. - Type
*DATABASE
and press Tab. - Type
*FILE
and press F9. - In the All ending subsystems field, type
QSERVER
and press Enter.
- From the NetIQ Product Access Menu, type
- Save the attached file to the root of your PC?s local drive (C:\). Download the file from https://download.netiq.com/kb/files/NETIQKB50532_file1.txt.
- Copy the file from the PC to the iSeries using FTP:
- Open a new DOS or command window.
- Type the following command substituting the name of the iSeries server for [system name]. The iSeries IP (internet address) can be used instead of the system name.
FTP [system-name]
- Type a user id at the FTP prompt, press Enter.
- Type the password at the FTP prompt, press Enter.
- Type the following FTP commands:
put c:\RMVLVLCHK.txt QGPL/QCLSRC.RMVLVLCHK
quit
- Set the correct attributes for the source member by issuing the following command:
CHGPFM FILE(QGPL/QCLSRC) MBR(RRMLVLCHK) SRCTYPE(CLP) TEXT(?Remove level check on RRM files in PSCOMMON')
- Create file DSPFD in QTEMP for the compilation to work by issuing the following command:
DSPFD FILE(PSAUDIT/*ALL) TYPE(*BASATR) OUTPUT(*OUTFILE) OUTFILE(QTEMP/DSPFD) OUTMBR(*FIRST *ADD)
- Create the program supplied by issuing the following command:
CRTCLPGM QGPL/RMVLVLCHK QGPL/QCLSRC
Do not compile the program in BATCH mode.
- Delete the DSPFD file in QTEMP by issuing the following command:
DLTF FILE(QTEMP/DSPFD)
- .
Run the program by issuing the following command:CALL QGPL/RMVLVLCHK
- Add NetIQ exit programs to all exit points by performing the following steps:
- From the NetIQ Product Access Menu, type
2
(PSSecure) and press Enter. - Type
3
(Remote Request Management) and press Enter. - Type
8
(Work with Exit Points) and press Enter. - Type
1
(Install Exit) in the option field to the left of exit point DDMACC and pressF13
(Repeat). - Press Enter.
- From the NetIQ Product Access Menu, type
- Cycle your remote servers by performing the following steps. Cycling your remote servers may impact users on the system, end connections to mapped drives, end ODBC connections, and end active file transfer jobs.
- From the NetIQ Product Access Menu, type
2
(PSSecure) and press Enter. - Type
3
(Remote Request Management) and press Enter. - Type
30
(Manage RRM) and press Enter. - type
3
(Cycle Remote Servers) and press Enter. - Type
*DATABASE
and press Tab. - Type
*FILE
and press F9. - In the All ending subsystems field, type
QSERVER
and press Enter.
- From the NetIQ Product Access Menu, type
- Start the ZPSSMON subsystem by typing
STRSBS SBD(PSCOMMON/ZPSSMON) on the command line and pressing Enter.
fix
NetIQ has created a workaround to temporarily turn off level checking on physical or logical files created by SQL or any logical file over a physical file created by SQL. This workaround restores RRM functionality. NetIQ is currently researching a permanent solution.
To turn off level checking:
- End the ZPSSMON subsystem by typing
ENDSBS ZPSSMON
on the command line and pressing Enter. - Remove NetIQ exit programs from all exit points by performing the following steps:
- From the NetIQ Product Access Menu, type
2
(PSSecure) and press Enter. - Type
3
(Remote Request Management) and press Enter. - Type
8
(Work with Exit Points) and press Enter. - Type
4
(Rmv Exit) in the option field to the left of exit point DDMACC and pressF13
(Repeat). - Press Enter.
- From the NetIQ Product Access Menu, type
- Cycle your remote servers by performing the following steps. Cycling your remote servers may impact users on the system, end connections to mapped drives, end ODBC connections, and end active file transfer jobs.
- From the NetIQ Product Access Menu, type
2
(PSSecure) and press Enter. - Type
3
(Remote Request Management) and press Enter. - Type
30
(Manage RRM) and press Enter. - type
3
(Cycle Remote Servers) and press Enter. - Type
*DATABASE
and press Tab. - Type
*FILE
and press F9. - In the All ending subsystems field, type
QSERVER
and press Enter.
- From the NetIQ Product Access Menu, type
- Save the attached file to the root of your PC?s local drive (C:\). Download the file from https://download.netiq.com/kb/files/NETIQKB50532_file1.txt.
- Copy the file from the PC to the iSeries using FTP:
- Open a new DOS or command window.
- Type the following command substituting the name of the iSeries server for [system name]. The iSeries IP (internet address) can be used instead of the system name.
FTP [system-name]
- Type a user id at the FTP prompt, press Enter.
- Type the password at the FTP prompt, press Enter.
- Type the following FTP commands:
put c:\RMVLVLCHK.txt QGPL/QCLSRC.RMVLVLCHK
quit
- Set the correct attributes for the source member by issuing the following command:
CHGPFM FILE(QGPL/QCLSRC) MBR(RRMLVLCHK) SRCTYPE(CLP) TEXT(?Remove level check on RRM files in PSCOMMON')
- Create file DSPFD in QTEMP for the compilation to work by issuing the following command:
DSPFD FILE(PSAUDIT/*ALL) TYPE(*BASATR) OUTPUT(*OUTFILE) OUTFILE(QTEMP/DSPFD) OUTMBR(*FIRST *ADD)
- Create the program supplied by issuing the following command:
CRTCLPGM QGPL/RMVLVLCHK QGPL/QCLSRC
Do not compile the program in BATCH mode.
- Delete the DSPFD file in QTEMP by issuing the following command:
DLTF FILE(QTEMP/DSPFD)
- Run the program by issuing the following command:
CALL QGPL/RMVLVLCHK
- Add NetIQ exit programs to all exit points by performing the following steps:
- From the NetIQ Product Access Menu, type
2
(PSSecure) and press Enter. - Type
3
(Remote Request Management) and press Enter. - Type
8
(Work with Exit Points) and press Enter. - Type
1
(Install Exit) in the option field to the left of exit point DDMACC and pressF13
(Repeat). - Press Enter.
- From the NetIQ Product Access Menu, type
- Cycle your remote servers by performing the following steps. Cycling your remote servers may impact users on the system, end connections to mapped drives, end ODBC conn.
ections, and end active file transfer jobs.- From the NetIQ Product Access Menu, type
2
(PSSecure) and press Enter. - Type
3
(Remote Request Management) and press Enter. - Type
30
(Manage RRM) and press Enter. - type
3
(Cycle Remote Servers) and press Enter. - Type
*DATABASE
and press Tab. - Type
*FILE
and press F9. - In the All ending subsystems field, type
QSERVER
and press Enter.
- From the NetIQ Product Access Menu, type
- Start the ZPSSMON subsystem by typing
STRSBS SBD(PSCOMMON/ZPSSMON) on the command line and pressing Enter.
Cause
Due to an OS/400 PTF released by IBM, the CRTDUPOBJ/RSTLIB/RSTOBJ functionalities do not replicate the file identifiers from a physical or logical file created by SQL or any logical file over a physical file created by SQL.
If you run the upgrade or installation of VigilEnt Security Agent for iSeries version 7.5 or NetIQ Security Solutions for iSeries version 8.0 or if you restore library PSCOMMON or an individual RRM file while the IBM PTF is applied, you cannot use some RRM functionality.