tpm_install_guide_win

Tivoli® Provisioning ManagerVersion 7.2

Installation Guide for Windows

��

Tivoli® Provisioning ManagerVersion 7.2

Installation Guide for Windows

��

NoteBefore using this information and the product it supports, read the information in “Notices” on page 235.

Last updated: December 2010

This edition applies to IBM Tivoli Provisioning Manager 7.2 and to all subsequent releases and modifications untilotherwise indicated in new editions.

© Copyright IBM Corporation 2003, 2010.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.

Contents

Chapter 1. Installation overview . . . . 1Supported platforms and compatibility . . . . . 1Product components . . . . . . . . . . . . 2Installation types . . . . . . . . . . . . . 2Installation process . . . . . . . . . . . . 3

Chapter 2. Preinstallation tasks . . . . 5Preinstallation Step 1: Run the prerequisites scanner 6Preinstallation Step 2: Read the release notes . . . 6Preinstallation Step 3: Plan the topology . . . . . 6

Single-server deployment . . . . . . . . . 7Multiserver deployment . . . . . . . . . 8

Preinstallation Step 4: Allocate appropriate hardware 9Preinstallation Step 5: Verify componentrequirements . . . . . . . . . . . . . . 12

Supported operating systems and middlewarecombinations . . . . . . . . . . . . . 12Operating system preinstallation tasks . . . . 13Database and directory server requirements . . 15Browser requirements . . . . . . . . . . 15

Preinstallation Step 6: Verify the environment . . . 16Preinstallation Step 7: Verify requirements for usernames, database names, and user passwords . . . 21Preinstallation Step 8: Prepare installation media . . 23

If using downloaded installation images. . . . 23If using installation DVDs . . . . . . . . 24

Chapter 3. Installing Tivoli ProvisioningManager . . . . . . . . . . . . . . 25Example deployment scenarios . . . . . . . . 26Starting the launchpad . . . . . . . . . . 29Installing the middleware on Windows, AIX, andLinux . . . . . . . . . . . . . . . . 29

Planning worksheets for middleware installation 31The middleware installer workspace . . . . . 34The middleware installer logs . . . . . . . 34Installing and configuring the middleware withthe middleware installer . . . . . . . . . 36Reusing middleware using the middlewareinstaller. . . . . . . . . . . . . . . 45Using manually configured middleware . . . . 49Changing middleware installer configurationparameters . . . . . . . . . . . . . 93Starting middleware on Windows . . . . . . 94Stopping middleware . . . . . . . . . . 95Checking middleware status. . . . . . . . 97

Installing the base services . . . . . . . . . 98Planning worksheet for base services installation 110Starting the launchpad . . . . . . . . . 111Remote configuration enablement. . . . . . 111Deploying Provisioning Manager EAR files . . 112Manually installing Provisioning Managerapplications into WebSphere Application ServerNetwork Deployment . . . . . . . . . 114Installing the language pack . . . . . . . 116

Installing Tivoli Provisioning Manager corecomponents . . . . . . . . . . . . . . 119Installing Tivoli Provisioning Manager webcomponents . . . . . . . . . . . . . . 128

Chapter 4. Post-installation tasks . . . 131Installing the language pack for Tivoli Monitoringagent . . . . . . . . . . . . . . . . 131Backing up the administrative workstation . . . 132Configuring a web browser for Federal InformationProcessing Standard 140-2 compliance . . . . . 133Starting the provisioning server on Windows . . . 133Manually configuring directory synchronization forWebSphere Application Server NetworkDeployment . . . . . . . . . . . . . . 134Configuring the LDAP server for userauthentication only . . . . . . . . . . . 135

Adding users and security groups . . . . . 136Defining the boot server after installation . . . . 137Setting up the infrastructure for softwaredistribution tasks . . . . . . . . . . . . 137

Chapter 5. Uninstalling TivoliProvisioning Manager. . . . . . . . 139Uninstalling Tivoli Provisioning Manager corecomponents . . . . . . . . . . . . . . 139

Uninstalling the Tivoli Monitoring agent . . . 139Uninstalling Tivoli Provisioning Manager for OSDeployment . . . . . . . . . . . . . 140Uninstalling Tivoli Provisioning Manager forJob Management Service federator . . . . . 141Uninstalling Tivoli Provisioning Manager fordynamic content delivery . . . . . . . . 143Uninstalling the agent manager . . . . . . 143Uninstalling Tivoli Provisioning Managerengines . . . . . . . . . . . . . . 144Uninstalling the DB2 client . . . . . . . . 145

Uninstalling the base services and web components 146Uninstalling middleware . . . . . . . . . 146Removing items remaining after uninstallation . . 147

Removing application files and configurationsettings . . . . . . . . . . . . . . 147Removing the Global Unique Identifier . . . . 148

Uninstalling and reinstalling the deploymentengine database . . . . . . . . . . . . 149Reinstalling Tivoli Provisioning Manager . . . . 150

Appendix A. Troubleshootinginstallation . . . . . . . . . . . . 151Problems during middleware installation . . . . 151

Backing up and restoring the deploymentengine database . . . . . . . . . . . 151CTGIN9077E error during middlewareinstallation . . . . . . . . . . . . . 152Links in the launchpad do not work. . . . . 152

© Copyright IBM Corp. 2003, 2010 iii

Errors with the middleware installer . . . . 152DB2 installation fails when configured names donot match . . . . . . . . . . . . . 153Database error during installation . . . . . 153Cannot connect to Tivoli Directory Server . . . 154Cannot connect to the database server duringinstallation . . . . . . . . . . . . . 154Tivoli Directory Server installation step failsduring Tivoli Provisioning Manager installation . 155The Microsoft Active Directory configurationfails . . . . . . . . . . . . . . . 155Error configuring database during middlewareinstallation . . . . . . . . . . . . . 156The Tivoli Provisioning Manager installationfails with incorrect certificate value . . . . . 156WAS_HOME error when using login windowmanager . . . . . . . . . . . . . . 156Encountering error CTGIN9042E . . . . . . 157Uninstallation of WebSphere Application ServerNetwork Deployment fails after unsuccessfulbinding to the LDAP directory . . . . . . 158

Problems during base services installation . . . . 158Recovering from a failed installation without theuninstallation program . . . . . . . . . 159Recovering from problems during base servicesinstallation . . . . . . . . . . . . . 160Deployment of MAXIMO.ear fails . . . . . 161Error CTGIN2252I during base servicesinstallation . . . . . . . . . . . . . 161Errors CTGIN2381E or CTGIN2489E duringMaximo database upgrade . . . . . . . . 162The base services installation fails . . . . . 162The base services installer fails to validate theinstallation . . . . . . . . . . . . . 164Maximo business objects are out of syncbetween the deployment engine and theWebSphere runtime . . . . . . . . . . 164Maximo business objects from the deploymentengine gets out of sync with the ones in theapplication server . . . . . . . . . . . 165Error CWLAA6003 occurs after CCMDBinstallation . . . . . . . . . . . . . 165Recovering from deployment engine failureduring installation. . . . . . . . . . . 166Password policy is set to never expire duringbase services installation. . . . . . . . . 167Enabling RXA tracing . . . . . . . . . 167

Problems during core components installation . . 168Step by step recovery for core componentsinstallation (custom installation) . . . . . . 168Step by step recovery for core componentsinstallation (default installation) . . . . . . 173Recovering from problems during corecomponents installation . . . . . . . . . 178Error when configuring WebSphere ApplicationServer to run as tioadmin . . . . . . . . 179Errors creating the agent manager profile . . . 180Agent Manager installation fails . . . . . . 181The common agent and the agent managercannot be installed . . . . . . . . . . 183

Installation fails after WebSphere ApplicationServer is uninstalled . . . . . . . . . . 183Core components or web componentsinstallation hangs during Cygwin installation . 183DB2 BIND warning during Tivoli ProvisioningManager for OS Deployment installation . . . 184Tivoli Provisioning Manager installation failswith invalid directory name . . . . . . . 185Silent installation exits before installation iscompleted . . . . . . . . . . . . . 185Disk space check failure during silentinstallation of Tivoli Provisioning Manager . . 186Installation fails because of unrecognized font 186Cannot use hyphen in domain name suffix field 187Installation of dynamic content delivery fails 187Core components installation fails during thedependency check . . . . . . . . . . . 188Error message Insert disk 1 . . . . . . . 188Tivoli Provisioning Manager does not installwhen terminal server is enabled . . . . . . 189Editing text files changes permissions . . . . 189Remote connection to database hangs whendatabase server is on a multiprocessor computer 189Step by step recovery for IBM Tivoli Monitoringagent manual installation . . . . . . . . 190

Problems during web components installation . . 190Recovering from errors during a defaultinstallation . . . . . . . . . . . . . 190Recovering from errors during web componentsinstallation . . . . . . . . . . . . . 192Deployment engine error during webcomponents installation . . . . . . . . . 193Node agent not started during web componentsinstallation . . . . . . . . . . . . . 194Log files for process solution installer . . . . 194Core components or web componentsinstallation hangs during Cygwin installation . 197Silent installation of Tivoli ProvisioningManager fails . . . . . . . . . . . . 197First discovery fails after installing Cygwin . . 198Cygwin installation fails . . . . . . . . . 198Missing tools from Cygwin installation . . . . 198Web components installation fails with registryservice unavailable Java exception(IURegException) . . . . . . . . . . . 199Turning on Admin mode is slow . . . . . . 199

Other problems. . . . . . . . . . . . . 200Log file errors after successful installation onMicrosoft Windows Server 2008 R2 StandardEdition (x86 64-bit) any SP . . . . . . . . 200Cannot log on after successful installation . . . 200

Collecting information about installation problems 201

Appendix B. Other installation andconfiguration tasks . . . . . . . . . 205Installing Tivoli Provisioning Manager with defaultvalues . . . . . . . . . . . . . . . . 205

Removing a default installation . . . . . . 207Silent installation and other installation tasks . . . 207Installing Cygwin manually . . . . . . . . 208

Removing a Cygwin installation . . . . . . 208

iv IBM Tivoli Provisioning Manager Version 7.2 Installation Guide

Installing Cygwin manually . . . . . . . 209Starting and stopping. . . . . . . . . . . 211

Starting and stopping the provisioning server onWindows . . . . . . . . . . . . . . 211Starting and stopping Tivoli ProvisioningManager components. . . . . . . . . . 213Starting and stopping the Tivoli Monitoringagent . . . . . . . . . . . . . . . 214

Verifying components . . . . . . . . . . 214Signing on to the provisioning server . . . . . 215

Signing off the provisioning server . . . . . 216Working with users . . . . . . . . . . . 217

Creating multiple users with maxadmin privileges 217Changing user passwords . . . . . . . . 219

Using the Tivoli Monitoring agent . . . . . . 219Changing the host name for the provisioningserver . . . . . . . . . . . . . . . . 220

Required passwords . . . . . . . . . . 221Adding the parameter values to the propertyfile . . . . . . . . . . . . . . . . 221

Assigning the new host name to theprovisioning server . . . . . . . . . . 222Updating the database server host name fromthe administrative workstation . . . . . . 224Updating the remaining host names . . . . . 225Parameters for the host name rename feature 226Return codes . . . . . . . . . . . . 227

WebSphere Application Server tasks . . . . . . 231Verifying the installation of WebSphereApplication Server . . . . . . . . . . 232

Compliance with Federal Information ProcessingStandard 140-2 . . . . . . . . . . . . . 232Installation directories and other paths . . . . . 233

Notices . . . . . . . . . . . . . . 235

Index . . . . . . . . . . . . . . . 239

Contents v

vi IBM Tivoli Provisioning Manager Version 7.2 Installation Guide

Chapter 1. Installation overview

A complete Tivoli® Provisioning Manager product installation is composed of multiple applicationcomponents, including the Tivoli Provisioning Manager application itself. To better understand theinstallation process, you must have a basic understanding of the installation components.

Supported platforms and compatibilityTivoli Provisioning Manager supports specific operating systems and is compatible with other productsthat are installed together with the base services. The base services are a set of common routines that canbe used by higher level functions such as process managers, and other products that are used by TivoliProvisioning Manager.

Supported operating systems

Tivoli Provisioning Manager can be installed on the following operating systems:v Microsoft Windows Server 2008 R2 Enterprise Edition (x86 64-bit)v Microsoft Windows Server 2008 R2 Standard Edition (x86 64-bit)v Microsoft Windows Server 2008 Datacenter Edition (x86 64-bit)v Microsoft Windows Server 2008 Enterprise Edition (x86 64-bit)v Microsoft Windows Server 2008 Standard Edition (x86 64-bit)v Microsoft Windows Server 2003 R2 Enterprise Edition SP2 (x86 64-bit)v Microsoft Windows Server 2003 R2 Standard Edition SP2 (x86 64-bit)v Microsoft Windows Server 2003 Standard Edition SP2 (x86 64-bit)v Microsoft Windows Server 2003 Enterprise Edition SP2 (x86 64-bit)

Note: The supported operating systems and versions reflect what was tested with Tivoli ProvisioningManager. Differences in other editions or changes implemented in other versions for an operating systemmight cause errors during or after installation. Therefore, ensure that you are using the specific editionand version of the operating system as indicated.

Middleware compatibility

Tivoli Provisioning Manager does not support the following middleware, which might be supported byother products installed on base services:v Oracle WebLogic Server as an application serverv Microsoft SQL Server as a database serverv Oracle Database as a database server installed on Windows

If you have installed another product on base services with any of these middleware applications, youcannot share the same middleware or base services installation with Tivoli Provisioning Manager. Formore information about the supported operating system requirements for middleware and other TivoliProvisioning Manager components, see “Preinstallation Step 5: Verify component requirements” on page12.

Base services compatibility

Tivoli Provisioning Manager requires that the version of the base services is version 7.1.1.6. TivoliProvisioning Manager V7.2 Fix Pack 1 will not upgrade the base services. After applying the fix pack, thebase services will remain unchanged at version 7.1.1.6.

© Copyright IBM Corp. 2003, 2010 1

Product componentsTivoli Provisioning Manager includes components that provide specific capability.

Table 1. Product components

Component Description

Application server: WebSphere®

Application ServerTivoli Provisioning Manager is a Web-based application that usesWebSphere Application Server as the application server.

HTTP server: IBM® HTTP Server The HTTP server is a separate, dedicated HTTP server that can beconfigured to work with the application server.

Database server:

v DB2®

The database server hosts the provisioning database, which includes thedata model of managed assets. It also stores the Maximo® database whichcontains text for the user interface and field-level help.

v If you want to use DB2, you can either install it as part of the TivoliProvisioning Manager installation, or use an existing version of DB2 fromyour system.

Directory server: Tivoli DirectoryServer or Microsoft Active Directory

The directory server provides user authentication and access control.

v If you want to use Tivoli Directory Server, you can either install it as partof the Tivoli Provisioning Manager installation, or use an existing versionof Tivoli Directory Server from your system.

v If you want to use Microsoft Active Directory, you must obtain your ownMicrosoft Active Directory and install it before installing TivoliProvisioning Manager.

Tivoli Provisioning Manager forDynamic Content Deliverymanagement center

Tivoli Provisioning Manager for Dynamic Content Delivery managementcenter provides centralized control of the uploading, replication, anddownloading of files. It also monitors the state of depot servers indistributed locations and stores file data.

Tivoli Provisioning Manager for JobManagement Service federator

Also called the device manager service, this component acts as a federatedserver that manages job distribution. It pushes incoming jobs to all of theendpoint agents or regional agents.

The agent manager The agent manager is the server component of the Tivoli Common AgentServices, and provides secure connections with managed computers onwhich the common agent is installed. Tivoli Provisioning Manager uses theTivoli Common Agent Services for software distribution and compliance.

Tivoli Provisioning Manager for OSDeployment

Tivoli Provisioning Manager for OS Deployment is a component used foroperating system provisioning. It provides operating system managementcapability including deployment of captured images and unattended setup.

Tivoli Monitoring agent The Tivoli Monitoring agent is a component that lets you monitor theprovisioning server.

Administrative workstation The administrative workstation is used to deploy Tivoli ProvisioningManager. After the initial deployment, the administrative workstation isused to make updates or changes to the deployment and add additionalprocess manager applications. Changes to the deployment typically requirethat the product Enterprise Archive (EAR) files be rebuilt, which can only bedone from the administrative workstation.

Web components The Tivoli Provisioning Manager web components are a set of applicationsspecific to provisioning.

Installation typesDepending on the operating system, either the custom installation is supported only, or both a customand default installation are supported.

2 IBM Tivoli Provisioning Manager Version 7.2 Installation Guide

Tivoli Provisioning Manager offers two installation options: a default and a custom one. To help youchoose your installation type, it is important to understand the differences between them.

Default and custom installations are supported on Windows

The following table compares default and custom installations to help you plan your installation:

Table 2. Default versus custom installation

Default installation Custom installation

For demonstration, evaluation, or testing purposes, or asa learning environment.

For managing production enterprise assets and processes.

Installs Tivoli Provisioning Manager with defaultsettings.

Allows you to customize settings such as user names,installation directories, and port numbers.

You cannot use an existing database server, directoryserver, or application server. The middleware for adefault installation is Tivoli Directory Server, DB2, andWebSphere Application Server.

v You can use middleware that is already installed:

– WebSphere Application Server

– DB2

– Oracle

– Tivoli Directory Server or Microsoft ActiveDirectory

v The middleware installer can install DB2, TivoliDirectory Server, or WebSphere Application Server foryou. Other supported middleware programs must bepreinstalled and configured manually.

All components are installed on a single computer. The database server and the directory server can beinstalled on separate computers.

English language installation only. Includes Tivoli Provisioning Manager runtime inlanguages other than English.

Installation processThese steps describe the preinstallation tasks, the installation of the software, and post-installation tasks.1. Verify that you meet all the prerequisites for installation. For more information, see Chapter 2,

“Preinstallation tasks,” on page 5.2. Start the launchpad to install the product.

Default For a default installation, proceed to “Installing Tivoli Provisioning Manager with defaultvalues” on page 205.

XMLDefaultCustom For a custom installation, install components in the following order:a. Install the middleware. If you are using existing middleware, it must be installed and configured

as required.b. Install the base services.c. Install the language pack on the same computer as the base services.d. Install Tivoli Provisioning Manager core components on the same computer as the application

server.e. Install Tivoli Provisioning Manager web components on the same computer as the base services.

For more information about the custom installation, see Chapter 3, “Installing Tivoli ProvisioningManager,” on page 25.

3. Perform required post-installation tasks. For more information, see Chapter 4, “Post-installation tasks,”on page 131.

Chapter 1. Installation overview 3


Chapter 2. Preinstallation tasks

Before starting the Tivoli Provisioning Manager installation, verify that your environment meets therequirements.

If the provisioning server does not have Internet access, you must manually install Cygwin. For moreinformation, see “Installing Cygwin manually” on page 208.

Ready for installation

8. Prepareinstallation media

6. Verify theenvironment

7. Verify userrequirements

3. Plan the topology

5. Verify componentrequirements

2. Read therelease notes

4. Allocate the appropriatehardware

1. Run the prerequisitesscanner

Figure 1. Preinstallation steps for new installation


Preinstallation Step 1: Run the prerequisites scannerTo automatically verify if your environment meets the Tivoli Provisioning Manager installationrequirements, use the prerequisites scanner.

Procedure1. Download the prerequisites scanner from the Integrated Service Management Library at

http://www-01.ibm.com/software/brandcatalog/ismlibrary/details?catalog.label=1TW10OT10.2. Extract the prerequisites scanner from the .zip or .tar file.3. Run the prerequisites scanner using the following command, depending on your operating system,

operating system version, and hardware. Run the command from the directory where you extractedthe .tar or .zip file.

Table 3. Prerequisites scanner syntax

Operating system and hardware Syntax

2008 Microsoft Windows Server 2008 prereq_checker.bat "COX,COZ" detail

2003 Microsoft Windows Server 2003 prereq_checker.bat "COY,COZ" detail

In the command, the detail parameter specifies that the results of the prerequisites scanned aredisplayed on the console.

4. Review the output of the prerequisites scanner stored in the result.txt file.

What to do next

If the results of the prerequisites scanner indicate failures, complete the tasks from “Preinstallation Step 5:Verify component requirements” on page 12 to “Preinstallation Step 8: Prepare installation media” onpage 23 to resolve the problems before starting the installation.

Preinstallation Step 2: Read the release notesBefore starting the installation, see the latest documentation updates in the release notes for importantinformation.

For more information about the latest documentation updates, see Tivoli Provisioning Manager Version7.2 Release Notes.

Preinstallation Step 3: Plan the topologyUse this information to determine the best deployment option for your environment and business needs.

There are two primary deployment strategies:

Single-serverThe single-server topology consists of loading all runtime components, including all middleware,the administrative workstation, and process managers, onto one server. This is typically used forevaluation purposes, as a demonstration, or as a learning environment. For managing enterpriseassets and processes, you would typically implement a multiserver topology.

MultiserverThe multiserver topology consists of splitting components across several different servers. This isbeneficial because it optimizes resource use and decreases the workload on each server. This typeof deployment is typical for production use within an enterprise.


http://www-01.ibm.com/software/brandcatalog/ismlibrary/details?catalog.label=1TW10OT10

http://www.ibm.com/support/search.wss?q=tpm72relnotes

http://www.ibm.com/support/search.wss?q=tpm72relnotes

A typical deployment process might begin with a single-server topology that would move through phasesof demonstration, functional proof-of-concept, and testing integration within the existing environment,and then gradually move towards a pilot multiserver environment before finally implementing aproduction deployment within the enterprise.

Administrative workstationThe software that deploys the Tivoli Provisioning Manager support component.

Single-server deploymentA single-server deployment is frequently used as an evaluation, educational, or demonstrationconfiguration.

This topology is used for a default installation, where all components are installed on a single server withdefault values.

You can install all components on a single server if you are using one of the following operating systems:v Microsoft Windows Server 2008 R2 Enterprise Edition (x86 64-bit)v Microsoft Windows Server 2008 R2 Standard Edition (x86 64-bit)v Microsoft Windows Server 2008 Datacenter Edition (x86 64-bit)v Microsoft Windows Server 2008 Enterprise Edition (x86 64-bit)v Microsoft Windows Server 2008 Standard Edition (x86 64-bit)v Microsoft Windows Server 2003 R2 Enterprise Edition SP2 (x86 64-bit)v Microsoft Windows Server 2003 R2 Standard Edition SP2 (x86 64-bit)v Microsoft Windows Server 2003 Standard Edition SP2 (x86 64-bit)v Microsoft Windows Server 2003 Enterprise Edition SP2 (x86 64-bit)

The administrative workstation must be a separate server if the provisioning server is installed on aplatform that is not supported by the deployment software for the base services and web components.The deployment software is used to install or update the product, but it is not required during operationof the product. For details about the supported installation platforms for product components, see“Preinstallation Step 5: Verify component requirements” on page 12.

The following figure shows a deployment with all the Tivoli Provisioning Manager runtime componentson one server and a separate server being the administrative workstation.

Provisioning server

- Application server- Database server- Directory server- Base services- Core components- Web components

Chapter 2. Preinstallation tasks 7

Multiserver deploymentXMLDefaultCustom

Deployment on multiple servers is the recommended deployment topology for a production environment.

Deployment on multiple servers is only available for a custom installation. When planning yourdeployment strategy, determine if it will include systems that are already established in your network.Installing all new components using the middleware and Tivoli Provisioning Manager installationprograms simplifies the deployment. If you plan to reuse or migrate resources that already exist in yournetwork, make adjustments to your rollout plan to allow time for bringing the existing resources toversions that are compatible with Tivoli Provisioning Manager.

In the following figure, Tivoli Provisioning Manager has been deployed on a collection of systems.

In this figure, components for Tivoli Provisioning Manager are installed on separate systems to promoteload balancing, redundancy, reuse, security, and availability. Components can also be grouped logicallyand installed on the same system. In a disparate environment, the collection of servers can be a mixtureof Windows and UNIX servers. The administrative workstation is used to install or update the product,but it is not required during the operation of the product.

The following deployments are supported depending on the operating system.

Provisioning server

--

- Application server- Database server- Directory server- Base services

Core componentsWeb components

Administrative workstation

- Deployment directory

Database server Administrative workstation

- Deployment directory

Directory server

Provisioning server

- Application server- Base services- Core components- Web components


Table 4. Supported topologies for the administrative workstation when Windows is installed on the provisioning server

Platform used forthe provisioningserver Same server

Separate server:any supportedWindows platform

Separate server:AIX® 6.1 TL3 (IBMSystem p® 64-bit)

Separate server:SUSE Linux(r)Enterprise Server10 SP3 (x86 64-bit)

Separate server:Red Hat EnterpriseLinux 5 Update 4(x86 64-bit)

Windows - anysupported platform

Supported multiserver topologies

The following components can be on a separate server:v The database server.v The directory server.v The administrative workstation. This must be on a separate computer if the provisioning server is

installed on a platform that is not supported by the deployment software for the base services and webcomponents.

Reusing middleware

You can reuse existing middleware as Tivoli Provisioning Manager components. For example, you mighthave a database instance in an existing database server, which already has established access policies,redundancy measures, and backup plans in place. If you plan to reuse existing middleware, ensure thatthey are at the level supported by Tivoli Provisioning Manager. The middleware and installationprograms do not provide a mechanism for patching servers at previous version levels, nor do theseprograms provide remote prerequisite checks to ensure that they are at the correct level.

The following middleware can be reused:

Can be automatically configuredDB2 9.5 FP3a and Tivoli Directory Server 6.2.0.2 and 6.1.0.10. For information about specificplatforms for which Tivoli Directory Server 6.1.0.10 is supported, see “Preinstallation Step 5:Verify component requirements” on page 12. For information about reusing middleware, see“Reusing middleware using the middleware installer” on page 45.

Must be manually installed and configuredIBM WebSphere Application Server, Oracle Database (if supported), and Microsoft ActiveDirectory. For more information, see “Using manually configured middleware” on page 49.

Preinstallation Step 4: Allocate appropriate hardwareHardware requirements depend on usage. For hardware requirements for software that is not listed inthis section, see the documentation provided with that product.

Processor requirements for the provisioning serverv 2.4 GHz x86 64-bit or AMD64 processor


Minimum memory requirements

Table 5. Minimum memory requirements for single and multiserver topology

Single-server topology Multiserver topology

8 GB RAMDB2 server

4 GB RAM

WebSphere Application Server Network Deployment6 GB RAM

Tivoli Directory Server2 GB RAM

Administrative workstation requirementsv 2 GHz processor (minimum)v 2 GB RAM (minimum)v 10 Mbit/s network connection between administrative system and middleware servers (minimum)

Note: The deployment engine used by the base services is always installed in the Windows system rootdirectory of the administrative workstation, by default, C:\program files\ibm\acsi, regardless of thedirectory specified during the installation. Ensure that permissions are set to allow the deploymentengine to be installed in the Windows root directory.

Disk space

The following table details the disk space that must be allocated to each directory for the installationprocess. Because these directories do not exist before installation, you must ensure that the parentdirectory of these directories has sufficient space available for the installation.

Network file systems: Tivoli Provisioning Manager includes a lightweight infrastructure run time thatuses file system locking to manage concurrency. These lock files are managed in the lightweightinfrastructure installation directory under the TIO_HOME directory in the file system. If you areinstalling Tivoli Provisioning Manager on a network file system, ensure that the file system has adequatelock management support. For example, in a high availability disaster recovery configuration, if theprimary computer fails and is no longer available, the file system must be able to automatically unlock allthe locks associated with the primary computer. If this type of lock support is unavailable, you can createsoft links for the following directories to a local file system with correct lock management support:v TIO_HOME/lwi/conf

v TIO_HOME/lwi/logs

Windows disk space requirements

Ensure that you have 60 GB of available space on disk C:\, as detailed in the following table.

Table 6. Disk space requirements for Windows

Component DirectoryRequiredfree space

Installation images user-specified location 12 GB


Base services deployment directory C:\ibm\SMP 5 GB

Base services language pack C:\ibm\SMP 100 MB

System temporary directory %TEMP% 2.5 GB


Table 6. Disk space requirements for Windows (continued)


Temporary space

If you use the system temporary directory (%TEMP%) for all three types of temporary space, a total of 6 GB isrequired. Otherwise, ensure that you have enough space in each of the temporary locations.

Default Temporary space for the middlewareinstaller

user-specified location (the default value is%TEMP%)

1 GB

Default Temporary space for the softwarerepository

user-specified location (the default value is%TEMP%)

6 GB

System temporary directory %TEMP% 2.5 GB

Installation components

Cygwin C:\Cygwin 200 MB

GSK toolkit C:\ibm\gsk7 10 MB

Tivoli Provisioning Manager C:\Program Files\IBM\tivoli\tpm 6 GB

Tivoli Monitoring agent C:\ibm\tivoli\ITM 250 MB

Tivoli Provisioning Manager for OS Deployment C:\Program Files\IBM\TPMfOSd 5 MB

C:\Program Files\Common Files\IBM Tivoli 150 MB

Tivoli Provisioning Manager for OS Deploymentdata directory

C:\tpmfosd 150 MB

The agent manager C:\Program Files\IBM\AgentManager 100 MB

Tivoli Provisioning Manager for Job ManagementService federator

C:\Program Files\IBM\DeviceManager 200 MB

Tivoli Provisioning Manager for DynamicContent Delivery

C:\Program Files\IBM\tivoli\CDS 150 MB

Common Tivoli files, including common logs C:\Program Files\IBM\tivoli\common\COP\logs 100 MB

2000DB2 DB2 server SystemDrive:\Program Files\IBM\SQLLIB 1 GB

2000DB2 DB2 database instance C:\CTGINST1 10 GB

2000DB2

XMLDefaultCustom DB2 client (for multiserverdeployment)

SystemDrive:\Program Files\IBM\SQLLIB 1.5 GB

Tivoli Directory Server C:\Program Files\IBM\LDAP\V6.2 450 MB

Tivoli Directory Server database C:\IDSCCMDB 900 MB

Files for the Tivoli Directory Server database C:\idslap-idsccmdb 1 MB

WebSphere Application Server C:\Program Files\IBM\WebSphere\AppServer 4 GB

IBM HTTP Server C:\Program Files\IBM\HTTPServer 1.1 GB

Files for the middleware installer C:\ibm\tivoli\mwi 100 MB

Solution installer used by the middlewareinstaller and the base services installer

C:\Program Files\IBM\Common\acsi 400 MB

Common Tivoli files C:\Program Files\tivoli 25 MB

IBM JRE C:\Program Files\IBM\Java50 250 MB

Default Back up files for a default installation C:\backup 2 GB


Table 6. Disk space requirements for Windows (continued)


Note:

v You might require more space on File Allocation Table (FAT) drives with large cluster sizes than with NewTechnology File System (NTFS) drives.

v Plan for additional disk space for database growth. The required disk space depends on various factors, includingthe configuration of the database and the number of managed target computers. For example, if you aremanaging 50000 targets, allocate 50 GB of free disk space. Consider storing the database on a separate, dedicatedstorage device, so that performance is not affected by other applications that are accessing the same device.

DVD drive

If you are using DVDs to install the product, each computer in your topology must have a DVD drive.

Preinstallation Step 5: Verify component requirementsTivoli Provisioning Manager contains a number of components and products that work together. Ensurethat you meet the requirements for all the product components.

Supported operating systems and middleware combinationsThis section outlines the middleware combinations with the supported operating systems and versions.The Tivoli Provisioning Manager software is installed on the same computer as the application server. Ifyou are using a multiserver topology, ensure that you verify the component requirements on eachcomputer in the topology.v “Supported operating systems and middleware combinations for Windows”

Supported operating systems and middleware combinations for Windows

Note: Cygwin 1.5.10 or later is required on the provisioning server. You can install Cygwin either as part of the TivoliProvisioning Manager installation or manually before installing Tivoli Provisioning Manager. Because Cygwin cannotbe installed correctly in a XEN environment, installation of Tivoli Provisioning Manager in a XEN environment is notsupported.

Operating system and platform

DatabaseApplication

server Directory server

AdministrativeworkstationDB2 9.5 FP3a

OracleDatabase

IBMWebSphereApplicationServerNetworkDeployment6.1.0.29

IBM TivoliDirectoryServer 6.1.0.10or 6.2.0.2

MicrosoftActiveDirectory 2003SP2

Microsoft Windows Server 2008 R2 EnterpriseEdition (x86 64-bit)

6.2.0.2 only

Microsoft Windows Server 2008 R2 StandardEdition (x86 64-bit)

6.2.0.2 only

Microsoft Windows Server 2008 DatacenterEdition (x86 64-bit)

6.2.0.2 only

Microsoft Windows Server 2008 EnterpriseEdition (x86 64-bit)

6.2.0.2 only

Microsoft Windows Server 2008 StandardEdition (x86 64-bit)

6.2.0.2 only

Microsoft Windows Server 2003 R2 EnterpriseEdition SP2 (x86 64-bit)

6.2.0.2 only

Microsoft Windows Server 2003 R2 StandardEdition SP2 (x86 64-bit)

6.2.0.2 only


Note: Cygwin 1.5.10 or later is required on the provisioning server. You can install Cygwin either as part of the TivoliProvisioning Manager installation or manually before installing Tivoli Provisioning Manager. Because Cygwin cannotbe installed correctly in a XEN environment, installation of Tivoli Provisioning Manager in a XEN environment is notsupported.

Operating system and platform

DatabaseApplication

server Directory server

AdministrativeworkstationDB2 9.5 FP3a

OracleDatabase

IBMWebSphereApplicationServerNetworkDeployment6.1.0.29

IBM TivoliDirectoryServer 6.1.0.10or 6.2.0.2

MicrosoftActiveDirectory 2003SP2

Microsoft Windows Server 2003 EnterpriseEdition SP2 (x86 64-bit)

Microsoft Windows Server 2003 StandardEdition SP2 (x86 64-bit)

Operating system preinstallation tasksBefore installation, perform the following tasks depending on your operating system.

Windows preinstallation tasksVerify that the 8.3 file format is enabled1. Open a command prompt window and run

fsutil behavior query disable8dot3

2. If the output is disable8dot3 = 0, then the 8.3 file format is enabled. Otherwise, runfsutil behavior set disable8dot3 0

Check requirements for Windows services

From the Control Panel, open the Services panel and check the following services:1. DNS Client: Disable this service so that host names are not cached and are always resolved by a DNS

server with current IP addresses.2. Remote Registry: Ensure that this service is enabled.3. Windows Management Instrumentation: Ensure that this service is started.

2003

Check if Terminal Server is installed and verify its settings1. Click Start > Control Panel.2. Click Add or Remove Programs and Click Add/Remove Windows Components.3. In the list, verify that Terminal Server is installed.4. If Terminal Server is installed, configure Terminal Server to install mode. Open a command prompt

and run the command:change user /install

Check Windows Scripting Host

By default, Windows Scripting Host is installed.

To check if Windows Scripting Host is enabled: 2008

1. Click Start > Control Panel.2. Click Programs.3. Under Default Programs, click Make a file type always open in a specific program.


4. In the list, verify that VBS VBScript script file is listed as a file type.

2003

1. In Windows Explorer, click Tools > Folder Options.2. Click the File Types tab and verify that VBS VBScript script file is listed as a file type.

Verify that NetBIOS is enabled

NetBIOS must be enabled because the Tivoli Provisioning Manager computer has a static IP address.

To verify that NetBIOS is enabled: 2008

1. Click Start > Control Panel.2. Under Network and Internet, click View network status and tasks.3. Under Tasks, click Manage network connections.4. Right-click Local area connection and click Properties.5. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.6. Click Advanced and click the WINS tab.7. Under NetBIOS setting, select Default.

2003

1. From the Control Panel, open the Network Connections panel.2. Right-click the local area connection, and then click Properties.3. In the list, select Internet Protocol (TCP/IP) and click Properties.4. Click Advanced and click the WINS tab.5. Under NetBIOS setting, select Default.

Verify required user rights

When installing WebSphere Application Server and DB2 on Windows 2003 and later operating systems,the user who installs the product must be a member of administrators group and also haveadministrative permissions. If you are a member of a local administrators group and you use a local useraccount, you can enable the built-in Administrator account and use it to connect:

From the Control Panel, click Administrative Tools > Local Security Policy > Local Policies > UserRights Assignment. You must add the Administrator account to the following required rights:v Act as part of the operating systemv Create token objectv Lock pages in memoryv Log on as a servicev Adjust memory quotas for a processv Replace a process level token

Disable automatic updates

By default, the Windows automatic updates are enabled. If you do not disable them, some Windowsupdates require a reboot of the provisioning server, which might cause the Tivoli Provisioning Managerinstallation to fail. For information about disabling Windows updates, see your Microsoft Windowsdocumentation.

2008

Uninstall Global Secure ToolKit

If Global Secure ToolKit (GSKit) is installed on your system, you must uninstall it before you start theinstallation, otherwise the installation might fail.


Database and directory server requirementsEnsure that you meet the requirements for your operating system or database before installing TivoliProvisioning Manager.

Database server requirementsDB2 is supported on Windows, UNIX, and Linux. Oracle Database is supported on UNIX and Linux.

2000DB2

DB2 Enterprise Server 9.5 FP3a

If you are planning to use DB2 as your database, review the following information:v To meet the table space disk space requirements for the DB2 installation, ensure that you have a

minimum of 8 GB of free space in the DB2 installation directory.

Directory server requirementsEither Tivoli Directory Server or Microsoft Windows Server 2003 Active Directory are supported asdirectory server.

Tivoli Directory Server

If you are planning to use Tivoli Directory Server as your directory server, review the followinginformation:v Depending on the operating system, Tivoli Directory Server can be installed either automatically, as

part of the middleware installation, or must be installed manually.v If you are installing a new Tivoli Directory Server, and you do not have corporate password change

procedures already in place, you must perform the steps in “Changing user passwords” on page 219before attempting to change user passwords.

Microsoft Windows Server 2003 Active Directory

If you are planning to use Microsoft Windows Server 2003 Active Directory as your directory server,review the following information:v Microsoft Active Directory Application Mode (ADAM) is not supported.v You must obtain your own Microsoft Active Directory installation media and install it before installing

Tivoli Provisioning Manager.v Before installing and setting up your Microsoft Active Directory system, ensure that you meet all

requirements, as detailed in the Microsoft Active Directory documentation.

Browser requirementsTivoli Provisioning Manager requires a browser to run the installation launchpad and the web interface.Ensure that you meet the browser requirements.

The following web browsers are supported:v Microsoft Internet Explorer version 6.0 or 7.0 with the latest patch.v Mozilla Firefox 3.0 and higher.

To verify the Mozilla Firefox version, run:firefox -version

Ensure that the command returns no errors before starting the installation.

Note: You can remove the browser and the associated packages after the installation is completed.


Preinstallation Step 6: Verify the environmentVerify rules for host names, IP addresses, ports, remote network connections, and other environmentrequirements.

Host names and IP addresses

The following requirements apply to host names:v A fully qualified domain name must be configured. For example, if the host name is river and the

domain name is example.com, the fully qualified domain name is river.example.com. This value iscase-sensitive.

v A static IP address must be configured. A dynamic IP address is not supported for the provisioningserver.

2008 To configure a static IP address:1. Click Start > Control Panel.2. Under Network and Internet, click View network status and tasks.3. Under Tasks, click Manage network connections.4. Right-click Local area connection and click Properties.5. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.6. Ensure that Use the following IP address is selected and enter the IP address that you are using for

the provisioning server. If you do not know the IP address, contact your system administrator.

2003 To configure a static IP address:1. Click Start > Control Panel > Network Connections.2. Right-click the LAN connection that represents your network adapter and click Properties.3. Select Internet Protocol (TCP/IP) and click Properties.4. Ensure that Use the following IP address is selected and enter the IP address that you are using for

the provisioning server. If you do not know how to set a static IP address, contact your network orsystem administrator.

Resolving host names with a DNS server

If you are using a DNS server to resolve host names, the host name must be configured on the DNSserver. Also, the host name configured on the DNS server must match the host name configured in theoperating system. To verify that the host names match, complete the following steps:1. Check the host name configured in the operating system. Run the following command:

hostname

The command returns the short host name for the computer, for example, mycomputer.2. 2008 Verify the computer name information:

a. Click Start > Control Panel > System and Maintenance > System.b. Under Computer name, domain, and workgroup settings, verify that Full computer name

displays the fully qualified domain name of the computer. For example mycomputer.example.com.This value is case-sensitive.

c. If you need to modify the name, complete the following steps:1) Click Change Settings.2) In the System Properties dialog box, click Change.3) Verify that the Computer name field displays the correct host name. For example, mycomputer.

Change the name if necessary.4) Click More.5) In the DNS Suffix and NetBIOS Computer Name dialog box, verify that the Primary DNS

suffix of this computer field displays the correct domain name suffix. For example,example.com. Change the suffix if necessary.

3. 2003 Verify the computer name information:


a. Right-click My Computer and click Properties.b. Click the Computer Name tab.c. Verify that the Full computer name field displays the fully qualified domain name of the

computer. For example mycomputer.example.com.d. If you need to modify the name, complete the following steps:

1) Click Change.2) In the Computer Name Changes window, verify that the Computer name field displays the

correct host name. For example, mycomputer. Change the name if necessary.3) Click More.4) In the DNS Suffix and NetBIOS Computer Name dialog box, verify that the Primary DNS

suffix of this computer field displays the correct domain name suffix. For example,example.com. Change the suffix if necessary.

4. Check the host name configured on the DNS server. Run the following command:nslookup host_name

where host_name is the short host name returned in the previous step.The nslookup command returns the fully qualified domain name configured on the DNS server, forexample, mycomputer.example.com.

