Environment
NetIQ Security Solutions for iSeries
NetIQ Security Solutions for iSeries 8.0
Situation
Are there any known issues related to IBM OS/V6R1?
What steps do I need to take before upgrading to IBM OS/V6R1?
Resolution
Before upgrading to IBM OS/ V6R1, perform the following steps:
1. Permanently apply all NetIQ PTFs by performing the following steps:
a. On the command line, type the command shown below and press Enter.APYPTF LICPGM(1PSA001) RLS(*ONLY) SELECT(*ALL) APY(*PERM) DELAYED(*NO)
b. Repeat the command above for licensed programs 1PSC001, 1PSD001, 1PSI001, 1PSP001 and 1PSS001.
It is not necessary to perform an IPL. The command can be entered and run interactively.
2. On the command line, type WRKREGINF EXITPNT(QIBM_QTMT_WSG) and press Enter.
3. If exit point QIBM_QTMT_WSG does not exist on your server, skip to Step 6.
4. Type 8 (Work with exit programs) to the left of exit point QIBM_QTMT_WSG and press Enter.
5. If exit program NW0001E is associated with the exit point QIBM_QTMT_WSG, type 4 to the left of the exit point and press Enter. For more information about removing exit program QIBM_QTMT_WSG, see the NetIQ Knowledge Base article NETIQKB46825: "Exit Program cannot be removed from Exit Point QIBM_QTMT_WSG." at www.netiq.com/kb/esupport/consumer/solutionarea.asp?id=NETIQKB46825.6. Note the exit program registered with exit point QIBM_QTG_DEVINIT. Some OS/400 upgrades remove the exit program. Once you have finished the operating system upgrade, you must reinstall the exit program noted.
7. If you are using PSSecure Profile and Password Management to monitor user profiles, remove the Q* entry from the exclusions list and hold the PSPROFILE scheduled job. The V6R1 upgrade can remove and replace one of the IBM "Q" profiles. To remove the entry:
- On the command line, type WRKJOBSCDE JOB(PSPROFILE) and press Enter.
- If the PSPROFILE job is scheduled, put it on hold.
- From the NetIQ Product Access Menu, type 2 (PSSecure) and press Enter.
- Type 2 (Profile and Password Management) and press Enter.
- Type 1 (General Options Menu) and press Enter.
- Type 17 (User Profile Exclusions) and press Enter.
- Remove the entry for Q*.
After completing the operating system upgrade, perform the following steps:1. Apply IBM PTF MF44237 before accessing the NetIQ Security Solutions for iSeries product.
WarningIf you do not apply IBM PTF MF44237 before accessing the NetIQ Security Solutions for iSeries product, your system may hang and you will be required to perform an IPL to regain control of your system. This issue occurs due to operating system changes introduced in the V6R1 release. Any job that attempts to access PSPasswordManager, run the STROBJCVN command on library PSSECURE, or attempts a new installation of the NetIQ Security Solutions for
iSeries product with system value QFRCCVNRST set to 1 or greater before applying PTF MF44237 will hang. Subsystems processing these jobs cannot be ended. The only way to end the hung job is through a forced power down of the system. For more information about IBM PTF MF44237, see IBM APAR MA36364.2. If you removed the Q* entry from the exclusion list and set the PSPROFILE job to Hold, re-add the Q* entry to the exclusion list and release the PSPROFILE scheduled job.
3. Download and install PTFs for NetIQ Security Solutions for iSeries version 8.0 from the following location: https://www.netiq.com/support/vsa/extended/hotfixes_iseries.asp Registration is required to access the site.
4. To receive notifications for new releases and PTFs, see NetIQ Knowledge Base article NETIQKB43092: "How do I sign up for notifications of new releases, patches and/or PTFs for the iSeries Product?" at www.netiq.com/kb/esupport/consumer/solutionarea.asp?id=NETIQKB43092
For information about compatibility with i5/OS V6R1, see the NetIQ Security Solutions for iSeries 8.0 Compatibility With i5/OS V6R1 Technical Reference at https://download.netiq.com/products/s/vsa/documentation/V6R1Compatibility.pdf Two PTFs have been released resolving known V6R1 compatibility issues:
1C03084 resolves an issue where Remote Request Management (RRM) collects incorrect IP addresses causing remote transactions secured by network addresses to fail. This error occurs due to operating system changes introduced in the OS V6R1 release.
1C03085 resolves an issue where Secure Configuration Manager (SCM) agent registration does not complete normally, which prevents you from running tasks, security checks, and policy templates against an iSeries server. This error occurs due to operating system changes introduced in the IBM V6R1 release.
The PSAudit - System Auditing and Reporting (SAR) SQL/QRY Monitor ends as soon as it is started or the SQL/QRY Audit Report does not show detail data. Use the following procedure to resolve this issue.
Apply PTF 1A03008 which resolves an issue where the SQL/QRY Audit Report does not contain detail data. PTF 1C03009 is a pre-requisite for this PTF.
To resolve an issue where the SQL/QRY Monitor ends as soon as it is started, issue the following commands from the iSeries command line:
RNMOBJ PSAUDIT/SAR0514F *FILE SAR0514F80
CRTDUPOBJ OBJ(QAQQDBMN) FROMLIB(QSYS) OBJTYPE(*FILE)
TOLIB(PSAUDIT) NEWOBJ(SAR0514F)
CHGOBJOWN PSAUDIT/SAR0514F *FILE NEWOWN(PSOBJOWN)
GRTOBJAUT PSAUDIT/SAR0514F *FILE REFOBJ(PSAUDIT/SAR0514F80)