Are there any other considerations for upgrading to VSAi version 7.5 that are not included in the In (NETIQKB55920)

  • 7755920
  • 02-Feb-2007
  • 25-Feb-2009

Environment

VigilEnt Security Agent for iSeries 7.5

Situation

Are there any other considerations for upgrading to VSAi version 7.5 that are not included in the Installation Guide?

Upgrade VigilEnt Security Agent for iSeries to version 7.5

Resolution

Supplemental Upgrade Instructions for the NetIQ VigilEnt Security Agent for iSeries (VSAi) version 7.5 to be used in conjunction with instructions found in the Installation Guide provided with the product.  

The upgrade must be done in restricted state.  

There may be some product files, such as PSAUDIT/ALPF01, that can be purged in advance to expedite the upgrade process. Check the size of that file and if necessary refer to knowledge base article NETIQKB30667 (https://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB30667 ) regarding how to regain disk space used by VSAi.  

Sometime prior to upgrade, check the following items in addition to the steps noted in the Installation Guide: 

  • User profiles PSOBJOWN and PSOBJOWNS should be Status = *ENABLED 
  • User profile PSOBJOWNS should have User Class = *SECOFR and corresponding Special Authorities (*ALLOBJ  *AUDIT   *IOSYSCFG  *JOBCTL  *SAVSYS  *SECADM  *SERVICE  *SPLCTL). 
  • Libraries PSAUDIT, PSCOMMON, PSDETECT, and PSSECURE, if they exist, should each contain at least one physical data file. 
  • If your iSeries O/S is V5R2 or higher and exit point QIBM_QTMT_WSG still exists, please remove it before upgrade to v7.5. Use command WRKREGINF QIBM_QTMT_WSG to check if exit point exists and if it does, refer to knowledge base article NETIQKB46825, which you can access using the following URL: https://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB46825

 Immediately prior to upgrade, check the following items: 

  • The CRTLIB command must have the ASP Number parameter set to 1. On the iSeries command line, type CRTLIB and press F4 to view the parameters.  If the ASP Number value is not set to 1, change it. To change the ASP Number value to 1, on the iSeries command line, type CHGCMDDFT CMD(QSYS/CRTLIB) NEWDFT('ASP(1)') and press Enter. You can change the ASP Number value back to the original value after the upgrade.

     

  • Note the value of system value QFRCCVNRST and change it to 1 (CHGSYSVAL QFRCCVNRST VALUE('1'). Make note to change it to its original value after the install or upgrade. 

  • Note the value of system value QALWOBJRST before and after the install as the installation program changes it to *ALWPGMADP. 
  • There should be ABSOLUTELY NO LOCKS on product libraries. To check for locks:  
WRKOBJLCK OBJ(PSAUDIT) OBJTYPE(*LIB)
WRKOBJLCK OBJ(PSCOMMON) OBJTYPE(*LIB)
WRKOBJLCK OBJ(PSDETECT) OBJTYPE(*LIB)
WRKOBJLCK OBJ(PSSECURE) OBJTYPE(*LIB)  

  • If you use Help/Systems? Robot Job Scheduler, list the Robot scheduled jobs because the upgrade may hold some Robot jobs. After the upgrade, list the Robot jobs again and compare to the pre-upgrade listing to determine if any jobs were held so you can release them. 
  • Change the job description specified in user profile of the person who will run the install or upgrade to specify INQMSGRPY(*RQD) LOG(4 0 *MSG) LOGCLPGM(*YES). Be sure to revert to original values .
    after completion of install or upgrade. 
When you reach the installation step which requires running command PSINSTALL, be sure to prompt it with F4 and change the ?Submit install to batch? (BATCH) parameter to ?*YES?. There have been instances of problems attempting to upgrade interactively. You may need to start a batch subsystem to run the upgrade job (PSINSTALL).  

If the upgrade process issues inquiry message CPA3DD6 ("Library XXXXXXXXXX not registered to product 1PSxxxx?" or CPA3DE4 (?Directory not registered. (C G)?), please reply with ?G?.  

The upgrade will install all products and their corresponding libraries (PSAudit, PSSecure, PSDetect, and PSPasswordManager).  

When upgrading from v5.3/6.3, the RRM approved entries (rules) are not automatically migrated. They require a separate step ? refer to the Installation Guide.  

When upgrading from v5.4/7.0 (or from v5.3/6.3 with 1X01355), the RRM exit point configuration will be retained.  

After upgrade: 

  • All products will have a 30-day temporary license. After the 30 days expire, products will revert to original licensing. 
  • After the upgrade to v7.5, be sure to load and apply v7.5 PTFs that are applicable to your installation.  
1A02001 - resolves an issue where Data Auditing and Reporting (DAR) displays the error ?The call to FFD ended in error (C G D F)? from the Work with Files screen.   

1A02002 - resolves an issue where the DAR Changed Data Report (DDRPT) generates the error ?The call to CEEGTST ended in error (C G D F).? 

1A02003 - resolves an issue where the System Auditing and reporting Database Load does not update library QSYS and new libraries are not included on reports.  

1C02003 - resolves an issue where the PSCYCLESVR command did not end the QSERVER subsystem and the error ?Parameter OPTION specified more than once" was returned. 

1C02004 - resolves an issue where editing Secured or What If entries using the F4 (Prompt) feature causes an error. This PTF also resolves an issue where an error occurs if you edit two or more Secured Entries consecutively.  

1C02005 - resolves an issue where the Purchase and Demo screen is displayed when users who have a permanent PSAudit license code applied select Option 1 (PSAudit) from the NetIQ Product Access Menu.    