5. 2008 If the nslookup command does not return the correct domain name, ensure that yournetwork connection is correctly configured to resolve domain names:a. Click Start > Control Panel.b. Under Network and Internet, click View network status and tasks.c. Under Tasks, click Manage network connections.d. Right-click Local area connection and click Properties.e. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.f. Click Advanced.g. Click the DNS tab.h. If Append these DNS suffixes (in order) is selected, ensure that the domain name is listed at the

top of the list of DNS suffixes.i. If the domain name is not included in the list, click Add to add the domain name and click the up

arrow icon to position it at the top of the list.6. 2003 If the nslookup command does not return the correct domain name, ensure that your

network connection is correctly configured to resolve domain names:a. Click Start > Settings > Control Panel > Network Connections.b. Right-click the local area connection, and then click Properties.c. Select Internet Protocol (TCP/IP) and then click Properties.d. Click Advanced.e. Click the DNS tab.f. If Append these DNS suffixes is selected, ensure that the domain name is listed at the top of the

list of DNS suffixes.g. If the domain name is not included in the list, click Add to add the domain name and click the

up arrow button to position it at the top of the list.h. Click OK.

Resolving host names with a hosts file

If you are using a hosts file to resolve IP addresses, the file must be configured correctly. The file istypically located in:v C:\WINDOWS\system32\drivers\etc\hosts

Verify that you can run the command ping localhost successfully. If you receive an error, there might bea problem with the format of your hosts file. The file must include the following information, in the orderthat is specified:v The IP address, fully qualified domain name, and host name of the computer where you are running

the installer as the first entry.


v The IP address 127.0.0.1, the fully qualified domain name localhost.localdomain, and the host namelocalhost.

For example, for a computer with the host name river, the file content is like the following example:#IP address Fully Qualified Domain Name Short Name10.0.0.12 river.example.com river127.0.0.1 localhost.localdomain localhost

Remote configuration for multiserver topologies

If you are using a multiserver topology, the base services installation uses Remote Execution and Access(RXA) to configure middleware. To use RXA, a supported remote access protocol must be enabled oneach computer on which you are installing middleware and an administrative user must be configuredon each computer for remote access.

In a remote configuration, accessing network drives on the local or remote system is not supported.v You must use a user name with administrative access to connect to the computer.v The remote access protocol must be SMB. Ensure that the default protocols are enabled:

– Client for Microsoft Networks or the server equivalent.– File and Printer Sharing for Microsoft Networks.

v Cygwin SSH is not supported. If Cygwin is installed on a remote Windows computer, the SSH daemonmust be stopped. To stop SSH, run:cygrunsrv --stop sshd

v If you are using a firewall, ports 137 (NetBIOS name service) and 139 (NetBIOS session) must not beblocked.

v To ensure correct operation, RXA requires access to the hidden remote administrative disk share, toaccess %TEMP% and other directories. To access remote registries, RXA requires access to theInterprocess Communications share (IPC$). To do this:1. Click Start > Control Panel > Administrative Services > Services.2. Ensure that the following services are started:

– Computer Browser.– Routing and Remote Access.

Networking requirements

If you want to support IPv6 addressing in Tivoli Provisioning Manager, Cygwin 1.7 or later must beinstalled.

Network media speed settings

1. Open the device manager by running the command devmgmt.msc from the Start > Run menu.2. Right-click Network adapters and click Properties.3. Under the Advanced tab, set the Link Speed & Duplex option. Contact your system administrator to

set the option to the correct value.

Port requirements

Verify dynamic port allocation:1. At a command prompt, run:

netsh int ipv4 show dynamicport tcpnetsh int ipv4 show dynamicport udp

2008


netsh interface ipv4 show dynamicportrange tcp

2. In the output, check the starting port value. If port numbers in the range 8800 - 10000 are listed,change the starting port value by running:netsh int <ipv4|ipv6> set dynamic <tcp|udp> start=number num=range

where number is the starting port number and range is the total number of ports. Ensure that you donot set the starting port number to a value in the range from 8800 to 10000, because the ports in thisrange are used by WebSphere Application Server.

The ports listed in the following table must be available.

Note: A PING command issued from the administrative workstation during installation must receive aresponse from each server involved in the deployment. Ensure that each middleware host server isconfigured to respond to PING requests.

Table 7. Communication ports used by Tivoli Provisioning Manager. In the Direction column the arrow points fromthe source port to the destination port.

Usage Protocol Provisioning serverport

Direction Managed computer port

The agent manager TCP 9511, 9512, 9513 ← any

BootDiscovery UDP (multicast) 4011

IP:233.1.0.1

← any

DCHP REPLY UDP 67 → 68

DHCP REQUEST UDP (broadcast) 67 ← any

Directory server admindaemon port

3538

Directory server admindaemon secure port

3539

Directory server port 389

Directory server secureport

636

Eclipse embeddeddatabase

TCP 1527 ← any

FASTPort UDP 4025 ← any

FileServerPort UDP 4013 ← any

FileMCAST-Address UDP any → 10000

HTTPServer 80 (9080)

MTFTPPort UDP 4015 ← any

MTFTPClients UDP (multicast) any → 8500

IP:233.1.0.1

NBPServer UDP 4012 ← any

NetBIOS name service TCP 137 ←→

137

Used during installation. Inmultiserver topologies, enablethe port on a remote databaseserver or remote directoryserver.

PROXY DHCP UDP 4011 ← any


Table 7. Communication ports used by Tivoli Provisioning Manager (continued). In the Direction column the arrowpoints from the source port to the destination port.

SMB/NetBIOS TCP any → 445

SNMP UDP any → 161

SNMP-TRAP UDP 162 ← any

SSH TCP any → 22

Telnet TCP 23 ← any

TFTP UDP 69 ← any

TS TCP any → 3389

WebSphere ApplicationServer

TCP 8881, 9082, 9045, 9046,9443

← any

WebSphere ApplicationServer SOAP port

8879

WebSphere ApplicationServer AdministrativeConsole secure port

9043, 9044

WebSphere ApplicationServer AdministrativeConsole

9060, 9061

Web Server port 9430

2000DB2 DB2 instanceport

50005

SSH requirements1. The file /etc/ssh/sshd_config exists. This file contains SSH configuration settings that are used to

validate other SSH requirements for installation.2. root access is permitted by the SSH daemon (sshd). In the file /etc/ssh/sshd_config, ensure that the

PermitRootLogin line is not commented out and that the value for this setting is yes.3. SSH must be running to perform installation. To check the status of SSH, run:

ps -ef | grep sshd

If SSH is running, an entry for /usr/sbin/sshd is displayed.

POWER7®

1. Add JAVA_COMPILER=NONE to /etc/environment on the system.2. Ensure JAVA_HOME is not set in the environment.3. Edit the $PATH environment variable to remove any directories containing a JRE. As an example,

remove /usr/java5/jre/bin:/usr/java5/bin from the path.4. Start the launchpad using:

cd /usr/IBM/source/installJAVA_COMPILER=NONE./launchpad.sh

Note: The DB2 shipped with the middleware installer is not supported on Power7.

Using an X session1. Download the VNC package from http://www-03.ibm.com/systems/power/software/aix/linux/

toolbox/download.html.2. Install the package by running the command:


http://www-03.ibm.com/systems/power/software/aix/linux/toolbox/download.html

http://www-03.ibm.com/systems/power/software/aix/linux/toolbox/download.html

rpm -ivh package_name

where package_name is the name of the package that you downloaded.3. Log on as the user that connects to VNC.4. Start the VNC server. VNC prompts you for the password for a VNC connection.

You might need to adjust the color depth and resolution with the depth and geometry options. Forexample, Firefox requires a 24-bit color depth or a greater color depth. A lower color depth mightcause browser failures. Set the geometry option so that the size of the VNC window is appropriate foryour current display settings and video card. The following command sets color depth to 24-bit andresolution to 1280 by 1024:/usr/bin/X11/vncserver -depth 24 -geometry 1280x1024

To connect to the VNC desktop from a Windows computer:v Using HTTP:

1. Go to http://host_name:5801.v Using VNC client:

1. Install a VNC client.2. Run the VNC client and enter:

host_name:port_number

where host_name is the host name of the AIX computer. The default port number for the connection is5801. You can find the port number in $HOME/.vnc/host_name:display_number.log.

You can also access VNC desktop using other VNC clients.

Antivirus software or process-intensive software

Check the computers in your installation topology for processes that consume many system resources,such as a scheduled thorough antivirus scan. These processes can cause some installation operations totime out. Stop or reschedule these processes before starting the installation.

Reinstalling Tivoli Provisioning Manager

You must uninstall Tivoli Provisioning Manager completely before attempting to install again. For moreinformation, see Chapter 5, “Uninstalling Tivoli Provisioning Manager,” on page 139.

Preinstallation Step 7: Verify requirements for user names, databasenames, and user passwordsVerify requirements for user names, database names, user passwords, and names for DB2 objects such asdatabase instances.

General requirements for user names, database names, and user passwords

The following general rules apply to all user names, database and database instance names, and userpasswords.

User namesThe following restrictions apply to characters in a user name:v Unless otherwise stated in other rules in this section, names can only contain English

alphanumeric characters or the following characters: period (.), at sign (@), hyphen (-), andunderscore (_).

v 2000DB2 The following additional restrictions on user names apply:– Names cannot begin with a number or with the underscore (_) character.


– You cannot use SQL reserved words.–

- Names can be in upper, lower, and mixed-case.- Group names and user names can contain up to 30 bytes.- When not using Client authentication, non-Windows 32-bit clients connecting to Windows

with user names longer than 8 bytes are supported when the user name and password arespecified explicitly.

– User and group names cannot:- Be USERS, ADMINS, GUESTS, PUBLIC, LOCAL, or any SQL reserved word.- Begin with IBM, SQL, or SYS.

– User and group names must also follow the rules forced on specific operating systems bythe related systems.

Database and database instance namesFor instance names, the rules for user names and group names apply. In addition:

DB2 database instance

v Instance names can have up to 8 bytes.v Instance names cannot contain the # character.v No instance can have the same name as a service name.

Tivoli Directory Server database and instance names

v Database names must be unique within the location in which they are cataloged. Thislocation is:– A logical disk.

v Database alias names must be unique within the system database directory. When anew database is created, the alias defaults to the database name. As a result, youcannot create a database using a name that exists as a database alias, even if there is nodatabase with that name.

v Database and database alias names can have up to 8 bytes.v Database and instance names:

– Can have up to 8 bytes.– Cannot be any of the following values: USERS, ADMINS, GUESTS, PUBLIC,

LOCAL, idsldap.– Cannot begin with any of the following values: IBM, SQL, SYS.– Cannot include accented characters.– Cannot include special characters @, #, and $ if you intend to use the database in a

communications environment. Because these characters are not common to allkeyboards, do not use them if you plan to use the database in another language.

– Can include the following characters:- A through Z- a through z- 0 through 9

– Must begin with one of the following characters:- A through Z- a through z

User passwordsSome restrictions apply to passwords that you can use. Verify the following requirements:v Passwords can only contain English alphanumeric characters or the following characters:

period (.), hyphen (-), and underscore (_).v Do not use a period (.) if it is at the end of the password.


v Do not use these characters in passwords:& ^ < > " ’ ) ( | ! ? $ # % ` \ + <space character>

v 2000DB2 The following rules apply to DB2 user passwords. See your DB2 documentation forfurther information.– Passwords cannot begin with an ampersand (&).– Passwords can be a maximum of 14 bytes.

v Some operating systems and databases might have more password rules, such as minimumlength and simplicity. For more information, see the operating system and databasedocumentation.

Additional considerationsSome security controls configured in your environment can prevent the Tivoli ProvisioningManager installer from creating the required user accounts on your system for installation. Somefactors include:v Permissions or access control lists configured for the computer can prevent the installer from

creating users, creating user-related files and directories, or assigning permissions.v If a password that you specify during installation does not conform to the password policy

configured in your environment, the user creation process fails for the user associated with thenoncompliant password.

If you encounter problems with user creation during installation you might need to manuallycreate the required users to ensure compliance with all security policies and compliance withTivoli Provisioning Manager requirements. The installer can then use the configured useraccounts and user settings to perform the installation.

Additional user requirements on Windowsv In addition to the created users, a user with administrator access is required to start the installation.

The user must belong to the Administrators group. The default Windows user Administrator has therequired access.

v Users are created as system accounts in the operating system. Domain account users defined on adirectory server are not supported for the users required during installation.

Preinstallation Step 8: Prepare installation mediaThe Tivoli Provisioning Manager package includes installation media for Tivoli Provisioning Managerand the prerequisite software.

As a licensed customer, you can get the installation media from:v The IBM Passport Advantage® web site.v The installation DVDs.

Note:

v Microsoft Active Directory installation images are not provided. If you are using Microsoft ActiveDirectory, you must obtain the installation media yourself.

If using downloaded installation imagesProcedure1. Download the installation images from Passport Advantage. For more information, go to

http://www.ibm.com/support/docview.wss?rs=1015&uid=swg24026704.2. Download all installation images into a single directory on the provisioning server. For example:

C:\install_images


http://www.ibm.com/support/docview.wss?rs=1015&uid=swg24026704

3. Extract the contents of all installation images into the directory that you have created. You mustextract the files on the computer where you are running the installer so that the files have the correctpermissions. You can extract the installation images in any order. If you get a message saying that afile is replaced by another one, select Yes.v Use Winzip

4. If you have Cygwin installed, run the following command to set the appropriate permissions:chmod -R 775 extract_dir

where extract_dir is the full path of the directory where you extracted the images.

If using installation DVDsv To start the installation launchpad and run installers from the launchpad, use the appropriate

Installation DVD for your operating system.v During middleware installation, when prompted, use the appropriate Middleware DVD for your

operating system and hardware.v During core components installation, when prompted, use the appropriate Core Components DVD for

your operating system and hardware. Some operating systems and hardware might require more thanone DVD.

v For some Tivoli Provisioning Manager for OS Deployment features, such as installing additional TivoliProvisioning Manager for OS Deployment servers, you need the Installation Supplemental DVD.


Chapter 3. Installing Tivoli Provisioning Manager

This topic provides information about running a custom installation, where you can customizeinstallation settings and use a multiserver topology.

The following diagram shows the high-level steps for a custom installation.

1. Install or reuse middleware

The database server, directory server, and application server must be installed first. You can usesupported middleware that you have already installed or use the middleware installer to install newmiddleware.

2. Install base services

As part of the base services installation, you can install support for languages other than English byinstalling the language pack on the same computer as the base services.

3. Install core components

The core components must be installed on the computer where you installed WebSphere ApplicationServer during the middleware installation step.

4. Install web components

The web components must be installed on the computer where you installed the base services.


Provisioning server

Legend

Software is installed

4. Install webcomponents

3. Install corecomponents

2. Install baseservices

1. Install or reusemiddleware

Figure 2. Custom installation steps


Example deployment scenariosThe following examples show the high level steps for different deployment scenarios.

Example 1: Full installation: single-server installation

In this example, you are installing all product components on one computer with DB2 as the databaseand Tivoli Directory Server as the directory server. This installation scenario is only supported if you areusing an operating system that supports the administrative workstation software for deploying baseservices and web components. For information about the supported operating systems, see“Preinstallation Step 5: Verify component requirements” on page 12.1. Start the launchpad.2. From the launchpad, install the middleware.3. From the launchpad, install the base services. You can import your middleware settings from the

middleware workspace to use default values for the installation settings.4. From the launchpad, install the core components. You can import your middleware settings from the

middleware workspace to use default values for the installation settings.5. From the launchpad, install the web components.6. See Chapter 4, “Post-installation tasks,” on page 131 for any additional configuration that is required

after installation.

Example 2: Full installation: single-server installation with a separateadministrative workstation

The administrative workstation software is only supported on specific operating systems. If you want toinstall all runtime components on a single computer using a different operating system, you must use aseparate computer for the administrative workstation.

Computer 1Provisioning server

Computer 2Administrative workstation

1. On Computer 1, start the launchpad.2. From the launchpad, install the middleware.3. On Computer 2, start the launchpad.4. From the launchpad, install the base services. You can import your middleware settings from the

middleware workspace on the provisioning server.5. On Computer 1, from the launchpad, install the core components. You can import your middleware

settings from the middleware workspace to use default values for the installation settings.6. On Computer 2, from the launchpad, install the web components.7. See Chapter 4, “Post-installation tasks,” on page 131 for any additional configuration that is required

after installation.

Example 3: Full installation: multiserver topology

In this example, you are doing a full installation of all product components and you want to install DB2and Tivoli Directory Server on separate computers.

Computer 1Install DB2

Computer 2Install Tivoli Directory Server


Computer 3Install WebSphere Application Server and other components. In this example, the computer is aWindows computer, therefore a separate administrative workstation is not required.

WebSphere Application Server must be installed after the directory server so that you can secure it withthe directory server.1. Create a middleware workspace in a directory location that is accessible to all computers in the

topology. This is the simplest way to share the installation data for installed middleware betweeneach computer and the various installers you run. For more information about the middlewareworkspace, see “The middleware installer workspace” on page 34.

Note: If you do not use a shared location for the middleware workspace, a separatetopology.properties file is saved for each middleware installation that you perform on eachcomputer. You must manually consolidate the data into a single topology.properties file and copythe middleware workspace to a local directory on each computer in the topology as you perform theinstallation.

2. On Computer 1, start the launchpad.3. From the launchpad, run the middleware installer to install DB2.4. On Computer 2, manually create the workspace directory. The default location is:

v C:\ibm\tivoli\mwi\workspace

5. Copy your middleware settings to the next computer:a. Copy the topology.properties file from Computer 1 to the middleware workspace on Computer

2. The default location of the topology.properties file is:v C:\ibm\tivoli\mwi\workspace

b. Edit the topology.properties file on Computer 2 so that the middleware installer is aware thatthe database server settings are from another computer. In each line, change machine1 tomachine2. For example, this line for the database server:machine1.DB2_SERVER_9_1_1.db2.fenced.user=tx2fenc1

Must be changed to:machine2.DB2_SERVER_9_1_1.db2.fenced.user=tx2fenc1

Leave the original topology.properties file on Computer 1 unchanged.6. On Computer 2, start the launchpad.7. From the launchpad, run the middleware installer to install Tivoli Directory Server.8. Copy your middleware settings to the next computer:

a. Copy the topology.properties file from Computer 2 to the middleware workspace on Computer3.

b. Edit the topology.properties file on Computer 3 so that the middleware installer is aware thatthe database server and directory server settings are from another computer. Change machine1settings from the directory server to machine3. Leave the topology.properties on Computer 1and Computer 2 unchanged.

9. On Computer 3, start the launchpad.10. From the launchpad, run the middleware installer to install WebSphere Application Server.11. From the launchpad, install the base services. You can import your middleware settings from the

middleware workspace on the provisioning server.12. From the launchpad, install the core components. Import the middleware settings from the

middleware workspace.13. From the launchpad, install the web components.14. See Chapter 4, “Post-installation tasks,” on page 131 for any additional configuration that is required

after installation.

Chapter 3. Installation tasks 27

Example 4: Reuse an existing directory server

The topology for this example is the same as the previous one, but you are using an existing directoryserver instead of installing a new one.

Computer 1Install DB2

Computer 2Reuse an existing Tivoli Directory Server installation

Computer 3Install WebSphere Application Server and other components. In this example, this computer is aWindows computer so that a separate administrative workstation is not required.

WebSphere Application Server must be installed after the directory server so that you can secure it withthe directory server.1. Create a middleware workspace in a directory location that is accessible to all computers in the

topology. This is the simplest way to share the installation data for installed middleware betweeneach computer and the various installers you run. For more information about the middlewareworkspace, see “The middleware installer workspace” on page 34.

Note: If you do not use a shared location for the middleware workspace, a separatetopology.properties file is saved for each middleware installation that you perform on eachcomputer. You must manually consolidate the data into a single topology.properties file and copythe middleware workspace to a local directory on each computer in the topology as you perform theinstallation.

2. On Computer 1, start the launchpad.3. From the launchpad, run the middleware installer to install DB2.4. Copy your middleware settings to the next computer:

a. Copy the topology.properties file from Computer 1 to the middleware workspace on Computer2.

b. Edit the topology.properties file on Computer 2 so that the middleware installer is aware thatthe database server settings are from another computer. In each line, change machine1 tomachine2. For example, this line for the database server:machine1.DB2_SERVER_9_1_1.db2.fenced.user=tx2fenc1

Must be changed to:machine2.DB2_SERVER_9_1_1.db2.fenced.user=tx2fenc1

Leave the original topology.properties file on Computer 1 unchanged.5. On Computer 2, ensure that your existing directory server is configured correctly for Tivoli

Provisioning Manager. You can use the middleware installer to verify your directory serverconfiguration. See “Verifying an existing Tivoli Directory Server with the middleware installer” onpage 48.

6. Copy your middleware settings to the next computer:a. Copy the topology.properties file from Computer 2 to the middleware workspace on Computer

3.b. Edit the topology.properties file on Computer 3 so that the middleware installer is aware that

the database server and directory server settings are from another computer. Change machine1settings from the directory server to machine3. Leave the topology.properties on Computer 1and Computer 2.

7. On Computer 3, start the launchpad.8. From the launchpad, run the middleware installer to install WebSphere Application Server.


9. From the launchpad, install the base services. Import your middleware settings from the middlewareworkspace on the provisioning server.

10. From the launchpad, install the core components. Import the middleware settings from themiddleware workspace.

11. From the launchpad, install the web components.12. See Chapter 4, “Post-installation tasks,” on page 131 for any additional configuration that is required

after installation.

Example 5: Install Tivoli Provisioning Manager with another product in a baseservices environment

Tivoli Provisioning Manager is compatible with other products installed on Version 7.1.1.6 of the baseservices. There are some limitations to compatibility considerations described in “Supported platformsand compatibility” on page 1.

The installation of other products with Tivoli Provisioning Manager requires additional planning andmanual configuration steps. For some examples of the installation process for Tivoli ProvisioningManager and another product in a base services environment, see Installation of IBM Tivoli Change andConfiguration Management Database and Tivoli Service Request Manager® with Tivoli ProvisioningManager version 7.2 in the Tivoli Provisioning Manager wiki.

Starting the launchpadThe launchpad lets you install all components that are required for Tivoli Provisioning Manager.

Procedure1. Log on to an account with system administration privileges.2. If you are using DVDs, insert the Installation DVD for Windows. The disk must be inserted for the

duration of the installation.3. Run launchpad64.exe (Windows 64-bit) or launchpad.exe (Windows 32-bit) from the root directory.4. In the launchpad, select a language and click OK.

Results

The launchpad panel is displayed.

When the launchpad is running, the generated launchpad messages are captured in a hidden log frame.To display the log frame on the bottom of the launchpad panels during run time, hold Ctrl and click inthe banner frame of the launchpad. Messages that are generated while the launchpad is running are notautomatically saved on the hard disk. You can save the messages from a runtime session by clicking Saveat the bottom of the log frame and specifying where you want to save the file.

Installing the middleware on Windows, AIX, and LinuxBefore you can install Tivoli Provisioning Manager, there are several middleware products that must bedeployed.

This topic provides information for installing the middleware on Windows, AIX, and all Linux operatingsystems except SUSE Linux Enterprise Server 11.

The middleware installer provides an interface for installing and deploying middleware in a reliablemanner. The following table describes middleware deployment options:


http://www.ibm.com/developerworks/wikis/pages/viewpage.action?pageId=138314303



Table 8. Middleware installation options

Application Installation options

Application server You must install a new instance of WebSphere Application Server 6.1.0.29. If you wantto use an existing WebSphere Application Server, you must install and configure itmanually. For more information, see “Manually configuring WebSphere ApplicationServer” on page 70.

The application server deployment must be secured with a directory server. You mustchoose to use a local or remote Tivoli Directory Server or Microsoft Active Directory.

Database serverv 2000DB2 You can install a new instance of DB2 or use an existing instance.

Directory serverTivoli Directory Server

You can install a new instance of Tivoli Directory Server or use an existinginstance. If you choose to install a new instance of Tivoli Directory Server,you must choose to install a new DB2 instance or reuse an existing DB2server. Alternatively, you can use the Tivoli Provisioning Manager databaseserver for the DB2 data store if the Tivoli Provisioning Manager databaseserver uses DB2. If you choose to install the directory server but not thedatabase server, the middleware installer will attempt to locate an existingdatabase instance to use. If it fails to locate an existing instance, it installs adatabase for use with the directory server.

Microsoft Active DirectoryYou must install and configure the software manually. For more information,see “Manually configuring Microsoft Active Directory” on page 60.

Additional software The middleware installer performs a number of additional tasks. If you will not beusing the middleware installer and will be configuring the existing middlewareresources manually, you also need to perform the following tasks:

v Configure VMM after the application server and the directory server have beeninstalled and configured. The directory server contains information about TivoliProvisioning Manager users and groups and it communicates that information tothe Maximo database using VMM to provide security and access to TivoliProvisioning Manager applications. For more information, see “Manuallyconfiguring Virtual Member Manager on WebSphere Application Server” on page71.

v Configure authentication services. For more information, see “Manuallyconfiguring the authentication service” on page 82.

The middleware installer deploys software on the computer where you are running it. To deploymiddleware on separate computers, the middleware installer must be run on each computer in thetopology you have chosen. Ensure you have a strategy for deploying middleware for each system youplan to use in your deployment. If you deploy a component using the middleware installer on a system,for example, DB2, and then later decide you would also like to add Tivoli Directory Server to that samesystem, you must undeploy DB2 before redeploying it in the same middleware installer deployment planthat included Tivoli Directory Server. When installing Tivoli Provisioning Manager middleware on asystem, you must install all the middleware intended for that system at one time.

A process ID is generated each time the middleware installer is used to install or uninstall a set ofmiddleware products. The process ID will appear on the file system in various places related to logs andgenerated files, such as file names, directory names, and log messages. The process ID is used to grouplogs and other generated files that are related to the same invocation of the middleware installer. It alsoseparates logs and other generated files that are related to different invocations of the middlewareinstaller. The process ID is a string of the format [operation_MMdd_HH.mm], where operation is a stringindicating the operation being performed, such as "INSTALL" or "UNINSTALL", MM is a two-digit


number (1-12) indicating the current month, dd is a two-digit number (1-31) indicating the current day inthe month, HH is a two-digit number (0-23) indicating the current hour, and mm is a two-digit number(0-59) indicating the current minute. Here are some examples of process ID values:v [INSTALL_0924_15.45]

An installation started on September 24 at 3:45pmv [UNINSTALL_1216_09.59]

An uninstallation started on December 16 at 9:59am

Planning worksheets for middleware installationBefore you start the middleware installation, use the planning worksheets to record the values to specifywhen you install the middleware. You can also use the worksheets if you manually configure or reuseexisting middleware. For distributed deployments, record multiple values where appropriate.

Users and groups

In this table, list the users and groups that you want to create if you do not want to use the defaultvalues.

Table 9. Users and groups created during middleware installation

User Group Description Your value

db2admin v Administrators

v DB2ADMNS

v DB2USERS

DB2 administrator. Windows Serviceuser ID.

maximo Used for Maximo databaseconfiguration.

wasadmin Not a system user. User ID created for use with IBMWebSphere Application Server NetworkDeployment.

Directory locations

In this table, list the middleware directory locations to use.

Table 10. Directory locations

Setting Default Your value

Workspace directory user_home\ibm\tivoli\mwi\workspace

Middleware images source directory n/a

Compressed images directory n/a

Uncompressed images directory n/a

2000DB2


DB2 configuration

In this table, list the configuration values to use when you install DB2.

Table 11. DB2 configuration


Installation directory v SystemDrive:\ProgramFiles\IBM\SQLLIB

DAS user v db2admin

Instance name ctginst1

Port 50005

Database instance user ID v db2admin

DB2 administrators group v DB2ADMNS

DB2 users group DB2USERS

Use same user name and passwordfor remaining DB2 Services

YES

Configure Tools Catalog NO

This value is relevant for reusescenarios only.

Enable operating system security forDB2 objects

YES

This value is relevant for reusescenarios only.

DB2 instance port 50000

Data table space name MAXDATA

Data table space size 5000 MB

Temporary table space name MAXTEMP

Temporary table space size 1000 MB

WebSphere Application Server Network Deployment configuration

List the configuration values to use when you install WebSphere Application Server NetworkDeployment.

Table 12. WebSphere Application Server Network Deployment configuration


Installation location v C:\Program Files\IBM\WebSphere\AppServer

WebSphere Administration user name wasadmin

Deployment Manager profile name ctgDmgr01

Application server profile name ctgAppSrv01

Cell name ctgCell01

Deployment Manager node name ctgCellManager01

Application server node name ctgNode01

HTTP server installation location v C:\Program Files\IBM\HTTPServer


Table 12. WebSphere Application Server Network Deployment configuration (continued)


HTTP port 80

This port might be in use. Ensurethat you either free this port, or useanother port that is unassigned.

HTTP admin server port 8008

HTTP plug-in profile name ctgAppSvr01

IBM Tivoli Directory Server configuration

In this table, list the configuration values to use when you install IBM Tivoli Directory Server.

Table 13. IBM Tivoli Directory Server configuration


Installation location v C:\Program Files\IBM\LDAP\V6.2

Administrator distinguished name cn=root

Organizational unit ou=SWG

Organization and country suffix o=IBM,c=US


Directory server secure port 636

Administration port 3538

Administration secure port 3539

Database name security

Instance name idsccmdb

Instance port 50006

Instance user name idsccmdb

Microsoft Active Directory configuration

List the configuration values to use when you install Microsoft Active Directory.

Table 14. Microsoft Active Directory configuration



LDAP base entry DC=itsm,DC=com

User suffix OU=Users,OU=SWG,DC=itsm,DC=com

Group suffix OU=Groups,OU=SWG,DC=itsm,DC=com

Organization container suffix DC=itsm,DC=com

Bind distinguished name CN=Administrator,CN=Users,DC=itsm,DC=com


The middleware installer workspaceThe middleware installer is designed to record the options you select during install in a directory referredto as the workspace, and then configure the components selected as a single deployed application. Therecorded options can also be imported by other installers so that some fields can be filled automaticallyfor you.

Once a plan has been deployed, the middleware installer cannot subsequently deploy additional featuresand products onto the computer at a later time. The existing plan must first be completely removedthrough the middleware installer before a different set of features and products can be deployed.

The composition and details of the deployment, as well as any logs generated by the middleware installerprocess are located in the workspace.

By default, the middleware installer workspace is defined as:v C:\ibm\tivoli\mwi\workspace

The workspace can be defined on a shared resource that is made available to all the systems that will runthe middleware installer. Locating the workspace on a shared resource avoids the need to copy files suchas the topology file manually from one computer to another.

The workspace contains the following items:

Deployment PlanThe deployment plan is a collection of installation steps, configuration parameters for those steps,and target computer information. It is generated through the middleware installer and it residesin the workspace directory.

When deployment steps are changed, the existing deployment plan is deleted and replaced withthe new deployment plan.

The deployment plan configuration files contain information about the deployment plan itself.Whenever a deployment plan is modified, which includes reconfiguration of existing deploymentchoices, the deployment plan configuration files will be deleted and regenerated when thedeployment plan is redeployed.

Topology FileThe topology file describes the configuration parameters of the middleware deployment. This fileis created and then updated after every deployment or undeployment. If you have not defined aworkspace that is centrally located and accessible to all the systems that will be receivingmiddleware, this file will have to be copied to the workspace of each computer wheremiddleware is being deployed. The contents of this file can be used by the Tivoli ProvisioningManager installation program to populate its panels with meaningful default values.

This file is saved in <workspace>/topology.properties.

Logs Log files that contain information about the deployment can be found in the workspace directory.In addition, log files native to the middleware itself are also contained in this directory.

The middleware installer logsThe middleware installer log files are located in the workspace directory that was defined in themiddleware installation program.

The different types of log files are described below.

User interface logsThe logs generated by the middleware installation program user interface are located in theworkspace directory.


The middleware installation program logs all information in <workspace_loc>/mwi.log. Thedefault workspace locations are:v C:\ibm\tivoli\mwi\workspace

The mwi.log file is the high-level log file that was generated by the most recent invocation of themiddleware installation program. If an error occurs, examine this log file first. An entry in thislog file can direct you to a lower-level log file.

Log files named mwi.logX, where X is a number, are copies of the mwi.log file from earlierinvocations of the middleware installation program. So, for example, mwi.log0 is produced afterthe first invocation of the middleware installation program, mwi.log1 is produced after the secondinvocation of the middleware installation program, and so on.

Logs for steps run by the user interfaceIn addition to collecting input from the user, the middleware installation program performssystem checks, for example:v dependency checking to ensure the operating system meets the deployment requirementsv inventorying the software on the system to locate existing instances of middleware products

deployed by the middleware installation programv checking the available disk space to ensure there is enough for the deployment

Each of these checks is produced in the form of a step so that it can also be run as part of thedeployment plan. When the user interface runs a step, it copies the step into a subdirectory of theworkspace directory. The log files generated by a step are located in the same subdirectory andfollow the same pattern as a step that is run as part of the deployment plan.

Logs for the deployment planThe deployment plan is located in the directory <Workspace Directory>/hostname/deploymentPlan, where host name is the host name of the current system. Each time thedeployment plan is used to install or uninstall middleware products, a process ID is assigned andlog files are generated.

The log files for the deployment plan are located in the subdirectory logs/processID. Theprimary log file for the deployment plan is DeploymentPlan.log, a high-level log file that lists thesteps invoked as part of the deployment plan.

Logs for the workstation planThe machine plan is located in the directory <Workspace Directory>/host name/deploymentPlan/MachinePlan_host name. The log files for the machine plan are located in the logs subdirectory.The primary log files for the machine plan are named MachinePlan_host name_processID. Theselog files contain the output generated by ANT when running the machine plan ANT script.

Logs for steps in the deployment planEach step in the deployment plan is located in a directory named <Workspace Directory>/hostname/deploymentPlan/MachinePlan_host name/stepNum_stepID, where stepNum is the sequencenumber of this step in installation processing order of the deployment plan and stepID identifiesthe step. The log files for the step are located in the logs subdirectory.

Some steps can provide a message log file named stepID_processID.message, which contains afew entries that summarize the result of invoking the step. All steps will provide a trace log filenamed stepID_processID.log, which contains many entries, typically including information aboutthe input parameters and the substeps invoked.

Logs for substepsEach step contains one or more substeps. The substeps perform the actual installation, uninstalland checking work for the middleware installation program.

Each substep is located in the directory <Workspace Directory>/host name/deploymentPlan/MachinePlan_host name/stepNum_stepID/operation/substepNum_substepID, where operation is theANT target in the step ANT script that invokes this substep. substepNum is the sequence number


of this substep in the processing order of the step, and substepID identifies the substep. Typicalvalues for operation are install, uninstall, and check.

The log files for the substep are typically located in a subdirectory named processID/logs.

Log files generated by the native middleware installation programs will also be kept here.

Installing and configuring the middleware with the middleware installerThis procedure explains how to use the middleware installer to create a deployment plan that isresponsible for installing and configuring prerequisite middleware products.

Before you beginv When entering values for host names, use fully qualified host names. This value is case-sensitive. For

information about verifying host names, see Resolving host names with a DNS server in “PreinstallationStep 6: Verify the environment” on page 16.

v You can force the use of alphanumeric host names within the middleware installation program bystarting it from the command line and the forceHostname=true parameter. For example:mwi-console -V forceHostname=true

v When installing and configuring middleware, consider the following special character restrictions:

Table 15. Special character restrictions for middleware configuration

Naming convention Restrictions

2000DB2 DB2 naming conventions for group names,user names, and user IDs

v Names and IDs cannot be any of the following values:USERS, ADMINS, GUESTS, PUBLIC, LOCAL, or anySQL-reserved word.

v Names and IDs cannot begin with IBM, SQL, SYS, orthe underscore character (_).

v Group names and user names can contain up to 30bytes.

2000DB2 DB2 naming conventions for DB2 instances v Instance names can have up to eight bytes and cannotcontain the # character.

v No instance can have the same name as a servicename.

2000DB2 DB2 naming conventions for passwords v Passwords can be a maximum of 14 bytes.

v Do not use the special characters @ # $

IBM Tivoli Directory Server naming conventions fordatabases and database aliases

v Database names must be unique within the location inwhich they are cataloged. This location is:

– a logical disk

v Database alias names must be unique within thesystem database directory. When a new database iscreated, the alias defaults to the database name. As aresult, you cannot create a database using a name thatexists as a database alias, even if there is no databasewith that name.

v Database and database alias names can have up toeight bytes.

v Do not use the special characters @ # $ because theyare not common to all keyboards.


Table 15. Special character restrictions for middleware configuration (continued)


IBM Tivoli Directory Server naming conventions forusers, groups, databases, and instances

v Values must not be longer than eight characters andcannot be any of the following values: USERS,ADMINS, GUESTS, PUBLIC, LOCAL, or idsldap

v Values cannot begin with IBM, SQL, or SYS.

v Values must not include accented characters.

v Values can include characters A through Z, a throughz, and 0 through 9.

v Values must begin with characters A through Z or athrough z.

v Double-byte characters cannot be used inadministrator passwords values.

v Passwords cannot contain the following specialcharacters: ` ' \ " |

WebSphere Application Server naming conventions forusers and passwords

v The administrator name cannot contain the followingcharacters: / \ * ,: ;=+?|< > & % ’"] [> # $ ~ ( ){ }

v The administrator name cannot begin with a period.

v The administrator name cannot contain leading andtrailing spaces.

Middleware installation program naming conventions v The middleware installation program does not validatethat your password is compliant with the operatingsystem of the target host. The passwords that youprovide must be valid for your environment.

v The middleware installation program does not checkfor accented characters in user name values. The useof accented characters might cause errors.

v You cannot use the % character.

v When entering LDAP values for Provisioning Manager installation panel fields, entries in LDIF files, orvalues you enter directly into a directory instance using the tools available from the directory server, beaware of the product-specific syntax rules for using special characters in an LDAP string. In most cases,to make special characters readable by the directory server, they must be preceded by an escapecharacter. Failing to escape special characters contained in an LDAP string used with ProvisioningManager might result in Provisioning Manager errors.Many directory server products consider a blank space as a special character that is part of the LDAPstring. Therefore, if you mistakenly enter an LDAP string that contains a blank, at the end of a fieldvalue, for example, and you do not precede the blank character with an escape character, you mightencounter Provisioning Manager errors that are difficult to troubleshoot.See the product documentation for your directory server for more information about special charactersin LDAP strings.

v When you install middleware using the middleware installation program, you are prompted for userIDs to initiate the installation of DB2, WebSphere Application Server, and IBM Tivoli Directory Server.You can either supply an existing system user ID, or allow the middleware installation program tocreate a user ID. The installation can fail if you supply an existing user account to install DB2 or IBMTivoli Directory Server and that user account is not located under the /home directory.

v In some cases, fields and labels displayed within the middleware installer are not correctly displayedon the panel when installing through remote sessions. Use the middleware installer locally on thesystem that hosts the middleware. If you experience display problems, minimize and then maximizethe middleware installer to force it to display the panel again.


v When installing middleware using the middleware installer, do not install multiple products into thesame custom directory. For example, when installing DB2, IBM Tivoli Directory Server, and WebSphereApplication Server Network Deployment on the same computer, do not install them all in a customdirectory called C:\ISM_middleware. However, you can install them in C:\ISM_middleware\DB2,C:\ISM_middleware\ITDS, and C:\ISM_middleware\WAS. You also cannot install one middleware productin a custom directory and then install another middleware product in a subdirectory of that customdirectory. For example, you cannot install WebSphere Application Server Network Deployment into thecustom directory C:\ISM_middleware, and then install IBM Tivoli Directory Server inC:\ISM_middleware\ITDS.

v 2000DB2 To install a DB2 instance for an existing user, run the following command:ln -s /home_directory/<username> /home/<username>

The instructions in this section are for a typical installation using default values. In addition, theseinstructions assume that you are using the middleware installer to install a complete set of middlewarefor use with Tivoli Provisioning Manager on a single computer. If you intend to deploy middlewareproducts across an array of computers, you must run the middleware installer on each computer,selecting which piece of middleware to install on that particular computer. In this case, you encounter asubset of the panels included in these instructions that are relevant to the middleware that you want toinstall on a computer.

Procedure1. Check for an existing installation of the solution installer. The default installation location is:

v C:\Program Files\IBM\Common\acsi

If the solution installer is already installed, start the service:v Check the Services control panel. If the IBM ADE service is not running, start it.

2. If you are installing middleware on a computer with a virtual IP address, the middleware installerdoes not allow you to select from a list of IP address host names. Perform the following steps oneach computer where you are installing the middleware with the middleware installer:a. Configure the computer so that it is using the virtual IP address. For example, if the computer is

configured for the address 9.31.26.3, but the virtual IP address is 9.31.26.12, configure thecomputer for 9.31.26.12.

b. Configure the computer so that it is using the virtual host name that is bound to the virtual IPaddress. For example, if the computer is configured for the host name real.example.com, but thevirtual host name is virtual.example.com, configure the computer for the host namevirtual.example.com.

c. You can now start the middleware installer. Ensure that you specify the virtual IP address andvirtual host name for each middleware application that is installed on a computer where youconfigured a virtual IP address and host name.

3. Start the launchpad.4. In the launchpad navigation pane, click Custom Installation.5. Under 1. Install the middleware, click Verify middleware installation prerequisites. After verifying

and confirming the prerequisites, return to the custom installation page.6. Click Install middleware.7. Select a language for the installation and click OK.8. In the Welcome panel, click Next.9. Accept the license agreement, and then click Next.

10. In the Choose Workspace panel, specify the directory for the middleware installer workspace, andthen click Next.The default location for the workspace is the last workspace location used by this user, as specifiedin the middleware user preferences node.


v If no previous workspace location exists in the middleware user preferences node, then the defaultlocation for the workspace is:– C:\ibm\tivoli\mwi\workspace

v If the selected directory does not exist, it is created.v If you specify an invalid path, the letters of the path are used to create a directory under

Launchpad/Install/MWI.For example, you specify a path of myworkspace, a valid drive letter is missing from the path. Theworkspace is therefore created in Launchpad\Install\MWI\myworkspace.

