Upgrade VigilEnt Security Agent for iSeries to version 7.5
- User profiles PSOBJOWN and PSOBJOWNS should be Status = *ENABLED
- User profile PSOBJOWNS should have User Class = *SECOFR and corresponding Special Authorities (*ALLOBJ *AUDIT *IOSYSCFG *JOBCTL *SAVSYS *SECADM *SERVICE *SPLCTL).
- Libraries PSAUDIT, PSCOMMON, PSDETECT, and PSSECURE, if they exist, should each contain at least one physical data file.
- If your iSeries O/S is V5R2 or higher and exit point QIBM_QTMT_WSG still exists, please remove it before upgrade to v7.5. Use command WRKREGINF QIBM_QTMT_WSG to check if exit point exists and if it does, refer to knowledge base article NETIQKB46825, which you can access using the following URL: https://www.netiq.com/kb/esupport/consumer/esupport.asp?id=NETIQKB46825
Immediately prior to upgrade, check the following items:
- The CRTLIB command must have the ASP Number parameter set to 1. On the iSeries command line, type
CRTLIBand press F4 to view the parameters. If the ASP Number value is not set to
1, change it. To change the ASP Number value to 1, on the iSeries command line, type
CHGCMDDFT CMD(QSYS/CRTLIB) NEWDFT('ASP(1)')and press Enter. You can change the ASP Number value back to the original value after the upgrade.
Note the value of system value QFRCCVNRST and change it to 1 (CHGSYSVAL QFRCCVNRST VALUE('1'). Make note to change it to its original value after the install or upgrade.
- Note the value of system value QALWOBJRST before and after the install as the installation program changes it to *ALWPGMADP.
- There should be ABSOLUTELY NO LOCKS on product libraries. To check for locks:
WRKOBJLCK OBJ(PSAUDIT) OBJTYPE(*LIB)
WRKOBJLCK OBJ(PSCOMMON) OBJTYPE(*LIB)
WRKOBJLCK OBJ(PSDETECT) OBJTYPE(*LIB)
WRKOBJLCK OBJ(PSSECURE) OBJTYPE(*LIB)
- If you use Help/Systems? Robot Job Scheduler, list the Robot scheduled jobs because the upgrade may hold some Robot jobs. After the upgrade, list the Robot jobs again and compare to the pre-upgrade listing to determine if any jobs were held so you can release them.
- Change the job description specified in user profile of the person who will run the install or upgrade to specify INQMSGRPY(*RQD) LOG(4 0 *MSG) LOGCLPGM(*YES). Be sure to revert to original values .
after completion of install or upgrade.
- All products will have a 30-day temporary license. After the 30 days expire, products will revert to original licensing.
- After the upgrade to v7.5, be sure to load and apply v7.5 PTFs that are applicable to your installation.
1A02001 - resolves an issue where Data Auditing and Reporting (DAR) displays the error ?The call to FFD ended in error (C G D F)? from the Work with Files screen.
1A02002 - resolves an issue where the DAR Changed Data Report (DDRPT) generates the error ?The call to CEEGTST ended in error (C G D F).?
1A02003 - resolves an issue where the System Auditing and reporting Database Load does not update library QSYS and new libraries are not included on reports.1C02003 - resolves an issue where the PSCYCLESVR command did not end the QSERVER subsystem and the error ?Parameter OPTION specified more than once" was returned. 1C02004 - resolves an issue where editing Secured or What If entries using the F4 (Prompt) feature causes an error. This PTF also resolves an issue where an error occurs if you edit two or more Secured Entries consecutively. 1C02005 - resolves an issue where the Purchase and Demo screen is displayed when users who have a permanent PSAudit license code applied select Option 1 (PSAudit) from the NetIQ Product Access Menu. 1C02006 ? This is a High-Impact Pervasive (HIPER) PTF for the VSAi Communication Agent, which processes requests from VigilEnt Security Manager (VSM), VigilEnt Password Manager (VPM), and VigilEnt Log Analyzer (VLA). If you use VSM, VPM, or VLA, apply this PTF to your system at the earliest opportunity. NOTE: This PTF is superceded by PTF 1C02009 (below) for OS version V5R3. Do not apply 1C02006 if you are already on V5R3. If you do apply it prior to going to V5R3, it must be applied permanently before attempting to apply 1C02009. This PTF resolves an issue that causes communications to fail if the ?Packet Signatures? setting in the PSEnterprise Agent Configuration (PSECONFIG) is set to ?Y? on the iSeries server. All iSeries tasks and reports will return the error, ?Unexpected End of File ?1?, as a result of this communication failure. This PTF also resolves an issue where some iSeries tasks fail in VSM, VPM, and VLA and return the error ?Unexpected End of File ?1? regardless of the ?Packet Signatures? setting.
