What are the Security Solutions for iSeries V 8.0 system requirements for upgrading to IBM OS/V6R1? (NETIQKB71004)

  • 7771004
  • 28-Mar-2008
  • 25-Nov-2008

Environment

NetIQ Security Solutions for iSeries

NetIQ Security Solutions for iSeries 8.0

Situation

What are the NetIQ Security Solutions for iSeries version 8.0 system requirements for upgrading to IBM OS/V6R1?

Are there any known issues related to IBM OS/V6R1?

What steps do I need to take before upgrading to IBM OS/V6R1?

Resolution

Before upgrading your operating system, review the following pre- and post-upgrade NetIQ Security Solutions for iSeries 8.0 product requirements.

WARNING:  You must apply IBM PTFMF44237 BEFORE accessing the NetIQ Security Solutions for iSeries product. Fore more information, see "Post-Upgrade Requirements."

Before upgrading your Operating system to i5/OS V6R1, you must perform the following steps:

  1. Permanently apply all currently applied NetIQ Security Solutions for iSeries PTFs by typing the following command on the iSeries command line and pressing Enter.   APYPTF LICPGM(1PSA001) RLS(*ALL) SELECT(*ALL) APY(*PERM) DELAYED(*NO)
    Note:  It is not necessary to perform an IPL. You can run the command interactively.
  2. Repeat Step 1 for licensed programs 1PSC001, 1PSD001, 1PSI001, 1PSP001 and 1PSS001
  3. On the command line, type WRKREGINF and press Enter.
  4. Page down to exit point QIBM_QTMT_WSG - WSG Server Sign-On Validation.
  5. If exit point QIBM_QTMT_WSG does not exist on your server, skip to Step 8.
  6. Type 8 (Work with exit programs) to the left of exit point QIBM_QTMT_WSG and press Enter.
  7. If exit program NW0001E is associated with the exit point QIBM_QTMT_WSG, type 4 to the left of the exit point and press Enter. For more information about removing exit program QIBM_QTMT_WSG, see the NetIQ Knowledge Base article NETIQKB46825: "Exit Program cannot be removed from Exit Point QIBM_QTMT_WSG." at www.netiq.com/kb/esupport/consumer/solutionarea.asp?id=NETIQKB46825.
  8. Note the exit program registered with exit point QIBM_QTG_DEVINIT. Some OS/400 upgrades remove the exit program. Once you have finished the operating system upgrade, you must reinstall the exit program noted.
  9. If you are using PSSecure Profile and Password Management to monitor user profiles, remove the Q* entry from the exclusions list and hold the PSPROFILE scheduled job. An OS upgrade can remove and replace one of the IBM "Q" profiles. To remove the entry:
    • On the command line, type WRKJOBSCDE and press Enter.
    • If the PSPROFILE job is scheduled, put it on hold.
    • From the NetIQ Product Access Menu, type 2 (PSSecure) and press Enter.
    • Type 2 (Profile and Password Management) and press Enter.
    • Type 1 (General Options Menu) and press Enter.
    • Type 17 (User Profile Exclusions) and press Enter.
    • Remove the entry for Q*.

 Post-Upgrade Requirements

After completing the operating system upgrade, you must complete the following steps:

Apply IBM PTF MF44237 before accessing the NetIQ Security Solutions for iSeries product.


Warning
If you do not apply IBM PTF MF44237 before accessing the NetIQ Security Solutions for iSeries product, your system may hang and you will be required to perform an IPL to regain control of your system.


Any job that attempts to access PSPasswordManager, run the STROBJCVN command on library PSSECURE, or attempts a new installation of the NetIQ Security Solutions for iSeries product with system value QFRCCVNRST set to 1 or greater before applying PTF MF44237 will hang. Subsystems processing these jobs cannot be ended. The only way to end the hung job is through a forced power down of the system.


For more information about IBM PTF MF44237, see IBM APAR MA36364.


If you removed the Q* entry from the exclusion list and set the PSPROFILE job to Hold, re-add the Q* entry to the exclusion list and release the PSPROFILE scheduled job.

 

 

 

 

Additional Information

Formerly known as NETIQKB71004

NetIQ Corporation strives to ensure our products provide quality solutions for your security
needs. We have tested all NetIQ Security Solutions for iSeries products on systems running
i5/OS V6R1 and have identified the following issues:

NetIQ Corporation has resolved the following known i5/OS V6R1 Compatibility Issues:


PSAudit - System Auditing and Reporting (SAR)


PTF 1A03008 resolves an issue where the SQL/QRY Audit Report does not contain detail data.


To resolve an issue where the SQL/QRY Monitor ends as soon as it is started, issue the
following commands from the iSeries command line:


RNMOBJ PSAUDIT/SAR0514F *FILE SAR0514F80


CRTDUPOBJ OBJ(QAQQDBMN) FROMLIB(QSYS) OBJTYPE(*FILE) TOLIB(PSAUDIT) NEWOBJ(SAR0514F)


CHGOBJOWN PSAUDIT/SAR0514F *FILE NEWOWN(PSOBJOWN)


GRTOBJAUT PSAUDIT/SAR0514F *FILE REFOBJ(PSAUDIT/SAR0514F80)


PSSecure - Remote Request Management


PTF 1C03084 resolves an issue where Remote Request Management (RRM) collects incorrect IP addresses causing remote transactions secured by network addresses to fail.  PTF has been superseded by 1C03087 to resolve issue with excessive joblog entries.


Secure Configuration Manager Integration


PTF 1C03085 resolves an issue where Secure Configuration Manager agent registration does not complete normally, which prevents you from running tasks,
security checks, and policy templates against an iSeries server.


Known compatibility issues with i5/OS V6R1:


Operations Navigator Plug-in for RRM


You cannot install the Operations Navigator plug-in for RRM on iSeries servers running i5/OS V6R1. If you currently have the Operations Navigator plug-in for RRM installed on an iSeries server running an earlier version of the operating system, the Operations Navigator plug-in for RRM will continue to operate after you upgrade to i5/OS V6R1.

If you need further assistance with any issue, please contact NetIQ Technical Support at support@netiq.com.