After deployment, the middleware installer also generates a topology file in this directory calledtopology.properties. If you are installing middleware on more than one computer, you must copythis file to each computer where you are installing middleware. For example, if you install thedatabase server on computer A first and then install directory server and application server oncomputer B, you must:a. Copy the topology.properties file from computer A to the middleware workspace on computer

B. The default location of the topology.properties file is:v C:\ibm\tivoli\mwi\workspace

b. Edit the topology.properties file on computer B so that the middleware installer is aware thatthe database server settings are from another computer. In each line, change computera tocomputerb. For example, this line for the database server:computera.DB2_SERVER_9_1_1.db2.fenced.user=tx2fenc1

Must be changed tocomputerb.DB2_SERVER_9_1_1.db2.fenced.user=tx2fenc1

The original topology.properties file on computer A must remain unchanged.When you complete the installation of the directory server and application server on computer B, thetopology.properties file includes computerb values for the database server and computera values forthe directory server and application server. The topology.properties file can also be used aftermiddleware installation by the Tivoli Provisioning Manager installer to configure the product corecomponents.

11. From the Install IBM Autonomic Deployment Engine panel, click Next.12. From the Deployment Choices panel, select the features to install on this computer, and then click

Next.

Database serverThe Tivoli Provisioning Manager database is used to store information about configurationitems and how they relate to each other.

Directory serverData maintained by the directory server is used to secure Tivoli Provisioning Manager.

Important for Tivoli Directory Server: If you are installing Tivoli Directory Server, DB2 isalso installed because Tivoli Directory Server uses DB2 as its database.

J2EE serverThe J2EE server is used to host and manage the Tivoli Provisioning Manager application.

If you choose to only install the J2EE server portion of the Tivoli Provisioning Managermiddleware, you are prompted to supply the directory server that you use to secure it. Yourchoices are to secure with an existing instance of Tivoli Directory Server, or an existinginstance of Microsoft Active Directory.

Secure the J2EE server using the Directory serverSelect this option to use a directory server to secure the J2EE server. If you do not want to


maintain the J2EE server using the directory server, do not select this option. You cannotinstall the directory server using the middleware installer.

If you want to use base services authentication without using an LDAP server in yourenvironment, do not select this check box.

If you want to use base services authentication and continue to use an LDAP server in yourenvironment, leave this check box selected.

13. From the Deployment Plan Summary window, click Next.

Note: If you have specified the virtual IP address and virtual host name for each middlewareapplication that is installed on a computer, you do not have to manually specify the host name ofthe computer that you are running the installation from in the next step.

14. In the Configurable Host Name panel, if you want to manually specify the host name of thecomputer that you are running the installation from, select the Override the local machinehostname option and enter a host name value in the Hostname field. Select this option only if youwant to manually specify the host name of the system instead of having the installation programprogrammatically detect it. This option is useful when there is more than a single host nameassigned to the system, such as in cases where a system has more than one network interface, or it isconfigured to support virtual IP addresses. When this option is selected, you are required to providea resolvable host name. You cannot clear this option once it has been selected, however, you are ableto change the value of the Hostname field. If you started the middleware installation program fromthe command line using the forceHostname=true parameter, then you are required to provide analphanumeric value in the Hostname field. An IP address results in an error message. Once thisoption has been selected, you cannot clear it. However, you can change the value you enter in theHostname field.

15. In the Password Reuse panel, you can select the Use this password as the value for all subsequentpasswords check box and enter a password value, which lets you use the same password in allpanels of the middleware installation program. The password that you specify must meet therestrictions for all passwords. If you do not want to use this option, clear the Use this password asthe value for all subsequent passwords check box. Click Next.

16. Enter the following configuration parameters for DB2 Enterprise Edition Server and then click Next.

Install locationEnter the location to install DB2. The default is:v SystemDrive:\Program Files\IBM\SQLLIB

DB2 Administration Server usernameEnter the DB2 administrative account name:v The default value is db2admin.

DB2 Administration Server passwordEnter the password for the DB2 administrative account.

17. Enter the following configuration parameters for the default database instance and click Next.

Default Instance NameEnter the name of the default database instance. The default value is:v DB2

Default Instance PortEnter the port that the default database instance uses. The default value is 50000.

Default Instance UsernameEnter the user name for the default database instance. The default value is:v db2admin

Default Instance Username PasswordEnter the password for the default database instance user name.


18. Enter the following configuration parameters for the Tivoli Provisioning Manager database instance,and then click Next.

Instance nameEnter the name of the Tivoli Provisioning Manager database instance. The default value isctginst1.

Port Enter the port that the Tivoli Provisioning Manager database instance uses. The default valueis 50005.

Instance usernameEnter the user name for the Tivoli Provisioning Manager database instance. The defaultvalue is:v db2admin

Instance username passwordEnter the password for the Tivoli Provisioning Manager database instance user name.

19. Enter information about the DB2 user groups:

DB2 administrators groupEnter the name of the DB2 administrators group. The default value is:v DB2ADMNS

DB2 users groupEnter the name of the DB2 users group. The default value is DB2USERS.

20. Enter the following configuration parameters for IBM Tivoli Directory Server, and then click Next.

Install locationEnter the location to install Tivoli Directory Server. The default value is:v C:\Program Files\IBM\LDAP\V6.2

Administrator distinguished nameEnter the distinguished name of the Tivoli Directory Server administrator. The default valueis cn=root.

Administrator passwordEnter the password for the Tivoli Directory Server administrator.

21. Enter the following configuration parameters for IBM Tivoli Directory Server, and then click Next.

Organizational unitEnter the name of the Tivoli Directory Server organizational unit to use with TivoliProvisioning Manager. The default value is ou=SWG.

Organization and country suffixEnter the name of the Tivoli Directory Server organization and country suffix to use withTivoli Provisioning Manager. The default value is o=IBM,c=US.

Directory server portEnter the port number of the Tivoli Directory Server. The default value is 389.

Directory server secure portEnter the secure port number of the Tivoli Directory Server. The default value is 636.

Administration portEnter the administration port number of the Tivoli Directory Server. The default value is3538.

Administration secure portEnter the secure administration port number of the Tivoli Directory Server. The default valueis 3539.

22. Enter the following configuration parameters for theTivoli Directory Server database instance, andthen click Next.


Database nameEnter the name of the DB2 database you are using to hold Tivoli Directory Server data. Thedefault value is security.

Instance nameEnter the name of the Tivoli Directory Server database instance. The default value isidsccmdb.

Port Enter the port number used by the Tivoli Directory Server database instance. The defaultvalue is 50006.

Instance user passwordEnter the password for the instance user ID.

23. Enter the following configuration parameters for WebSphere Application Server security, and thenclick Next.

Note: The middleware installer does not validate all LDAP settings that you enter in the installer.

When entering installation values, entries in LDIF files, or values you enter directly into a directoryinstance using the tools provided with the directory server, be aware of the product-specific syntaxrules for using special characters in an LDAP string. In most cases, special characters must bepreceded by an escape character in order to make them readable by the directory server. Failing toescape special characters contained in an LDAP string used with Tivoli Provisioning Manager mightresult in errors.

Many directory server products consider a blank space as a special character that is part of theLDAP string. Therefore, if you mistakenly enter an LDAP string that contains a blank, at the end ofa field value for example, and you do not precede the blank character with an escape character, youmight encounter errors. See the product documentation for your directory server for moreinformation about special characters in LDAP strings.

LDAP Host NameEnter the fully qualified domain name of the system hosting the LDAP instance to use forWebSphere Application Server security. This value is case-sensitive.

A fully qualified domain name includes the host name and the domain suffix. For example,tpmserver.example.com. This value is case-sensitive. If you are using virtual host names andIP addresses for the computer, ensure that you specify the correct virtual host name in thefully qualified domain name.

Directory server portEnter the port number used by the LDAP server to use for WebSphere Application Serversecurity. The default value is 389.

LDAP base entryEnter the LDAP base entry of the LDAP instance to use for WebSphere Application Serversecurity. The default value is ou=SWG,o=IBM,c=US

User suffixEnter the user suffix of the LDAP instance to use for WebSphere Application Server security.The default value is ou=users,ou=SWG,o=IBM,c=US

Group suffixEnter the group suffix of the LDAP instance to use for WebSphere Application Serversecurity. The default value is ou=groups,ou=SWG,o=IBM,c=US

Organization container suffixEnter the organizational container suffix of the LDAP instance to use for WebSphereApplication Server security. The default value is ou=SWG,o=IBM,c=US


24. Enter the following configuration parameters for WebSphere Application Server security, and thenclick Next.

Bind distinguished nameEnter the bind distinguished name for binding to the LDAP instance. The default value iscn=root.

Bind passwordEnter the password for the bind distinguished name.

25. Enter the following configuration parameters for WebSphere Application Server, and then click Next.

Install locationEnter the location to install WebSphere Application Server. The default value is:v C:\Program Files\IBM\WebSphere\AppServer

WebSphere Administration usernameEnter the WebSphere Application Server administrative account name. The default value iswasadmin.

WebSphere Administration passwordEnter the password for the WebSphere Application Server administrative account.


Deployment Manager profile nameEnter the WebSphere Application Server profile name of the deployment manager server.The default value is ctgDmgr01.

Application server profile nameEnter the WebSphere Application Server profile name of the application server. The defaultvalue is ctgAppSrv01.


Cell nameEnter the WebSphere Application Server Cell name. The default value is ctgCell01.

Deployment Manager node nameEnter the name of the WebSphere Application Server deployment manager node. The defaultvalue is ctgCellManager01.

Application server node nameEnter the name of the WebSphere Application Server node. The default value is ctgNode01.

Update Installer install locationEnter the location where the WebSphere Application Server update installer is installed. Thedefault value is:v C:\Program Files\IBM\WebSphere\UpdateInstaller

28. Enter the following configuration parameters for IBM HTTP Server, and then click Next.

Install locationEnter the location to install IBM HTTP Server. The default value is:v C:\Program Files\IBM\HTTPServer. If you install IBM HTTP Server into a directory path

that includes spaces, such as Program Files, you cannot start and stop the IBM HTTPServer from the administrative console. You must stop the IBM HTTP Server from thecommand line. If you choose to install IBM HTTP Server into a directory path that doesnot contain any spaces, you can start and stop IBM HTTP Server from within theadministrative console.

HTTP portEnter the port used by the IBM HTTP Server. The default value is 80.


Admin Server portEnter the port to use to administer IBM HTTP Server. The default value is 8008.

29. Accept the following configuration parameter for WebSphere Application Server plug-in for the IBMHTTP Server and click Next.

Profile nameThe default value is ctgAppSrv01. This value cannot be changed.

30. Specify the location of the middleware images, and then click Next. If you are installing from DVDs,insert the Middleware DVD for your operating system and platform before you click Next.

Copy the middleware install images from the source media to a specified directorySelect this option to copy the middleware images from the product media to a directory thatyou specify.

Specify a directory containing all the required middleware install imagesSelect this option if you intend to specify a directory that already contains all themiddleware installation images.

31. If you selected the option to copy install images from the source media, specify the source anddestination directories, and then click Next. If you selected the option to specify a directory thatalready contained the middleware images, specify that directory, and then click Next.To confirm the integrity of the images before deploying the middleware, select the option forchecksum validation. It is recommended to select this option to avoid any installation failures at alater stage during installation. If the checksum operation fails, click Back and copy the images againbefore proceeding.If you do not select this option and the middleware images are corrupted or are not accessible fromthe directory specified, an error might occur. To resolve the error, replace the corrupted middlewareimage and then restart the middleware installation program.

32. Specify a directory to use for middleware installer temporary files and extracted middlewareinstallation images, and then click Next.

33. From the Deployment Plan Operation panel, select Deploy the plan and click Next. You can alsochange the deployment plan or parameters that you have previously configured in this panel.

34. From the Deployment Plan and Parameter Configuration summary panel, review the contents of thesummary and click Deploy.

35. Once the deployment completes successfully, click Finish.36. If you are installing middleware on more than one computer, perform the following steps:

Ensure that you copy the topology.properties file from the workspace to the workspace of the nextcomputer where you are installing middleware.

37. If you are installing middleware on a computer with a virtual IP address, complete the followingsteps:a. Verify that the virtual IP address and host name are correctly configured.

v In the middleware workspace, check the topology.properties file.

v 2000DB2 Check the file db2nodes.cfg:– The file is located in the DB2 installation directory. The default location is C:\Program

Files\IBM\SQLLIB.b. On each computer where you configured the virtual IP address and host name, you can now

configure the original IP address and host name values and configure the virtual IP as asecondary IP address. Continuing with the example in step 2 on page 38, you would make thefollowing changes:1) Change the IP address 9.31.26.12 back to the original value of 9.31.26.3.2) Change the host name virtual.example.com back to the original real.example.com.3) Run the command to configure the second IP address. For example:

ifconfig eth0:1 9.31.26.12 netmask 255.255.255.240


38. If you are using a virtual IP address on the computer where the DB2 server for Tivoli ProvisioningManager or the DB2 server for Tivoli Directory Server is installed, run the following DB2 commandon the computer:db2set -g DB2SYSTEM=virtual_hostname

Replace virtual_hostname with the virtual host name.Example: If DB2 is installed on a computer with the virtual host name database.example.com andTivoli Directory Server is installed on the computer with the virtual host name ldap.example.com:a. Run this command on the computer database.example.com :

db2set -g DB2SYSTEM=database.example.com

b. Run this command on the computer ldap.example.com :db2set -g DB2SYSTEM=ldap.example.com

Results

The middleware is now installed.

What to do next1. Back up the WebSphere Application Server configuration. In the launchpad navigation pane, click

Custom Installation and click 1.3 Back up WebSphere configuration. Follow the instructions on thepanel to back up, then return to the custom installation page.

2. Back up the deployment engine database. In the launchpad navigation pane, click CustomInstallation and click 1.4 Back up the deployment engine database. Follow the instructions on thepanel to back up, then return to the custom installation page.Alternatively, instead of backing up the WebSphere Application Server configuration and thedeployment engine database, you can capture an entire system image of the provisioning server.

3. If you want to remove the symbolic link, run the following command:rm /home/<username>

CAUTION:Future fix packs can rely on this symbolic link.

Reusing middleware using the middleware installerYou can use the middleware installer to configure some middleware products. Other middlewareproducts must be configured manually if you want to reuse them.

If you intend to reuse existing middleware servers with Tivoli Provisioning Manager, they must beconfigured before installing Tivoli Provisioning Manager. This section contains information aboutconfiguring existing DB2, Tivoli Directory Server, and Microsoft Active Directory servers using themiddleware installer.

You cannot use the middleware installer to configure an existing Oracle Database (if supported) orWebSphere Application Server. See “Using manually configured middleware” on page 49 for moreinformation about those servers. This information also applies if you decide that you want to reuseexisting middleware servers but you want to configure them to work with Tivoli Provisioning Managermanually instead of allowing the Tivoli Provisioning Manager installation program to configure them.

When installing and configuring middleware in the middleware installer and the Tivoli ProvisioningManager installation program, consider the following restrictions:


Table 16. Special character restrictions for middleware configuration


2000DB2 DB2 naming conventions for group names,user names, and user IDs

v Names and IDs cannot be any of the following values:USERS, ADMINS, GUESTS, PUBLIC, LOCAL, or anySQL-reserved word.

v Names and IDs cannot begin with IBM, SQL, SYS, orthe underscore character (_).

v Group names and user names can contain up to 30bytes.

2000DB2 DB2 naming conventions for DB2 instances v Instance names can have up to eight bytes and cannotcontain the # character.

v No instance can have the same name as a servicename.

2000DB2 DB2 naming conventions for passwords v Passwords can be a maximum of 14 bytes.

v Do not use the special characters @ # $

IBM Tivoli Directory Server naming conventions fordatabases and database aliases

v Database names must be unique within the location inwhich they are cataloged. This location is:

– a logical disk

v Database alias names must be unique within thesystem database directory. When a new database iscreated, the alias defaults to the database name. As aresult, you cannot create a database using a name thatexists as a database alias, even if there is no databasewith that name.

v Database and database alias names can have up toeight bytes.

v Do not use the special characters @ # $ because theyare not common to all keyboards.

IBM Tivoli Directory Server naming conventions forusers, groups, databases, and instances

v Values must not be longer than eight characters andcannot be any of the following values: USERS,ADMINS, GUESTS, PUBLIC, LOCAL, or idsldap

v Values cannot begin with IBM, SQL, or SYS.

v Values must not include accented characters.

v Values can include characters A through Z, a throughz, and 0 through 9.

v Values must begin with characters A through Z or athrough z.

v Double-byte characters cannot be used inadministrator passwords values.

v Passwords cannot contain the following specialcharacters: ` ' \ " |

WebSphere Application Server naming conventions forusers and passwords

v The administrator name cannot contain the followingcharacters: / \ * ,: ;=+?|< > & % ’"] [> # $ ~ ( ){ }

v The administrator name cannot begin with a period.

v The administrator name cannot contain leading andtrailing spaces.


Table 16. Special character restrictions for middleware configuration (continued)


Middleware installation program naming conventions v The middleware installation program does not validatethat your password is compliant with the operatingsystem of the target host. The passwords that youprovide must be valid for your environment.

v The middleware installation program does not checkfor accented characters in user name values. The useof accented characters might cause errors.

v You cannot use the % character.

Configuring an existing DB2 with the middleware installerYou can use the middleware installer to configure an existing DB2 database.

Before you beginv Verify installation prerequisites described in Chapter 2, “Preinstallation tasks,” on page 5.v To avoid installation errors, ensure that you review all requirements described in “Preinstallation Step

7: Verify requirements for user names, database names, and user passwords” on page 21. Themiddleware installer does not validate all names and passwords entered in the installer.

v Always use fully qualified domain names when entering values for computer host names.v The following users and groups must already exist on the system. If they do not exist on the system,

you must create them before running the Tivoli Provisioning Manager installation program.

Users

– db2admin

Groups

– db2admns

To configure an existing DB instance for reuse with Tivoli Provisioning Manager:

Procedure1. Login as a user with administrative authority.2. Launch the middleware installer from the launchpad.3. Proceed through the middleware installer panels as instructed in “Installing and configuring the

middleware with the middleware installer” on page 36, until you reach the Deployment Choicespanel.

4. From the Deployment Choices panel, select Database Server, and then click Next. The Tivolimiddleware installer will display any instances of DB2 found on the system.

5. From the Installation drop-down menu, select the appropriate instance to reuse, and then click Next.6. Complete the installation by proceeding through the remainder of the middleware installer

panels. Refer to “Installing and configuring the middleware with the middleware installer” on page36 for more information.

7. If you are using a virtual IP on the computer where the DB2 server for Tivoli Provisioning Manager isinstalled, run the following DB2 command on the computer:db2set -g DB2SYSTEM=virtual_hostname

Replace virtual_hostname with the virtual host name.Example: If DB2 is installed on a computer with the virtual host name database.example.com, run thiscommand on the computer database.example.com:db2set -g DB2SYSTEM=database.example.com


What to do next

Proceed to “Installing the base services” on page 98.

Verifying an existing Tivoli Directory Server with the middleware installerIf you have an existing IBM Tivoli Directory Server installation that you would like to reuse forProvisioning Manager, you can verify that it will work with Provisioning Manager using the middlewareinstaller.

Before you beginv Verify installation prerequisites described in Chapter 2, “Preinstallation tasks,” on page 5.v To avoid installation errors, ensure that you carefully review all requirements described in

“Preinstallation Step 7: Verify requirements for user names, database names, and user passwords” onpage 21. The middleware installer does not validate all names and passwords entered in the installer.

v Always use fully qualified domain names when entering values for computer host names.

The middleware installer validates the following:v The version of Tivoli Provisioning Manager.v The Tivoli Directory Server is running.v The Base DN information that you supply in the Tivoli Provisioning Manager.

The middleware installer does not create a Tivoli Directory Server instance for use with TivoliProvisioning Manager. If you want to reuse an existing Tivoli Provisioning Manager, supply the correctAdministrator Distinguished Name and password, LDAP BASE DN, Directory server port, and theAdministration port information for that instance on the middleware installer panels when prompted.If you intend to host a new Tivoli Directory Server instance on your existing Tivoli Directory Server,you must create it before running the middleware installer. More information about creating aninstance can be found in “Manually configuring IBM Tivoli Directory Server” on page 54.Supply the correct Administrator Distinguished Name and password, the correct LDAP BASE DN,Directory server port, and Administration port information for that instance on the middlewareinstaller panels.

To verify an existing instance of Tivoli Directory Server:

Procedure1. Log in as a user with administrative authority.2. Launch the middleware installer from the launchpad.3. Proceed through the middleware installer panels as instructed in “Installing and configuring the


4. From the Deployment Choices panel, select Directory Server, and then click Next. The middlewareinstaller displays any instances of Tivoli Directory Server found on the system.

5. From the Installation drop-down menu, select the appropriate instance to reuse, and then click Next.6. Complete the installation by proceeding through the remainder of the middleware installer

panels. Refer to “Installing and configuring the middleware with the middleware installer” on page36 for more information.

7. If you are using a virtual IP on the computer where Tivoli Directory Server is installed, run thefollowing DB2 command on the computer:db2set -g DB2SYSTEM=virtual_hostname

Replace virtual_hostname with the virtual host name.Example: If Tivoli Directory Server is installed on the computer with the virtual host nameldap.example.com, run this command on the computer ldap.example.com:


db2set -g DB2SYSTEM=ldap.example.com

What to do next

Install the base services.

Using manually configured middlewareManual installations involve configuring middleware components, the database server, the directoryserver, and the application server to work with Tivoli Provisioning Manager before using the TivoliProvisioning Manager installation program.

You can elect to have one or more Tivoli Provisioning Manager middleware components configuredautomatically by the middleware installer. Alternatively, you can choose to manually configure one ormore of the middleware servers to work with Tivoli Provisioning Manager.

You must complete the manual configuration of each server you plan to not configure using theautoconfiguration feature of the Tivoli Provisioning Manager installation program before you run theTivoli Provisioning Manager installation program.

Manually configuring the database serverIf you do not want the installation program to automatically configure the database server, configure thedatabase server manually before you use the installation program.

Installing the DB2 server: 2000DB2

Follow these procedures to install the DB2 server.

Before you begin

v Ensure you have a minimum of 8 gigabytes of free space in the DB2 installation directory.v Ensure that your system meets other installation, memory, and disk requirements. For information

about the DB2 requirements, and security issues to consider when installing DB2, refer to the DB2documentation. The DB2 installer automatically calculates required disk space and determines if youhave sufficient space. Also ensure that you allocate sufficient disk space for growth of the database.

This section provides basic installation instructions for a typical installation of DB2. If you require moreinformation, refer to the installation information in the DB2 information center.

Use the DB2 installation media provided with Tivoli Provisioning Manager to ensure that you are usingthe correct version.

Procedure

1. Log on as administrator.2. If you are using disks, insert the DVD.3. If you are using installation images, copy the archive file that starts with DB2_ESE_V91 to the

directory you want to install DB2. Select the file for the language that you want to install. Extract thecontents of the archive file.

4. Change to the folder ese\image and run setup.exe to start the DB2 Setup wizard.5. The IBM DB2 Setup Launchpad opens. From this window, review installation prerequisites and the

release notes for the latest information and then proceed with the installation.6. Click Install Products.7. Select DB2 UDB Enterprise Server Edition and click Next.8. In the Welcome screen, click Next.9. Accept the licence agreement and click Next.


http://publib.boulder.ibm.com/infocenter/db2luw/v9/topic/com.ibm.db2.udb.doc/welcome.htm

10. Accept the default value (Typical) and click Next.11. Select the Install DB2 UDB Enterprise Server Edition on this computer check box and click Next.12. Continue with the installation and use the default values suggested by the installer.13. After the installation completes, a status page opens. Click the Status report tab to ensure your

installation was successful.14. Perform the following post-installation steps:

a. Run the following commands:db2set DB2COMM=TCPIPdb2set DB2BQTRY=120db2set DB2BQTIME=2db2set DB2AUTOSTART=YES

b. If you are using a virtual IP on the computer where the DB2 server for Tivoli ProvisioningManager is installed, run the following DB2 command on the computer:db2set -g DB2SYSTEM=virtual_hostname

Replace virtual_hostname with the virtual host name.Example: If DB2 is installed on a computer with the virtual host name database.example.com,run this command on the computer database.example.com:db2set -g DB2SYSTEM=database.example.com

What to do next

1. Configure DB2 for use with Tivoli Provisioning Manager by either manually configuring settings orby running the middleware installer to automatically configure settings. See “Configuring an existingDB2 with the middleware installer” on page 47.

2. Proceed to “Installing the DB2 client.”

Installing the DB2 client: 2000DB2

Follow these procedures to install the DB2 client.

This section provides basic installation instructions for a typical installation of DB2. If you require moreinformation, refer to the installation information in the DB2 information center.

Use the DB2 installation media provided with Tivoli Provisioning Manager to ensure that you are usingthe correct version.

If you are using DB2 on a separate node, the DB2 client must be preinstalled on the Tivoli ProvisioningManager computer. During Tivoli Provisioning Manager installation, the database client is used toconnect to the DB2 server and configure it for use with Tivoli Provisioning Manager.

Procedure

1. Log on as a user with administrator access.2. If you are using DVDs, insert the disk into the disk drive.3. If you are using images, copy the archive file that starts with DB2_CLIENT_V95 to the directory you

want to install DB2.4. Change to the folder CLIENT and run setup.exe to start the DB2 Setup wizard.5. The IBM DB2 Setup Launchpad opens. From this window, review installation prerequisites and the

release notes for the latest information and then proceed with the installation.6. Click Install Products.7. Select DB2 Administration Client and click Next.8. In the Welcome screen, click Next.


http://publib.boulder.ibm.com/infocenter/db2luw/v9/topic/com.ibm.db2.udb.doc/welcome.htm

9. Accept the licence agreement and click Next.10. Accept the default value (Typical) and click Next.11. Accept the default values for the remaining panels.12. On the summary panel, review your settings. Note the DB2 client installation directory. You will

need this information for Tivoli Provisioning Manager installation.13. Click Finish to start the installation.

Manually configuring DB2 9.x:

This section contains instructions for manually configuring DB2 9.x servers for use by ProvisioningManager.

To configure an existing DB2 9.x server for use with Provisioning Manager, complete the following stepsbefore launching the Provisioning Manager installation program:

Procedure

1. Create system users:a. Log on to the system as a user that has administrative permissions on the system.b. Create a system group and system users. The middleware installer creates a ctginst1 user that

owns the database instance and assigns that user to a group called db2iadm1. If you areconfiguring DB2 manually, you need to create users and groups manually using usermanagement tools available on the system. Create users named ctginst1 and maximo and assignthe ctginst1 user to a group named db2iadm1. For the maximo user, it is not necessary to assigna specific group. You can use these user and group name values, or use custom values of yourown, but be sure to substitute them where appropriate in this procedure. For AIX, use SMIT toadd the users. After the user IDs have been created, log on to the system using the user IDs andchange the password for each account.

2. Create the DB2 instance:a. Use the following command to create the DB2 instance:

db2icrt -s ese -u db2admin,password -r 50005,50005 ctginst1

Depending upon your environment, you might have to run this command from the/opt/ibm/db2/V9.5/instance directory. Alternatively, you can add this information to your PATH.

b. Set the listening port for the instance:db2 update dbm cfg using svcename 50005

c. Set instance service to start automatically:sc config ctginst1-0 start= auto

where <instance name> is the login name of the instance.d. Start the ctginst1 database instance:

db2start

3. Create a database:a. Open up the DB2 Control Center for the instance you plan to use:

1) Open a command window.2) Type the following commands:

set DB2INSTANCE=ctginst1db2set DB2COMM=tcpip

3) Type the following command:db2cc

1) Open a command window.2) Type the following commands:


set DB2INSTANCE=ctginst1db2set DB2COMM=tcpip

3) Type the following command:db2cc

b. From the DB2 Control Center, navigate to All Systems > <System hosting the databaseinstance> > Instances.

c. Right-click the Databases folder located below the instance name, and then select CreateDatabase > With Automatic Maintenance.

d. From the Specify a name for your new database panel, enter maxdb71 for both the Database nameand Alias fields.

e. If using DB2 9.1, enable the Enable database for XML option. This option creates a Unicodedatabase with a code set of UTF-8.

f. Click Next.g. From the Specify where to store your data panel, click Next. Alternatively, if you do not want to

use the database path as the storage path, specify a different directory. If you specify a path, thedirectory must exist.

h. From the Select your maintenance strategy panel, select Yes, I can specify an offlinemaintenance window of at least an hour when the database is inaccessible, and then clickNext.

i. From the Specify when offline automatic maintenance activities can run panel, provide schedulingdetails for offline maintenance, and then click Next.

j. From the Provide a valid SMTP server panel, enter the name of the SMTP server that is used tocommunicate DB2 messages concerning this database, and then click Next.

k. From the actions review panel, review the choices you have made, and then click Finish.

The database is created.4. Configure the database:

a. Right-click the maxdb71 database created in the previous step, and choose ConfigureParameters.

b. From the Database Configuration panel, select the LOGFILSIZ value and click the button labeledwith the ellipsis (...) in the Value column.

c. Enter 4096, and then click OK.d. If using DB2 9.1, from the Database Configuration panel, select the APP_CTL_HEAP_SZ value. If

using DB2 9.5 or higher, select the appl_memory value. Click the button labeled with the ellipsis(...) in the Value column.

e. Enter 1024, and then click OK.f. From the Database Configuration panel, select the APPLHEAPSZ value and click the button

labeled with the ellipsis (...) in the Value column.g. Enter 1024, and then click OK.h. From the Database Configuration panel, select the LOCKLIST value and click the button labeled

with the ellipsis (...) in the Value column.i. Enter 30000, and then click OK.j. From the Database Configuration panel, select the LOGSECOND value and click the button

labeled with the ellipsis (...) in the Value column.k. Enter 4, and then click OK.l. From the Database Configuration panel, click OK.m. Click Close.n. Restart the database by right-clicking the ctginst1 instance, clicking Stop, and then clicking

Start.5. Add users to the database:


a. Once the database has restarted, right-click it and select Authorities.b. From the User tab of the Database Authorities window, click Add User.c. From the Add User dialog box, select the user maximo, and then click OK.d. From the Database authorities window, highlight the user maximo and click Grant All.e. Click OK.

Alternatively, you can use the following commands to complete the steps from the command line:connect to maxdb71grant dbadm,createtab,bindadd,connect,create_not_fenced_routine,implicit_schema,load,create_external_routine,quiesce_connect,secadm on database to user maximo

6. Create table space:a. From the DB2 Control Center, locate and right-click the Table Spaces entry under the DB2

database that you created for use with Provisioning Manager.b. From the right-click menu, select Create.c. Specify MAXDATA as your new table space, and then click Next.d. Select Regular as the type of table space and then click Next.e. Click Create to create a buffer pool for the table space.f. Specify MAXBUFPOOL as your new buffer pool, and then change the Page size value to 32 and the

Size in 32 KB pages value to 4096.g. Ensure the Create buffer pool immediately choice is selected, and then click OK.h. Highlight the newly created buffer pool and click Next.i. From the Specify the extent and prefetch sizes for this table space panel, choose the Between 200

MB and 2 GB option, and leave Extent size as 32, and then click Next.j. Define a hard disk drive specification by choosing Server (SCSI), and then click Next.k. Click Finish.

Alternatively, you can use the following commands to complete the steps from the command line:create bufferpool maxbufpool immediate size 4096 pagesize 32 k

create regular tablespace maxdata pagesize 32 k managed by automatic storageextentsize 16 overhead 12.67 prefetchsize 16 transferrate 0.18 bufferpoolmaxbufpool dropped table recovery on

Note: By default, index data is stored in the data table space. If you would rather create a separateindex table space, you could create one now.

7. Grant permissions for the table space:a. From the DB2 Control Center, locate and right-click the MAXDATA table spaces entry under the

DB2 database that you created for use with Provisioning Manager.b. From the right-click menu, select Privileges.c. Click Add User.d. Select the user maximo, and then click OK.e. From the Privileges drop-down menu, select Yes, and then click OK.

Alternatively, you can use the following commands to complete the steps from the command line:grant use of tablespace maxdata to user maximo

Note: If you created a separate index table space, you must grant permissions for it at this time.8. Create a schema:

a. From the DB2 Control Center, locate and right-click the Schema entry under the DB2 databasethat you created for use with Provisioning Manager.

b. From the right-click menu, select Create.


c. Specify a name for your new schema, and then click OK. This name must be the same as wasused for the database user ID.

d. Right-click on the new schema name and select Privileges.e. From the Privileges drop-down menu, select Add User, and then select the maximo user.f. Click OK.g. Select the maximo user and then click Grant all.h. From the dialog box, select No Grant, and then click OK.

Alternatively, you can use the following commands to complete the steps from the command line:CREATE SCHEMA MAXIMO AUTHORIZATION ADMINISTRATORGRANT CREATEIN,DROPIN,ALTERIN ON SCHEMA MAXIMO TO USER MAXIMO

9. Create a temporary table space:a. From the DB2 Control Center, locate and right-click the table spaces entry under the DB2

database that you created for use with Provisioning Manager.b. From the right-click menu, select Create.c. Specify MAXTEMP for your new table space, and then click Next.d. Select System temporary as the type of table space and then click Next.e. Select the previously created buffer pool MAXBUFPOOL, and click Next.f. From the Specify the extent and prefetch sizes for this table space panel, choose the Between 200

MB and 2 GB option, and leave Extent size as 32, and then click Next.g. Define a hard disk drive specification by choosing Server (SCSI), and then click Next.h. Click Finish.

Alternatively, you can use the following commands to complete the steps from the command line:CREATE SYSTEM TEMPORARY TABLESPACE MAXTEMP PAGESIZE 32K MANAGED BY AUTOMATIC STORAGEEXTENTSIZE 16 OVERHEAD 12.67 PREFETCHSIZE 16 TRANSFERRATE 0.18 BUFFERPOOL MAXBUFPOOL

10. Ensure that you have DB2 Enterprise Server Edition 9.5 FP3a installed. See the DB2 support page formore information.

Manually configuring the directory serverYou must complete the manual configuration of the directory server before you use the TivoliProvisioning Manager installation program if you choose to not have the Tivoli Provisioning Managerinstallation program automatically configure it.

Be aware that the various DN and suffix values listed in these sections must be replaced with values thatare applicable to existing LDAP hierarchies within your organization.

Important: When entering LDAP values for Tivoli Provisioning Manager installation panel fields, entriesin LDIF files, or values you enter directly into a directory instance using the directory server's own tools,be aware of the product-specific syntax rules for using special characters in an LDAP string. In mostcases, special characters must be preceded by an escape character in order to make it readable by thedirectory server. Failing to escape special characters contained in an LDAP string used with TivoliProvisioning Manager will result in Tivoli Provisioning Manager errors.

Many directory server products consider a blank space as a special character that is part of the LDAPstring. Therefore, if you mistakenly enter an LDAP string that contains a blank, at the end of a fieldvalue, for example, and you do not precede the blank character with an escape character, you might getTivoli Provisioning Manager errors.

See the product documentation for your directory server for more information about special characters inLDAP strings.

Manually configuring IBM Tivoli Directory Server:


To configure Tivoli Directory Server before starting the Tivoli Provisioning Manager installation program,you must create an instance of IBM Tivoli Directory Server.

Before you begin

Note: Sharing a DB2 instance between Tivoli Provisioning Manager and Tivoli Directory Server is notrecommended. During the installation, the database instance is restarted, which could disrupt theavailability of Tivoli Directory Server to your enterprise. If you are using the automated installationprograms, separate instances are created for use by Tivoli Provisioning Manager and Tivoli DirectoryServer.

Procedure

1. Create a user on the system and assign it to the appropriate group.Create the user db2admin and make it a member of the following groups:v Windows Administratorsv DB2ADMNSv DB2USERS

2. If the Instance Administration tool is not already started, log on as an administrator on the systemand start the tool:v Click Programs > IBM Tivoli Directory Server 6.2 > Instance Administration Tool.

3. In the Instance Administration tool, click Create an instance.4. In the Create a new instance window, click Create a new directory server instance and click Next.5. From the Instance details window, complete the following fields and click Next.

User nameSelect idsccmdb as the system user ID of the user who owns the instance. This name is alsothe name of the instance.

Install locationEnter the location where the instance files are stored.

Encryption seed stringType a string of characters that are used as an encryption seed. This value must be aminimum of 12 characters.

Instance descriptionEnter a brief description of the instance.

6. In the DB2 instance details panel, enter idsccmdb as the value for the DB2 instance name field andclick Next.

7. In the TCP/IP settings for multihomed hosts panel, select Listen on all configured IP addresses,and then click Next.

8. In the TCP/IP port settings panel, complete the following fields and click Next.

Server port numberEnter 389 as the contact port for the server.

Server secure port numberEnter 636 as the secure port for the server.

Admin daemon port numberEnter 3538 as the administration daemon port.

Admin daemon secure port numberEnter 3539 as the administration daemon secure port.

9. In the Option steps panel, leave the following options selected and click Next.


Configure admin DN and passwordYou want to configure the administrator DN and password for the instance now.

Configure databaseYou want to configure the database for the directory server now.

10. In the Configure administrator DN and password window panel, complete the following fields andclick Next.

Administrator DNEnter cn=root for the administrator distinguished name.

Administrator PasswordEnter a password for the Administrator DN.

11. In the Configure database panel, complete the following fields and click Next.

Database user nameEnter idsccmdb as the database user.

PasswordEnter the password for the idsccmdb user.

Database nameEnter idsccmdb as the database to be used with this directory instance.

12. In the Database options panel, complete the following fields and click Next.

Database install locationEnter the location where you want the database instance to be created:v This value must be a drive letter.

Ensure that you have at least 80 MB of free disk space in the location that you specify andthat additional disk space is available to accommodate growth as new entries are added tothe directory.

Character-set optionLeave the Create a universal DB2 database (UTF-8/UCS-2) option selected.

13. In the Verify settings panel, review the instance creation details provided and click Finish to createthe idsccmdb instance.

14. Click Close to close the window and return to the main window of the Instance Administration tool.15. Click Close to exit the Instance Administration tool.16. Start the IBM Tivoli Directory Server Configuration tool:

v Click Programs > IBM Tivoli Directory Server 6.2 > Instance Administration Tool.17. Select Manage suffixes.18. In the Manage suffixes panel, type the following suffix and click Add.

o=IBM,c=US

19. Click OK.20. Create the following users in the LDAP repository. These users are required so that Virtual Member

Manager can secure Provisioning Manager.v wasadmin

v maxadmin

v mxintadm

v maxreg

To create the users, you must create an LDIF file with the required information. Add the DNinformation, for example:ou=SWG,o=IBM,c=USou=users


Note: ou=SWG,o=IBM,c=US in this example indicate an organization unit called SWG. SWG houses theou=users organization units to place the users created for Provisioning Manager. DC=IBM andDC=COM indicate a domain forest of ibm.com. You can replace the example with the directorystructure of your own organization.Define the required users and their position within the ou=users DN entries you created.Here is an example of an LDIF file that uses default values:dn: o=ibm,c=usobjectClass: topobjectClass: organizationo: IBM

dn: ou=SWG, o=ibm,c=usou: SWGobjectClass: topobjectClass: organizationalUnit

dn: ou=users,ou=SWG, o=ibm,c=usou: usersobjectClass: topobjectClass: organizationalUnit

dn: cn=wasadmin,ou=users,ou=SWG, o=ibm,c=usuid: wasadminuserpassword: wasadminobjectclass: organizationalPersonobjectclass: inetOrgPersonobjectclass: personobjectclass: toptitle: WebSphere Administratorsn: wasadmincn: wasadmin

dn: uid=maxadmin,ou=users,ou=SWG, o=ibm,c=ususerPassword: maxadminuid: maxadminobjectClass: inetorgpersonobjectClass: topobjectClass: personobjectClass: organizationalPersonsn: maxadmincn: maxadmin

dn: uid=mxintadm,ou=users,ou=SWG, o=ibm,c=ususerPassword: mxintadmuid: mxintadmobjectClass: inetorgpersonobjectClass: topobjectClass: personobjectClass: organizationalPersonsn: mxintadmcn: mxintadm

dn: uid=maxreg,ou=users,ou=SWG, o=ibm,c=ususerPassword: maxreguid: maxregobjectClass: inetorgpersonobjectClass: topobjectClass: personobjectClass: organizationalPersonsn: maxregcn: maxreg

After the creation of users, you are required to create the following groups and assign the maxadminuser to them. An LDIF file with the following content needs to be created:


dn: ou=groups,ou=SWG,o=ibm,c=usou: groupsobjectClass: topobjectClass: organizationalUnit

dn: cn=maxadmin,ou=groups,ou=SWG, o=ibm,c=usobjectClass: groupofnamesobjectClass: topmember: uid=dummymember: uid=maxadmin,ou=users,ou=SWG,o=IBM,c=USmember: uid=mxintadm,ou=users,ou=SWG,o=IBM,c=UScn: maxadmin

dn: cn=maximousers,ou=groups,ou=SWG, o=ibm,c=usobjectClass: groupofnamesobjectClass: topmember: uid=dummymember: uid=mxintadm,ou=users,ou=SWG,o=IBM,c=USmember: uid=maxreg,ou=users,ou=SWG,o=IBM,c=USmember: uid=maxadmin,ou=users,ou=SWG,o=IBM,c=UScn: maximousers

dn:cn=TPDEPLOYMENTSPECIALIST,ou=groups,ou=SWG,O=IBM,C=USobjectclass: groupofnamescn: TPDEPLOYMENTSPECIALISTmember: uid=maxadmin,ou=users,ou=SWG,o=IBM,c=US

dn:cn=TPCOMPLIANCEANALYST,ou=groups,ou=SWG,O=IBM,C=USobjectclass: groupofnamescn: TPCOMPLIANCEANALYSTmember: uid=maxadmin,ou=users,ou=SWG,o=IBM,c=US

dn:cn=TPCONFIGURATIONLIBRARIAN,ou=groups,ou=SWG,O=IBM,C=USobjectclass: groupofnamescn: TPCONFIGURATIONLIBRARIANmember: uid=maxadmin,ou=users,ou=SWG,o=IBM,c=US

dn:cn=TPDEVELOPER,ou=groups,ou=SWG,O=IBM,C=USobjectclass: groupofnamescn: TPDEVELOPERmember: uid=maxadmin,ou=users,ou=SWG,o=IBM,c=US

dn:cn=TPADMIN,ou=groups,ou=SWG,O=IBM,C=USobjectclass: groupofnamescn: TPADMINmember: uid=maxadmin,ou=users,ou=SWG,o=IBM,c=US

dn:cn=TPWEBSERVICEUSER,ou=groups,ou=SWG,O=IBM,C=USobjectclass: groupofnamescn: TPWEBSERVICEUSERmember: uid=maxadmin,ou=users,ou=SWG,o=IBM,c=US

To create the users and update the membership of the LDAP repository, run the following command:ldapmodify -a -D cn=root -w <password> -i <file_name>

If you create the LDIF file on a Windows computer, remove the ^M characters from the file beforeusing.

