Environment
Fact: NetIQ Security Solutions for iSeries 8.0
Fact: G1C03002
Fact NetIQ Secure Configuration Manager 5.6
Situation
Symptom: Error Core Services: The policy template or security check does not apply to this endpoint" is returned after submitting iSeries custom checks
Symptom: Cannot run any custom checks on my iSeries agent
Symptom: My iSeries agent does return results for iSeries custom check even though group PTF G1C03002 is installed.
Goal: How do I clear the SCM domain key on my iSeries system?
Goal: I need to reregister my iSeries agents in SCM, how do I proceed?
Symptom: Cannot run any custom checks on my iSeries agent
Symptom: My iSeries agent does return results for iSeries custom check even though group PTF G1C03002 is installed.
Goal: How do I clear the SCM domain key on my iSeries system?
Goal: I need to reregister my iSeries agents in SCM, how do I proceed?
Resolution
Fix
To reregister the iSeries agent using SCM 5.6 use the following steps:
On your SCM console:
- Open the Vulnerability Manager client.
- Expand IT Assets, Click on Managed Systems On the right side of the screen, the "List of computers that have been added to the asset map" list shows up.
- Right click on the iSeries system in question and select Delete.
- Click Yes when the "Are you sure you want to delete" dialogue box pops up.
- Click Yes when the "Delete Agent" dialogue box pops up.
The iSeries agent is now deleted.
On the iSeries agent machine:
From a command line run the following commands:
- ADDLIBLE PSCOMMON
- PSRUNSQL REQUEST('DELETE FROM pscommon/pseguids WHERE TYPEID = 801 or (TYPEID > 52000000 and TYPEID < 53000000)') CONFIRM(*NO)
- QSH
On the QSH Command Entry screen, run the following commands:
- cd /pentasafe/vsa/cmnagent/script
- resetagent
Press F3 to exit back to the command line.
Then run commands:
- ENDSBS ZPSE
- STRSBS PSCOMMON/ZPSE
On your SCM console:
- Right click on Managed Systems and select Manage system. The Manage system System Definition dialogue box should show up.
- Put in the system name in the Name field and change Type to iSeries. If the System name used is in your DNS host table or the host table on your PC, then you can try an IP lookup. If the IP lookup yields error "Host is not found", then you will have specify the hostname and IP address manually.
- Click on next.
- On the Manage system Register Agent screen, select option "Use local agent already install on this system" leaving the *IP port option to 1622.
- Click on Next.
- On the Manage system Add to End point screen, select the "Add end point to group" option is you want to add the iSeries endpoint to another group in addition to the iSeries group under "Managed Groups"
- Click on Finish.
The iSeries agent is now registered and available for reporting.
Additional Information
Formerly known as NETIQKB55765