G>1C02007 - resolves an issue where transactions with any segment of the path beginning with an asterisk (*) or percent sign (%) collect the subsequent path segments with an asterisk for the object or member name instead of the actual name. A path segment should only be collected with an * as the library, object, or member name if the first character of that segment is an * or %. This PTF also resolves an issue where collected entries display an asterisk for the object or member name if the object the transaction is attempting to access does not exist on the system. 1C02009 - resolves an issue where the Agent Communication (ZPSE) Subsystem is active on i5/OS (V5R3), but no jobs are running. If you do not apply this PTF, the Agent Communication (ZPSE) Subsystem cannot enable communication between VSA for iSeries 7.5 on i5/OS (V5R3) and other NetIQ Enterprise products. This PTF also resolves an issue where VigilEnt Password Manager displays error CEE9901 when users change their passwords from the Self-Service menu. This error occurs when the VigilEnt Security Agent (VSA) for iSeries 7.5 is running on i5/OS (V5R3). This PTF also resolves an issue where the Remote Request Management Collected Entries report does not complete normally on an i5/OS (V5R3) system. Subsystem ZPSE must be ended prior to installing PTF 1C02009.
PLEASE NOTE THE SECTION "SPECIAL INSTRUCTIONS/NOTES" IN THE COVER LETTER FOR PTF 1C02009 - IT ALSO REQUIRES DOWNLOADING SERVICE PROGRAMS FROM AN IBM WEB SITE.
1C02010 - resolves a Remote Request Management (RRM) issue where swap profiles defined in RRM rules are ignored for FTP transactions on V5R3 systems. On servers that have IBM PTF SI14206 applied, this PTF also resolves an issue where FTP transactions generate error message :"PSCOMMON/NW0032E TYPE PGM MUST BE CHANGED IN THE NEXT 99 DAYS. THE LENGTH AND CCSID PARAMETERS MUST BE ADDED ON THE CALL TO API QSYGETPH.".
1C02012 - addresses potential level check issues in the NetIQ Security Solutions for iSeries products after applying operating system level PTFs on V5R1, V5R2, or V5R3. These errors can occur throughout the NetIQ Security Solutions for iSeries products, but are specifically found in the PSAudit SQL/QRY Auditing feature and in the PSSecure Remote Request Management Work with Secured Entries and Work with Collected Entries screens. If you have not received level check errors in the NetIQ Security Solutions for iSeries products, you do not need to apply this PTF.1S02000 - allows the Object Authority Management (OAM) Non-Compliance Report and compliance job to run regardless of the QSECOFR user profile status. 1S02001 - corrects the following issues with SFE (Secure File Editor):
- Pressing F6 from the Maintain File Authorities screen does not access a window to add a record.
- Opening or paging down to the end of a file generates the error ?MCH1210 Receiver value too small to hold result.?
- Paging down through a file generates the error ?Pointer not set for location referenced.?
- Editing a packed data field corrupts data in other packed data fields.
- Editing tables, files, or views containing 1billion or more records or rows generates an error. The maximum size of a table, file, or view is 999,999,999.
1S02002 - resolves an issue where accessing a file through Secure File Editor (SFE) on a server running i5/OS (V5R3) returns a session or device error message..
1S02003 - allows the Object Authority Management (OAM) Non-Compliance Report and compliance job to run using the STROAMAPI command regardless of the QSECOFR user profile status.
PTFs may be downloaded from the site noted below (registration required).
https://www.netiq.com/support/iseries/extended/hotfixes.asp Select VigilEnt Security Agent for iSeries in the pull-down list of "View by Product". Open each downloaded PTF zip file and follow the instructions in each PTF cover letter (XXXXXXXcover.doc or XXXXXXXcover.htm)
- RRM exit programs are automatically re-installed by the upgrade process (if they were installed prior to the upgrade). If prior to the upgrade the subsystem QSERVER and the host servers for *FILE and *DATABASE were ended either manually or by entering restricted state, then RRM will be ready to use when you start the system (IPL or re-start subsystems).
- Before restarting your system or to prepare the software for use, run the following 3 commands from a command entry line:
CALL NW0089C Program NW0099E sets pointers to user indexes.
Program NW0089C attaches trigger programs to files.
- You should not delete any installed licensed programs for products 1PS*.