21. In the IBM Tivoli Directory Server Configuration tool, click Import LDIF data. Click Browse tolocate the LDIF file and click Import.

22. Close the IBM Tivoli Directory Server Configuration tool and restart the server.23. If you are using a virtual IP address on the computer where Tivoli Directory Server is installed, run

the following DB2 command on the computer:db2set -g DB2SYSTEM=virtual_hostname


Replace virtual_hostname with the virtual host name.Example: If Tivoli Directory Server is installed on the computer with the virtual host nameldap.example.com, run this command on the computer ldap.example.com:db2set -g DB2SYSTEM=ldap.example.com

What to do next

Proceed to “Installing Tivoli Provisioning Manager core components” on page 119.

Installing Microsoft Active Directory:

You must manually install Microsoft Active Directory before installing Tivoli Provisioning Manager.

Before you begin

Ensure that the computer meets the hardware and software requirements for Microsoft Active Directoryon Windows 2003. Requirements for use with Tivoli Provisioning Manager include:v Microsoft Active Directory must be installed on a separate computer.v The latest Windows 2003 service pack is installed.v The primary network card has a static IP address. This setting is required for the DNS and Active

Directory subsystems.1. Click Start > Control Panel > Network Connections.2. Right-click the connection that represents your primary network adapter and click Properties.3. Select Internet Protocol (TCP/IP), and click Properties.4. Ensure that Use the following IP address is selected and enter the IP address and subnet mask for

the server. Add a gateway if required.5. Enter the IP address of the server in the Preferred DNS server field.

v Install and configure DNS. If it is not currently installed, perform the following steps:1. In the Windows Control Panel, double-click Add or Remove Programs and then click Add/Remove

Windows Components.2. Click Networking Services in the list of components, but do not select the check box if it was not

already selected. Click Details and select the Domain Name System check box.3. Click OK and then Next and complete the installation of DNS.

To Install Microsoft Active Directory:

Procedure

1. Ensure that you log on to the computer with an administrator account to perform installation.2. Click electing Start > Administration Tools > Configure your Server .3. In the Welcome page, click Next.4. In the Operating system compatibility panel, click Next.5. On the Domain Controller Type panel, select Domain controller for a new domain and click Next.6. On the Create New Domain panel, select Domain in a new forest and click Next.7. On the New Domain Name panel, enter the DNS suffix for your new Active Directory. This name

will be used during Tivoli Provisioning Manager installation, so make a note of it. Click Next.8. On the NetBIOS Domain Name panel, enter the NetBIOS name of the domain. The first part of the

DNS name is typically sufficient. Click Next.9. On the Database and Logs panel, select the folders for the Database and Logs. The default value is

C:\Windows\NTDS. Click Next.


10. On the Shared System Volume panel, enter a valid directory for the system volume.C:\Windows\Sysvol is the default. Click Next to continue.

11. If you configured DNS successfully, the Permissions setting panel is displayed. Select Permissionscompatible only with Windows 2000 or Windows Server 2003. Click Next.

12. On the Directory Services Restore Mode Administrator Password panel, enter a valid password to beused when running the Directory Services in Restore Mode. Click Next

13. Verify the settings and Click Next to begin the Active Directory configuration. The server will berebooted as part of the process.

What to do next

You are now ready to configure Microsoft Active Directory.

Manually configuring Microsoft Active Directory:

To manually configure Microsoft Active Directory for use with Tivoli Provisioning Manager, completethese steps before installing Tivoli Provisioning Manager.

Before you begin

v While Microsoft Windows Server 2008 is supported as a platform for the administrative workstation, orfor hosting middleware, Microsoft Active Directory on Microsoft Windows Server 2008 is notsupported.

v The users and passwords created in the following steps need to match this exact configuration for thedeployment to succeed. The Microsoft Active Directory security policy might need to be alteredtemporarily to allow the creation of these accounts in the format described. After successfulinstallation, these default passwords can be changed to conform to a stricter security policy.

v Use this procedure if you plan to create users and groups manually in Microsoft Active Directory. Theinstallation program gives you the opportunity to have these users and groups created automaticallyduring the installation, provided that you have properly set up SSL communication between MicrosoftActive Directory and IBM WebSphere Application Server, as described in “Configuring SSL betweenMicrosoft Active Directory and WebSphere Application Server Network Deployment” on page 65.

Procedure

1. Click Start > Control Panel > Administrative Tools > Microsoft Active Directory Users andComputers and then select the domain that you are working with.

2. Edit the domain functional level by selecting Action > Raise Domain Functional Level.3. Select Microsoft Windows Server 2003 from the Select an available domain functional level menu,

and then click Raise.4. Click OK.5. When the domain raise task has completed, click OK.6. In the Microsoft Active Directory Users and Computers user interface, right-click the domain you

want to work with and select New > Organizational Unit.7. Enter a name for the new Organizational Unit (OU), for example, SWG, and then click OK.8. Create a group object under the SWG organizational unit:

a. Right-click the SWG OU, and select New > Organizational Unit.b. Enter Groups as the name for the new OU then click OK.

9. Create a users object under the SWG organizational unit:a. Right-click the SWG OU, and select New > Organizational Unit.b. Enter Users as the name for the new OU and click OK.

10. Create the MAXADMIN group:a. Right click the Groups OU and select New > Group.


b. From the New Object - Group dialog, enter the following values and click OK.

Group nameEnter MAXADMIN. This value must be capitalized.

Group name (pre-Windows 2000)Enter MAXADMINPRE2K as the pre-Windows 2000 group name.

This value must be capitalized and must be different than the name entered for Groupname.

Group scopeGlobal

Group typeSecurity

11. Create the MAXIMOUSERS group:a. Right click the Groups OU and select New > Group.b. From the New Object - Group dialog, enter the following values and click OK.

Group nameEnter MAXIMOUSERS. This value must be capitalized.

Group name (pre-Windows 2000)Enter MAXIMOUSERS as the pre-Windows 2000 group name.

This value must be capitalized.

Group scopeGlobal

Group typeSecurity

12. Create the wasadmin user:a. Right click the Users OU and select New > User.b. From the New Object - User dialog, enter the following values and click Next.

First nameEnter wasadmin.

InitialsLeave this field blank.

Last nameLeave this field blank.

Full nameEnter wasadmin.

User login nameEnter wasadmin in the first field. Leave the default value of the second field.

User login name (pre-Windows 2000)This field is filled with the same value (wasadmin) entered for the User login name.

c. From the next panel, enter the following information and click Next:

PasswordEnter the password for wasadmin. This value must have a minimum of eight characters.

User must change password at next logonEnsure this check box is cleared.

User cannot change passwordEnsure this check box is selected.


Password never expiresEnsure this check box is selected.

Account is disabledEnsure this check box is cleared.

The preceding values are examples. You must set these fields to values that comply with thepassword policy of your organization.

d. Review the password settings in the summary panel, and click Finish.13. Create the maxadmin user:

a. Right click the Users OU and select New > User.b. From the New Object - User dialog, enter the following values, and then click Next:

First nameEnter maxadmin.



Full nameEnter maxadmin.

User login nameEnter maxadmin in the first field. Leave the default value of the second field.

User login name (pre-Windows 2000)This field is filled with the same value (maxadmin) entered for the User login name.

c. From the next panel, enter the following information and click Next.

PasswordEnter the password for maxadmin. This value must have a minimum of eight characters.






d. Review the password settings in the summary panel, and click Finish.14. Create the mxintadm user:

a. Right click the Users OU and select New > User.b. From the New Object - User dialog, enter the following values and click Next.

First nameEnter mxintadm.




Full nameEnter mxintadm.

User login nameEnter mxintadm in the first field. Leave the default value of the second field.

User login name (pre-Windows 2000)This field is filled with the same value (mxintadm) entered for User login name.


PasswordEnter the password for mxintadm. This value must have a minimum of eight characters.






d. Review the password settings in the summary panel, and click Finish.15. Create the maxreg user:

a. Right click the Users OU and select New > User.b. From the New Object - User dialog, enter the following values and click Next.

First nameEnter maxreg.



Full nameEnter maxreg.

User login nameEnter maxreg in the first field. Leave the default value of the second field.

User login name (pre-Windows 2000)This field is filled with the same value (maxreg) entered for the User login name.


PasswordEnter the password for the maxreg user. This value must have a minimum of eightcharacters.







d. Review the password settings in the summary panel, and click Finish.16. Add users to the MAXADMIN group:

a. Click the Groups object under the SWG OU.b. Double-click the MAXADMIN group listed in the Groups pane.c. From the MAXADMIN properties dialog, select the Members tab and then click Add.d. From the Select Users, Contacts, Computers, or Groups dialog, click Advanced.e. On the Advanced panel, click Find Now.f. From the Search results list, select the maxadmin and mxintadm users and click OK. Ensure that you

are selecting the maxadmin user and not the maxadmin group from this list.g. Click OK.

17. Add users to the MAXIMOUSERS group:a. Click the Groups object under the SWG OU.b. Double-click the MAXIMOUSERS group listed in the Groups pane.c. From the MAXIMOUSERS properties dialog, select the Members tab and then click Add.d. From the Select Users, Contacts, Computers, or Groups dialog, click Advanced.e. On the Advanced panel, click Find Now.f. From the Search results list, select the maxadmin, mxintadm, and maxreg users, and then click OK.

Ensure that you are selecting the maxadmin user and not the maxadmin group from this list.g. Click OK.

18. Using the same procedure for creating the MAXADMIN group, create the following groups:v TPADMIN

v TPCOMPLIANCEANALYST

v TPDEPLOYMENTSPECIALIST

v TPDEVELOPER

v TPWEBSERVICEUSER

19. Using the same procedure for adding the maxadmin user to the MAXADMIN group, add the maxadminuser to the following groups:v TPADMIN

v TPCOMPLIANCEANALYST

v TPDEPLOYMENTSPECIALIST

v TPDEVELOPER

v TPWEBSERVICEUSER

Note: The TPWEBSERVICEUSER group for the Web Service interface is configured in theuser-factory.xml file as follows:<ws-security-role>TPWEBSERVICEUSER<\ws-security-role>

To configure this group to use another role, you must add the roles to both the LDAP and theTivoli Provisioning Manager database using VMMSYNC.

20. Exit the Microsoft Active Directory Users and Computers user interface.


Results

Microsoft Active Directory configuration is complete and you are now ready to install the remainingmiddleware and configure the application server to use Microsoft Active Directory.

Configuring SSL between Microsoft Active Directory and WebSphere Application Server Network Deployment:

Configuring SSL between Microsoft Active Directory and WebSphere Application Server NetworkDeployment allows the installation program to create users.

Before you begin

To enable the Provisioning Manager installation program to automatically create users and groups withinMicrosoft Active Directory, you have to configure SSL communication between Microsoft Active Directoryand WebSphere Application Server Network Deployment.

You must enable SSL for Microsoft Active Directory, generate a certificate, and then add that certificate toWebSphere Application Server Network Deployment.

Changing the name or domain of the certificate authority at any point invalidates certificates previouslyissued from that authority.

Ensure that you have host name resolution set up properly in your environment. Communication failuresoccur if the computer hosting Microsoft Active Directory cannot resolve host names for systems that havebeen issued certificates.

Ensure that you have already installed Microsoft Internet Information Services with ASP extensionsenabled on the system before configuring the certificate service required for SSL. Microsoft InternetInformation Services are a prerequisite of the certificate service. Microsoft Internet Information Servicescan be added as a Windows component from the Add/Remove Programs dialog. Add this component byselecting the Internet Information Services or Application Server component and installing it. If you haveIBM HTTP Server installed on the same system, you cannot use port 80 for IBM HTTP Server. If IBMHTTP Server was configured to use port 80, you must change it to another value because MicrosoftInternet Information Services must use port 80. After you verify that these two conditions are met,proceed with setting up certificate services as described in this procedure.

Procedure

1. Add the Certificate Services component:a. From the Control Panel of the Microsoft Active Directory server, select Add or Remove

Programs. Then select Add/Remove Windows Components.b. From the Windows Components panel, select the Certificate Services option, and then click

Next.c. From the CA Type panel, select Stand alone root CA, select the Use custom settings to generate

the key pair and CA certificate option, and then click Next.d. From the Public and Private Key Pair panel, select Microsoft Strong Cryptographic Provider for

the CSP value, select SHA-1 as the Hash algorithm, set the Key length to 2048, and then clickNext.

e. From the CA Identifying Information panel, enter host_name.itsm.com in the Common name forthis CA field, enter DC=itsm,DC=com for the Distinguished name suffix, set the Validity period to5 years, and then click Next. The values used in this step are example values only. Replace thesevalues with the details of the computer hosting Microsoft Active Directory.

f. From the Certificate Database Settings panel, you can keep the default value ofC:\WINDOWS\system32\CertLog for both the Certificate database and Certificate database logfields, and then click Next. Configuration of the component now begins.


g. Click Finish.h. Restart the system.

2. Download a CA certificate:a. Launch Internet Explorer.b. Select Tools > Internet Options > Security and click Sites.c. From the Trusted Sites dialog box, enter http://host_name.itsm.com in the Add this web site to

the zone: field, click Add, and then click Close.d. Enter http://host_name.itsm.com/certsrv in the browser.e. From the Certificate Services page, click Download a CA certificate, Certificate Chain, or CRL.f. From the Download a CA Certificate, Certificate Chain, or CRL page, click install this CA

certificate chain. When the task has completed successfully, click the back button.g. From the Download CA Certificate, Certificate Chain, or CRL page select Current for the CA

certificate value, select Base 64 for the Encoding method, and then click Download a CACertificate.

h. When prompted, specify the type as Security Certificate and save the security certificate file asserverRootCA.cer

3. Add the Certificates Snap-in:a. Launch the Microsoft Management Console.b. Select File > Add/Remove Snap-in.c. From the Add/Remove Snap-in dialog box, click Add.d. From the Add Standalone Snap-in dialog box, select Certificates and then click Add.e. Select Computer account and then click Next.f. Select Local computer: (the computer this console is running on) and click Finish.g. From the Add Standalone Snap-in dialog box, select Certification Authority and then click Add.h. Select Local computer: (the computer this console is running on) and click Finish.i. Click Close to close the Add Standalone Snap-in dialog box.j. Click OK on the Add/Remove Snap-in dialog box to close it.

4. Transfer certificates to a store:a. In the Microsoft Management Console, navigate to Console Root > Certificates (Local

Computer) > Third-Party Root Certification Authorities.b. Right-click Certificates and select All Tasks > Import.c. From the File to Import panel of the Certificate Import wizard, browse to the location of the

serverRootCA.cer file, select it, and then click Next.d. From the Certificate Store panel, select Place all certificates in the following store, click Next,

and then click Finish.5. Create and submit a request to the CA:

a. Using Internet Explorer, navigate to http://host_name.itsm.com/certsrv. From the CertificateServices page, click Request a certificate.

b. From the Request a Certificate page, click advanced certificate request.c. From the Advanced Certificate Request page, click Create and submit a request to this CA.d. From the Advanced Certificate Request page, enter the following information and then click

Submit.

Identifying InformationEnter the fully qualified name of the computer hosting Microsoft Active Directory in theName field. This value must be capitalized, for example HOST_NAME.ITSM.COM.

Type of Certificate NeededSelect Server Authentication Certificate.


Key OptionsFor the CSP field, select Microsoft RSA SChannel Cryptographic Provider.

Select the Automatic key container name, Mark keys as exportable, and Store certificatein the local computer certificate store options.

For the Key Size field, you can either accept the default value of 1024, or change it to amore appropriate value.

Additional OptionsSet the Request Format option to PKCS10.

For the Hash Algorithm field, select SHA-1.

For the Friendly Name field, enter the same exact value as entered for the Name field.

Default values are sufficient for the remaining fields on this page.e. Click Home to return to the home page for Certificate Services.

6. Install the certificate:a. In the Microsoft Management Console, navigate to Console Root > Certification Authority

(Local) > host_name.itsm.com > Pending Requests.b. In the right pane, right-click the ID of the request, and then select All Tasks > Issue.c. From Internet Explorer, on the Certificate Services page, click View the status of a pending

certificate request.d. From the View the Status of a Pending Certificate Request page, click the certificate request you

created.e. From the Certificate Issued page, click Install this certificate.f. Restart the system.

7. Verify the private key:a. When the system has restarted, start the Microsoft Management Console and navigate to Console

Root > Certificates (Local Computer) > Personal > Certificates.b. In the right pane, double-click the entry displayed in uppercase.c. From the Certificate dialog box, ensure you can find the statement You have a private key that

corresponds to this certificate, and then click OK.d. In the right pane, double-click the entry displayed in lowercase.e. From the Certificate dialog box, ensure you can find the statement You have a private key that

corresponds to this certificate, and then click OK.8. Configure the connection:

a. Launch the Microsoft LDP utility.b. Select Connection.c. Select Connect.d. Enter host_name.itsm.com for Server, 636 for Port, select SSL, and then click OK. Review the

information displayed to verify your configuration values.9. Export certificate files:

a. Launch the Microsoft Management Console and navigate to Console Root > Certificates (LocalComputer) > Personal > Certificates.

b. Right-click the uppercase certificate entry and select All Tasks > Export

c. From the Certificate Export wizard Welcome panel, click Next.d. From the Export Private Key panel, select No, do not export private key, and then click Next.e. From the Export File Format panel, select Base-64 encoded X.509(.CER), and then click Next.f. From the File to Export panel, export the certificate as serverRootCA.cer, click Next, and then

click Finish.


g. Right-click the lowercase certificate entry and select All Tasks > Export.h. From the Certificate Export wizard Welcome panel, click Next.i. From the Export Private Key panel, select No, do not export private key, and then click Next.j. From the Export File Format panel, select Base-64 encoded X.509(.CER), and then click Next.k. From the File to Export panel, export the certificate as serverAuthCert.cer, click Next, and then

click Finish.10. Add signer certificates:

a. Copy serverRootCA.cer and serverAuthCert.cer to the WebSphere Application Server NetworkDeployment system.

b. Start the WebSphere Application Server Network Deployment administrative console.c. From the WebSphere Application Server Network Deployment administrative console, select

Security > SSL certificate and key management.d. Click Keystores and certificates.e. Click CellDefaultTrustStore.f. Click Signer certificates and then click Add.g. From the Add signer certificate page, enter MSADServerRootCA for the Alias, enter the path

(including the file name) to the serverRootCA.cer file in the File name field, and then click OK.h. Click Add.i. Enter MSADServerAuthCert for the Alias, enter the path (including the file name) to the

serverAuthCert.cer file in the File name field, and then click OK.11. Configure security:

a. From the WebSphere Application Server Network Deployment administrative console, selectSecurity > Secure administration, applications, and infrastructure.

b. From the Available realm definitions drop-down list, select Federated repositories, and thenclick Configure.

c. Click the repository identifier for Microsoft Active Directory listed in Repositories in the realmtable.

d. Update the following properties and then click OK.

Port Update this value to 636.

Login propertiesSet this value to cn.

Requires SSL communicationsEnsure that this option is selected.

Use specific SSL aliasEnsure that this option is selected with a value of CellDefaultSSLSettings.

e. Click Supported entity types and verify that the PersonAccount entity type is set to cn. If it isnot set to cn, click the PersonAccount entity type and set it and then save the changes.

f. Restart the domain manager.

Securing WebSphere Application Server with Microsoft Active Directory using the middlewareinstallation program:

If you have an existing Microsoft Active Directory instance, you can use it to secure WebSphereApplication Server when you install it on the system. You can either configure it manually, or by usingthe middleware installation program.


Before you begin

Note that before running the Provisioning Manager installation program, you must manually create theusers and groups listed in “Manually configuring Microsoft Active Directory” on page 60. You canperform this step after you have installed middleware using the middleware installation program, but itmust be completed before you begin using the Provisioning Manager installation program.

The middleware installation program will prompt you for LDAP configuration parameters to use withWebSphere Application Server.

To have the middleware installation program use an existing Microsoft Active Directory instance tosecure WebSphere Application Server, complete the following steps:

Procedure

1. Log on as a user with administrative authority.2. Start the middleware installation program from the launchpad.3. Navigate the middleware installation program panels as instructed in “Installing and configuring the


4. From the Deployment Choices panel, clear the Directory Server deployment option, and then clickNext. In the next panel, you will be given the choice of selecting an existing instance of IBMTivoliDirectory Server or Microsoft Active Directory to secure WebSphere Application Server.

5. In the Deployment Plan Summary window, click Next to configure the parameters displayed. Thedeployment plan is generated and you will be provided details about the plan.

6. In the Configurable Host Name panel, if you want to manually specify the host name of thecomputer you are running the installation from, select the Override the local machine hostnameoption and enter a host name value in the Hostname field. Select this option only if you want tomanually specify the host name of the system instead of having the installation programprogrammatically detect it. Use this option when there is more than a single host name assigned tothe system, such as in cases where a system has more than one network interface, or it is configuredto support virtual IP addresses. When this option is selected, you are required to provide aresolvable host name. You cannot clear this option once it has been selected, however, you will beable to change the value of the Hostname field. If you launched the middleware installation programfrom the command line using the forceHostname=true parameter, then you will be required toprovide an alphanumeric value in the Hostname field. An IP address will result in an errormessage. Once this option has been selected, you will not be able to clear it. However, you canchange the value you enter in the Hostname field.

7. In the Password Reuse panel, you can select Use this password as the value for all subsequentpasswords, enter a password value, and then click Next, which will allow you to use the samepassword as the default user password value in all panels of the middleware installation program. Ifyou do not want to use this option, ignore the Use this password as the value for all subsequentpasswords option, and click Next.

8. Select Secure with Microsoft Active Directory, and click Next.9. Configure the following values for WebSphere Application Server security, and then click Next.

LDAP Host nameEnter the fully qualified name of the server hosting Microsoft Active Directory.

Directory server portEnter the directory server port. For example, 389

LDAP base entryEnter the LDAP base entry of the instance. For example, DC=itsm,DC=com

User suffixEnter the user suffix for the instance. For example, OU=Users,OU=SWG,DC=itsm,DC=com


Group suffixEnter the group suffix for the instance. For example, OU=Groups,OU=SWG,DC=itsm,DC=com

Organization container suffixEnter the organization container suffix for the instance. For example, DC=itsm,DC=com

In this example, itsm is the domain name. You must replace itsm with the name of yourown domain.

10. Supply the following configuration values for WebSphere Application Server security, and then clickNext.

Bind distinguished nameEnter the bind distinguished name for the instance. For example,CN=Administrator,CN=Users,DC=itsm,DC=com

This value assumes that the Administrator user is already a member of the itsm domain. Youmust replace itsm with the name of your own domain.

Bind passwordEnter the password for the Administrator user on the system hosting Microsoft ActiveDirectory.

11. Complete the installation by navigating the remainder of the middleware installation programpanels.For more informaton, see “Installing and configuring the middleware with the middleware installer”on page 36.

Manually configuring WebSphere Application ServerIf you do not want the Tivoli Provisioning Manager installation program to configure WebSphereApplication Server automatically, you must configure the application server manually before you use theTivoli Provisioning Manager installation program.

Creating WebSphere Application Server profiles:

This procedure provides task information for creating WebSphere Application Server profiles.

Before you begin

You cannot use the Profile Management tool to create profiles for 64-bit platforms. For 64-bit platforms,see Creating and deleting IBM WebSphere Application Server profiles at http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/tpro_profiles.html.

To create WebSphere Application Server profiles before running the Tivoli Provisioning Managerinstallation program:1. Launch the profile creation wizard.2. Click Next in the Welcome dialog box.3. Select the Create a deployment manager option. Click Next.4. Accept the default value or specify a Profile name. Click Next.5. Accept the default installation location. Click Next.6. Accept the default values or specify the Node name, Host name, and Cell name. Click Next.7. Review the assigned port numbers. Click Next. Note the Administrative port number. You will use

this context when invoking the console through a browser.8. Select the Run the Application Server as a Windows service and log on as a local system account.

Click Next.9. Click Next in the Profile summary dialog box.

10. Select the Launch the First steps console option. Click Finish.


http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/tpro_profiles.html

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/tpro_profiles.html

11. Click the Installation verification link.12. After Installation Verification completes, close the output window.13. Use the launchpad command and click the Profile creation wizard to open the First Steps window

(if not open already).14. Click Next in the Welcome dialog box.15. Select Create a custom profile. Click Next.16. Accept the default values or specify the appropriate information. Click Next.17. Specify a unique Profile name. Click Next.18. Accept the default directory path. Click Next.19. Specify a unique node name and the computer name (or IP address) of the machine where you are

performing this installation. Click Next.20. Review the port number listings. Click Next.21. Click Next in the Profile summary dialog box.22. Select the Launch the First steps console check box. Click Finish.23. Click Exit. If another First steps window is open, close it.

Manually configuring Virtual Member Manager on WebSphere Application Server:

This procedure provides task information for manually configuring Virtual Member Manager (VMM) tosecure Tivoli Provisioning Manager.

Before you begin

Ensure you have a wasadmin user created in your LDAP repository.

During the installation process, the Tivoli Provisioning Manager installation program provided you withthe option of automatically configuring Tivoli Provisioning Manager middleware. If you chose to havethe middleware installer program automatically configure the middleware, then it will, among othertasks, perform Virtual Member Manager (VMM) configuration for you. If not, you must manuallyconfigure VMM.

VMM lets you access and maintain user data in multiple repositories, and federate that data into a singlevirtual repository. The federated repository consists of a single named realm, which is a set ofindependent user repositories. Each repository can be an entire external repository or, in the case ofLDAP, a subtree within that repository. The root of each repository is mapped to a base entry within thefederated repository, which is a starting point within the hierarchical namespace of the virtual realm.

Note that if you intend to configure VMM to use SSL with a federated LDAP repository, it must be doneonly after a successful Tivoli Provisioning Manager installation. If VMM is configured to use SSL with afederated LDAP repository before completing the Tivoli Provisioning Manager installation, the installationwill fail. Do not configure a WebSphere Application Server VMM LDAP federated repository to use SSLwith an LDAP directory before installing Tivoli Provisioning Manager. Configure SSL after the TivoliProvisioning Manager installation program has completed successfully.

To add an LDAP directory to the VMM virtual repository, you must first add the LDAP directory to thelist of repositories available for configuration for the federated repository and then add the root ofbaseEntries to a search base within the LDAP directory. Multiple base entries can be added with differentsearch bases for a single LDAP directory.

The values provided here are for example purposes only. If you are using IBM Tivoli Directory Server,enter the values used during the installation and configuration of IBM Tivoli Directory Server. If you areusing Microsoft Active Directory, substitute values you used in “Securing WebSphere Application Serverwith Microsoft Active Directory using the middleware installation program” on page 68 and “Manually


configuring Microsoft Active Directory” on page 60 where appropriate in this procedure. You will alsohave to modify the VMMCRONTASK as shown in “Manually configuring directory synchronization forWebSphere Application Server Network Deployment” on page 134.

To add IBM Tivoli Directory Server or Microsoft Active Directory to Virtual Member Manager:

Procedure

1. Log on to the admin console and go to Security > Secure administration, applications, andinfrastructure.

2. Locate the User account repository section, select Federated repositories from the Available realmdefinition field and click Configure.

3. Click Manage repositories located under Related Items.4. Click Add to create the repository definition under the current default realm.5. Enter the following values, click Apply and click Save.

Repository identifierFor IBM Tivoli Directory Server, enter ISMITDS.

For Microsoft Active Directory, enter ISMMSAD.

Directory typeFor IBM Tivoli Directory Server, select IBM Tivoli Directory Server Version 6.

For Microsoft Active Directory, select Microsoft Windows Server 2003 Active Directory.

Primary host nameEnter the fully-qualified host name or IP address of the IBM Tivoli Directory Server or theMicrosoft Active Directory server.

Port Enter 389.

Support referrals to other LDAP serversSet to ignore.

Bind distinguished nameFor IBM Tivoli Directory Server, enter cn=root

For Microsoft Active Directory, enter CN=Administrator,CN=Users,DC=itsm,DC=comThis value assumes that the Administrator user is already a member of the itsm domain. Youneed to replace itsm with the name of your own domain.

Bind passwordEnter the password for the bind distinguished name.

Login propertiesLeave this value blank.

Certificate mappingSelect EXACT_DN.

6. To return to the Federated repositories page, click Security > Secure administration, applications,and infrastructure, select Federated repositories from the Available realm definitions list, and clickConfigure.

7. Locate the Repositories in the realm section and click Add Base entry to Realm. Note that if there isan existing file repository entry in the Repositories in the realm table, you must select it, clickRemove, and save the change, after creating the new entry.

8. Enter the following values, click Apply and click Save.

RepositoryFor IBM Tivoli Directory Server, select ISMITDS.

For Microsoft Active Directory, select ISMMSAD.


Distinguished name of a base entry that uniquely identifies this set of entries in the realmFor IBM Tivoli Directory Server, enter ou=SWG,o=IBM,c=US

For Microsoft Active Directory, enter DC=itsm,DC=comThis value assumes that the Administrator user is already a member of the itsm domain. Youneed to replace itsm with the name of your own domain.

Distinguished name of a base entry in this repositoryFor IBM Tivoli Directory Server, enter ou=SWG,o=IBM,c=US

For Microsoft Active Directory, enter DC=itsm,DC=comThis value assumes that the Administrator user is a member of the itsm domain. You needto replace itsm with the name of your own domain.

9. From the Federated repositories configuration page, enter the following values, click Apply and clickSave.

Realm nameEnter ISMRealm.

Primary administrative user nameEnter wasadmin. This value must be a valid user from the configured LDAP repository.

Server user identitySelect Automatically generated server identity.

Ignore case for authorizationSelect this check box.

10. Click Supported entity types and click PersonAccount.11. From the PersonAccount configuration page, enter the following values, click OK and click Save.

Entity typeVerify that the value is PersonAccount.

Base entry for the default parentFor IBM Tivoli Directory Server, enter ou=users,ou=SWG,o=IBM,c=US

For Microsoft Active Directory, enter CN=Users,DC=itsm,DC=comThis value assumes that the Administrator user is already a member of the itsm domain. Youneed to replace itsm with the name of your own domain.

Relative Distinguished Name propertiesEnter uid.

12. Click Supported entity types and click Group.13. From the Group configuration page, enter the following values:

Entity typeVerify that the value is Group.

Base entry for the default parentFor IBM Tivoli Directory Server, enter ou=groups,ou=SWG,o=IBM,c=US

For Microsoft Active Directory, enter CN=Groups,DC=itsm,DC=comThis value assumes that the Administrator user is already a member of the itsm domain. Youneed to replace itsm with the name of your own domain.

Relative Distinguished Name propertiesEnter cn

14. Click Supported entity types, and then click OrgContainer.15. From the OrgContainer configuration page, enter or verify the following values, click OK and click

Save.


Entity typeVerify that the value is OrgContainer.

Base entry for the default parentFor IBM Tivoli Directory Server, enter ou=SWG,o=IBM,c=US

For Microsoft Active Directory, enter DC=itsm,DC=comThis value assumes that the Administrator user is already a member of the itsm domain. Youneed to replace itsm with the name of your own domain.

Relative Distinguished Name propertiesEnter o;ou;dc;cn

16. Navigate to Security > Secure administration, applications, and infrastructure.17. From the Secure administration, applications, and infrastructure configuration page, complete the

following fields, click Apply and click Save.a. Enable Enable administrative security.b. Enable Enable application security.c. Deselect Use Java 2 security to restrict application access to local resources.d. From Available realm definition, select Federated repositories.e. Click Set as current.

18. Deploy WIM.ear. WIM ear must be deployed in order for Provisioning Manager to launch in contextto systems, such as TADDM servers, that are hosting the authentication service client.a. Open a command prompt on the system that hosts WebSphere Application Server, and change

directory to WAS_HOME\bin.b. Log on to the wsadmin shell by opening a command prompt and issuing the following

command:wsadmin.bat -username <WebSphere Admin User ID> -password<WebSphere Admin Password>

c. Deploy the file:wsadmin>set wimAppname "WIM"wsadmin>set wimCell "ctgCell01"wsadmin>set wimNode "ctgCellManager01"wsadmin>set wimServer "dmgr"wsadmin>set wimEar "/opt/IBM/WebSphere/AppServer/systemApps/wim.ear"wsadmin>set attrib {}wsadmin>append attrib "-appname $wimAppname -cell $wimCell -node $wimNode-server$wimServer -systemApp"wsadmin>$AdminApp install $wimEar $attrib

d. Save the configuration:wsadmin>$AdminConfig save

e. Exit the wsadmin shell by typing exit.19. Restart WebSphere Application Server and the managed nodes by running the following commands:

a. <WAS_HOME>\profiles\ctgDmgr01\bin\stopManager.bat

b. <WAS_HOME>\profiles\ctgAppSrv01\bin\stopNode.bat

c. <WAS_HOME>\profiles\ctgDmgr01\bin\startManager.bat

d. <WAS_HOME>\profiles\ctgAppSrv01\bin\startNode.bat

Configuring Virtual Member Manager for Maximo authentication:

This procedure provides task information for configuring Virtual Member Manager (VMM) for Maximo.


If you chose to have the middleware installer program automatically configure the middleware, then itwill, among other tasks, perform Virtual Member Manager (VMM) configuration for you. If not, youmust manually configure VMM.

Procedure

1. Log on to the admin console and go to Security > Secure administration, applications, andinfrastructure.

2. Locate the User account repository section, select Federated repositories from the Available realmdefinition field and click Configure.

3. From the Federated repositories configuration page, enter the following values, click Apply and thenclick Save.

Realm nameEnter defaultWIMFileBasedRealm.

Primary administrative user nameEnter wasadmin.

Server user identitySelect Automatically generated server identity.

Ignore case for authorizationSelect this check box.

4. In the General Properties, enter the password for the wasadmin user and click OK.5. Navigate to Security > Secure administration, applications, and infrastructure.6. From the Secure administration, applications, and infrastructure configuration page, complete the

following fields, click Apply and then click Save.v From the Available realm definitions, select Federated repositories and Set as current.v Click Apply, and then click Save.v Enable Administrative security.v Disable Application security.v Deselect Use Java 2 security to restrict application access to local resources.

7. Restart WebSphere Application Server and the managed nodes by running the following commands:a. <WAS_HOME>\profiles\ctgDmgr01\bin\stopManager.bat

b. <WAS_HOME>\profiles\ctgAppSrv01\bin\stopNode.bat

c. <WAS_HOME>\profiles\ctgDmgr01\bin\startManager.bat

d. <WAS_HOME>\profiles\ctgAppSrv01\bin\startNode.bat

Configuring WebSphere Application Server Network Deployment:

Use this procedure to perform WebSphere Application Server Network Deployment configuration tasks.

If you choose to manually configure Provisioning Manager middleware for use with ProvisioningManager, you must manually configure the WebSphere Application Server Network Deployment.

Procedure

1. Manually copy the keystore file from the WebSphere Application Server Network Deploymentmanager host to a temporary directory on the administrative workstation. For example,<WAS_HOME>/profiles/ctgDmgr01/etc/trust.p12. You need this keystore later during installation.

2. Invoke a browser window and open the administrative console by typing: http://<server_name>:9060/admin. This URL address depicts the default port number (9060) and context(admin) for the administrative console. Enter a user name to log in. Note the browser is redirected toa secure port (9043).


3. Create the MXServer Application Server. This step is only necessary if you did not install WebSphereApplication Server Network Deployment using the middleware installation program.a. Expand the Servers link and click Application servers.b. Click New.c. Type MXServer and click Next.d. Accept all default settings and click Next.e. Accept default settings and click Next.f. Click Finish.g. Click Preferences.h. Select the Synchronize changes with Nodes check box, and then click Apply.i. Click Save.j. Click OK.

4. Edit JVM Memory Settings for the application server.a. From the Servers link in the navigation tree click Application servers.b. Click MXServer in the main window.c. From the Server Infrastructure group, expand the Java and Process Management link.d. Click Process Definition.e. Click Java Virtual Machine.f. Scroll down and type 512 for Initial Heap Size and 1024 for Maximum Heap Size and click OK.g. Click Save in the messages box.

5. Edit JVM Memory Settings for the deployment manager.a. From the System administration link in the navigation tree click Deployment manager.b. From the Server Infrastructure group, expand the Java and Process Management link.c. Click Process Definition.d. Click Java Virtual Machine.e. Scroll down and type 512 for Initial Heap Size and 1024 for Maximum Heap Size and click OK.f. Click Save in the messages box.

6. Start the application server.a. From the Servers link in the navigation tree click Application servers.b. Select the check box beside MXServer.c. Click Start.

7. Identify the HTTP Transfer Port Numbers.a. Expand Servers > Application servers, and click MXServer from the main window.b. Open the Web Container Settings and click Web container transport chains.c. Note the default port number as it appears with WCInboundDefault (9080).

8. Create the virtual host.a. Expand the Environment link from the navigation tree.b. Click Virtual Hosts.c. Click New.d. In the General Properties section, type maximo_host in the Name box.e. Click Apply.f. Click Save.g. From the Virtual Hosts window, click maximo_host.h. Click the Host Aliases link.i. Click New.


j. Type * (asterisk) for Host Name and type the HTTP port number (by default 80).k. Click OK.l. Click New.m. Type * (asterisk) for Host Name and type 9061 for the port number.n. Click OK.o. Click New.p. Type * (asterisk) for Host Name and type 9443 for the port number.q. Click OK.r. Click New.s. Type * (asterisk) for Host Name and type 9080 for the port number.t. Click OK.u. Click New.v. Type * (asterisk) for Host Name and type 9044 for the port number.w. Click OK.x. From the navigational breadcrumb trail, click maximo_host.y. Click Apply and then click OK.z. Click Save.

9. Enable automatic startup of the application server when the node agent is started:a. From the Servers link in the navigation tree click Application servers.b. Click MXServer in the main window.c. From the Server Infrastructure group, expand the Java and Process Management link.d. Click Monitoring Policy.e. Set Node restart state to RUNNING and click OK.f. Click Save.

Creating a Windows service for the node agent:

If your WebSphere Application Server is hosted on a Windows system, you can create a Windows servicefor starting the WebSphere node agent.

You can optionally start the node agent as a Windows service.1. Open a command prompt.2. Change directory to <WAS_HOME>\bin.

3. Type the following command with no line breaks (case sensitive).WASService -add NodeAgent -serverName nodeagent -profilePath"<WAS_HOME>\profiles\Custom01" -wasHome"<WAS_HOME>" -logRoot"<WAS_HOME>\profiles\Custom01\logs\nodeagent" -LogFile"<WAS_HOME>\profiles\Custom01\logs\nodeagent\startServer.log"-restart true

where <WAS_HOME> is the directory where WebSphere Application Server is installed.4. Close the command prompt.

WebSphere Application Server management: The tasks contained in this section must be performedregardless of whether you chose to install a new instance of WebSphere Application Server, or chose toreuse an existing server.

IBM provides comprehensive information about running and administering WebSphere ApplicationServer at this URL:


http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp

Starting and stopping the WebSphere Application Server:

This procedure provides task information for starting and stopping the WebSphere Application Server.

Before you begin

Before you start the administrative console, verify that these server processes are running.

Table 17. Listing of server processes

Server Go To

HTTP Server%HTTP_SERVER_HOME%\bin\apache -k start

%HTTP_SERVER_HOME%\bin\apache -k stop

DeploymentManager %WAS_HOME%\profiles\ctgDmgr01\bin\startManager.bat

%WAS_HOME%\profiles\ctgDmgr01\bin\stopManager.bat

Node Agent%WAS_HOME%\profiles\ctgAppSrv01\bin\startNode.bat

%WAS_HOME%\profiles\ctgAppSrv01\bin\stopNode.bat

ITDS Instance

1. Click Start, and select Run.

2. Type services.msc and click OK.

3. Select IBM Tivoli Directory Server Instance V6.2 - idsccmdb, and click Startthe service.

An application server named MXServer was created during installation.

To start the MXServer application, complete the following steps:1. Start the Deployment Manager:

%WAS_HOME%\profiles\ctgDmgr01\bin\startManager.bat

2. Start the Node:

%WAS_HOME%\profiles\ctgAppSrv01\bin\startNode.bat

3. Start the web server:

%WAS_HOME%\profiles\ctgAppSrv01\bin\startServer.bat webserver1

Alternatively, you can start the MXServer from the WebSphere Application Server administrative console.1. Open a browser window and enter the following web address:

http://host_name:9060/ibm/console

where host_name is the host name of the WebSphere Application Server and 9060 is the default portnumber for the administrative console.

2. Enter an administrative user ID and password to log in, if one is required.3. From the administrative console navigation pane, click Servers > Application Servers.4. Select the check box next to MXServer, the name of the WebSphere Application Server.5. Click Start.


To stop the administrative console:1. Open a browser window and enter the following web address:

http://host_name:9060/ibm/console

where host_name is the host name of the WebSphere Application Server and 9060 is the default portnumber for the administrative console.

2. Enter an administrative user ID and password to log in, if one is required.3. From the administrative console navigation pane, click Servers > Application Servers.4. Select the check box next to MXServer, the name of the WebSphere Application Server.5. Click Stop.