1C02006 ? This is a High-Impact Pervasive (HIPER) PTF for the VSAi Communication Agent, which processes requests from VigilEnt Security Manager (VSM), VigilEnt Password Manager (VPM), and VigilEnt Log Analyzer (VLA).  If you use VSM, VPM, or VLA, apply this PTF to your system at the earliest opportunity.  NOTE: This PTF is superceded by PTF 1C02009 (below) for OS version V5R3.  Do not apply 1C02006 if you are already on V5R3.  If you do apply it prior to going to V5R3, it must be applied permanently before attempting to apply 1C02009.  

This PTF resolves an issue that causes communications to fail if the ?Packet Signatures? setting in the PSEnterprise Agent Configuration (PSECONFIG) is set to ?Y? on the iSeries server.  All iSeries tasks and reports will return the error, ?Unexpected End of File ?1?, as a result of this communication failure.   

This PTF also resolves an issue where some iSeries tasks fail in VSM, VPM, and VLA and return the error ?Unexpected End of File ?1? regardless of the ?Packet Signatures? setting.   

G>1C02007 - resolves an issue where transactions with any segment of the path beginning with an asterisk (*) or percent sign (%) collect the subsequent path segments with an asterisk for the object or member name instead of the actual name. A path segment should only be collected with an * as the library, object, or member name if the first character of that segment is an * or %.   

This PTF also resolves an issue where collected entries display an asterisk for the object or member name if the object the transaction is attempting to access does not exist on the system.   

1C02009 - resolves an issue where the Agent Communication (ZPSE) Subsystem is active on i5/OS (V5R3), but no jobs are running. If you do not apply this PTF, the Agent Communication (ZPSE) Subsystem cannot enable communication between VSA for iSeries 7.5 on i5/OS (V5R3) and other NetIQ Enterprise products. 

This PTF also resolves an issue where VigilEnt Password Manager displays error CEE9901 when users change their passwords from the Self-Service menu. This error occurs when the VigilEnt Security Agent (VSA) for iSeries 7.5 is running on i5/OS (V5R3). 

This PTF also resolves an issue where the Remote Request Management Collected Entries report does not complete normally on an i5/OS (V5R3) system.

Subsystem ZPSE must be ended prior to installing PTF 1C02009.  

PLEASE NOTE THE SECTION "SPECIAL INSTRUCTIONS/NOTES" IN THE COVER LETTER FOR PTF 1C02009 - IT ALSO REQUIRES DOWNLOADING SERVICE PROGRAMS FROM AN IBM WEB SITE.

1C02010 - resolves a Remote Request Management (RRM) issue where swap profiles defined in RRM rules are ignored for FTP transactions on V5R3 systems.  On servers that have IBM PTF SI14206 applied, this PTF also resolves an issue where FTP transactions generate error message :"PSCOMMON/NW0032E TYPE PGM MUST BE CHANGED IN THE NEXT 99 DAYS. THE LENGTH AND CCSID PARAMETERS MUST BE ADDED ON THE CALL TO API QSYGETPH.". 

1C02012 - addresses potential level check issues in the NetIQ Security Solutions for iSeries products after applying operating system level PTFs on V5R1, V5R2, or V5R3. These errors can occur throughout the NetIQ Security Solutions for iSeries products, but are specifically found in the PSAudit SQL/QRY Auditing feature and in the PSSecure Remote Request Management Work with Secured Entries and Work with Collected Entries screens. If you have not received level check errors in the NetIQ Security Solutions for iSeries products, you do not need to apply this PTF. 

1S02000 - allows the Object Authority Management (OAM) Non-Compliance Report and compliance job to run regardless of the QSECOFR user profile status.  

1S02001 - corrects the following issues with SFE (Secure File Editor):

      • Pressing F6 from the Maintain File Authorities screen does not access a window to add a record.
      • Opening or paging down to the end of a file generates the error ?MCH1210 Receiver value too small to hold result.?
      • Paging down through a file generates the error ?Pointer not set for location referenced.?
      • Editing a packed data field corrupts data in other packed data fields.
      • Editing tables, files, or views containing 1billion or more records or rows generates an error. The maximum size of a table, file, or view is 999,999,999. 

1S02002 - resolves an issue where accessing a file through Secure File Editor (SFE) on a server running i5/OS (V5R3) returns a session or device error message.

.

1S02003 - allows the Object Authority Management (OAM) Non-Compliance Report and compliance job to run using the STROAMAPI command regardless of the QSECOFR user profile status.

PTFs may be downloaded from the site noted below (registration required).

https://www.netiq.com/support/iseries/extended/hotfixes.asp

Select VigilEnt Security Agent for iSeries in the pull-down list of "View by Product".

Open each downloaded PTF zip file and follow the instructions in each PTF cover letter (XXXXXXXcover.doc or XXXXXXXcover.htm) 
  • RRM exit programs are automatically re-installed by the upgrade process (if they were installed prior to the upgrade). If prior to the upgrade the subsystem QSERVER and the host servers for *FILE and *DATABASE were ended either manually or by entering restricted state, then RRM will be ready to use when you start the system (IPL or re-start subsystems). 
  • Before restarting your system or to prepare the software for use, run the following 3 commands from a command entry line: 
ADDLIBLE PSCOMMON
CALL NW0099E
CALL NW0089C

Program NW0099E sets pointers to user indexes.
Program NW0089C attaches trigger programs to files. 
  • You should not delete any installed licensed programs for products 1PS*.

.


Additional Information

Formerly known as NETIQKB55920

Feedback service temporarily unavailable. For content questions or problems, please contact Support.