Securing the WebSphere Application Server Administrative Console:

You can secure the Administrative Console so that only authenticated users can use it.

VMM must have been configured on the server where WebSphere Application Server is installed beforesecuring the console.

Once you have enabled VMM for WebSphere Application Server security, you perform several steps tosecure the console. First you identify users (or groups) that are defined in the active user registry. Afteryou decide which users you want to access the console, you can determine their level of access byassigning roles. The roles determine the administrative actions that a user can perform. After enablingsecurity, a user must enter a valid administrator user ID and password to access the console.

You can use the Administrative Group Roles page to give groups specific authority to administerapplication servers through the administrative console. Click Security > Secure administration,applications, and infrastructure > Administrative Group Roles to view the available administrativegroup roles.

Table 18. Administrative group roles and permissions

Admin Role Description

Administrator Has operator permissions, configurator permissions, and the permission that isrequired to access sensitive data.

Operator Has monitor permissions and can change the runtime state. For example, theoperator can start or stop services.

Configurator Has monitor permissions and can change the application server configuration.

Monitor Has the least permissions. This role primarily confines the user to viewing theapplication server configuration and current state.

deployer Users granted this role can perform both configuration actions and runtimeoperations on applications.

adminsecuritymanager Fine-grained administrative security is available using wsadmin only. However,you can assign users and groups to the adminsecuritymanager role on the cell levelthrough wsadmin scripts and the administrative console. Using theadminsecuritymanager role, you can assign users and groups to the administrativeuser roles and administrative group roles. However, an administrator cannot assignusers and groups to the administrative user roles and administrative group rolesincluding the adminsecuritymanager role.

iscadmins Has administrator privileges for managing users and groups from within theadministrative console only.

Note: To manage users and groups, click Users and Groups in the console navigation tree and then clickeither Manage Users or Manage Groups.


Complete the following steps to map users and groups to security roles:

Procedure

1. Select Applications > Enterprise applications > application_name.2. Under Detail properties, click Security role to user/group mapping.3. Select the role and click either Look up users or Look up groups. Different roles can have different

security authorizations. Mapping users or groups to a role authorizes those users or groups to accessapplications defined by the role. Users and groups are associated with roles defined in an applicationwhen the application is installed or configured. Use the Search pattern field to display users in theAvailable list. Click >> to add users from the Available list to the Selected list.

4. Restart all the application servers.

Configuring WebSphere Application Server to run as a Windows service:

Configuring WebSphere Application Server to run as a Windows service can make it more convenient tomanage.

To configure WebSphere Application Server to run as a Windows service:

Procedure

1. Start the WebSphere Application Server Administrative Console by opening a browser window andentering the following URL:http://<host_name>:9060/ibm/console

2. Enter an administrative user ID and password.3. Click Servers > Application Servers.4. Select MXServer and click Start.5. Select MXServer and click Stop.6. Open a command prompt window.7. Navigate to the bin folder where you installed the Maximo application server, for example,

C:\Program Files\IBM\WebSphere\AppServer\bin.8. Run the WASService command with the following parameters:

serverNameName of Maximo application server, MXServer.

profilePathThe profile directory of the server, for example, C:\Program Files\IBM\WebSphere\AppServer\profiles\ctgAppSrv01

wasHomeHome folder for MXServer, for example, C:\Program Files\IBM\WebSphere\AppServer\profiles

logRootFolder location of MXServer log file, for example, C:\Program Files\IBM\WebSphere\AppServer\logs\ manageprofiles\ctgAppSrv01

logFileLog file name for MXServer (startServer.log)

restart Restarts the existing service automatically if the service fails when set to true.9. Enter the following WASService command and press Enter.

WASService add MXServer serverName MXServerprofilePath C:\Program Files\IBM\WebSphere\AppServer\profiles\ctgAppSrv01wasHome <D:>\IBM\WebSphere\AppServer


logRoot C:\Program Files\IBM\WebSphere\AppServer\logs\manageprofiles\ctgAppSrv01logFile C:\Program Files\IBM\WebSphere\AppServer\logs\manageprofiles\ctgAppSrv01\startServer.log restart true

10. Open a Services window and double-click MXServer.11. Change the Startup type field value to Automatic.12. Click Start to start the service, then click OK.

Configuring the WebSphere Application Server node agent to run as a Windows service:

A node agent is a server running on every host computer in the deployed network. It performsadministrative functions. Configuring the WebSphere Application Server node agent to run as a Windowsservice can make it easier to manage.

To configure the WebSphere Application Server node agent to run as a Windows service:

Procedure

1. Start the WebSphere Application Server 6.0 Administrative Console by opening a browser windowand entering the following URL:http://<host_name>:9060/ibm/console

2. Enter an administrative user ID and password.3. To stop the node agent, click System Administration > Node agents. In the System Administration

pane, select the check box beside the name of the Node Agent (for example, nodeagent), and clickStop.

4. Open a command prompt window.5. Navigate to the bin folder where you installed the node agent, for example, C:\Program

Files\IBM\WebSphere\AppServer\bin.6. Run the WASService command with the following parameters:

serverNameName of node agent, for example, nodeAgent.

profilePathThe profile directory of the server, for example, C:\Program Files\IBM\WebSphere\AppServer\profiles\ctgAppSrv01

wasHomeHome folder for MXServer, for example, C:\Program Files\IBM\WebSphere\AppServer\profiles

logRootFolder location of node agent log file, for example, C:\Program Files\IBM\WebSphere\AppServer\logs\manageprofiles\ ctgAppSrv01

logFileLog file name for node agent (startServer.log).

restart Restarts the existing service automatically if the service fails when set to true.7. Enter the following WASService command and press Enter.

WASService-add NodeAgent-serverName nodeagent-profilePath C:\Program Files\IBM\WebSphere\AppServer\profiles\ctgAppSrv01-wasHome <D:>\IBM\WebSphere\AppServer-logRoot <D:>\IBM\WebSphere\AppServer\logs\nodeagent-logFile <D:>\IBM\WebSphere\AppServer\logs\nodeagent\startServer.log-restart true

8. Open a Services window and double-click nodeagent.


9. Change the Startup type field value to Automatic.10. Click Start to start the service, and then click OK.

Manually configuring the authentication service:

Use this information to manually configure the authentication service.

Before you begin

This section provides information you can use to manually configure an authentication service on TivoliProvisioning Manager that will provide the authentication for launch in context. This allows you tolaunch in context from Tivoli Provisioning Manager to the user interface of another server, for example,TADDM, provided that it has the authentication client installed and shares the same directory server forauthentication. Under this scenario, you are only required to authenticate once to the server hosting theclient.

These instructions are provided for configuring the authentication service manually. The middlewareinstaller installs and configures the authentication service when used to install the middleware.

To configure the authentication service:

Procedure

1. Open a command prompt on the system that hosts WebSphere Application Server, and changedirectory to <WAS_HOME>/bin.

2. Restart Deployment Manager, Application Server, and MXServer using the correct profile names:<WAS_HOME>\profiles\ctgAppsrv01\bin\stopServer.bat MXServer-username <WebSphere Admin>-password <WebSphere Admin password>

<WAS_HOME>\profiles\ctgAppsrv01\bin\stopNode.bat-username <WebSphere Admin>-password <WebSphere Admin password>

<WAS_HOME>\profiles\ctgDmgr01\bin\stopManager.bat-username <WebSphere Admin>-password <WebSphere Admin password>

<WAS_HOME>\profiles\ctgAppsrv01\bin\startManager.bat<WAS_HOME>\profiles\ctgAppsrv01\bin\startNode.bat<WAS_HOME>\profiles\ctgDmgr01\bin\startServer.bat MXServer

3. Log onto the wsadmin shell by opening a command prompt and issuing the following command:v wsadmin.exe -username <WebSphere Admin User ID> -password <WebSphere Admin Password>

4. Verify that you do not already have authentication services deployed:wsadmin>$AdminApp view authnsvc_ctges

This command returns an exception similar to the following:WASX7015E: Exception running command: "$AdminApp view authnsvc_ctges";exception information: com.ibm.ws.scripting.ScriptingException:WASX7280E: An application with name "authnsvc_ctges" does not exist.

5. Copy the IBMESSAuthnSvc.ear file to your local system. This file is located in the <OperatingSystem>\WS-ESS_6.1_GA directory of the Middleware DVD for your operating system and platform.

6. Deploy the IBMESSAuthnSvc.ear file:wsadmin>$AdminApp install <file_path>/IBMESSAuthnSvc.ear {-usedefaultbindings -deployws -appname authnsvc_ctges–node (nodeName) –server serverName |[-cluster (clustername

If nodeName was set to the default value by the middleware installation program, the value isctgNode01. If serverName was set to the default value by the Tivoli Provisioning Manager installationprogram, the value is MXServer.


7. Save the configuration:wsadmin>$AdminConfig save

8. Exit the wsadmin shell by typing exit.9. Stop WebSphere Application Server and the managed nodes:

<WAS_HOME>/profiles/ctgAppSrv01/bin/stopNode.sh -username <WebSphere Admin> -password <WebSphere Admin password><WAS_HOME>/profiles/ctgDmgr01/bin/stopManager.sh -username <WebSphere Admin> -password <WebSphere Admin password>

10. Copy the com.ibm.security.ess.server_config.6.2.0.jar file to the <WAS_HOME>/plugins directoryon your local system. This file is located in the <Operating System>\WS-ESS_6.1_GA directory of theMiddleware DVD for your operating system and platform.

11. Restart WebSphere and the managed nodes:<WAS_HOME>/profiles/ctgDmgr01/bin/startManager.sh<WAS_HOME>/profiles/ctgAppSrv01/bin/startNode.sh

12. Log back into the wsadmin shell.13. Configure the service:

wsadmin>$AdminTask configureESS

14. Verify that the service is configured:wsadmin>$AdminTask isESSConfigured

This command returns a value of true.15. Create an LTPA Key:

wsadmin>$AdminTask createESSLTPAKeys {-password <password>}

If the key password is ever lost, you will need to create a key. Ensure that all clients connecting tothe service use the new export key file you generate.

16. Synchronize the configuration:wsadmin>$AdminConfig savewsadmin>set dmgr [$AdminControl completeObjectName type=DeploymentManager,*]wsadmin>$AdminControl invoke $dmgr syncActiveNodes true

17. Stop and restart WebSphere and the managed nodes:v <WAS_HOME>\profiles\ctgAppSrv01\bin\stopNode.bat -username <WebSphere Admin> -password

<WebSphere Admin password>

v <WAS_HOME>\profiles\ctgDmgr01\bin\stopManager.bat -username <WebSphere Admin> -password<WebSphere Admin password>

v <WAS_HOME>\profiles\ctgDmgr01\bin\startManager.bat

v <WAS_HOME>\profiles\ctgAppSrv01\bin\startNode.bat

18. Export the newly created key:wsadmin>$AdminTask exportESSLTPAKeys {-pathname <path_name>}

For example:wsadmin>$AdminTask exportESSLTPAKeys {-pathname /root/avenESSLTPAKeyFile.exported}

19. Add the role called TrustClientRole to the WebSphere administrator user that you specified duringthe TADDM installation. This will provide added security for the authentication service by restrictingthe users that can authenticate to the authentication service to only those with the TrustClientRolerole. Refer to the “Configuring the client authentication” topic contained in the “Configuring forWebSphere federated repositories” section of the TADDM administrator's guide for more informationabout configuring client authentication.

Manually configuring JMS queues:

This procedure provides details on steps to configure JMS queues, which must be completed beforedeploying Tivoli Provisioning Manager EAR files.


Before you begin

During the installation process, the Tivoli Provisioning Manager installation program provided you withthe option of automatically configuring the middleware. If you elected to have the Tivoli ProvisioningManager installation program automatically configure the middleware, then it will, among other tasks,create and configure JMS message queues for you. If you elected to manually configure ProvisioningManager middleware for use with Provisioning Manager, you will have to manually configure thesemessage queues.

To configure the JMS queues:

Procedure

1. Start the WebSphere Application Server.2. Launch Internet Explorer and open the WebSphere Application Server Administrative Console by

typing the following URL:http://<server_name>:<port_number>/ibm/console

For example, enter a URL similar to the following sample URL:http://localhost:9060/ibm/console

3. At the login screen, enter your User ID, then click Log in. This action opens the Welcome screen forthe WebSphere Application Server Administrative Console.

4. Start the MXServer server by navigating to Servers > Application Servers, selecting MXServer, andthen clicking Start.

5. Click System administration > Console preferences.6. Select the Synchronize changes with Nodes option, and then click Apply.7. Click Service Integration > Buses to open the Buses dialog. A bus is a group of interconnected

servers and clusters that have been added as members of the bus.8. Click New to open the Buses > New dialog box where you can add a new service integration bus.9. Enter intjmsbus as the name of the new bus in the Name field.

10. Deselect the Bus security check box. If you leave this box checked, intjmsbus inherits the GlobalSecurity setting of the cell.

11. Click Next.12. Click Finish.13. Click Save. This step propagates the JMS bus setup to the cluster configuration. Confirm that the

build completed screen displays the following information:v Bus name, for example, intjmsbus.v Auto-generated, unique ID (UUID), for example, 4BCAC78E15820FED.v The Secure option is unchecked.

Adding a server to the service integration bus:

A server must be defined for the service integration bus.

Procedure

1. From the WebSphere Application Server Administrative Console, click Service Integration > Busesto open the Buses dialog box.

2. Click intjmsbus to open the Buses > intjmsbus dialog box.3. Under Topology, click Bus members.4. In the Buses > intjmsbus > Bus members dialog box, click Add to open the Add a new bus member

dialog box.


5. Click the Server drop-down arrow, and select the server name ctgNode01:MXServer to add to thebus, and then click Next.

6. Check that the File store radio button is selected, and then click Next.7. From the Provide the message store properties panel, click Next.8. Click Finish.9. Click Save.

10. Click OK.11. Select intjmsbus.12. Change the value of the High message threshold field to a minimum value of 500,000 messages, and

then click Apply.If the number of messages awaiting processing exceeds the High Message Threshold you set, theapplication server will take action to limit the addition of new messages in the processing queues.Depending on your message requirements, you might want to enter a higher message thresholdvalue. You can determine an optimal message threshold setting by monitoring the messaging in/outqueues and the impact of the message threshold setting on system performance. You might, forexample, lower the threshold value if a higher value is degrading system performance.If you decide to change the High message threshold setting after the initial configuration, you mustopen the Additional Properties menu in the Administrative Console and change the threshold valuefor each child configuration.

13. Click Save.14. Click OK.

Creating the service integration bus destination for the continuous inbound (CQINBD) queue:

You must create a service integration bus destination for the continuous inbound (CQINBD) queue.

Before you begin

To add a logical address for the continuous inbound bus destination queue (CQINBD) within the JMSbus, complete the following steps:

Procedure


2. Click intjmsbus to open the Buses > intjmsbus dialog box.3. Click Destinations under Destination resources to open the Buses > intjmsbus > Destinations

dialog box.A bus destination, for example CQINBD, is a virtual place within a service integration bus whereapplications can attach and exchange messages.

4. Click New to open the Create new destination dialog box.5. Leave Queue checked as the destination type, and click Next to open the Create new queue dialog

box.6. Type CQINBD in the Identifier field and Continuous Queue Inbound in the Description field, then click

Next to open the Create a new queue for point-to-point messaging dialog box.7. Select the Bus Member pull-down and choose Node=ctgNode01:Server=MXServer as the bus

member that will store and process messages for the CQINBD bus destination queue.8. Click Next to open the Confirm queue creation dialog box.9. Review your selections, then click Finish to complete the creation of the CQINBD bus destination

queue.


10. Navigate the path Buses > intjmsbus > Destinations, then click CQINBD to open the configurationdialog box.

11. Click None as the Exception destination value.12. Click Apply.13. Click Save.

Creating the service integration bus destination for the sequential inbound (SQINBD) queue:

You must create the service integration bus destination for the sequential inbound (SQINBD) queue.

To add a logical address for the sequential inbound bus destination queue (SQINBD) within the serviceintegration bus, complete the following steps:

Procedure



dialog box. A bus destination is a virtual place within a service integration bus where applicationscan attach and exchange messages.


box.6. Enter SQINBD in the Identifier field and Sequential Queue Inbound in the Description field, then click

Next to open the Create a new queue for point-to-point messaging dialog box. Note that you mustuse this value and it must contain only uppercase letters.

7. Select the Bus Member pull-down and choose Node=ctgNode01:Server=MXServer.8. Click Next to open the Confirm queue creation dialog box.9. Review your selections, then click Finish to complete the creation of the SQINBD bus destination

queue.10. Navigate the path Buses > intjmsbus > Destinations, then click SQINBD to open the configuration

dialog box.11. Click None as the Exception destination value.12. Click Apply.13. Click Save.

Creating the service integration bus destination for the sequential outbound (SQOUTBD) queue:

You must create the service integration bus destination for the sequential outbound (SQOUTBD) queue.

To add a logical address for the sequential outbound bus destination queue (SQOUTBD) within theservice integration bus, complete the following steps:

Procedure



dialog box. A bus destination, for example SQOUTBD, is a virtual place within a service integrationbus where applications can attach and exchange messages.

4. Click New to open the Create new destination dialog box.


5. Leave Queue checked as the destination type, and click Next to open the Create new queue dialogbox.

6. Enter SQOUTBD in the Identifier field and Sequential Queue Outbound in the Description field, thenclick Next to open the Create a new queue for point-to-point messaging dialog box. Note that youmust use this value and it must contain only uppercase letters.

7. Select the Bus Member pull-down and choose Node=ctgNode01:Server=MXServer as the busmember that will store and process messages for the SQOUTBD bus destination queue.

8. Click Next to open the Confirm queue creation dialog box.9. Review your selections, then click Finish to complete the creation of the queue.

10. Navigate the path Buses > intjmsbus > Destinations, then click SQOUTBD to open theconfiguration dialog box where you must make the following changes:a. Click None as the Exception destination value.b. Click Apply.c. Click Save

Creating the JMS connection factory:

Add a connection factory for creating connections to the associated JMS provider of point-to-pointmessaging queues.

Procedure

1. From the WebSphere Application Server Administrative Console, click Resources > JMS >Connection factories.

2. From the Scope list select Cell=ctgCell01.3. Click New.4. Verify that the Default Messaging Provider is selected and click OK.5. Enter the following information:

Name Enter intjmsconfact.

JNDI nameEnter jms/maximo/int/cf/intcf

Bus nameSelect intjmsbus.

6. Click Apply.7. Click OK.8. Click Save.

Creating the continuous inbound (CQIN) JMS queue:

You must create a JMS queue (CQIN) as the destination for continuous inbound point-to-point messages.

To create the CQIN JMS queue, complete the following steps:

Procedure

1. From the WebSphere Application Server Administrative Console, click Resources > JMS > Queues.2. From the Scope drop-down list, select Cell=ctgCell01.3. Click New.4. Verify that the Default Messaging Provider is selected and click OK.5. Enter the following information, and click OK.

Name Enter CQIN.


Note that this value must contain only uppercase letters.

JNDI nameEnter jms/maximo/int/queues/cqin


Queue nameSelect CQINBD.

6. Click OK.7. Click Save.

Creating the sequential inbound (SQIN) JMS queue:

You must create a JMS queue (SQIN) as the destination for sequential inbound point-to-point messages.

To create the JMS queue (SQIN), complete the following steps:

Procedure


Name Enter SQIN.


JNDI nameEnter jms/maximo/int/queues/sqin


Queue nameSelect SQINBD.


Creating the sequential outbound (SQOUT) JMS queue:

You must create a JMS queue (SQOUT) as the destination for sequential outbound point-to-pointmessages.

To create the JMS queue (SQOUT), complete the following steps:

Procedure


Name Enter SQOUT.



JNDI nameEnter jms/maximo/int/queues/sqout


Queue nameSelect SQOUTBD.


Creating JMS activation specification for the continuous inbound queue (CQIN):

You must activate the continuous inbound queue (CQIN) before it can receive messages.

Complete the following steps to activate the CQIN queue:

Procedure

1. From the WebSphere Application Server Administrative Console, click Resources > JMS > ActivationSpecifications.

2. From the Scope drop-down list, select Cell=ctgCell01.3. Click New to complete the General Properties section for the new JMS activation specification.4. Click OK.5. Enter the following information, and then click OK.

Name intjmsact

This value is case sensitive. This value must be lowercase.

JNDI nameintjmsact

Destination typeQueue

Destination JNDI namejms/maximo/int/queues/cqin

Bus nameintjmsbus

Maximum concurrent endpoints10

6. Click Save.7. Restart MXServer under Servers > Application servers.

Error queues:

You can create an optional error queue that will receive redirected messages from the continuous queue(CQIN) when the messages go in error.

Creating the service integration bus destination for the inbound error queue (CQINERRBD):

You must add a logical address for the inbound error queue (CQINERRBD) within the JMS bus.

Complete the following steps:


Procedure



dialog box. A bus destination is a virtual place within a service integration bus where applicationscan attach and exchange messages.


box.6. Enter CQINERRBD in the Identifier field and Error Queue Inbound in the Description field, then click

Next to open the Create a new queue for point-to-point messaging dialog box. Note that you mustuse this value and it must contain only uppercase letters.

7. Select the Bus Member pull-down and choose Node=ctgNode01:Server=MXServer.8. Click Next to open the Confirm queue creation dialog box.9. Review your selections, then click Finish to complete the creation of the CQINERRBD bus

destination queue.10. Navigate the path Buses > intjmsbus > Destinations, then click CQINERRBD to open the

configuration dialog box where you must make the following changes:a. Click Specify and enter CQINERRBD as the exception destination value.b. Change the Maximum failed deliveries value to 5.

This is the maximum number of times you want the system to process a failed messagingattempt before forwarding the message to the exception destination.

11. Click Apply.12. Click Save.13. From the WebSphere Application Server Administrative Console, click Service Integration > Buses

to open the Buses dialog box.14. Click intjmsbus to open the Buses > intjmsbus dialog box.15. Select CQINBD.16. Specify CQINERRBD as the exception destination. Set the Maximum failed deliveries value to 5.17. Click OK.18. Click Save.

Creating the error (CQINERR) JMS queue:

After creating the Error Queue Bus Destination, you create the Error queue.

To create the Error queue, complete the following steps:

Procedure


Name Enter CQINERR.



JNDI nameEnter jms/maximo/int/queues/cqinerr


Queue nameSelect CQINERRBD.


Creating JMS activation specification for the inbound error queue (CQINERR):

You must activate the continuous inbound queue (CQINERR) before it can receive messages.

Complete the following steps to activate the CQINERR queue:

Procedure

1. From the WebSphere Application Server Administrative Console, click Resources > JMS > ActivationSpecifications.

2. From the Scope drop-down list, select Cell=ctgCell01.3. Click New to complete the General Properties section for the new JMS activation specification.4. Click OK.5. Enter the following information, and click OK.

Name Enter intjmsacterr.

This value must only contain lowercase letters.

JNDI nameEnter intjmsacterr.

Destination typeEnter Queue.

Destination JNDI namejms/maximo/int/queues/cqinerr


Manually creating a data source for the persistent store:

If you chose to manually configure WebSphere Application Server Network Deployment and if youintend to persist messages, you must create a data source in order to store JMS messages in a DB2database. You will select whether you want to persist messages or not during base services installation.

You have the option of having WebSphere Application Server Network Deployment use a DB2 databaseto store JMS messages. For more information about WebSphere Application Server Network Deploymentmessage storage, including the usage of products other than DB2, see the WebSphere Application Serverdocumentation and Planning the configuration of a messaging engine to use a data store.

To create a data source for the persistent store, complete the following steps:

Procedure

1. Create a system user and password on the server hosting the database server. For example, a usernamed mxsibusr with a password of mxsibusr.

2. Create and configure the database:


http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.doc/info/welcome_nd.html

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.doc/info/welcome_nd.html

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.multiplatform.doc/info/ae/ae/tjm0035_.html

a. Open DB2 Control Center.b. Navigate down to the Databases folder listed under your system.c. Right-click the Databases folder and select Create Database > Standard.d. Create a database named maxsibdb using default settings.e. Once the database has been created, expand the maxsibdb database and select User and Group

objects.f. Right-click DB Users and select Add.g. Select mxsibusr from the User drop-down list.h. Grant all authorities to the mxsibusr user with the exception of Security administrator authority.i. Click Apply.j. Verify that you can connect to the database using the mxsibusr user by right-clicking maxsibdb

and selecting Connect.3. Configure J2C authentication data and JDBC provider in WebSphere Application Server Network

Deployment.a. Open and log on to the WebSphere Application Server Network Deployment Administrative

Console.b. Navigate to Security > Secure administration, applications, and infrastructure.c. Under the Authentication header, click on Java Authentication and Authorization Service > J2C

authentication data.d. Click New.e. Complete the following fields in the User identity form:

Alias maxJaasAlias

User IDmxsibusr

PasswordPassword that you created for mxsibusr.

DescriptionSIB database user alias.

f. Click Apply, and then click Save.g. From the WebSphere Application Server Administrative Console navigation pane, go to Resources

> JDBC > JDBC Providers.h. Click Scope and then select Cell=ctgCell01.i. Click New.j. Specify the following values:

Database typeDB2

Provider typeDB2 Universal JDBC Driver Provider

Implementation typeXA data source

Name maxJdbcProvider

k. Click Next.l. Complete the WebSphere Application Server variable ${DB2UNIVERSAL_JDBC_DRIVER_PATH}

field with a value of <WAS_HOME>ctgMX\lib. For example, C:\Program Files\IBM\WebSphere\AppServer\ctgMX\lib.

m. Click Next.


n. Click Finish.o. Click Save.

4. Open a command prompt and copy <DB2_HOME>/java/db2jcc.jar and <DB2_HOME>/java/db2jcc_license_cu.jar to the <WAS_HOME>\ctgMX\lib directory. Go back to Resources > JDBC > JDBCProviders > maxJdbcProvider, and correct the Class path if required for both db2jcc.jar anddb2jcc_license_cu.jar. Ensure that each jar file has the full path from${DB2UNIVERSAL_JDBC_DRIVER_PATH}

5. Configure WebSphere Application Server:a. From the WebSphere Application Server Network Deployment Console, navigate to Resources >

JDBC > Data sources.b. Click Scope and then select Cell=ctgCell01.c. Click New.d. Specify the following values:

Data source nameintjmsds

JNDI namejdbc/intjmsds

e. From the Component-managed authentication alias and XA recovery authentication aliasdrop-down list, select maxJaasAlias.

f. Click Next.g. Choose Select an existing JDBC provider, and then select maxJdbcProvider from the drop-down

list.h. Click Next.i. Specify the following values:

Database namemaxsibdb

Driver type4

Server nameSpecify the DB2 server host name.

Port numberSpecify the DB2 port number. For example, 50005.

j. Ensure the Use this data source in container managed persistence (CMP) option is enabled, andthen click Next.

k. Click Finish.l. Click Save.

6. Verify the data source by selecting intjmsds, and then clicking Test Connection.

Changing middleware installer configuration parametersYou can change the configuration parameters you have entered for a deployment plan before deployingthe plan. You can use this option if you chose to cancel the deployment of the deployment plan that youdeveloped by exiting the middleware installer. Configuration parameters for a plan can be changed onlybefore deploying the deployment plan.

Before you begin

This information assumes that you have developed a deployment plan, entered configuration parametersfor the plan, and then exited the middleware installer before actually deploying the deployment plan.


To change middleware installer configuration parameters:

Procedure1. Start the middleware installer from the launchpad and advance to the Choose Workspace panel.2. Specify the directory that you previously used as the middleware installation program workspace,

and then click Next.3. Select Edit the configuration parameters, and then click Next.4. Advance along the middleware installation program panels and make adjustments.5. When you reach the Deployment Plan Operation panel, select Deploy the plan, and then click Next.6. From the Deployment Plan and Parameter Configuration summary panel, review the contents of the

summary, and then click Next.7. From the Select Middleware Image Directories panel, enter the location for compressed images for the

middleware contained in the deployment plan, and a directory to use to hold the extracted images.Once you have entered the two locations, click Next.

8. Once the deployment completes successfully, click Finish.

Starting middleware on WindowsMiddleware servers and services must be active before installing the base services installer, the TivoliProvisioning Manager core components, and the Tivoli Provisioning Manager Web components.

The middleware that you need to start depends on your current task. The following table summarizes thepossible options:

Table 19. Steps to start middleware

Situation Action

Middleware is installed,but you have notcompleted the TivoliProvisioning Managerinstallation.

The middleware is started for you when the middleware installation is complete. If youhave not rebooted the server or stopped middleware, you can continue with theinstallation.

You rebooted thecomputer.

The Tivoli Directory Server database instance and administration server must bestarted manually.

When all middleware is started, continue with the next step:

v If you are in the process of installing Tivoli Provisioning Manager, you can nowcontinue with installation.

v If you have completed the Tivoli Provisioning Manager installation, see “Startingand stopping the provisioning server on Windows” on page 211.

You have stoppedmiddleware.

When all middleware is started, continue with the next step:

v Start middleware that is stopped in the following order:

See “Checking middleware status” on page 97 for steps to verify that middleware isstarted.

v If you have completed the Tivoli Provisioning Manager installation, see “Startingand stopping the provisioning server on Windows” on page 211.

Procedure1. Log on as a user with administrative permissions.

2. 2000DB2 Start DB2. In the following examples, the database instance is named ctginst1.

If the server does not have a virtual IP address

a. Click Start and select Run.


b. Type services.msc and click OK.c. Select DB2 - DB2COPY1 - CTGINST1-0 and click Start the service.

If the server has a virtual IP addressdb2gcf -u -p 0 -i ctginst1

3. Start the Tivoli Directory Server administration server:a. Click Start and select Run.b. Type services.msc and click OK.c. Select IBM Tivoli Directory Admin Server V6.2 - idsccmdb, and click Start the service.Alternatively, run the following command from the command line:idsdiradm -I idsccmdb

4. Start Tivoli Directory Server. In the following examples, the database instance for Tivoli DirectoryServer is named idsccmdb.a. Start the Tivoli Directory Server database instance:


1) Click Start and select Run.2) Type services.msc and click OK.3) Select DB2 - DB2COPY1 - IDSCCMDB and click Start the service.

If the server has a virtual IP addressdb2gcf -u -p 0 -i idsccmdb

b. Start the Tivoli Directory Server instance:1) Click Start and select Run.2) Type services.msc and click OK.3) Select IBM Tivoli Directory Server Instance V6.2 - idsccmdb, and click Start the service.Alternatively, run the following command:idsslapd -I idsccmdb

Important: The directory server instance must remain as a manual startup type to synchronizecorrectly with the database in the context of Tivoli Provisioning Manager.

If you want to configure Tivoli Directory Server to start automatically with the operating system,see Starting the directory server instance at operating system startup in the Tivoli Directory Serverinformation center.

5. Start IBM HTTP Server and WebSphere Application Server webserver1 profile:a. Click Start and select Run.b. Type services.msc and click OK.c. Select IBM HTTP Server 6.1 and click Start the service.Alternatively, run apache from the command line.

6. Start other WebSphere Application Server profiles:

Start the deployment managerWAS_HOME\profiles\ctgDmgr01\bin\startManager.bat

Start NodeWAS_HOME\profiles\ctgAppSrv01\bin\startNode.bat

Stopping middlewareFollow these procedures to stop middleware. If you need to restart a middleware application, you muststop the application before restarting.


http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/topic/com.ibm.IBMDS.doc/admin_gd09.htm#autostart

Procedure1. Stop Tivoli Provisioning Manager.2. Stop the WebSphere Application Server MXServer profile.

a. Change to the WAS_HOME\profiles\ctgAppSrv01\bin directory.b. Run the following command:

stopServer.bat MXServer -username wasadmin_username -password wasadmin_password

The following parameters are used in the commands:

wasadmin_usernameThe WebSphere Application Server administrator user name.

wasadmin_passwordThe password for the specified user name.

3. Stop Tivoli Directory Server. The commands in these steps use the default instance name idsccmdb.a. Stop the database instance.

1) Log on as a user with administrator access.2) At a command prompt, open a DB2 window with the command db2cmd.3) If you have Tivoli Directory Server on the same computer as the Tivoli Provisioning Manager

database, set the instance name:set db2instance=idsccmdb

4) Run the following command to check for other running applications:db2 list applications

5) If the command lists other applications, run the following command to disconnect them:db2 force applications all

6) Stop DB2:

Server does not have a virtual IPRun the following command:db2stop

Note: The db2stop command can only be run at the server. No database connectionsare allowed when running this command; however, if there are any instanceattachments, they are forced off before the instance is stopped.

Server has a virtual IP

If you are using a virtual IP address for the DB2 server, use the following command tostop the database:db2gcf -d -p 0 -i idsccmdb

b. Change to the TDS_HOME/bin directory.c. Stop Tivoli Directory Server.

ibmdirctl –D cn=root –w password -h host_name stop

passwordThe password for the base DN (cn=root).

host_nameThe host name of the Tivoli Directory Server computer.

4. Stop the DB2 database instance. The commands in these steps use the default instance name ctginst1.a. Log on as a user with administrator access.b. At a command prompt, open a DB2 window with the command db2cmd.c. If you have Tivoli Directory Server on the same computer as the Tivoli Provisioning Manager

database, set the instance name:


set db2instance=ctginst1

d. Run the following command to check for other running applications:db2 list applications

e. If the command lists other applications, run the following command to disconnect them:db2 force applications all

f. Stop DB2:

Server does not have a virtual IPRun the following command:db2stop

Note: The db2stop command can only be run at the server. No database connections areallowed when running this command; however, if there are any instance attachments, theyare forced off before the instance is stopped.


If you are using a virtual IP address for the DB2 server, use the following command to stopthe database. In this example, the database instance is ctginst1.db2gcf -d -p 0 -i ctginst1

Checking middleware statusFollow these procedures to check the status of middleware.

Procedure

v 2000DB2 To check the status:1. Log on as Administrator.2. Open the Services control panel.3. Find the DB2 instance and check the status of the service. If there are multiple DB2 instances listed,

find the one for the Tivoli Provisioning Manager database owner.v To check the status of Tivoli Directory Server:

1. Log on as Administrator.2. Open the Services control panel.3. Find the entry for the IBM Tivoli Directory Server and check the status of the service.

v To check the status of Microsoft Active Directory:Click Start > Programs > Administrative Tools > Manage Your Server. In the list of server roles, verifythat the server is configured with the Domain Controller (Active Directory) role.

v To check the status of WebSphere Application Server:

Tivoli Provisioning Manager profile

1. Change to the WAS_HOME\profiles\ctgAppSrv01\bin directory.2. Run the command:

serverStatus MXServer -username wasadmin_username -password wasadmin_password

The following parameters are used in the commands:

wasadmin_usernameThe WebSphere Application Server administrator user name.

wasadmin_passwordThe password for the specified user.


Installing the base servicesAfter you have installed the middleware, you can install the base services. You must install the baseservices on either the provisioning server or the administrative workstation, if your configuration requiresthe use of an administrative workstation.

Before you beginv Make sure that the middleware applications are started. If you installed the middleware with the

middleware installer, the middleware applications are started automatically after installation. If youhave rebooted the computer or if you installed the middleware manually, see:– “Starting middleware on Windows” on page 94

v Review the planning worksheet for information about the base services installation settings. See“Planning worksheet for base services installation” on page 110.

v If using an administrative workstation, temporarily shut down any non-critical processes that couldhave a negative effect on the installation, such as anti-virus software.

v When entering values for host names, use fully qualified host names. This value is case-sensitive. Forinformation about verifying host names, see Resolving host names with a DNS server in “PreinstallationStep 6: Verify the environment” on page 16.

v Enable a remote execution and access service on every system with middleware installed. Each remotesystem must support a remote access protocol and accept remote logins from a user name andpassword configured on the target server. Remote access protocols include SSH and Windows SMB. Ifthe remote system is a Windows server, you must configure remote execution and access to use SMB.

v Enable RXA tracing to allow better troubleshooting in case there are connection problems between theadministrative workstation and the provisioning server. For more information, see “Enabling RXAtracing” on page 167.

v If the operating system user ID that you use for the installation contains Russian language characters,the installation might fail when attempting to install language packages. You might get error messagesCTGIN2289E and CTGIN0158E. To avoid this problem, install the product using a user ID withadministrative authority that contains only English language characters.

v 2000DB2 Complete the following tasks to prepare the DB2 database:– The database instance owner home directory must have 8 GB of space available regardless of

whether a database is installed in that location.– The user ID for the DB2 instance administrator must have SYSADM (administration) authority. You

enter this user ID on the DB2 Administration screen and on the Remote Access Authorization screenof the Provisioning Manager installation program. See the DB2 product documentation forinformation about creating a user with SYSADM (administration) authority on the DB2 server.

v 2000DB2 To avoid high system memory usage by DB2, you can set the following DB2 property andthen restart the DB2 server:db2 update dbm cfg using KEEPFENCED NO

v Because of DB2 installation requirements, you might have removed the TEMP and TMP environmentvariables in order to get DB2 to install successfully (DB2 might fail to install when the path string usedfor the TMP and TEMP environment variables is too long). However, these environment variables mustbe defined before launching the product launchpad or product installation program if you areinstalling the product on the same Windows system that is hosting DB2. To resolve the problem,remove the temporary environment variables before the DB2 installation and then redefine them, inpreparation for the product installation.

v If you are installing Tivoli Provisioning Manager in a language other than English, you must accept thedefault values for database table space size and index table space size. On the Summary panel, thesevalues are displayed as null. If you need to customize the table space sizes, either run the base servicesinstaller in English and configure the database manually outside of the base services installer, ormodify the table space sizes after installation.


v For WebSphere Application Server Network Deployment, ensure that the Cell and all related nodes areactively running.

v The database instance owner home directory must have 8 GB of space available regardless of whethera database will be installed into that location.

v Do not use localhost for host name values in the installation program. Specify the fully qualified hostname of the system for all host name values. This value is case-sensitive.

The following instructions are for a multiserver installation using default values and assume that youwant the base services installer to automatically configure middleware across multiple computers. If youget errors, resolve them before continuing with the installation.

If you cancel the installation program after entering values across several installation panels, theinstallation program recalls the values the next time you start the base services installation programagain. You can restore the default values in the base services installation program by deleting the fileMAXIMO_HOME/applications/maximo/properties/maximo.properties. If you cannot locate themaximo.properties file in the MAXIMO_HOME directory, look for it in the system temporary directory.

To install the base services:

Procedure1. Check for an existing installation of the solution installer. The default installation location is:


If the solution installer is already installed, start the service:v Check the Services control panel. If the IBM ADE service is not running, start it.

2. Start the launchpad.3. In the launchpad navigation pane, click Custom Installation, then click Verify base services

installation prerequisites. After verifying and confirming the prerequisites, return to the custominstallation page.

4. Click Install base services and required components.5. Select a language for the installation and click OK.6. In the Introduction panel, click Next.7. In the Package Summary panel, review the package deployment actions, and then click Next.8. Accept the license agreement and click Next.9. In the Choose Install Folder panel, specify the base services installation directory, and then click

Next. The path that you specify must not contain spaces. The default values are:v C:\IBM\SMP

10. In the Choose Deployment panel, select the Custom option.

Note: The Simple option is not supported.11. In the Import Middleware Configuration Information panel, specify that you want to use the field

values that you enter into the middleware installer fields as default values for those same fields inthe base services installer.

Import middleware configuration informationSelect this check box if you want to allow the base services installer to reuse the valuesentered in the middleware installer.

If you installed the middleware manually, leave this check box clear and enter the requiredvalues in the subsequent panels from the base services installer.


Note: If you select this feature while installing using RXA, the workspace location that youspecify must reside locally on the remote system, and cannot be located on a network driveof the remote system.

Host nameEnter the fully qualified domain name of the system where the middleware installer wasrun. This value is case-sensitive.

User IDEnter the user ID that was used to run the middleware installer on the computer specified inthe Host name field.

PasswordEnter the password for the user.

Workspace locationEnter the location of the topology file that contains the values entered for the middlewareinstaller. This file is found in the workspace that was defined during the middlewareinstallation. For more information, see “The middleware installer workspace” on page 34.

12. In the Database Type panel, select the product that you are using for the maximo database and clickNext.

Important for database support: SQL Server is not a supported database.

Oracle is not supported when the provisioning server is installed on Windows.13. In the Database panel, enter configuration information about the database, and then click Next.

2000DB2

Host nameEnter the fully qualified domain name of the computer hosting DB2, for example,database.example.com. This value is case-sensitive.

Port Enter the port being used by the DB2 instance. The default value is 50005.

Database NameEnter the name of the database to use with Tivoli Provisioning Manager. The defaultdatabase name is maxdb71. The database is created if it does not exist.

InstanceEnter the name of the database instance to be used with Tivoli Provisioning Manager. Thedefault instance name is ctginst1. This instance is created if it does not exist. However, theuser and its associated home directory must exist on the DB2 server.

Database User IDEnter the user ID used for Tivoli Provisioning Manager to access DB2. This user ID cannotbe the same as the instance administrator user ID. The default value is maximo.

Database PasswordEnter the password for the user ID used to access DB2.

14. In the Automate Database Configuration panel, select Automate database creation andconfiguration, and then click Next. This option allows the base services installer to automaticallyconfigure the database for use by Tivoli Provisioning Manager. Examples of automated tasks includecreating table spaces, creating database tables, creating database schemas, and creating users.

Note: If you do not want the base services installer to configure the database automatically, youmust configure it manually before the installation of the base services.

15. In the Remote Access Authorization panel, enter authorization information for the automaticdatabase configuration feature, and then click Next.


User IDEnter a user ID for the base services installer to access the system that is hosting thedatabase to be used with Tivoli Provisioning Manager.

Enter administrator.

PasswordEnter the password for the user ID.

See “Remote configuration enablement” on page 111 for details about how to ensure successfulremote access between the Provisioning Manager installation program and the remote server.

16. In the Database Administration panel, enter configuration information about the database, and thenclick Next.

2000DB2

Installation directoryEnter the directory where DB2 is installed. The default values are:v C:\Program Files\IBM\SQLLIB

Instance administrator user IDEnter the user ID for the administrator of the DB2 instance. The default values are:v db2admin

This user ID cannot be the same as the database user ID. This user must have DB2administration authority, which is referred to as SYSADM authority in the DB2 productdocumentation. For more information about creating this user, see the DB2 productdocumentation.

Instance administrator passwordEnter the password for the DB2 instance administrator user ID.

Windows service user IDEnter the user ID used to start the DB2 service on Windows. This user ID must haveadministrative authority on the system. The default value is db2admin.

Windows service passwordEnter the password for the user ID used to start the DB2 service on Windows.

17. In the Database Tablespace panel, enter information about the table space of the database, and thenclick Next.

2000DB2

Data tablespace nameEnter the name of the table space to be created in DB2 for Tivoli Provisioning Manager. Thetable space is created if it does not exist. The default value is MAXDATA.

Data tablespace sizeEnter a size, in megabytes, for the data table space. The value must be 5000 Mb or greater.

Temporary tablespace nameEnter the name for the temporary table space to be created for DB2. Temporary table spaceshold data during sorting or collating actions. The table space is created if it does not exist.The default value is MAXTEMP.

Temporary tablespace size (Mb)Enter a size for the temporary table space. The default value is 1000 Mb.

Index tablespace nameEnter a name for the index table space. The default value is MAXDATA.

Index tablespace sizeEnter a size, in megabytes, for the index table space. The value must be greater than 3000Mb. The default is 5000 Mb.


18. In the Application Server Type panel, select WebSphere Application Server.

Important for application server support: Oracle WebLogic Server is not supported.19. In the WebSphere Connectivity panel, enter host information about the WebSphere Application

Server, and then click Next.

Host nameEnter the fully qualified domain name of the system hosting WebSphere Application Server.This value is case-sensitive. Alternatively, you can provide the IP address for the system.

SOAP portEnter the SOAP port of the WebSphere Application Server system. The default value is 8879.

20. In the Automate WebSphere configuration panel, select Automate WebSphere configuration andclick Next. This option allows the installation program to automatically configure WebSphereApplication Server for use by Tivoli Provisioning Manager.

Note: If you do not select the option to configure WebSphere Application Server automatically, youmust have configured the middleware manually before installing the base services. For moreinformation about the manual configuration tasks.

If your provisioning server is installed on Windows, AIX, or Linux (except for SUSE LinuxEnterprise Server 11), see “Manually configuring WebSphere Application Server” on page 70.

21. In the WebSphere Remote Access Authorization panel, enter authorization information forWebSphere Application Server configuration, and then click Next.

Operating system user ID

v Enter a valid user ID for the base services installer to access the system that is hostingWebSphere Application Server. This user ID must have administrative rights on themachine you are accessing.

Operating system passwordEnter the password for the system user ID.

22. In the WebSphere Application Server Network Deployment Configuration panel, enter values for thefollowing fields, and then click Next.

WebSphere installation directoryEnter the directory where WebSphere Application Server is installed on the host system. Forexample:v C:\Program Files\IBM\WebSphere\AppServer

User IDEnter the administrative user ID used to access WebSphere Application Server. The defaultvalue is wasadmin.

PasswordEnter the password for the administrative user ID used to access WebSphere ApplicationServer.

Profile nameEnter the name for the WebSphere Application Server profile. The default value is ctgDmgr01.

23. In the WebSphere Application Server Configuration panel, enter the following information, and thenclick Next.

Web server portEnter the Web server port used by WebSphere Application Server. The default value is 80.

Web server nameEnter the name of the Web server. The default value is webserver1.


Node nameEnter the name of the WebSphere Application Server node containing the application server.The default value is ctgNode01.

Application serverEnter the name of the WebSphere Application Server to associate with Tivoli ProvisioningManager. If the application server does not exist, it is created. The default value is MXServer.

24. In the Security panel, select a method for authenticating and authorizing users and groups and clickNext.

Use WebSphere application security for authentication and authorizationChoose this option to automatically configure WebSphere Application Server NetworkDeployment application security to manage users and groups for authentication andauthorization purposes. This option requires application security to already be enabled inWebSphere Application Server Network Deployment.

Important: You must select this option if you want to use LDAP and Microsoft ActiveDirectory for authentication and authorization.

Use WebSphere application security only for authenticationChoose this option to automatically configure WebSphere Application Server NetworkDeployment application security for authentication only and allow Maximo security tomanage groups and user to group memberships. With this option, you create all your usersin your directory server, but you manage their membership in security groups in theSecurity Groups application in Tivoli Provisioning Manager. This option requires applicationsecurity to already be enabled in WebSphere Application Server Network Deployment.

If you select this option, the next panel prompts you for your user base entry. The maxadmin,maxreg, and mxintadm users must be created before you proceed past this panel.

Use Maximo security for authentication and authorizationIf you do not want to use WebSphere Application Server Network Deployment applicationsecurity, select this option to have Maximo security manage users and groups for bothauthentication and authorization.

25. In the Enter Maximo users panel, enter the following information, and then click Next.

Note: Ensure that you enter the correct passwords, as the installation program does not validatethem.

Maximo administration userProduct administrator user ID used for initial configuration and adding users. The defaultvalue is maxadmin.

PasswordPassword for the Maximo administration user.

Maximo system registration userUser ID used for the self registration of users. The default value is maxreg.

PasswordPassword for the Maximo system registration user.

Maximo system integration userUser ID used with enterprise adapters. The default value is mxintadm.

PasswordPassword for the Maximo system integration user.

26. If you selected Use WebSphere application security only for authentication in the Security panel,specify the distinguished names of the user and group base entities that you are using, choose howusers are created, and then click Next.


Important: When entering LDAP values for the base services installation, entries in LDIF files, orvalues that you enter directly into a directory instance using the directory server tools, follow theproduct-specific syntax rules for using special characters in an LDAP string. In most cases, specialcharacters must be preceded by an escape character in order to make it readable by the directoryserver.

Many directory server products consider a blank space as a special character that is part of theLDAP string. Therefore, if you mistakenly enter an LDAP string that contains a blank, at the end ofa field value, for example, and you do not precede the blank character with an escape character, youmight get errors. See the product documentation for your directory server for more informationabout special characters in LDAP strings.

User base entryEnter the user base entry that is configured for your directory server. The default LDAPschema user base entry is ou=users,ou=SWG,o=IBM,c=US.

Ensure that the base entry is in the proper format and is accurate. The middleware installerdoes not validate the base entry, but the base services installer validates it. If you entered anincorrect base entry, you must correct it before continuing with the base services installation.

Group base entryEnter the group base entry that is configured for your directory server. The default LDAPschema group base entry is ou=groups,ou=SWG,o=IBM,c=US.

Ensure that the group base entry is in the proper format and is accurate. The middlewareinstaller does not validate the group base entry, but the base services installer validates it. Ifyou entered an incorrect group base entry, you must correct it before continuing with thebase services installation.

Create the required users

Tivoli Directory ServerKeep this option selected to allow the installation program to create default users inWebSphere Application Server Virtual Member Manager (VMM).

This operation requires write access to VMM.

If you do not want to have the users created by the installation program, you mustcreate them manually before continuing with the installation. See “Manuallyconfiguring directory synchronization for WebSphere Application Server NetworkDeployment” on page 134 for synchronization tasks that you must complete after theinstallation if you choose to customize your schema.

Microsoft Active DirectoryClear this option.

If you are using Microsoft Active Directory to secure WebSphere Application Server,you already created the schema using the steps provided in “Securing WebSphereApplication Server with Microsoft Active Directory using the middleware installationprogram” on page 68 and “Manually configuring Microsoft Active Directory” onpage 60.

Before continuing with installation, verify the following requirements in MicrosoftActive Directorya. The following users exist in the directory server:

Group Users

maxadmin mxintadmmaxadmin


Group Users

maximousers mxintadmmaxadminmaxreg

b. The pre-Windows 2000 name for the group maxadmin is changed to a differentname. This change is required because the maxadmin group contains a user thatis also called maxadmin.

If you are not using the default LDAP schema, you must have it created before advancingpast this panel. The values entered for User and Group base entry fields are used toconfigure the VMMSYNC cron task. See “Manually configuring directory synchronization forWebSphere Application Server Network Deployment” on page 134 for synchronization tasksyou must complete after the installation if you choose to customize your schema.

Below is an example of the default LDIF data that you need to modify and import into yourLDAP repository if you want to customize the schema and create your own users manually:dn: o=ibm,c=usobjectClass: topobjectClass: organizationo: IBM

dn: ou=SWG, o=ibm,c=usou: SWGobjectClass: topobjectClass: organizationalUnit

dn: ou=users,ou=SWG, o=ibm,c=usou: usersobjectClass: topobjectClass: organizationalUnit

dn: cn=wasadmin,ou=users,ou=SWG, o=ibm,c=usuid: wasadminuserpassword: wasadminobjectclass: organizationalPersonobjectclass: inetOrgPersonobjectclass: personobjectclass: toptitle: WebSphere Administratorsn: wasadmincn: wasadmin

dn: uid=maxadmin,ou=users,ou=SWG, o=ibm,c=ususerPassword: maxadminuid: maxadminobjectClass: inetorgpersonobjectClass: topobjectClass: personobjectClass: organizationalPersonsn: maxadmincn: maxadmin

dn: uid=mxintadm,ou=users,ou=SWG, o=ibm,c=ususerPassword: mxintadmuid: mxintadmobjectClass: inetorgpersonobjectClass: topobjectClass: personobjectClass: organizationalPersonsn: mxintadmcn: mxintadm

dn: uid=maxreg,ou=users,ou=SWG, o=ibm,c=us


userPassword: maxreguid: maxregobjectClass: inetorgpersonobjectClass: topobjectClass: personobjectClass: organizationalPersonsn: maxregcn: maxreg

After the creation of users, you are required to create the following groups and assign themaxadmin user to them. An LDIF file with the following content needs to be created:dn: ou=groups,ou=SWG,o=ibm,c=usou: groupsobjectClass: topobjectClass: organizationalUnit

dn: cn=maxadmin,ou=groups,ou=SWG, o=ibm,c=usobjectClass: groupofnamesobjectClass: topmember: uid=dummymember: uid=maxadmin,ou=users,ou=SWG,o=IBM,c=USmember: uid=mxintadm,ou=users,ou=SWG,o=IBM,c=UScn: maxadmin

dn: cn=maximousers,ou=groups,ou=SWG, o=ibm,c=usobjectClass: groupofnamesobjectClass: topmember: uid=dummymember: uid=mxintadm,ou=users,ou=SWG,o=IBM,c=USmember: uid=maxreg,ou=users,ou=SWG,o=IBM,c=USmember: uid=maxadmin,ou=users,ou=SWG,o=IBM,c=UScn: maximousers

dn:cn=TPDEPLOYMENTSPECIALIST,ou=groups,ou=SWG,O=IBM,C=USobjectclass: groupofnamescn: TPDEPLOYMENTSPECIALISTmember: uid=maxadmin,ou=users,ou=SWG,o=IBM,c=US

dn:cn=TPCOMPLIANCEANALYST,ou=groups,ou=SWG,O=IBM,C=USobjectclass: groupofnamescn: TPCOMPLIANCEANALYSTmember: uid=maxadmin,ou=users,ou=SWG,o=IBM,c=US

dn:cn=TPCONFIGURATIONLIBRARIAN,ou=groups,ou=SWG,O=IBM,C=USobjectclass: groupofnamescn: TPCONFIGURATIONLIBRARIANmember: uid=maxadmin,ou=users,ou=SWG,o=IBM,c=US

dn:cn=TPDEVELOPER,ou=groups,ou=SWG,O=IBM,C=USobjectclass: groupofnamescn: TPDEVELOPERmember: uid=maxadmin,ou=users,ou=SWG,o=IBM,c=US

dn:cn=TPADMIN,ou=groups,ou=SWG,O=IBM,C=USobjectclass: groupofnamescn: TPADMINmember: uid=maxadmin,ou=users,ou=SWG,o=IBM,c=US

dn:cn=TPWEBSERVICEUSER,ou=groups,ou=SWG,O=IBM,C=USobjectclass: groupofnamescn: TPWEBSERVICEUSERmember: uid=maxadmin,ou=users,ou=SWG,o=IBM,c=US

To create the users and update the membership of the LDAP repository, run the followingcommand:ldapmodify -a -D cn=root -w <password> -i <file_name>


27. In the Integration Adapter JMS Configuration panel, enter the following information, and then clickNext. A JMS server requires a DB2 data repository to be configured to maintain messages. If you areusing another database type, the installation program cannot configure message persistence.

JMS Data Source nameEnter the name of the database to be used by JMS. The default value is intjmsds.

Persist JMS messagesSelect this option if you want the installation program to persist messages within DB2. Formore information, see “Manually creating a data source for the persistent store” on page 91.

Do not persist JMS messagesSelect this option if you do not want the installation program to set the JMS implementationto persist messages automatically. If you later decide that you want to persist JMS messages,you must configure the JMS implementation manually.

28. 2000DB2 If you chose to persist JMS messages, in the DB2 Database Server Configuration panel,enter the following information, and then click Next. The JMS data store can only be created as aDB2 database.

Host nameEnter the fully qualified domain name of the server hosting the JMS data store. This value iscase-sensitive.

Port Enter the port used to access the database server. The default value is 50005.

Database nameEnter the name of the database serving as the JMS data store. The default value is maxsibdb.

User IDEnter the user ID used to access the database server. This user is created if it does not exist.The default is the database user ID you entered when you selected your database type.

PasswordEnter the password for the user ID to access the database server.

29. 2000DB2 If you chose to persist JMS messages, in the DB2 Database Server Remote AccessAuthorization panel, enter authorization information for the automatic configuration feature, andthen click Next.

User IDEnter the user ID for the base services installer to access the system that hosts the JMSdatabase. This user must have administrative rights on the computer that you are accessing.

This user must be a member of the DB2ADMNS group.

PasswordEnter the password for the user ID.

30. 2000DB2 In the DB2 Database Instance Configuration panel, enter the following information, andthen click Next.

Installation directoryEnter the installation directory for the DB2 server that is hosting the JMS database thatcontains the instance to be used with WebSphere Application Server. For example:v C:\Program Files\IBM\SQLLIB

InstanceEnter the JMS database instance to be used with WebSphere Application Server. The defaultvalue is ctginst1.

Instance administrator user IDEnter the user ID for the administrator of the JMS database instance. For example:v db2admin


Instance administrator passwordEnter the password for the JMS database instance administrator user ID.

31. In the SMTP Configuration panel, specify SMTP configuration information used by workflows tocommunicate with workflow participants.

SMTP serverEnter the fully qualified host name of the SMTP server that is sending messages toparticipants. This value is case-sensitive.

Administrator e-mailEnter a valid e-mail address. This address is used to send messages.

You can defer SMTP configuration by not providing information on this panel and advancing to thenext panel. However, you must configure these parameters on interface after installation. For moreinformation, see “Configuring SMTP” on page 115.

32. In the Run Configuration Step panel, select an option to perform the configuration and to deploy theapplication files, and then click Next.

Perform installation configuration nowSelect this option to perform the configuration step during installation.

Copy files now, and perform installation configuration later, manuallySelect this option to have the installation program copy files to the system only.

The Tivoli Provisioning Manager installation program is used to complete tasks such asgathering information about your Tivoli Provisioning Manager deployment andconfiguration, copying files to your local system, and performing configuration tasks usingthe values that you have specified. If you select this option, the installation program willgather your configuration information and copy the Tivoli Provisioning Manager files toyour local system now, and then allow you to run the configuration step at a later date.

Deploy application files automaticallySelect this option to have the installation program perform EAR file deploymentautomatically during the installation.

Deploy application files manually laterSelect this option to defer the deployment of application files. Deferring the deployment ofapplication files can shorten the time it takes to deploy overall if you intend to install morethan one service management product. Files can be deployed once all products have addedtheir own functions to the application files. You might also want to use this option if yourorganization has application deployment restrictions that require that you deploy applicationfiles either manually or using another approved process.

For manual application deployment instructions for WebSphere Application Server, see“Deploying Provisioning Manager EAR files” on page 112.

33. In the Choose Shortcut Folder panel, select the type of shortcut for Tivoli Provisioning Manager, andthen click Next. If selecting In the Start Menu to be used with Internet Explorer, ensure that youhave added the Tivoli Provisioning Manager URL to the trusted sites Web content zone and disablethe option of requiring server verification for all sites in the zone.

Note: Do not use the In the Quick Launch Bar options, because it will not create a shortcut in theQuick Launch bar.

34. In the Input Summary panel, review the information, and then click Next.35. In the Pre-Installation Summary panel, review the information, and then click Install.36. In the Install Complete panel, click Done.


Results

The base services installation is completed.

Logs can be found in the following locations:v MAXIMO_HOME/logs

v MAXIMO_HOME/solutions/logs

v MAXIMO_HOME/maximo/tools/maximo/log

v C:\program files\ibm\common\acsi\logs

In addition, logs can be found in the log directories for the WebSphere Application Server applicationserver, deployment manager, and node agent.

The configuration values that you entered are stored in the MAXIMO_HOME/applications/maximo/properties/maximo.properties file. If you did not use the base services installer to perform theconfiguration, you can perform them outside of the base services installer by using the taskrunner utility,located in the MAXIMO_HOME/scripts directory. This utility uses the configuration values stored in themaximo.properties file to configure base services.taskrunner CONTINUE <STOPONERROR|NOSTOPONERROR>

Note:

v If you reboot the system, you cannot use the taskrunner utility to run configuration scripts, becausetaskrunner data stores are not persisted. If you intend to use the taskrunner utility, do not reboot yoursystem.

v Passwords are encrypted in the maximo.properties file during the installation process. The encrypteddata is stored in a section of the file after the line mxe.encrypted=true using various characters,including symbols other characters that are not alphanumeric. Ensure that you do not modify theencrypted section of the file. A version of the file with the unencrypted password is stored inmaximo.properties_orig in the same directory.

Important: Back up the unencrypted file maximo.properties_orig outside the system file structure. Ifyou change the database user password, you must update this file with the new password and thencreate an encrypted maximo.properties file.

If the installation fails, you can run taskrunner again after resolving the errors if it was run with theSTOPONERROR parameter. The taskrunner utility resumes the installation at the point where the lastsuccessfully completed task was recorded in the previous attempt. If you run taskrunner with theNOSTOPONERROR parameter, the taskrunner continues despite errors.

What to do next1. If you want to install support for other languages, proceed to “Installing the language pack” on page

116.2. Back up the base services home directory. In the launchpad navigation pane, click Custom

Installation, then scroll down to 2. Install the base services and required components and click 2.4Back up base services home directory. Follow the instructions on the panel to back up, then return tothe custom installation page.

3. Back up the deployment engine database. In the launchpad navigation pane, click CustomInstallation, then scroll down to 2. Install the base services and required components and click 2.5Back up the deployment engine database. Follow the instructions on the panel to back up, thenreturn to the custom installation page.

4. If you chose not to configure WebSphere Application Server automatically during base servicesinstallation, you must manually create the following required groups and add the maxadmin user tothe groups: TPADMIN, TPCOMPLIANCEANALYST, TPDEPLOYMENTSPECIALIST, TPDEVELOPER,


and TPWEBSERVICEUSER. For more information and depending on the directory server that you areusing, see “Manually configuring Microsoft Active Directory” on page 60 or “Manually configuringIBM Tivoli Directory Server” on page 54.

5. Proceed to “Installing Tivoli Provisioning Manager core components” on page 119.

Planning worksheet for base services installationThis table lists the settings that you must provide during the base services and core componentsinstallation.

Table 20. Tivoli Provisioning Manager settings

Setting Default value Your value

Tivoli Provisioning Managerinstallation directory

v C:\Program Files\IBM\tivoli\tpm

Database port numberv 2000DB2 50005

v 2000Oracle 1521

Tivoli Provisioning Manager databasehost name

Maximo database name maxdb71

Maximo database instance ctginst1

Schema name maximo

Maximo database user ID maximo

2000DB2 DB2 installation directory v SystemDrive:\ProgramFiles\IBM\SQLLIB

2000DB2 DB2 instance administratoruser ID

v db2admin

2000DB2 Windows DB2 service userID

db2admin

Data table space name MAXDATA

Data table space sizev 2000DB2 5000 MB

Temporary table space name MAXTEMP

Temporary table space size 1000 MB

Index table space name MAXDATA

Index table space sizev 2000DB2 5000 MB

WebSphere host name

WebSphere SOAP port 8879

WebSphere server home directory v C:\Program Files\IBM\WebSphere\AppServer

WebSphere admin user ID wasadmin

WebSphere profile name ctgDmgr01

Web server port 9081

Web server name webserver1

Node name ctgNode01

Cluster name MAXIMOCLUSTER


Table 20. Tivoli Provisioning Manager settings (continued)

Setting Default value Your value

Application server MXServer. This value cannot bechanged.

JMS data source Name

JMS database name maxsibdb

JMS server name

Database user ID maxadmin

Group base entry ou=groups,ou=SWG,o=IM, c=US

User base entry ou=users,ou=SWG,o=IM, c=US

SMTP server

Administrator email

Starting the launchpadThe launchpad lets you install all components that are required for Tivoli Provisioning Manager.

Procedure1. Log on to an account with system administration privileges.2. If you are using DVDs, insert the Installation DVD for Windows. The disk must be inserted for the

duration of the installation.3. Run launchpad64.exe (Windows 64-bit) or launchpad.exe (Windows 32-bit) from the root directory.4. In the launchpad, select a language and click OK.

Results

The launchpad panel is displayed.

When the launchpad is running, the generated launchpad messages are captured in a hidden log frame.To display the log frame on the bottom of the launchpad panels during run time, hold Ctrl and click inthe banner frame of the launchpad. Messages that are generated while the launchpad is running are notautomatically saved on the hard disk. You can save the messages from a runtime session by clicking Saveat the bottom of the log frame and specifying where you want to save the file.

Remote configuration enablementIf you plan to take advantage of the Provisioning Manager installation program feature that automatesthe configuration of Provisioning Manager middleware, you must enable a remote access protocol foreach system on which you intend to install Provisioning Manager middleware.

Remote access protocols include rsh, rexec, SSH and Windows SMB. Before you start the installationprogram you must ensure that you can log on to your remote server or servers using the protocols youintend to use with the credentials you plan to supply to the installation program.

For remote Windows systems, ensure the following requirements are met before installing the software:v The operating system user supplied to the installation program must be an administrator (a member of

the Windows defined Administrators group).v Windows Management Instrumentation (WMI), Remote Registry and the Server Windows services

must be enabled and running.v The SMB protocol must be enabled and configured. It can be configured to run via NetBIOS over

TCP/IP using port 139 or directly on TCP/IP (without NetBIOS) using port 445.


v Be sure that ports used by protocols you are using are not blocked by firewalls or security policies.This would include ports 137 and 139 if SMB is configured to run on NetBIOS over TCP/IP, or port445 if SMB is run directly on TCP/IP (without NetBIOS).

v If your Windows configuration supports Simple File Sharing it must be disabled.v The Windows drive share name C$ and folder IPC$ must be shared.v For Windows 2008 Server systems that support it password protected sharing must be disabled and

shares must be shared for the Guest or Everyone accounts.v For Windows 2008 Server, User Account Control (UAC) must be disabled.v If Cygwin is installed on the remote Windows system the SSH daemon (sshd) must be uninstalled or

disabled.

Remote configuration does not support accessing network drives on the local or remote system.

Deploying Provisioning Manager EAR filesThis section contains information about deploying Provisioning Manager EAR files manually intoWebSphere.

The following instructions are used to manually deploy the Provisioning Manager maximo.ear andmaximohelp.ear files into WebSphere Application Server. Although the Provisioning Manager installationprogram deploys these EAR files when you install, there might be a few instances where it would bedesirable to redeploy these EAR files manually:v If you modify any database connection parameters in the maximo.properties file after the initial

installation, you will have to rebuild of the maximo.ear file (procedure covered in the IBM TivoliProvisioning Manager System Administrator Guide), and then redeploy it in WebSphere ApplicationServer. In this scenario, you would likely only rebuild and redeploy the maximo.ear file. You would notbe required to rebuild and redeploy the maximohelp.ear file.

v Provisioning Manager must be installed into a WebSphere application server. However, ProvisioningManager can be run within the framework of a WebSphere cluster. If you want to deploy ProvisioningManager in a cluster, you can either redeploy the Provisioning Manager EAR files into a cluster, or,create a cluster from the application server used during the installation. If you have already installedProvisioning Manager into an application server but would like to redeploy into a cluster , then youwill need to either uninstall the MAXIMO application (“Manually uninstalling Provisioning Managerapplications from WebSphere Application Server Network Deployment” on page 115), or provide anew name for the application when installing the MAXIMO application into a cluster (“Manuallyinstalling Provisioning Manager applications into WebSphere Application Server Network Deployment”on page 114).

v If you have installed Provisioning Manager into a development environment, you might at some pointlike to migrate the deployment into a test or production environment. In this scenario, you will need todeploy both the maximo and maximohelp applications into the new environment. The steps outlined in“Manually installing Provisioning Manager applications into WebSphere Application Server NetworkDeployment” on page 114 should be performed for both applications.

Related tasks

“Manually building EAR files”“Manually deploying EAR files” on page 113“Completing MEA registraton” on page 113

Manually building EAR filesYou can manually build Tivoli Provisioning Manager EAR files if, for example, you modify a databaseconnection parameter in the maximo.properties file after the initial installation.

To manually build Tivoli Provisioning Manager EAR files, complete the following steps:


Procedure1. Build the maximo EAR file:

<CCMDB_HOME>\maximo\deployment\buildmaximoear.cmd|sh

2. Build the maximohelp EAR file:<CCMDB_HOME>\maximo\deployment\buildhelpear.cmd|sh

Manually deploying EAR filesYou can manually deploy Tivoli Provisioning Manager EAR files if your organization has applicationdeployment restrictions that require that you deploy application files either manually or through anotherapproved process.

Note: If you are deploying using a WebLogic server, you must deploy the EAR files manually.

To manually deploy Tivoli Provisioning Manager EAR files, complete the following steps:

Procedure1. Deploy the maximo EAR file:

<CCMDB_HOME>\jacl\solutions\DeployApplication.bat <WASAdminUserName><WASAdminPassword> "MAXIMO" <WASNodeName> <WASApplicationServerName>"<CCMDB_HOME>\maximo\deployment\default\maximo.ear" <WASVirtualHost><WASWebServerName>

2. Deploy the maximohelp EAR file:<CCMDB_HOME>\jacl\solutions\DeployApplication.bat <WASAdminUserName><WASAdminPassword> "MAXIMOHELP" <WASNodeName> <WASApplicationServerName>"<CCMDB_HOME>\maximo\deployment\default\maximohelp.ear" <WASVirtualHost><WASWebServerName>

where,

<WASAdminUserName>A WebSphere® Application Server Network Deployment account with deployment privileges.

<WASAdminPassword>The password of the user specified in the WAS User parameter.

<WASNodeName>The name of the WebSphere Application Server Network Deployment node.

<WASApplicationServerName>The name of the WebSphere Application Server Network Deployment application server.

<WASVirtualHost>The name of the WebSphere Application Server Network Deployment virtual host.

<WASWebServerName>The name of the WebSphere Application Server Network Deployment Web server.

Completing MEA registratonMEA registration is required for process managers that include integration with other software. If youhave chosen the option of deploying application files manually later during the Tivoli ProvisioningManager installation process, you must manually perform MEA registration after manually deploying themaximo EAR file.

To manually perform MEA registration, complete the following steps:

Procedure1. Open a command prompt on the administrative system.2. Run the following command:


<CCMDB_HOME>\jacl\solutions\meareg <WASDMGR> <PORT> <MAXUSER> <MAXPASSWD>none none ./installedApps/<CELL_NAME>/MAXIMO.ear/meaweb.war/WEB-INF/MeaRegistrationFiles/taddm

where,

<WASDMGR>The fully-qualified host name of your WebSphere® Application Server Network Deploymentmanager server.

<PORT>The HTTP port on the WebSphere Application Server Network Deployment manager server.

<MAXUSER>The maximo user.

<MAXPASSWD>The maximo user password.

<CELL_NAME>The WebSphere Application Server Network Deployment cell name. By default this value isctgCell01.

Manually installing Provisioning Manager applications into WebSphereApplication Server Network DeploymentThis section contains information about manually installing Provisioning Manager applications intoWebSphere Application Server Network Deployment.

Procedure1. Log in to the WebSphere Application Server Network Deployment administrative console.2. Click the Applications link, and then click Install New Application,3. From the Specify the EAR, WAR, JAR, or SAR module to upload and install. page, select Local file

system, and then browse to the location on your system of the maximo.ear file.4. Select Show me all installation options and parameters, and then click Next.5. From the Choose to generate default bindings and mappings. page, select Generate Default

Bindings, and then click Next

6. From the Application Security Warnings page, click Continue.7. From the Select installation options page, set the application name to be MAXIMO. If you are deploying

to a cluster and want to keep the application that was installed during the Provisioning Managerinstallation, you will need to use a different application name value here.

8. Ensure Distribute application, Deploy enterprise beans, and Create MBeans for resources are allchecked and then click Next.

9. From the Map modules to servers page, in the Clusters and Servers text box, select the cluster (orapplication server) and webserver listed. Also select all modules appearing in the modules table byselecting their respective check boxes. Click Apply, and then click Next.

10. From the Provide options to perform the EJB Deploy page, accept the defaults and click Next.11. From the Provide JSP reloading options for Web modules page, accept defaults and click Next.12. From the Map shared libraries page, accept defaults and click Next.13. From the Initialize parameters for servlets page, accept defaults and click Next.14. From the Bind listeners for message-driven beans, ensure Activation specification is set to

intjmsact, and then click Next.15. From the Provide JNDI names for beans page, accept defaults and click Next.16. From the Map EJB references to beans page, accept defaults and click Next.17. From the Map virtual hosts for Web modules page, select your virtual host from the drop down box

for all modules and then click Next.


18. From the Map context roots for Web modules page, accept the defaults and then click Next.19. From the Map environment entries for Web modules page, accept defaults and then click Next.20. From the Map security roles to users or groups page, first select the check box adjacent to the

maximouser role, and then check All authenticated? before clicking Next.21. From the Ensure all unprotected 2.x methods have the correct level of protection page, accept

defaults and click Next.22. From the summary page, click Finish.23. From the WebSphere Application Server Administrative Console navigation pane, select Servers >

WebServers.24. Select the Webserver listed in the table, and then click Generate Plug-in. Once completed, click

Propagate Plug-in.25. Click on Applications, click the check box next to the application just installed, and click Start.26. From the WebSphere Application Server Network Deployment Administrative Console navigation

pane, select Applications

27. Select the check box next to the application that was just installed, and then click Start.

Manually uninstalling Provisioning Manager applications fromWebSphere Application Server Network DeploymentThis section contains information about uninstalling Provisioning Manager applications from WebSphereApplication Server Network Deployment.

Procedure1. Open the WebSphere Application Server Network Deployment Administrative Console.2. Click the Applications link.3. Select the check box next to the application you are uninstalling. By default, the Provisioning Manager

applications are named maximo and maximohelp.4. Click Stop.

5. Select the check box next to the application you are uninstalling.6. Click Uninstall.

Configuring SMTPIf you did not configure SMTP parameters during installation, you will have to configure them throughthe product console.

Before you begin

This task must be completed before you begin the tasks described in “Applying changes to the database”on page 116.

To configure SMTP for Provisioning Manager, complete the following steps.

Procedure1. Login to the console as maxadmin.2. Navigate to Go To > System Configuration > Platform Configuration > System Properties

3. Using the Filter feature, search for the mail.smtp.host Property Name.4. Expand the mail.smtp.host property and set the Global Value attribute to your SMTP host.5. Select the mail.smtp.host record check box.6. Click the Live Refresh icon in the toolbar.7. From the Live Refresh dialog, click OK.8. Using the Filter feature, search for the mxe.adminEmail Property Name.


9. Expand the mxe.adminEmail property and set the Global Value attribute to your e-mail address.10. Select the mxe.adminEmail record checkbox.11. Click the Live Refresh icon in the toolbar.12. From the Live Refresh dialog, click OK.

Applying changes to the databaseWhen you create organizations, work types, item and company sets and so on, these configurationchanges must be applied to the Maximo database.

To apply configuration changes to the Maximo database, complete the following steps.

Procedure1. Login to the Maximo console as maxadmin

2. Navigate to Go To > System Configuration > Platform Configuration > Database Configuration.Every object that must be updated in the Maximo database will display a status of To Be Added.

3. On the Select Action list, select Manage Admin Mode.4. Click Turn Admin Mode ON, and then click OK when prompted. This task will take several minutes

to complete. You can use the Refresh Status button to view progress.5. Once Admin Mode has been successfully enabled, select Apply Configuration Changes, which will

apply the changes to the Maximo database. To Be Changed should not appear in the status columnfor objects listed.

6. Log out of the Maximo console.7. On the administrative system, run the following command:

v MAXIMO_HOME\maximo\tools\maximo\dropbackup.bat

8. Restart the MXServer application within WebSphere Application Server Network Deployment.9. Turn Admin Mode OFF.

a. Navigate to Go To > System Configuration > Platform Configuration > Database Configuration.b. From the Select Action list, select Manage Admin Mode.c. Click Turn Admin Mode OFF, and then click OK when prompted. Failing to turn off Admin

Mode within the application will cause cron tasks to fail.

Installing the language packYou can add languages to the product by installing the Tivoli Provisioning Manager language pack.

Before you beginv If you plan to add language support to Tivoli Provisioning Manager, you must use the language pack

installation program before you perform any post-installation steps.v Because language pack installation might take an extended period to complete, decide which

additional languages you need before starting the language pack installation. Each additional languageselected increases the installation time.

v Note that even if you added additional languages through the language pack installation program, andyou set the locale or your machine to a language that was installed as an additional language, youmight still encounter instances in the product interface where items are displayed in the language youidentified as the base language of the machine. This is a known limitation and does not indicate thatthe language pack installation failed.

v In some cases, shortcut elements appearing in the interface, for example, menu choices, will only bedisplayed in the base language designated, or in English only.

v You must load all languages that you need during the initial installation. If you decide to installadditional languages at a later time, the previously installed languages will also be reloaded at thattime. Any changes made to the information from customization or fix pack installation will be lost.


v Ensure that MXServer is started.v Ensure all middleware servers and services are running. If you get an error because of an inactive

middleware server or service, start that server or service, and then run the language pack installationprogram again. For more information, see:– “Starting middleware on Windows” on page 94

You can choose to add language support during installation, or you can defer the task until a later date.At any time after you have successfully deployed Tivoli Provisioning Manager, you can add languagesupport to Tivoli Provisioning Manager, including the Tivoli Provisioning Manager user interface, andprocess managers, using the Tivoli Provisioning Manager language pack installation program. The TivoliProvisioning Manager process managers can be updated using this method. If you later deploy otherprocess managers, see “Installing and refreshing language support files for a package” on page 119.

To install the language pack:

Procedure1. Start the launchpad.2. In the launchpad navigation pane, click Custom Installation. Scroll down to 2. Install base services

and required components and click Install the language pack.3. Select a language for the installation, and then click OK. This choice is only for use during the

installation and its selection will not affect the languages being installed.4. From the Introduction panel, click Next.5. From the Base-language selection panel, select a base language that will be used with Tivoli

Provisioning Manager, and then click Next.This is the only time that you can select a base language. You cannot change the base language at alater time.

6. From the Additional language selection panel, select the additional languages to be supported, andthen click Next.

7. From the language selection summary panel, review the information and then click Next.8. From the Pre-installation Summary panel, click Install.9. From the Deploy Application Files panel, select how to deploy the language files.

Deploy application files automaticallySelect this option to have the installation program perform application file deploymentautomatically during the installation.

Deploy application files manually laterSelect this option to defer the deployment of application files. Use this option if yourorganization has application deployment restrictions that require that you deploy applicationfiles either manually or through another approved process. Application EAR files will bedeployed later either manually or through the use of the product installer at a later date.

What to do next1. Back up the base services home directory. In the launchpad navigation pane, click Custom

Installation, then scroll down to 2. Install the base services and required components and click 2.4Back up base services home directory. Follow the instructions on the panel to back up, then return tothe custom installation page.

2. Back up the deployment engine database. In the launchpad navigation pane, click CustomInstallation, then scroll down to 2. Install the base services and required components and click 2.5Back up the deployment engine database. Follow the instructions on the panel to back up, thenreturn to the custom installation page.

3. Proceed to “Installing Tivoli Provisioning Manager core components” on page 119.


Deployment for packages with a single special language support featurePackages can be deployed with single special language support.

Many process solution packages define a single language support feature with a feature identifier ofLANG_SUPT_FEATURE. For these packages, the Process Solution Command Line Interface allow thisspecial language support feature to be deployed during a base install using the -loadlanguages parameter.The language support for this special feature can also be installed after a base install or refreshed usingthe refreshlangs action of the Process Solution Command Line Interface.

Installing language support files at base installWhen you initially perform a base install of a package with the special language support feature,you can elect to also install the language support files for the package.

Using the Installation WizardWhen using the Process Solution Installation wizard to perform a base install of apackage, the Feature Selection Panel will display the language support feature in the setof available features for the package. When you select this check box, the Process SolutionInstallation wizard will unpack the language support files associated with the packageand then invoke the Maximo Translation Data Toolkit -PMPUPDATE function.

Using the Command Line InterfaceWhen using the Process Solution Command Line Interface, you can install the languagesupport files for the package by specifying the -loadlanguages command line flag whenyou perform a base install of a package using the -action install subcommand.

Installing or refreshing language support after base installAfter the package has been initially installed, you can install or refresh the language support filesfor the package. The Process Solution Command Line Interface provides a -action refreshlangssubcommand for this purpose. This action is only supported for packages that are alreadyinstalled. The action can be used even if the language support files were not installed when thepackage was originally installed. In both scenarios, the language support files for the package areunpacked and copied to the Provisioning Manager administrative workstation and the MaximoTranslation Data Toolkit -PMPUPDATE function.

The function to install or refresh language support files is only available using the ProcessSolution Command Line Interface. The function is not available using the Process SolutionInstallation wizard.

Deployment for packages with multiple language support featuresPackages can be deployed with multiple language support.

A process solution package that supports a variety of selectable features might also have multiplelanguage support features.

Installing language support files at base installThe language support features for packages that define multiple language support could bedeployed during a base install of the package or might be added after the base install using thenew selectable feature support in the Process Solution Installation Wizard and Process SolutionCommand Line Interface. For these types of packages, the language support features aremanaged just like other selectable features defined for the package.

Installing or refreshing language support after base installWhen the refreshlangs action of the Process Solution Command Line Interface is invoked for apackage with multiple language support features, only currently installed language supportfeatures for the package are refreshed. This is accomplished by re-execution of the deploymentactions associated with all currently installed language support features.

The refreshlangs action when invoked on a package with multiple language support features,will not install those language support features. The refresh processing is only performed againstcurrently installed language support features. Note that this behavior differs from the


refreshlangs behavior when applied against a package defining the specialLANG_SUPT_FEATURE identifier. In that scenario, the special language support feature wouldbe installed if it is not currently installed or refreshed if it is installed.

Installing and refreshing language support files for a packageA process solution package may define one or more language support features. When a language supportfeature for a process solution package is installed using the process solution installers, XLIFF filesassociated with all support languages are unpacked onto the Tivoli Provisioning Manager administrativeworkstation. The Maximo Translation Data Toolkit -PMPUPDATE is invoked. This utility imports theXLIFF files associated with the process manager into the Maximo database, based on the base languageand any other selected languages that have been installed into Maximo.

If you intend to refresh language support files for the change or configuration management processmanagers, or you have installed another process manager, use the instructions provided in this section.

There are two models for how the process solution package can expose its language support.v A package can define a single language support feature with a special feature identifier. The process

solution installers provide some built-in special mechanisms for deploying language support forpackages using this model.

v A package can define multiple language support features. The selectable feature support in the processsolution installers are used for deploying language support for packages using this model.

Installing Tivoli Provisioning Manager core componentsAfter you installed the base services, you can install the Tivoli Provisioning Manager core components.The core components must be installed on the provisioning server (the agent manager, Tivoli ProvisioningManager for Dynamic Content Delivery, Tivoli Provisioning Manager for Job Management Servicefederator and Tivoli Provisioning Manager for OS Deployment).

Before you begin1. Make sure that the middleware applications are started. If you installed the middleware with the

middleware installer, the middleware applications are started automatically after installation. If youhave rebooted the computer or if you installed the middleware manually, see:v “Starting middleware on Windows” on page 94

2. Make sure that you installed the base services. See “Installing the base services” on page 98.3. If you installed WebSphere Application Server manually (and not using the middleware installer),

verify that SSL Signer is set properly. For more information, see “Verifying WebSphere ApplicationServer SSL Signer” on page 128.

4. During installation:v Ensure that you enter the correct passwords in the installer panels, as the installation program does

not validate them.v Always use fully qualified domain names when entering values for computer host names.v Directory paths cannot contain a back slash as the last character of the path (\).v If you are using a virtual host name on the computer where you are installing the core components,

note that Tivoli Provisioning Manager for OS Deployment does not support virtual host names.Tivoli Provisioning Manager for OS Deployment can only be accessed using the local host name ofthe computer.

Procedure1. Start the launchpad.


2. In the launchpad navigation pane, click Custom Installation. Scroll down to 3. Install TivoliProvisioning Manager core components and click Verify core components installationprerequisites. After verifying and confirming the prerequisites, return to the custom installationpage.

3. Click Install core components.4. Select the language for the installation and click OK.5. In the Welcome panel, click Next.6. Accept the license agreement and click Next.7. In the Topology Configuration panel, specify all required fields and click Next.

Database InformationYou must use the same values that you used for the database during the base servicesinstallation.v Only DB2 is supported. Oracle Database is not supported.v If the database server is on a separate computer, select the Use Remote Database check

box.

Authentication InformationSelect the authentication type that is available in your environment:v Tivoli Directory Server

v Microsoft Active Directory

v Base Services Authentication

To confirm that the base services administration user exists in the LDAP repository, select thecorresponding check box. Use this option only if you selected either Tivoli Directory Serveror Microsoft Active Directory as the authentication type.

Middleware Installer Workspace Information

v If you installed the middleware with the middleware installer, select the Import data frommiddleware installer workspace check box and then specify the location of themiddleware installer workspace. In a multiserver topology, this location is specified duringmiddleware installation. The default value is:– C:\ibm\tivoli\mwi\workspace

v Select the Use Service IP check box if you are using virtual IP addresses and host namesfor all the computers in your installation topology. The virtual IP addresses and hostnames that you use in this installer must match the values that you specified duringmiddleware installation.

8. In the Select Components panel, select all components and click Next. The core components are:v Required: The agent managerv Required: Tivoli Provisioning Manager for Dynamic Content Deliveryv Required: Tivoli Provisioning Manager for Job Management Service federatorv Optional: Tivoli Provisioning Manager for OS Deployment

v 2000DB2 If you used the middleware installer to install the DB2 server and you are using aconfiguration where Tivoli Directory Server and Tivoli Provisioning Manager are installed on thesame computer, while DB2 is installed on a different computer, then do not select the DB2 clientcheck box. This check box does not apply if you installed the middleware manually.

v If you want to back up the database and the WebSphere Application Server configuration files,select the corresponding check box.

9. If you selected Tivoli Provisioning Manager for OS Deployment, accept the license agreement andclick Next.

10. If Cygwin is already installed, specify the directory where Cygwin is installed and click Next.


v If you do not require support for IPv6 communication in the Tivoli Provisioning Managerenvironment, Cygwin 1.5.10 or later is required.

v If you require support for IPv6 communication in the Tivoli Provisioning Manager environment,Cygwin 1.7 or later is required.

If you want to install Cygwin, specify all required fields and click Next.

Select a Cygwin download mirror siteSelect a location that you want to use to download Cygwin installation files. A location thatis geographically closest to you is recommended.

User NameSpecify the user name for running the Cygwin SSH service.

11. In the Directories for Core Components panel, specify all required fields and click Next.v To enable support for Federal Information Processing Standard (FIPS) 140-2, select the

corresponding check box.v If you are using downloaded installation images, specify the directory where they are located.v If you want to copy the installation images from DVDs, specify the destination directory where

you want the images to be copied, and select the Copy installation images from DVDs check box.v If you want to verify the integrity of the installation images, select the Verify file integrity check

box.v Specify the directory for log files and serviceability scripts. The default value is:

– Program Files\IBM\tivoli\common

If you have a process automation engine product installed on your system, the directory for logfiles and serviceability scripts was set as a common location by the other product, and so this fieldis not displayed in the Directories for Core Components panel.

v Specify the directory for temporary files.v Specify the directories to store the backups for the WebSphere Application Server configuration

files and the database files. These directories must exist either on the provisioning server, forsingle-server configurations, or on the database server, if the database is located on a separatecomputer.

12. If you enabled FIPS 140-2 compliance, in the FIPS 140-2 Configuration panel, specify encryptionoptions.v For more information about this standard and Tivoli Provisioning Manager compliance, see

“Compliance with Federal Information Processing Standard 140-2” on page 232.v For detailed technical descriptions of cipher algorithms and encryption key options in relation to

FIPS 140-2, see the National Institute of Standards and Technology web site.

Cipher algorithmSelect the method to use for encrypting data.

Block cipher modeSelect a mode for encrypting blocks of data with the selected cipher algorithm. A blockcipher encrypts data blocks of a fixed length, which can result in repetitive patterns in theencrypted data. A block cipher mode determines how to apply a cipher algorithm to reducerepetitive patterns in the encrypted data.

Key pair generator algorithmSelect the algorithm that you want to use for generating encryption keys.

Generated key pair sizeSelect the size of the generated encryption keys.

13. 2000DB2 In the DB2 Configuration panel, specify all required fields and click Next. The values mustmatch the values that you specified when you installed DB2.


http://csrc.nist.gov/groups/STM/cavp/index.html

Fully Qualified Domain Name or IP AddressThe fully qualified domain name of the server where DB2 is installed, for example,database.example.com. This value is case-sensitive. If you are using a virtual IP address orhost name, ensure that you specify the correct virtual host name.

DB2 Server Instance Port NumberThe DB2 TCP/IP port number used by this server to listen for connection requests fromclients, for example, 50005.

Database Name for the IBM Tivoli Provisioning Manager databaseThe database name can only contain uppercase letters, lowercase letters, and numbers. Thedefault value is MAXDB71 .

Node name for remote databaseThe node name for the database server, if your database is installed on a separate computer.The default value is MAXDB71.

DB2 Server Instance OwnerThe user who owns the database instance. The default value is:v db2admin

DB2 Server Instance Owner PasswordThe password for the instance owner.

Use Tivoli Provisioning Manager recommended instance configurationLeave this check box selected so that the installer configures your instance with performancesettings. This setting is the recommended option for installation.

This check box does not apply if your database is installed on a separate computer.

Use Tivoli Provisioning Manager recommended database configurationLeave this check box selected so that the installer configures your database with performancesettings. This setting is the recommended option for installation.

DB2 Server User NameThe name of the administrator user on the server where DB2 is installed. Enter the samename as the value from the Database user ID field used when installing the base services.The default value is maximo.

DB2 Server User PasswordThe password for the specified administrator user on the database server.

Local DB2 Instance SQLLIB DirectoryThe location of the local DB2 instance for the DB2 client.v The default value is SystemDrive:\Program Files\IBM\SQLLIB.

Local DB2 Instance NameThe database instance name for the DB2 client. The default value is ctginst1. If you usedthe middleware installer to install the DB2 server and you are using a configuration whereTivoli Directory Server and Tivoli Provisioning Manager are installed on the same computer,while DB2 is installed on a different computer, then specify an existing instance name, forexample, DB2.

14. In the WebSphere Application Server Network Deployment Configuration panel, specify all requiredfields and click Next. For more information about WebSphere Application Server configuration, suchas cell and node configuration, see the WebSphere Application Server documentation.

Installation DirectoryThe directory where WebSphere Application Server is installed. The default is:v C:\Program Files\IBM\WebSphere\AppServer

Fully-qualified Domain Name of the WebSphere Application ServerThe fully qualified domain name of the computer where you are installing the provisioning


server core components, for example, tpmserver.example.com. This value is case-sensitive. Ifyou are using a virtual IP address or host name, ensure that you specify the correct IPaddress or host name.

Cell NameEnter the WebSphere Application Server Cell name. The default value is ctgCell01.

WebSphere Deployment Manager Profile NameEnter the WebSphere Application Server profile name of the deployment manager server.The default value is ctgDmgr01.

Application Server Node nameEnter the name of the WebSphere Application Server node. The default value is ctgNode01.

Application Server Profile NameEnter the WebSphere Application Server profile name of the application server. The defaultvalue is ctgAppSrv01.

Server NameEnter the name of the Maximo application server, for example, MXServer.

Deployment Manager Administrator UserEnter the WebSphere Application Server administrative account name. The default value iswasadmin.

Deployment Manager Administrator PasswordEnter the password for the WebSphere Application Server administrative account.

Deployment Manager PortEnter the administrator port for WebSphere Application Server. The default is 8879.

15. In the Authentication Configuration panel, specify all required fields and click Next. Depending onthe authentication option selected in the Topology Configuration panel, not all fields described aredisplayed. For more information about specific directory server settings, see your directory serverdocumentation.

Use SSL for LDAP ServerApplies to Tivoli Directory Server only.

Select this option to enable secure communication with the directory server. The directoryserver contains information about your users, so enabling this option is recommended toensure that data transmission between the directory server and other computers is secure.

Fully-Qualified Domain Name or IP AddressThe fully qualified domain name of the directory server, for example, ldap.example.com.This value is case-sensitive. If you are using a virtual IP address or host name, ensure thatyou specify the correct virtual host name.

Host Public PortThe port number for Tivoli Directory Server or Microsoft Active Directory. The default valueis 389.

Host SSL PortApplies to Tivoli Directory Server only.

Enter the secure port number of the Tivoli Directory Server. The default value is 636.

User Base DNApplies to Tivoli Directory Server only.

Specify the base distinguished name (DN) for the directory server. The settings must matchthe organizational unit and the organization and country suffix specified in the middlewareinstaller. For example, ou=users,ou=SWG,o=IBM,c=US. If you want to use the DistinguishedName of the user that you specify for the LDAP Binding User Name, select the check boxbelow this field.


Microsoft Active Directory Server Domain NameApplies to Microsoft Active Directory only.

The domain name for Microsoft Active Directory, for example, testmsad.com.

LDAP Binding Distinguished User NameApplies to Tivoli Directory Server only.

Enter the bind distinguished name for binding to the LDAP instance. The default value iscn=root.

Base Services Administration UserEnter the instance administrator user ID, as entered during the base services installation. Thedefault value is maxadmin.

Base Services Administrator PasswordEnter the instance administrator password, as entered during the base services installation.

Registration UserEnter the registration user, as entered during the base services installation. The default valueis maxreg.

Registration User PasswordEnter the registration user password, as entered during the base services installation.

Integration UserEnter the integration user ID, as entered during the base services installation. The defaultvalue is mxintadm.

LDAP Binding User NameApplies to Microsoft Active Directory only.

The binding user name for Microsoft Active Directory, for example, Administrator.

LDAP Binder User PasswordEnter the password for the bind distinguished name.

User Logon Name AttributeSpecify the LDAP attribute for user names in your directory server. For example, uid (UserID), cn (Common Name), or sAMAccountName.

User Search FilterThere is a check on the User Search Filter during the installation that has to be correctly setbefore continuing. This filter is used for searching for the user in the registry. It containsinformation such as the objectclass that the user belongs to. See the following examples:v For Tivoli Directory Server:

(&(cn=%v)(objectclass=organizationalPerson))

v For Microsoft Active Directory:(&(sAMAccountName=%v)(objectcategory=user))

The parameter %v is necessary because during the search, the %v will be replaced with thereal user name.

16. In the IBM Tivoli Provisioning Manager Configuration panel, specify all required fields and clickNext.v Specify the installation directory. The default value is:

– C:\Program Files\IBM\tivoli\tpm

Note: For some components, such as GUID, or the deployment engine, the installation programuses the predefined installation locations for these components, so it always saves a number offiles on:– %SystemDrive%


v Specify the password for the user tioadmin. This user is created during installation and is used tostart the Tivoli Provisioning Manager services.

v Specify the following port numbers:

Software Distribution Infrastructure Server SSL PortSpecify the port for communication with the provisioning server, which is the WebSphereApplication Server HTTPS port. The default value is 9045.

Software Distribution Infrastructure Client SSL PortSpecify a port for communication with clients using mutually authenticated SSL. Thedefault value is 9046.

Software Distribution Infrastructure Non SSL PortSpecify the secure HTTP port for communication with the provisioning server. The defaultvalue is 9080.

Tivoli Provisioning Manager SSL PortA port using server-side SSL to provide encryption and to authenticate WebSphereApplication Server to the other servers. The default port number is 9443.

v Specify the keystore and truststore information:

Tivoli Provisioning Manager SSL Keystore NameSpecify the file name of the keystore file for Tivoli Provisioning Manager. The keystore fileis a key database file that contains both public keys and private keys for SSLcommunication. The default value is tpmKeyStore.

Tivoli Provisioning Manager SSL Keystore PasswordSpecify the password for the Tivoli Provisioning Manager keystore.

Tivoli Provisioning Manager SSL Truststore NameSpecify the file name of the Tivoli Provisioning Manager truststore. A truststore file is akey database file that contains the public keys for SSL communication with targetcomputers. The default value is jks.tpmTrustStore.jks.

Tivoli Provisioning Manager SSL Truststore PasswordSpecify the password for the Tivoli Provisioning Manager truststore.

Your company nameSpecify your company name. This name is used on the SSL certificate created duringinstallation.

Agents will connect to the agent manager usingSpecify whether you want agents on managed computers to connect to the agent managerusing the IP address or the fully qualified domain name of the server.

17. In the WebSphere Profile Configuration for Agent Manager panel, specify all required fields andclick Next.

Cell NameSpecify the WebSphere Application Server Cell name. The default value is the host namefollowed by Node01Cell. For example, tpmserverNode01Cell.

Node NameEnter the name of the application node. The default is the host name followed by Node01.For example, tpmserverNode01.

WebSphere Profile NameSpecify the WebSphere Application Server profile name of the application server for theagent manager. The default value is casprofile.

Common Agent Services Standalone profile pathSpecify the full path of the profile directory for the agent manager. The default value isWAS_HOME/profiles/casprofile.


Starting PortSpecify the lowest port number used by the agent manager. The default is 21000.

18. In the Agent Manager Configuration panel, specify all required fields and click Next.

Agent Manager Install DirectoryThe installation directory for the agent manager. Ensure that there are no extra spaces beforeor after specified path.

Agent Manager Fully Qualified Domain NameThis value is normally the fully qualified domain name of the Tivoli Provisioning Managercomputer. If you installed the agent manager on another computer, specify the fully qualifieddomain name of that computer. This value is case-sensitive.

Registration PortThe registration port uses server-side SSL to provide encryption and authenticate the agentmanager to clients. The default value is 9511.

Secure PortA port using server-side SSL with client authentication to provide encryption andauthenticate the agent manager to clients. The default value is 9512.

Public PortThe unsecured port number for communications between the agent manager and the clients.The default value is 9513.

Registration passwordA common agent must provide this password to register with the agent manager and tounlock the agentTrust.jks file. A common agent or resource manager compares thecertificate in its copy of the agentTrust.jks file with the certificate presented by the agentmanager to ensure that it registers with the correct agent manager. This password is used tocreate the common agent.

Agent Manager PasswordThis password is used by the agent manager to create the Certificate Authority Certificateand to unlock the agent manager trust keystore (agentManagerTrust.jks) and keystore(agentManagerKeys.jks) files.

Security DomainSpecify the domain that is managed by a single access policy. Specify the security domainthat contains the assets to be managed with Tivoli Provisioning Manager.

For example, if you have two security domains for the networks users.intranet.example.comand dev.intranet.example.com, and you only want Tivoli Provisioning Manager to manageassets in users.intranet.example.com, you would specify users.intranet.example.com as thesecurity domain.

Agent Manager IP addressThe IP address of the agent manager computer. If you are using a remote computer for agentmanager specify the IP address of the remote computer.

Resource Manager User NameThe user name for the resource manager on the agent manager server. Each product thatuses Tivoli Common Agent Services has its own resource manager and subagents. Forexample, Tivoli Provisioning Manager has a resource manager and subagents for softwaredistribution and software inventory scanning. The default user name when you install theagent manager with this installer is tpmManager. If you are using an existing agent managerinstallation that was not installed with this installer, the default user name is manager.

Resource Manager PasswordThe password for the resource manager user. If you are using an existing agent managerinstallation that was not installed with this installer, the default password is password.


19. In the Dynamic Content Delivery Configuration panel, specify all required fields and click Next.v Specify the installation directory for the dynamic content delivery.

20. In the Tivoli Provisioning Manager for Job Management Service federator Configuration panel,specify the installation directory for the Tivoli Provisioning Manager for Job Management Servicefederator and click Next.

21. In the Tivoli Provisioning Manager for OS Deployment panel, specify all required fields and clickNext.a. HTTP Port: The HTTP port for the Tivoli Provisioning Manager for OS Deployment console. The

default is 8080.b. HTTPS Port: The secure HTTP port for the Tivoli Provisioning Manager for OS Deployment

console. The default is 443.c. Data directory: The directory for operating system images and files managed by Tivoli

Provisioning Manager for OS Deployment. The default directory is:v C:\tpmfosd files\. If you are using the root directory of a drive, ensure that the value that

you specify ends in a \. For example D:\

Note: The language of Tivoli Provisioning Manager for OS Deployment installation is the languageof the operating system. To change the language after installation, click Go To > Deployment > OSManagement > Boot Servers, and select the Configuration tab.

22. Review the summary of your installation settings and click Next.23. When the installation is complete, click Finish.

Results

The following software components are installed:v Tivoli Provisioning Manager enginesv The agent managerv Tivoli Provisioning Manager for Dynamic Content Deliveryv Tivoli Provisioning Manager for Job Management Service federatorv Tivoli Provisioning Manager for OS Deployment

What to do next1. Proceed to “Installing Tivoli Provisioning Manager web components” on page 128.

Installing the language pack for Tivoli Monitoring agentFollow these procedures to install the language pack.

Before you begin

Ensure that %JAVA_HOME%\bin is in the PATH system variable.

You can install the language pack on a system which has one or more of the following components:v Tivoli Enterprise Portal serverv Tivoli Enterprise Portal clientv Tivoli Monitoring agent (Tivoli Provisioning Manager server).

Procedure1. Extract the LP_ITMAgentForTPM72.zip file from the Supplemental DVD for your operating system to

the ITM server local directory.2. Change the current directory, to the directory where you extracted the files.


3. Run the installer with the appropriate command:

On the Tivoli Enterprise Portal client and serverlpinstaller.bat

<candle_home>Tivoli Monitoring directory

<install_mode>One of the following values:v guiv consolev silent

On the Tivoli Provisioning Manager computerlpinstaller.exe

4. On the Introduction panel, click Next.5. On the Select Action panel, select Add/Update to install or update the language pack and click Next.6. On the Choose Folder panel, specify the path of where you extracted the nlspackge directory and

click Next.7. On the Select Product panel, select Tivoli Monitoring agent for Tivoli Provisioning Manager and click

Next.8. On the Select Language panel, select the language from the list and click Next.9. On the Preview panel, click Next and then click Done.

10. Restart the Tivoli Enterprise Portal server, Tivoli Enterprise Portal client, and Tivoli Monitoringagent.

Results

The language pack for Tivoli Monitoring agent is installed.

Verifying WebSphere Application Server SSL Signer

If you installed WebSphere Application Server manually (and not using the middleware installer), verifythat SSL Signer is set properly.

Procedure1. Log on as the administrator user.2. Change to the directory WAS_HOME/AppServer/profiles/AppSrv01/bin.3. Run the following command to check if the SSL signer is set properly in WebSphere Application

Server:wsadmin.bat -lang jython

4. Enter your WebSphere Application Server user name and password.5. If asked to add signer to the trust store, type y. Otherwise, the signer was already added to the

truststore.6. Start the Tivoli Provisioning Manager core component installation.

Installing Tivoli Provisioning Manager web componentsAfter you have installed the core components, you can install the web components. You must install theweb components on the same computer on which you installed the base services, either the provisioningserver or the administrative workstation.


Before you begin1. Ensure that the core components are installed. See “Installing Tivoli Provisioning Manager core

components” on page 119.2. Ensure that the middleware is started. If you used the middleware installer to install the middleware,

the middleware applications are started after installation. If you have rebooted the computer or if youinstalled the middleware manually, verify that the middleware is started. See:v “Starting middleware on Windows” on page 94

3. Ensure that the Cygwin SSH daemon is stopped on the provisioning server and the administrativeworkstation (if your configuration requires one).To stop the Cygwin SSH daemon from a command window, run:net stop sshd

To stop the Cygwin SSH daemon from a Cygwin shell window, run:cygrunsrv --stop sshd

Procedure1. Start the launchpad.2. In the launchpad navigation pane, click Custom Installation. Scroll down to 4. Install the Tivoli

Provisioning Manager web components and click Install Tivoli Provisioning Manager webcomponents.

3. In the Welcome panel, click Next.4. Accept the license agreement and click Next.5. In the Process Solution Installer Packages Installation panel, specify all required fields and click Next.

Database User IDEnter the user ID to access the database. This user must be the same user ID that youspecified during base services installation. The default value is maximo.

Database PasswordEnter the password for the specified database user name.

WebSphere Application Server Administrative User NameEnter the WebSphere Application Server administrator user name. The default value iswasadmin.

WebSphere Application Server PasswordEnter the password for the WebSphere Application Server administrator user.

WebSphere Application Server Remote Access User NameEnter the name of a user with administrator access, for example, Administrator.

Tivoli Provisioning Manager is configured to start the WebSphere Application Server profilesautomatically with this user name when you start Tivoli Provisioning Manager.

WebSphere Application Server Remote Access PasswordSpecify the password for the remote access user.

Note: Do not use the WebSphere Application Server console to modify Tivoli ProvisioningManager user passwords. Instead, use the changePassword.cmd|sh tool to change thepassword.

For more information on how to change your password, see the changePassword command inthe information center.

Base Services Installation DirectorySpecify the full path of the base services installation directory. The default location is:v C:\IBM\SMP


Load language support files associated with the packagesSelect the check box to update the language files for web components. If you installedlanguage packs during base services installation using the steps in the topic “Installing thelanguage pack” on page 116, you must select this check box, otherwise no language packs areinstalled.

Important: Leave this check box clear if you installed a process automation engine productthat does not install language pack support by default.

6. In the Installation Preview panel, review your installation settings, and then click Next.7. When the installation is complete, the Installation Summary panel is displayed. Click Finish.

Results

The web components are now installed.

What to do next

Before you start using Tivoli Provisioning Manager, additional configuration is required. See Chapter 4,“Post-installation tasks,” on page 131.


Chapter 4. Post-installation tasks

Depending on the features that you plan to use, some configuration might be required after the productis installed.

Important for language support: If you plan to add language support to Tivoli Provisioning Manager,you must use the Tivoli Provisioning Manager language pack installation program before you performthese post-installation steps.

Installing the language pack for Tivoli Monitoring agentFollow these procedures to install the language pack.

Before you begin

Ensure that %JAVA_HOME%\bin is in the PATH system variable.

You can install the language pack on a system which has one or more of the following components:v Tivoli Enterprise Portal serverv Tivoli Enterprise Portal clientv Tivoli Monitoring agent (Tivoli Provisioning Manager server).

Procedure1. Extract the LP_ITMAgentForTPM72.zip file from the Supplemental DVD for your operating system to

the ITM server local directory.2. Change the current directory, to the directory where you extracted the files.3. Run the installer with the appropriate command:

On the Tivoli Enterprise Portal client and serverlpinstaller.bat

<candle_home>Tivoli Monitoring directory

<install_mode>One of the following values:v guiv consolev silent

On the Tivoli Provisioning Manager computerlpinstaller.exe

4. On the Introduction panel, click Next.5. On the Select Action panel, select Add/Update to install or update the language pack and click Next.6. On the Choose Folder panel, specify the path of where you extracted the nlspackge directory and

click Next.7. On the Select Product panel, select Tivoli Monitoring agent for Tivoli Provisioning Manager and click

Next.8. On the Select Language panel, select the language from the list and click Next.9. On the Preview panel, click Next and then click Done.


10. Restart the Tivoli Enterprise Portal server, Tivoli Enterprise Portal client, and Tivoli Monitoringagent.

Results

The language pack for Tivoli Monitoring agent is installed.

Backing up the administrative workstationIf you do not want to keep the administrative workstation active after installation, you must create abackup of the software installed on the computer.

The administrative workstation is not required to use Tivoli Provisioning Manager after installation.However, the computer is required to install program patches, product upgrades, new applications, newprocess managers, and additional language packs. Because the installation of the deployment software onthe administrative workstation also includes changes to the Windows registry, you must back up theinstallation so that all settings can be restored when you want to change your installation.

If you are using a virtual server for your administrative workstation, you can create a virtual serverimage to save the administrative workstation configuration. You can also back up the administrativeworkstation manually as described in this section.

Procedure1. Back up the installed base services and web components.

a. Change to the following directory:v C:\Program Files\IBM\Common\acsi\bin

b. Run the following command:v de_backupdb.cmd -bfile C:\IBM\SMP\DE_BACKUPS\AFTER_INSTALL_PMP_7.2.0.0

2. Create a backup of the deployment directory.v C:\IBM\SMP

3. Create a backup of the registry entries.

Table 21. Registry entries for the base services

Location Key name Key value

My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\IBM\Tivoli BaseServices

InstallDir C:\IBM\SMP

Version 7.1.1.6

Results

You now have a backup of the administrative workstation.

If you later need to restore the backup, perform the following steps:1. Copy the deployment directory to the new computer. The default location is:

v C:\IBM\SMP

2. Copy the registry entries into the Windows registry of the new computer.3. Change to the following directory:

v C:\ibm\SMP\de

4. To reinstall the deployment engine, run the following command:si_inst.[bat|sh]

5. To restore the backup of the installed packages, run the following command:v de_restoredb.cmd -bfile C:\IBM\SMP\DE_BACKUPS\AFTER_INSTALL_PMP_7.2.0.0


Configuring a web browser for Federal Information ProcessingStandard 140-2 complianceIf you have enabled Federal Information Processing Standard (FIPS) 140-2 compliance, you must enableTransport Layer Security (TLS) in the web browser to make the connections with the provisioning serverFIPS 140-2 compliant.

Procedurev For Internet Explorer 6 or 7:

1. In Internet Explorer, click Tools > Options.2. Click the Advanced tab.3. Under Security:

– Clear Use SSL 2.0

– Clear Use SSL 3.0

– Select Use TLS 1.0

4. Click Apply, and then click OK.v For Firefox 3:

1. In Firefox, click Tools > Options.2. Click the Advanced icon.3. Click the Encryption tab.4. In the Protocols section.

– Clear Use SSL 3.0.– Select Use TLS 1.0.

5. Click Security Devices.6. Select NSS Internal PKCS #11 Module and then click Enable FIPS.

Note: You must have a master password set for each listed security device before FIPS-mode canbe enabled.

7. Click OK.8. Disable all TLS cipher suites that are not FIPS compliant. See step 3 of the instructions in the

Firefox knowledge base article about FIPS 140-2 compliance for details.

Starting the provisioning server on WindowsAfter installing Tivoli Provisioning Manager, start the provisioning server so that you can use theproduct.

Before you begin

Ensure that the middleware applications are started. For more information, see “Starting middleware onWindows” on page 94.

Follow these steps only if you want to start the provisioning server after installation. To start theprovisioning server in other cases, for example, if the provisioning server is stopped and you need torestart it, see “Starting and stopping the provisioning server on Windows” on page 211.

Procedure1. Log on as the tioadmin user or the Administrator user.2. Change to %TIO_HOME%\tools

3. Type tio.cmd start tpm

Chapter 4. Post-installation tasks 133

http://support.mozilla.com/en-US/kb/Configuring+Firefox+for+FIPS+140-2

2008 Select the option Run as administrator for all the commands that you run from%TIO_HOME%\tools. For more information about user account control in Windows 2008, see UserAccount Control Step-by-Step Guide.

4. After the provisioning server is ready, open a web browser and log on by typing:https://host_name:9443/maximo

5. Type the user name and password. The default user is maxadmin.

Manually configuring directory synchronization for WebSphereApplication Server Network DeploymentYou can manually configure a cron task to schedule synchronization of users and groups between adirectory server and Provisioning Manager.

VMMSYNC is the cron task that schedules the synchronization between Provisioning Manager andVirtual Member Manager. This cron task is set up automatically during installation. The manualprocedure is required only if you need to change the existing configuration of the cron task.

Procedure1. Open a web browser and go to http://host_name:port/maximo.

2. Log on to Provisioning Manager using the maxadmin user ID.3. Click Go To > System Configuration > Platform Configuration > Cron Task Setup.4. Type VMM in the Cron Task field, and press Enter.5. Locate and select the VMMSYNC cron task, and click it.6. Configure the following values:

Active?Enable the Active? option by selecting the check box.

CredentialThis value is the password used for the Principal account. In this case, enter the password forwasadmin.

GroupMappingThis field contains XML mapping files that map LDAP object attributes to database repositorytable columns. Change the following object entries to use the organizational unit ou value thatyou defined for your organization when setting up Provisioning Manager middleware.

BasednThis value defines the LDAP subtree that the Virtual Member Manager cron task usesto search for group objects. For example, ou=groups,ou=SWG,o=IBM,c=US for IBM TivoliDirectory Server and ou=groups,ou=SWG,dc=IBM,dc=COM for Microsoft Active Directory.

Filter This value is the Virtual Member Manager object class that the service uses to searchfor group objects in LDAP:Group

GroupSearchAttributeThis value is the LDAP group object attribute used to search for groups under the configureddirectory subtree.

For example, cn.

PrincipalThis value is the user required by the CronTask application to connect to the local VirtualMember Manager service. This value can be any directory server administrative user that hasauthorization to connect to the local Virtual Member Manager service. Customize it to use theorganizational unit ou and domain name dc values that you defined for your organization


http://technet.microsoft.com/en-us/library/cc709691%28WS.10%29.aspx


when setting up the middleware. For example, cn=wasadmin,ou=users,ou=SWG,o=IBM,c=US forIBM Tivoli Directory Server and uid=wasadmin,ou=users,ou=SWG,dc=IBM,dc=COM for MicrosoftActive Directory.

SynchAdapterpsdi.security.vmm.DefaultVMMSyncAdapter

This value is the Java class that writes LDAP data to the database.

SynchClasspsdi.security.vmm.VMMSynchronizer

This value is the Java class that connects to the Virtual Member Manager local service tosearch for required objects.

UserMappingThis field contains XML mapping files that map LDAP object attributes to database repositorytable columns. Change the following object entries to use the organizational unit ou value youdefined for your organization when setting up the middleware.

BasednThis value defines the LDAP subtree that the Virtual Member Manager cron task usesto search for group objects. For example, ou=users,ou=SWG,o=IBM,c=US for IBM TivoliDirectory Server and ou=users,ou=SWG,dc=IBM,dc=COM for Microsoft Active Directory.

FilterPersonAccount

This value is the Virtual Member Manager object class that the service uses to searchfor user objects in LDAP.

UserSearchAttribute

This value is the LDAP user object attribute used to search for users under configureddirectory subtree. For example, cn for IBM Tivoli Directory Server and uid for MicrosoftActive Directory.

You must click the arrow located in the header of the Cron Task Parameters table to view allparameters.

7. Click the save icon.

Results

By default, the cron task runs every 5 minutes. Change the Schedule field of the cron task if you want tochange the interval. The updated parameters are used at the next scheduled synchronization.

Configuring the LDAP server for user authentication onlyWhen the installation is completed, you can configure your environment to store user information in theLDAP server and security roles and groups in the provisioning database.

If you want authentication to be handled by the LDAP server, instead of by the Tivoli ProvisioningManager database, you can configure security so that the authentication process uses the LDAP server,which stores the user information only. The authorization process is handled by loading the security rolesinformation from the provisioning database.

To configure security for this model, complete the following steps to turn off VMMSync to separate theuser and security group information.


Procedure1. Click Go To > System Configuration > Platform Configuration > Cron Task Setup.2. In the Cron Task field, type VMMSynch.3. Click VMMSync and click the Cron Task tab.

4. Clear the Active check box. Click to save your changes.5. Ensure that the mxe.LDAPUserMgmt property is not enabled. Click Go To > System Configuration >

Platform Configuration > System Properties.6. Expand Filter and search for the mxe.LDAPUserMgmt property.7. Ensure that Current Value is set to zero (0).

Results

If Current Value has a value other than 0, complete the following steps:1. Log on to the database server and run the following SQL command:

UPDATE <schema_name>.MAXPROPVALUE SET PROPVALUE = ’0’ WHERE PROPNAME = ’mxe.LDAPUserMgmt’

where <schema_name> is the schema name.2. For the changes to take effect, restart the provisioning server:

v Enter tio.cmd stop and then enter tio.cmd start.

Users are now separated and stored in the LDAP server for authentication only. Security groups arestored in the provisioning database for authorization purposes. Now that VMMSync is disabled, theLDAP server and provisioning database are not synchronized. When new users are added to the LDAPserver, security groups and users, and the membership of the users to the security groups, must bemanually added to the provisioning database using the web interface.

Adding users and security groupsYou must add users and security groups to the provisioning database.

Procedure1. To create a user, log on to the web interface and click Go To > Security > Users.

2. Click to create the user. Enter the required information and save your changes. This user mustalso be created in the LDAP for the authentication server.

3. To create a security group, click Go To > Security > Security Groups. Click to create the securitygroup. Enter the required information and save your changes.

4. To add users to the security group, click the Users tab and click New Row. In the User field, type the

user name or click and select the user to add to the security group.

Note: If an exception occurs when you are trying to add a user to a security group, the access rightsmust be changed so that you can change the group membership. The MAXADMIN user must changethe permissions.a. Log in as MAXADMIN.b. Click Go To > Security > Security Groups.c. Click the Group tab and click the security group.d. Click Select Action > Authorize Group Reassignment.e. Click Select Users and select the user that must have the access rights to add other users to that

security group. Click OK. Confirm the changes by clicking OK again.


f. Log on to the web interface as the user who now has the appropriate access rights to the securitygroup.

g. Click Go To > Security > Security Groups. Select the User tab and add the user.

Defining the boot server after installationYou must create your boot server if you ran the installation program without the Tivoli ProvisioningManager for OS Deployment component.

If you ran the installation program without the Tivoli Provisioning Manager for OS Deploymentcomponent and then ran it again with the Tivoli Provisioning Manager for OS Deployment componentselected, the OS deployment boot server object is not created. To create it, you must run the TPMfOSDInstallation Discovery against your local provisioning server.

For more information, see Discovering an OS deployment server in the information center.

Setting up the infrastructure for software distribution tasksThis procedure explains how to set up a scalable distribution infrastructure.

If you are planning to use the scalable distribution infrastructure for your software distribution tasks, youdo not need to complete this post-installation task.

If you are not planning to use the scalable distribution infrastructure for your software distribution tasks,you must set a global variable to specify so. The TCA.Create.EO.SAP global variable determines if thescalable distribution infrastructure is used or not. This parameter is set to true by default.

You must set the TCA.Create.EO.SAP global variable to false if you do not want to use the scalabledistribution infrastructure.

Procedure1. Log on to the web interface.2. Click Go To > Provisioning Global Settings > Variables.3. Find the TCA.Create.EO.SAP global variable and set its value to false.

For more information about the scalable distribution infrastructure, see Scalable distributioninfrastructure in the information center.



Chapter 5. Uninstalling Tivoli Provisioning Manager

A single uninstallation program for all Tivoli Provisioning Manager components is not available. Touninstall Tivoli Provisioning Manager, you must remove the software in the order below. Do not useother methods to uninstall Provisioning Manager, such as the Add/Remove Programs panel.

1. Uninstall corecomponents

2. Uninstall base servicesand Web components

3. Uninstall middleware

4. Removeremaining items

Software is uninstalled

Uninstalling Tivoli Provisioning Manager core componentsThis section describes how to uninstall Tivoli Provisioning Manager core components.

Before you begin

If Windows Terminal Server is installed, configure the terminal server to install mode by running:change user /install

To uninstall the core components, complete the tasks in this section.

Uninstalling the Tivoli Monitoring agentIf you installed the Tivoli Monitoring agent, uninstall it before you uninstall core components such as thedevice manager service, dynamic content delivery, or agent manager.

Procedure

To uninstall the agent:1. Log on as Administrator user.2. Open the Add/Remove Programs control panel.3. From the list of applications, select IBM Tivoli Monitoring for Provisioning.4. Click Change/Remove.


5. Select Remove and click Next.6. Click OK to confirm the uninstallation.7. Click Finish to complete the uninstallation.

What to do next

Proceed to “Uninstalling Tivoli Provisioning Manager for OS Deployment.”

Uninstalling Tivoli Provisioning Manager for OS DeploymentIf you installed Tivoli Provisioning Manager for OS Deployment, uninstall it before you uninstall corecomponents such the device manager service, dynamic content delivery, or agent manager.

Uninstalling Tivoli Provisioning Manager for OS Deployment on WindowsIf you installed Tivoli Provisioning Manager for OS Deployment, complete the following procedure touninstall it.

Procedure1. Stop Tivoli Provisioning Manager for OS Deployment. In a command window, run:

net stop remboagentnet stop remboserver

2. In the Add/Remove Programs control panel, click Tivoli Provisioning Manager for OSDeployment.

3. Click Change.4. Select a language and then click —>.5. On the welcome panel, click Next.6. Click Remove.7. To completely remove Tivoli Provisioning Manager for OS Deployment, select Remove Tivoli

Provisioning Manager for OS Deployment completely, including user data.8. Click Remove.9. When Tivoli Provisioning Manager for OS Deployment is uninstalled, click Finish.

10. Drop the Tivoli Provisioning Manager for OS Deployment database in the database server.a. In a command window, run the following command to open a DB2 command window:

db2cmd

b. Set the database instance to the Tivoli Provisioning Manager database instance. The default isctginst1.set db2instance=ctginst1

c. Run the following command to drop the database:db2 drop database tpmfosd

11. If the DB2 server is on a remote system, run the following commands on a Tivoli ProvisioningManager server where a DB2 client is installed.a. In a command window, run the following command to open a DB2 command window:

db2cmd

b. Set the database instance to the Tivoli Provisioning Manager database instance. The default valueis ctginst1.set db2instance=ctginst1

c. Run the following command to drop the database:db2 uncatalog database TPMFOSDdb2 uncatalog node TPMFOSDdb2 terminate

12. Check if the following directories exist. If they still exist, delete them.


v The IBM Tivoli folder. The default location is C:\Program Files\Common Files\IBM Tivoliv The data directory. The default location is C:\tpmfosd files

What to do next1. If you removed Tivoli Provisioning Manager for OS Deployment successfully, proceed to “Uninstalling

Tivoli Provisioning Manager for Job Management Service federator.”2. If you were unable to remove Tivoli Provisioning Manager for OS Deployment using the uninstaller,

remove it manually:a. Check if the following directories exist. If they still exist, delete them.

v The IBM Tivoli folder. The default location is C:\Program Files\IBM\Tivoli

v The data directory. The default location is C:\tpmfosd files

b. Check if the database tpmfosd is created. Run the commands:set db2instance=ctginst1db2 list db directory

c. If the database exists, drop the database:db2 drop database tpmfosd

3. If the following registry keys exist, remove the keys and any children keys.HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemboAgentHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemboODBCHKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemboServer

Uninstalling Tivoli Provisioning Manager for Job Management ServicefederatorThis procedure explains how to uninstall the device manager service.

Before you begin1. Close all database command windows and device manager consoles.2. Log on to the Tivoli Provisioning Manager server:

v Log on as administrator.3. Stop Tivoli Provisioning Manager. Run the following command from the /TIO_HOME/tools directory:

[tio.cmd|tio.sh] stop -t


4. Verify that the WebSphere Application Server profiles and the database are running.

Procedure1. Log out as tioadmin and log back on as:

v Administrator

2. Remove the device manager service database tables:

2000DB2

a. Open a command window.b. Change to the TIO_HOME/tools/DMS directory.c. Start the DB2 command line:

db2cmd

d. Set the database instance to the Tivoli Provisioning Manager database instance. The defaultinstance for a custom installation is ctginst1, and the instance owner is maximo.

Chapter 5. Uninstallation tasks 141



set db2instance=ctginst1

e. Enter the following command on a single line:[DMS_DB2_uninstall.bat|./DMS_DB2_uninstall.sh] db_name db_owner db_owner_pwd dm_dir schema_name

db_nameThe name of the Tivoli Provisioning Manager database.

db_ownerThe database instance owner.

The default owner is db2admin.

db_owner_pwdThe password for the database instance owner.

dm_dirThe full path of the device manager service installation directory. The default value is:v C:\Program Files\ibm\DeviceManager

Note:

v Ensure that you include a backslash (\) at the end of the path.v The directory path cannot include spaces. For directories that contain spaces, ensure

that you use short names. For example Program Files must be shortened to Progra~1.

schema_nameThe database schema name. The default value is maximo.

For example:v DMS_DB2_uninstall.bat MAXDB71 db2admin pas5word c:\Progra~1\ibm\DeviceManager maximo

3. Open a command window.4. Change to the config directory in the following directory:

v C:\Program Files\ibm\DeviceManager

5. If you changed the administrator user for the directory server to another user name, complete thefollowing steps:a. Open the file DMSconfig.properties in a text editor.b. In the instWASUsername=tioadmin line, change tioadmin to the current WebSphere Application

Server administrator user name. For example, if the current WebSphere Application Serveradministrator is wasadmin, change the line to:instWASUsername=wasadmin

c. In the instWASPassword line, change the value of the password in the file to the password for thecurrent WebSphere Application Server administrator. For example, if the current password ispass5word, change the line to:instWASPassword=pass5word

6. Verify if the device manager service application is installed in WebSphere Application Server:a. Log on to the WebSphere Application Server administrative console.b. Click Applications > Enterprise Applications and verify if an application named DMS_WebApp

is installed.c. If DMS_WebApp is installed, continue with step 7.d. If DMS_WebApp is not installed, skip step 7 and continue with step 8.

7. Remove the device manager service configuration:[DMSremoveconfig.bat|./DMSremoveconfig.sh] -server -file DMSconfig.properties -showtrace

8. Change to the _uninst directory in the following directory:v C:\Program Files\ibm\DeviceManager


9. Run the uninstaller:uninstaller.[exe|bin]

10. Remove the device manager service installation directory:v C:\Program Files\ibm\DeviceManager

What to do next

Proceed to “Uninstalling Tivoli Provisioning Manager for dynamic content delivery.”

Uninstalling Tivoli Provisioning Manager for dynamic content deliveryUninstall Tivoli Provisioning Manager for dynamic content delivery to remove the component responsiblefor centralized control of the uploading, replication, and downloading of files.

Procedure1. Log on as a user with administrator access.2. Ensure that Tivoli Provisioning Manager is stopped.3. Ensure that the device manager service is uninstalled. See “Uninstalling Tivoli Provisioning Manager

for Job Management Service federator” on page 141.4. Open a command window.5. Change to the _uninst directory of the following directory. The default location is:

v C:\Program Files\IBM\tivoli\CDS\_uninst6. Run the uninstaller:

[uninstaller.exe|./uninstaller.bin]

7. When the uninstallation is complete, remove the dynamic content delivery installation directory.8. Verify if the cds_manager directory contains some directories named Gen1 or Gen2. The default value

for the cds_manager directory is:v Program Files\Common Files\InstallShield\Universal\cds_manager

If the Gen1 or Gen2 directories exist, delete them.

What to do next

Proceed to “Uninstalling the agent manager.”

Uninstalling the agent managerUninstall the agent manager to remove the agent manager servlets from WebSphere Application Server.The uninstallation wizard does not drop the registry database or delete the agent manager objects fromthe database.

Before you begin1. Log on as tioadmin.2. Ensure that Tivoli Provisioning Manager is stopped.3. Ensure that the device manager service and the dynamic content delivery are uninstalled. See

“Uninstalling Tivoli Provisioning Manager for Job Management Service federator” on page 141 and“Uninstalling Tivoli Provisioning Manager for dynamic content delivery.”





Procedure1. Open a command window.2. Remove the database tables.

v 2000DB2

a. To start the DB2 command line, run the command:db2cmd

b. Set the database instance to the Tivoli Provisioning Manager database instance. The defaultvalue is ctginst1.set db2instance=ctginst1

c. Change to the TIO_HOME/tools/CAS directory and run the command:[CAS_DB2_uninstall.bat|./CAS_DB2_uninstall.sh] db_name db_owner db_owner_pwd

Note: The CAS_DB2_uninstall.bat script closes the command window after you run it. If youwant the command window to remain open so that you can see the status of the command afterit runs, remove the last exit statement from the script.In the previous command, replace the parameters with the appropriate values:

db_nameThe name of the Tivoli Provisioning Manager database.

db_ownerThe database instance owner.

The default owner is db2admin.

db_owner_pwdThe password for the database instance owner.

For example:[CAS_DB2_uninstall.bat|./CAS_DB2_uninstall.sh] MAXDB71 ctginst1 mypassword

3. Log out as tioadmin and log on as Administrator.4. Run the uninstaller and follow the instructions in the wizard:

AM_HOME/_uninst/uninstaller.[exe|bin]

5. Delete the agent manager installation directory.6. Remove the WebSphere Application Server profile for the agent manager. The default profile name is

casprofile.WAS_HOME/bin/manageprofiles.[bat|sh] -delete -profileName casprofile

7. Remove the profile directory WAS_HOME/profiles/casprofile.

What to do next

Proceed to “Uninstalling Tivoli Provisioning Manager engines.”

Uninstalling Tivoli Provisioning Manager enginesEach core component must be uninstalled individually.

Before you begin1. Ensure that other core components, such as the monitoring agent, Tivoli Provisioning Manager for OS

Deployment, Tivoli Provisioning Manager for Job Management Service federator, the dynamic contentdelivery, and the agent manager, are uninstalled. For more information, see “Uninstalling TivoliProvisioning Manager core components” on page 139.

2. Log on as a user with administrator access.


3. Stop Tivoli Provisioning Manager and ensure that any running Java processes are stopped. For moreinformation, see:v “Starting and stopping the provisioning server on Windows” on page 211

4. Ensure that the database is still running. To start the database:

v 2000DB2 In the following steps, the database instance is named ctginst1.


a. Log on as a user with administrative permissions.b. Click Start and select Run.c. Type services.msc and click OK.d. Select DB2 - DB2COPY1 - CTGINST1-0 and click Start the service.

Alternatively, you can use the db2start command from a command line to start CTGINST1.

If the server has a virtual IP address

a. Log on as a user with administrative permissions.b. Start the database:

db2gcf -u -p 0 -i ctginst1

The uninstallation only removes the Tivoli Provisioning Manager engines. It does not remove:v The database and application serverv The log files

Procedure1. Run the following command:

%TIO_HOME%\_uninst\_uninstTPM\uninstaller.exe

2. If you plan to reinstall Tivoli Provisioning Manager, complete the following steps:a. Log on as tioadmin.b. Remove the Tivoli Provisioning Manager installation directory.c. Keep the user tioadmin so that it is ready for the reinstallation.

What to do next1. If you installed the DB2 client, proceed to “Uninstalling the DB2 client.” Otherwise, skip this step.2. Proceed to “Uninstalling the base services and web components” on page 146.

Uninstalling the DB2 client2000DB2

If you installed the DB2 client, uninstall it after you uninstall core components such as the devicemanager service, dynamic content delivery, or agent manager.

Procedure

To uninstall the DB2 client on Windows:1. Log on as the Administrator user.2. Open the Add/Remove Programs control panel.3. From the list of applications, select DB2 client.4. Click Change/Remove.5. Select Remove and click Next.6. Click OK and click Finish.


Uninstalling the base services and web componentsTo remove the base services and the web components, or if the installation failed while installing the baseservices, use these steps to remove the software.

Before you begin1. Ensure that the core components are uninstalled.2. Ensure that WebSphere Application Server is running.

Note: If another Tivoli process automation engine product is installed on the same computer as TivoliProvisioning Manager, for example, Service Request Manager (SRM) or Change and ConfigurationManagement Database (CCMDB), do not uninstall the base services and web components.

Procedure1. Log on to the administrative workstation:

v As the Administrator user.2. Run the following command:

v MAXIMO_HOME\_uninstall\uninstall.bat. The default location for MAXIMO_HOME isC:\ibm\SMP.

3. Remove the MAXIMO_HOME directory.4. Restore the deployment engine database to the backup you created before installing the base services.

For more information, see “Recovering the deployment engine” on page 159.

What to do next

If you are uninstalling middleware on Windows, AIX or Linux, proceed to “Uninstalling middleware.”

Uninstalling middlewareTo uninstall the middleware, you must run the middleware installer to undeploy the previously deployeddeployment plan.

Before you beginv Make sure that the base services are uninstalled. See “Uninstalling the base services and web

components.”v If you installed the middleware using the middleware installer, you must uninstall the middleware

using the same middleware installer. Otherwise, the registry created when installing the middleware nolonger matches with what is deployed. Therefore, if you then try to reinstall middleware using themiddleware installer, errors might occur.

v If you did not use the middleware installer to install your middleware, see your middlewaredocumentation for uninstallation instructions.

v At points during the uninstallation process, the middleware installer progress bar might appear topause. In most cases, the middleware installer progress bar resumes shortly after pausing. If you thinkthat your uninstallation process has experienced an error, refer to the middleware installer log files.

v If you reinstall middleware, provide the same value used previously for the DB2 administrators groupduring the reinstallation. The middleware installation program creates a default instance for DB2 andadds the owner of the default instance to the DB2 administrator group specified. When DB2 isuninstalled, users and groups are not removed. If a different DB2 administrators group value issupplied, DB2 attempts to associate the owner of the default instance with this new group. Thisattempt fails because the owner already belongs to the group specified during the initial installation. Tospecify a new DB2 administrators group, remove the existing instance owner and DB2 administratorgroup. This task must be done before rerunning the middleware installation program.


To uninstall the application server, ensure that the directory server (Tivoli Directory Server or MicrosoftActive Directory) is running. Do not uninstall the directory server until the application server has beenuninstalled.

If you want to uninstall middleware after a failed middleware installation, complete the following stepsbefore using the middleware uninstaller:1. Stop the IBM Tivoli Directory Server (IBM Tivoli Directory Server v6.2 - idsccmdb).2. Stop the IBM Tivoli Directory Server daemon (IBM Tivoli Directory Admin Server v6.2 - idsccmdb).3. Start DB2.4. Start the idsccmdb DB2 instance (DB2 - DB2COPY1 - IDSCCMDB).5. Start the IBM Tivoli Directory Server daemon (IBM Tivoli Directory Admin Server v6.2 - idsccmdb).

Procedure1. Log in as:

v Administrator

2. Start the launchpad.3. In the launchpad navigation pane, click Custom Installation.4. Click Install middleware.5. Select a language for the installation and click OK.6. From the Welcome panel, click Next.7. Accept the licence agreement and click Next.8. From the Choose Workspace panel, specify the workspace directory containing the currently

deployed plan and click Next. The default location for the workspace is the last workspace locationspecified. For example:v C:\ibm\tivoli\mwi\workspace

9. From the Select Operation panel, select Undeploy the plan and click Next.10. From the undeployment preview panel, click Next to undeploy the plan.11. From the successful undeployment panel, click Cancel to exit the middleware installer.12. Reboot the system if you plan to reinstall middleware on this system using the middleware installer.

What to do next

Proceed to “Removing items remaining after uninstallation.”

Removing items remaining after uninstallationSome uninstallation programs do not remove all files or configuration settings on the computer. Ensurethat you remove all items remaining after uninstallation if you want to reinstall any Tivoli ProvisioningManager software.

After uninstalling Tivoli Provisioning Manager, you might need to perform some cleanup tasks.

Removing application files and configuration settingsFiles and configuration settings that remain after some applications are uninstalled can cause aninstallation of Tivoli Provisioning Manager to fail. Ensure that you check for files and settings that needto be removed.

Tivoli Provisioning ManagerIf you uninstalled Tivoli Provisioning Manager, check that the installation directory has beendeleted. The default location is:v C:\Program Files\IBM\tivoli\tpm


If this directory remains after uninstallation, reinstallation of the product might fail.

WebSphere Application ServerIf WebSphere Application Server was previously installed on the computer, verify the followingitems:v Ensure that the WebSphere Application Server installation directory is deleted. The default

location is:– C:\Program Files\IBM\WebSphere\AppServer

v The vpd.properties file lists program components that are installed. Check the vpd.propertiesfile for entries that must be removed.– The file is located in the operating system installation directory, such as C:\windows.For more information about the file, see the following topic in the WebSphere ApplicationServer information center.

Middleware Installer DirectoriesEnsure that the following directories are deleted:

v 2000DB2

– SystemDrive:\Program Files\IBM\SQLLIB

where SystemDrive is the disk drive that contains the hardware-specific files used to startWindows. Typically, the system drive is C.

v Tivoli Directory Server– C:\Program Files\IBM\LDAP\V6.2

v IBM HTTP Server– C:\Program Files\IBM\HTTPServer

The deployment engine database

1. Set up the environment using the following command:v C:\Program Files\IBM\common\asci\setup\setenv.cmd

2. Remove the deployment engine database using the si_inst command:v C:\Program Files\IBM\common\asci\bin\si_inst.bat

3. Delete the \asci directory.4. Restart the provisioning server.

Removing the Global Unique IdentifierA Global Unique Identifier is used to identify a Tivoli common agent on a computer. The agent ID is thename of the installation directory of the common agent. If you are uninstalling the Tivoli GUID tool orthe Tivoli Common Agent, the agent ID is not automatically removed from the system. You must removeexisting agent IDs from the computer before you install Tivoli Provisioning Manager.

The following is an example of the registry entry:[HKEY_LOCAL_MACHINE\SOFTWARE\Tivoli\GUID]"Path"="C:\\Program Files\\Tivoli\\guid""TIVGUID"=hex:32,b0,e6,f0,c9,ca,11,d7,9a,e6,00,60,94,53,9b,b6@=""

To manually remove the GUID from the registry, complete the following steps:1. Start regedit.2. Navigate to \HKEY_LOCAL_MACHINE\SOFTWARE\Tivoli\GUID\.3. Remove the GUID entry.


http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/topic/com.ibm.websphere.base.doc/info/aes/ae/rins_vpd.html

Results

The Tivoli Provisioning Manager uninstallation is completed.

What to do nextv If you plan to reinstall middleware using the middleware installer, ensure that you provide the same

value for the DB2 administrators group during the reinstallation. The middleware installer creates adefault instance for DB2 and adds the owner of the default instance to the DB2 administrator groupspecified. When DB2 is uninstalled, users and groups are not removed. During the reinstallation, if adifferent DB2 administrators group value is supplied, DB2 attempts to associate the owner of thedefault instance with this new group, which might fail because the owner already belongs to the groupspecified during the initial installation. If you must specify a new DB2 administrators group during thereinstallation, remove the existing instance owner and DB2 administrator group before running themiddleware installer again.

v In most cases, the middleware installer does not stop the uninstallation process or report failuresduring the uninstallation process. Only in the case where you are uninstalling an application serverthat was secured using IBM Tivoli Directory Server and that directory server has not been started, youencounter an error that stops the uninstallation process. This exception is also recorded in the mwi.logfile.To verify that middleware products were correctly uninstalled, you must check the deployment planlogs. For more information, see “The middleware installer logs” on page 34.

Uninstalling and reinstalling the deployment engine databaseThese instructions are for restoring the deployment engine database to the state it was in before processmanagers were installed.

Before you begin1. Stop the deployment engine:

v Control Panel > Administrative Tools > Services > IBM ADE Service.2. Back up the deployment engine database of the administrative system before and after applying any

updates to an existing deployment. Having backups allows you to recover from partial installationattempts where process manager components were partially installed. If you do not have a backup ofthe deployment engine database, you must reset the database to a clean state by uninstalling andreinstalling the deployment engine. This is a destructive process. If products other than TivoliProvisioning Manager are using the deployment engine, this deletes data for those products also.

To uninstall and resinstall the deployment engine database, complete the following steps:

Procedure1. Change directory to the deployment engine installation location.2. Remove any locks held by deployment engine:

erase "c:\Program Files\IBM\Common\acsi\logs\.lock*"

3. Include jre (Java) in the class path:set path=C:\IBM\SMP\jre\bin;%PATH%

4. Uninstall the deployment enginesi_inst -r -f

Results

You can safely ignore warnings that all files and directories cannot be removed. The deployment engineis reinstalled when the product installation program is run again.


Reinstalling Tivoli Provisioning ManagerBefore you reinstall software, ensure that the product has been uninstalled correctly and that the servicesrequired during each installation stage are started.1. Ensure that you uninstalled all software as described in Chapter 5, “Uninstalling Tivoli Provisioning

Manager,” on page 139.

2. 2000DB2 If you reinstall the middleware, provide the same value used previously for the DB2administrators group during the reinstallation. The middleware installation program creates a defaultinstance for DB2 and adds the owner of the default instance to the DB2 administrator group specified.When DB2 is uninstalled, users and groups are not removed. If a different DB2 administrators groupvalue is supplied, DB2 attempts to associate the owner of the default instance with this new group.This attempt fails because the owner already belongs to the group specified during the initialinstallation. To specify a new DB2 administrators group, remove the existing instance owner and DB2administrator group. This task must be done before reinstalling the middleware.

3. Ensure that the services are started:

The base services

v Middleware– “Starting middleware on Windows” on page 94

v The deployment engine for the solution installer on the administrative workstation:– Check the Services control panel. If the IBM ADE service is not running, start it.

Tivoli Provisioning Manager core componentsEnsure that the middleware is started before you resume installation.v “Starting middleware on Windows” on page 94

Ensure that the Tivoli Provisioning Manager installation directory and the GUID are removedas described in “Removing items remaining after uninstallation” on page 147. The middlewaresteps do not need to be performed.

The middlewareIf you are using the middleware installer to reinstall the middleware, the deployment enginefor the solution installer must be started on all middleware computers, if it is still installed.


Appendix A. Troubleshooting installation

Review the following topics for problems that you might encounter during installation.

If you encounter errors during Tivoli Monitoring agent installation, see the following resources:v Troubleshooting information in the Tivoli Monitoring agent for Tivoli Provisioning Manager User

Guide.v The Troubleshooting Guide in the IBM Tivoli Monitoring Version 6.2.2 information center.

Problems during middleware installationSee the following information to diagnose and resolve middleware installation errors.

In addition to the problems listed in this topic, check the technotes for middleware installation problemsavailable at http://www-01.ibm.com/support/search.wss?rs=1015&tc=SS2GNX&dc=DB560&rankprofile=8&q1=mwi&sort=desc&dtm.

Backing up and restoring the deployment engine databaseThese instructions are for backing up and restoring the deployment engine database to the state it wasbefore installing middleware on middleware servers or process managers on the administrativeworkstation.

Before you begin1. Stop the deployment engine:

v Control Panel > Administrative Tools > Services > IBM ADE Service

2. Back up the deployment engine database of the administrative system before and after applying anyupdates to an existing deployment. Having backups allows you to recover from partial installationattempts where process manager components were partially installed. These instructions are providedfor manual backup and restore of the deployment engine database. If you used the launchpad links toback up the deployment engine database automatically, restore the deployment engine database fromthe location that you specified in the installer panels.

Procedure1. Set up the environment using the following command:

c:\Program Files\IBM\Common\acsi\setenv.cmd

2. Run the command to back up the deployment engine registry:c:\Program Files\IBM\Common\acsi\bin\de_backupdb.cmd <backup file name>

Use a meaningful name for <backup_file_name> to indicate that it contains the state of the registryafter your installation of Provisioning Manager.To restore a backup of the deployment engine database:c:\Program Files\IBM\Common\acsi\bin\de_restoredb -bfile "<backup_directory>\DEBackupBeforeMBS"

where <backup_directory> is the directory that you selected to back up the deployment enginedatabase. where <backup_file_name> is the file containing the deployment engine backup that youmade.


http://publib.boulder.ibm.com/infocenter/tivihelp/v15r1/topic/com.ibm.itm.doc_6.2.2fp1/welcome.htm

http://www-01.ibm.com/support/search.wss?rs=1015&tc=SS2GNX&dc=DB560&rankprofile=8&q1=mwi&sort=desc&dtm

http://www-01.ibm.com/support/search.wss?rs=1015&tc=SS2GNX&dc=DB560&rankprofile=8&q1=mwi&sort=desc&dtm

CTGIN9077E error during middleware installationIf the middleware installer is canceled during middleware installation, you might encounter errors.

Symptoms

The following error is generated in the installation step for the deployment engine:CTGIN9077E: Deployment Engine did not start successfully. Please try to manually startthe Deployment Engine and restart the installer.

Resolving the problem1. Exit the middleware installation program.2. Restart the deployment engine. Run the command:

v net start "IBM ADE Service"

If the deployment engine is started successfully, restart the middleware installation program and resumemiddleware deployment.

Links in the launchpad do not workSymptoms

If the installation binary files are copied in a Windows mapped network drive, and the launchpad.exe fileis run from there, the following links in the launchpad do not work:v 1.3 Back up WebSphere Configuration

v 2.4 Back up base service Home Directory

v Start backup

Resolving the problem1. Copy the launchpad64.exe (Windows 64-bit) or launchpad.exe (Windows 32-bit), and launchpad.ini

files to the launchpad folder and the install/tools folder to your local hard disk directory.2. Run the launchpad64.exe (Windows 64-bit) or launchpad.exe (Windows 32-bit) file from your local

hard disk drive directory to back up the WebSphere Application Server and base services.

Errors with the middleware installerSolutions to installation errors regarding insufficient disk space and the middleware installer.

Symptoms1. The solution installer is included with some IBM products. If the middleware installer detects an

existing installation and the service is not started, an error is displayed.

Resolving the problem1. If the middleware installer reports insufficient disk space, make more disk space available on the

computer, and then restart the middleware installer program. Check the disk space requirements inthe installation guide.

2. If the solution installer was previously installed by another product, you must start it manually beforerunning the middleware installer.a. Check for an existing installation of solution installer. The default installation location is:


b. If an installation exists, check that the deployment engine is working:1) Run the command setenv.2) Run the following command from the solution installer directory:


listIU.cmd

If the deployment engine installed correctly, you receive output similar to the following:IU UUID: DDCE934782398B3E81431666515AC8B5 Name: DE ExtensionsInterfaces CLI IU Version: 1.3.1IU UUID: C37109911C8A11D98E1700061BDE7AEA Name: DeploymentEngine IU Version: 1.3.1IU RootIU UUID: D94240D11C8B11D99F2D00061BDE7AEA Name:Install IU Version: 1.3.1

c. If solution installer is already installed, start the service:v Check the Services control panel. If the IBM ADE service is not running, start it.

DB2 installation fails when configured names do not match2000DB2

The node name and host name must match when installing DB2.

Symptoms

DB2 installation stops halfway when the configured node name is different from the configured hostname.

Causes

The DB2 installation uses the uname -n command to obtain the node name of the computer. Typically, thenode name is the same as the host name that is returned with the hostname command. TivoliProvisioning Manager installation requires that the host name and the node name of the computer areidentical.

Resolving the problem

Check the value of the host name and node name. You must change the node name if it does not matchthe host name.1. Run the command hostname to obtain the host name.2. Run the command uname -n to obtain the node name.3. If the node name is different than the host name:

a. Log on as root.b. Change the node name to match the host name. For example, to change the node name to

myserver, run the following command:uname -S myserver

Database error during installation2000DB2

You might receive an error stating that the DB2INSTANCE variable is missing, but it can be disregarded.

Symptomsv You receive this error during installation:

SQL1390C The environment variable DB2INSTANCE is not defined or isinvalid.

v The following message appears in the DB2 installation log called db2inst.log:1: WARNING:A minor error occurred while installing "DB2 Enterprise ServerEdition" on this computer. Some features may not function correctly.

Appendix A. Troubleshooting 153

Causes

This is a known issue. This error occurs because Tivoli Provisioning Manager is initially deployedwithout any DB2 instances. The DB2INSTANCE variable is defined later in the installation process.


This error message can be disregarded.

Cannot connect to Tivoli Directory ServerTivoli Directory Server must be installed and running before you install Tivoli Provisioning Manager.

Symptoms

During the Tivoli Provisioning Manager installation, the system might indicate that it cannot connect tothe IBM Tivoli Directory Server.

Causes

This error occurs because Tivoli Directory Server was not started before running the installer. TivoliDirectory Server must be started before you install Tivoli Provisioning Manager so that the installer canconnect to it.

Resolving the problem1. Ensure that Tivoli Directory Server is installed:

a. If the installation destination directory was created, check the installation log file for the directoryserver:v C:\IBM\LDAP\ldapinst.log

After the installation of the directory server is complete, an LDAP database must be created withinDB2. For more information, refer to the Tivoli Provisioning Manager 7.2 Installation Guide.The ldapcfg.stat file shows the syntax that was used at the time of the database creation:C:\IBM\ldap\bin\ldapcfg -n -a db2inst1 -w password -d LDAP -lC: -c -f C:\IBM\ldap\tmp\ldapcfg.dat

The ldapcfg.stat file is located in the following directory:v C:\IBM\ldap\tmp\ldapcfg.stat

2. Verify the status of the directory server, using the ibmdirctl tool, located in the following directory:v C:\IBM\ldap\bin

Type the following command to check the directory server status:ibmdirctl -D cn=root -w <password> status

3. If the directory server is not started, start it by using the following command:start: ibmdirctl -D cn=root -w <password> start

Cannot connect to the database server during installationThe database server must be installed and running before you install Tivoli Provisioning Manager.

Symptoms

During the installation, the system indicates that it cannot connect to the database.

Causes


This error occurred because the database was not started before running the installer. The database servermust be started before you install Tivoli Provisioning Manager, so that the installer can connect to it.


Ensure that the database server is installed. Verify the status of the database server. If it is not started,start it. Use the following commands to start the DB2 server:v DB2 - <instance_name>

If the database server was successfully started, you can see the following output:db2start 12-21-2004 14:44:01 0 0 SQL1063NDB2START processing was successful. SQL1063NDB2START processing was successful

You must also verify whether the required port is available:netstat -an |grep 50000

Tivoli Directory Server installation step fails during Tivoli ProvisioningManager installationThe Tivoli Directory Server instance creation will fail if it cannot write files to the home directory of theLDAP instance user or if the home directory does not exist.

Symptoms

During the Tivoli Management Agent installation, the Tivoli Directory Server installation step fails. Thelog file /tmp/itds60/idsicrt.log has an error message similar to the following:GLPICR058E: The specified directory, /home/ldapinst,is not a valid directory, does not exist, or is not writable.

Causes

The LDAP instance user was manually created but the associated home directory does not exist. Thiscauses the Tivoli Directory Server instance creation to fail because it cannot write files to the homedirectory of the LDAP instance user.


If the LDAP instance user is manually created, check to ensure that the home directory exists and that itis writable by the LDAP instance user.

The Microsoft Active Directory configuration failsThe Microsoft Active Directory SSL certificate must be generated and configured manually.

Symptoms

The Microsoft Active Directory configuration fails.

Causes

The Microsoft Active Directory SSL certificate is missing. If you run the Tivoli Provisioning Managerinstaller without the SSL certificate, the Microsoft Active Directory configuration will fail.



This is a manual configuration step that you must complete before you install Tivoli ProvisioningManager.1. Generate the SSL certificate on the Microsoft Active Directory server.2. Install the SSL certificate on the client.3. Import the schema.ldif and ldap.ldif files into the Microsoft Active Directory server. Instructions for

this step are found in theTivoli Provisioning Manager Installation Guide Version 7.2.

Error configuring database during middleware installationAn error occurs during the database configuration because of missing XML files when installing themiddleware.

Symptoms

File corruption leads to missing XML files.

Causes

Older versions of Winzip causes an incompatibility problem.


Use a newer version of Winzip.

The Tivoli Provisioning Manager installation fails with incorrectcertificate valueIf your Tivoli Provisioning Manager installation fails with error code 1005, it is because your MicrosoftActive Directory certificate value is incorrect.

Symptoms

The Tivoli Provisioning Manager installation exits with error 1005.

Causes

The Microsoft Active Directory certificate is missing but the user enters a value for the certificate locationduring the install. If the file does not exist, then the error occurs. There is no other information availablewith this error code.


Ensure that you have a correct certificate value.

WAS_HOME error when using login window managerIf you use a login window manager like Common Desktop Environment (CDE), it might bypass the userprofile file for tioadmin. When the profile file is bypassed, the system cannot create a complete loginenvironment, causing an error.

Symptoms

When starting Tivoli Provisioning Manager using a login window manager such as the Common DesktopEnvironment (CDE), a message informs you that WAS_HOME is not set.

Causes


The login window manager might have bypassed the required user profile file.

The tioadmin user uses the bash shell as the login shell, which is supported for a line-mode login (forexample, using telnet). If you use a login window manager, it might bypass the .profile file fortioadmin. When the profile file is bypassed, the system cannot create a complete login environment.

Resolving the problem1. Create the .bashrc file in the tioadmin home directory, and insert the following line: $HOME/.profile2. Save the file.3. Edit the .dtprofile in the tioadmin home directory and remove the comment from the line:

DTSOURCEPROFILE=true. This file is created automatically when user tioadmin logs in to the loginwindow manager for the first time.

4. Login as tioadmin again to the login window manager.

Encountering error CTGIN9042EDuring middleware installation using the middleware installer, you might encounter error CTGIN9042Ewhich occurs during the installation step for WebSphere Application Server Network Deployment 6.1.

If you encounter error CTGIN9042E during the normal use of the middleware installation program, itmight be related to stale entries in the CEI registry.

In order to troubleshoot this error, complete the following steps:

Procedure1. First check de_processreq.log for failures related to VerifyLogsInInstallLogs Action. The

de_processreq.log file can be found at:<workspace>\<machine name>\deploymentPlan\MachinePlan_<computer shortname>/00009_WAS_ND_6.1/install/01_BASE/[INSTALL_<processing.req.id>]/logs/de_processreq.log

So, for example, if the workspace is located at: C:\ibm\tivoli\workspace, the computer name ismycomputer, and the processing.req.id is created as a date_timestamp, then the de_processreq.logwould be located in:

C:\ibm\tivoli\mwi\workspace\mymachine.ibm.com\deploymentPlan\MachinePlan_mymachine\00009_WAS_ND_6.1\install\01_BASE\[INSTALL_1130_06.54]\logs

2. Next, check for any stale WebSphere Application Server Network Deployment entries:a. Extract the native image of WebSphere Application Server Network Deployment:

v WAS-ND_WindowsIA32_Custom_v61023

b. Open the console window.c. Navigate to the bin folder of extracted image. For example:

\WAS\installRegistryUtils\bin

d. List registry entries:v installRegistryUtils.bat -listProducts

e. Check for WebSphere Application Server Network Deployment related entries. If any WebSphereApplication Server Network Deployment entries are listed, even if you have successfullyuninstalled WebSphere Application Server Network Deployment, you will need to clean theregistry entry.

3. Clean the registry entries:a. Clean WebSphere Application Server Network Deployment entries from the registry:

installRegistryUtils -cleanProduct -offeringID ND -installLocation<WAS installation location path>


b. Edit the vpd.properties file by removing any WebSphere Application Server Network Deploymententries, and then save the file. The file is located in the installation directory of the operatingsystem:v C:\WINNT directory or C:\windows directory

4. After cleaning the registry, run the middleware installation program again and restart the plan.WebSphere Application Server Network Deployment is now successfully installed in the defaultlocation.For example, C:\Program Files\IBM\WebSphere\AppServer.

Uninstallation of WebSphere Application Server Network Deploymentfails after unsuccessful binding to the LDAP directoryYou encounter an error during the installation of WebSphere Application Server Network Deploymentusing the middleware installation program and then when you attempt to undeploy the middlewaredeployment plan related to unsuccessful binding to the LDAP directory.

When using the middleware installation program, you encounter the option to configure WebSphereApplication Server Network Deployment security with an existing remote LDAP directory. The remoteLDAP directory can be hosted by either Microsoft Active Directory or by IBM Tivoli Directory Server. Toconfigure WebSphere Application Server Network Deployment successfully, you need to provide thecredentials to access the remote LDAP server. The set of credentials include:v Host name or IP addressv Port in which LDAP server is runningv LDAP base entryv User, Group, and Organization suffixv Bind DN and password

Also the WebSphere Application Server Network Deployment Administrator user ID and password musthave existing entries in the remote LDAP Directory. If you provide the middleware installation programwith the wrong credentials, the installation might fail at the WebSphere Application Server NetworkDeployment configuration step. Once the initial installation has failed, the uninstallation (undeployment)of the deployment plan might fail due to incorrect credentials given at the time of installation. WebSphereApplication Server Network Deployment cannot issue the stopManager command in order to stop thectgDmgr01 profile. The following error is generated:SECJ0305I: The role-based authorization check failed for admin-authz operationServer:stop:java.lang.Boolean:java.lang.Integer. The user UNAUTHENTICATED(unique ID: unauthenticated) was not granted any of the following required roles:operator, administrator.

To resolve the problem:1.

a. In the Services control panel, change the startup type of the following WebSphere ApplicationServer Network Deployment entries from Automatic to Manual.IBM WebSphere Application Server V6.1 - ctgCellManager01IBM WebSphere Application Server V6.1 - nodeagent

b. Restart the system.c. Restart the middleware installation program to undeploy the plan.

Problems during base services installationSee the following information to diagnose and resolve base services installation errors.


Recovering from a failed installation without the uninstallationprogramIf the installation program has failed at the point where it did not produce the product uninstallationprogram, you must perform additional manual uninstallation tasks.

Complete the following steps to uninstall Provisioning Manager:1. Resolve the cause of the problem.2. Recover the deployment engine database. For more information, see “Recovering the deployment

engine.”

3. XMLDefaultCustom Recover the database. Drop the Provisioning Manager database and create it again.

Default For default installation on Windows, skip this step.4. Ensure that you are logged on as the same user ID used to start the installation program and delete

the MAXIMO_HOME directory manually. The default location is:v C:\IBM\SMP

5. If you are using IBM Tivoli Directory Server, restart the directory server.6. Attempt the installation again.

Base services installation does not accept LDAP names with spacesAdd quotation marks (" ") around the LDAP distinguished names if you need to include spaces.

Symptoms

Manually entering the User base entry and Group base entry LDAP information during the base servicesinstallation causes the LDAP validation to fail.

Causes

Spaces in the LDAP distinguished names are not supported.


Add quotation marks (" ") around the LDAP distinguished names. For example, if the distinguishednames for your User base entry is Test Users and LDAP Test, add quotation marks around thedistinguished names.ou="Test Users",ou="LDAP Test",DC=mydomain,DC=tod,DC=ibm,DC=com

Recovering the deployment engineDepending on your specific scenario, you might restore a previous backup of the deployment engineregistry or remove the deployment engine completely.

Recovering the deployment engine can result in loss of registration information about installed softwarecomponents, which includes both Provisioning Manager and non-Provisioning Manager components. Thissituation causes the deployment engine registry to not accurately reflect the state of the system. Beforeusing these uninstallation instructions or scripts, read the following information to determine the effect ofthese operations to your environment.

Recovery from a partial installation in which no base services programs were registered in thedeployment engine registry

To determine if base services programs have been deployed and registered in the deploymentengine registry:1. Change to the MAXIMO_HOME/bin directory.2. Run the following command:


solutionInstaller -action showinstalled -type all

The CTGIN0059I message indicates which base services programs are installed. If no baseservices programs have been installed, the installation failed before any programs were installedand registered in the deployment engine registry. If no programs are installed, do not uninstallthe deployment engine or restore a previous backup. The current deployment engine registrymust be preserved and does not prohibit installation of the base services programs during thesubsequent installation.

Recovery from a partial or full installation in which one or more base services programs wereregistered in the deployment engine registry

If the showinstalled results indicate that there are one or more base services programs installed,you must restore the backup of the deployment engine database using the following command:v c:\Program Files\IBM\Common\acsi\bin\de_restoredb.cmd -bfile <backup file loc>

where, <backup file name> is the file containing the deployment engine backup. Restore thedeployment engine database backup after completing the steps to remove the Process Managerconfiguration. You must not uninstall the deployment engine before reinstalling ProvisioningManager.

Recovering from problems during base services installationIf the base services installation fails, restore the WebSphere Application Server configuration and thedatabase to their previous states, and then start the base services installation again.

Symptoms

The base services installation fails with the error message Failed to install IBM Tivoli ProvisioningManager base services.

There might be errors regarding a database update problem.

Resolving the problem1. Uninstall the base services. For more information, see “Uninstalling the base services and web

components” on page 146.2. Log on to the computer where WebSphere Application Server is installed and recover the backup

data.a. Stop WebSphere Application Server Network Deployment:

%WAS_HOME%\profiles\ctgAppSrv01\bin\stopServer.bat MXServer -username <wasadmin_user> -password <wasadmin_password>%WAS_HOME%\profiles\ctgAppSrv01\bin\stopNode.bat -username <wasadmin_user> -password <wasadmin_password>%WAS_HOME%\profiles\ctgDmgr01\bin\stopManager.bat -username <wasadmin_user> -password <wasadmin_password>

b. Restore the ctgDmgr01 configuration. Enter the following command on a single line.%WAS_HOME%\bin\restoreConfig.bat c:\backups\WASBackup_beforeBSI_DMProfile.zip -logfilec:\backups\restore_dmgr.log -user <wasadmin_user> -password <wasadmin_password> -profileName ctgDmgr01

c. Restore the ctgAppSrv01 configuration. Enter the following command on a single line:%WAS_HOME%\bin\restoreConfig.bat c:\backups\WASBackup_beforeBSI_AppSrvProfile.zip -logfilec:\backups\restore_appSrv01.log -user <wasadmin_user> -password <wasadmin_password>-profileName ctgAppSrv01

3. Log on to the database server as the database instance owner and recover the database. For example,if the default user is ctginst1:

2000DB2

a. set db2instance=ctginst1

b. Drop the database:db2 drop db <db_name>

c. Restore the database. Enter the following command on a single line:db2 restore database <db_name> user ctginst1 using <instance_owner_password> from <DB2_BACKUP_DIR>with 3 buffers buffer 1000 without rolling forward without prompting


4. If you are using the base services for other products that are installed in the same environment asProvisioning Manager, restore the deployment engine database to the state before installing the baseservices. For more information, see “Backing up and restoring the deployment engine database” onpage 151.

5. Log on to the computer where WebSphere Application Server is installed and start WebSphereApplication Server:

%WAS_HOME%\profiles\ctgDmgr01\bin\startManager.bat%WAS_HOME%\profiles\ctgAppSrv01\bin\startNode.bat

6. Restart the base services installation. For more information, see “Installing the base services” on page98.

Deployment of MAXIMO.ear failsThe port settings need to be properly set up on both the provisioning server and on the administrativeworkstation where the base services are installed.

Symptoms

The base services WebSphere Application Server trace logs indicate that there was a file transfer error forMAXIMO.ear.

Causes

The port settings might not be properly set up.


Verify the port settings on both the provisioning server and on the Windows computer where the baseservices are installed. On both computers, ensure that the port speed settings for the network interfacecard and for the port switch match. Setting the port speed to bidirectional communication on both thenetwork interface card and on the port switch is recommended.

Error CTGIN2252I during base services installationIf you did not encounter other installation errors for the web components and you can successfully logon to the web interface, you can continue with installation.

Symptoms

At the end of base services installation, the following error is displayed:CTGIN2252I: Can not access to base services web application.

Causes

At the end of the base services installation, the installer tries to connect to the web application. Theconnection might fail if the web application is not yet running on the application server.


If you did not encounter other installation errors for the web components and you can successfully logon to the web interface, you can continue with installation. To log on to the web interface, open abrowser window and type https://host_name:port/maximo, where host_name is the fully-qualifieddomain name of the provisioning server and the default port number is 9443.


Errors CTGIN2381E or CTGIN2489E during Maximo database upgradeBy failing to commit environmental changes when installing a second ISM family product on a systemthat already hosts another ISM family product, this error might be displayed during middlewareinstallation.

Symptoms

One of the following error messages can occur either in an installation panel, or theCTGInstallTrace00.log file:CTGIN2381E: Maximo Database upgrade command failed. Command: Database Upgrade command validation failed.

CTGIN2381E: Maximo updatedb utility would fail.

The following message can occur in the CCMDB_install.log file:CTGIN2489E: The Maximo database contains backup tables that must be manuallyremoved before this update can be applied. Please refer to the readme informationthat came with this update or the upgrade section of the guide for Planning andinstalling the product for more information.

Causes

This message indicates that there were changes made in your environment that need to be committed inthe database before new products can be added into the database.


To commit the pending database changes:1. Click Go To > System Configuration > Platform Configuration > Database Configuration.2. From the Select Action menu, click Manage Admin Mode.3. Click Turn Admin Mode ON.4. Click OK, then wait for about five minutes for the change to take effect.5. From the Select Action menu, click Apply Configuration Changes, then monitor to completion.6. Click Go To > System Configuration > Platform Configuration > Database Configuration.7. From the Select Action menu, click Manage Admin Mode.8. Click Turn Admin Mode OFF.9. Stop the MXServer.

10. In the directory <base_services_install_dir>\maximo\tools\maximo, run configdb.bat|.sh once,and dropbackup.bat|.sh twice.

11. If you get any error messages, run these scripts again.12. Continue with the installation.

The base services installation failsMake sure the deployment engine is running when installing the base services.

Symptoms

The following message is displayed at the end of the base services installation:The installation is finished, but some serious errors occurred during the install.

The error message tells you to check the file CTGInstallTrace00.log. The log file contains an error similarto the following example:


** ERROR: Autonomic Deployment Engine installation/upgrade failure.Return code: 3Failure: DE in use or general failureSee the CCMDB si_inst.log and DE logs for additional information.

If you continue with web components installation on the same computer, the installation fails.

Causes

There are several possible causes for this error.


Verify the following:1. Change to the following directory:


2. Clean up any existing .lck files.

Note: If you created images after completing stages of the Tivoli Provisioning Manager installation,the lock files might have been present in an image of the computer that you recovered before runningthe web components installer.

3. Verify that the deployment engine is running. Check the Services control panel. If the IBM ADEservice is not running, start it.

4. Set the environment:setenv.cmd

5. Run the following command from the solution installer directory.listIU.cmd

If the deployment engine engine installed correctly, you receive output similar to the followingexample:IU UUID: DDCE934782398B3E81431666515AC8B5 Name: DE ExtensionsInterfaces CLI IU Version: 1.3.1IU UUID: C37109911C8A11D98E1700061BDE7AEA Name: DeploymentEngine IU Version: 1.3.1IU RootIU UUID: D94240D11C8B11D99F2D00061BDE7AEA Name:Install IU Version: 1.3.1

6. If the deployment engine is not running properly:Copya. %TEMP%\CCMDBTaskStore

b. In MAXIMO_HOME\de directory, reinstall the deployment engine.si_inst.bat

c. Run the listIU command again.d. If the deployment engine is still is not running properly, restart the administrative workstation and

copy MAXIMO_HOME\CCMDBTaskStore back to %TEMP% or /tmp.e. Ensure that the deployment engine service is running.f. Run the listIU command again to verify the deployment engine installation.

7. Change to the MAXIMO_HOME\bin directory and run the following command:solutionInstaller -action showinstalled -type all

8. Continue the base services installation. In the MAXIMO_HOME\scripts directory, run the followingcommand:taskRunner.bat CONTINUE STOPONERROR


The base services installer fails to validate the installationSymptoms

When you have more than one middleware node installed and you import the middleware configurationinformation, the base services installation fails.

Causes

Middleware installed on different computers, with multiple middleware installer workspaces containfragments of the middleware configuration information. When you run the base services installation, itfails because it does not have the complete set of data.


When running the base services installation, deselect the Import data from Middleware Installerworkspace check box, and type all the middleware information.

Maximo business objects are out of sync between the deploymentengine and the WebSphere runtimeEnsure that the Tivoli Provisioning Manager deployment engine runtime and the Maximo WebSphereApplication Server runtime must be in sync. If any changes are made from base services, or additionalpackages to WebSphere Application Server runtime under the base services are added, it could causecode binary level to be out of sync.

Symptoms

The Tivoli Provisioning Manager server uses Maximo businessobjects.jar and other version-related xmlfiles in its deployment engine runtime, while starting MXServer as part of provisioning server startup.

Causes

The businessobjects.jar file and other xml files must be synchronized between WebSphere ApplicationServer runtime and the Tivoli Provisioning Manager LWI runtime.


After installation or upgrade, the user must check the businessobjects.jar file size and make sure thatthe version from both WebSphere Application Server and Tivoli Provisioning Manager LWI runtime arethe same size.

Note: : If this is an ISM integration use case, you must do this check each time you install or update anew Tivoli Process Automation Engine (TPAE) or application. For example, if a user installs a Changeand Configuration Management database (CCMDB) or Service Request Manager (SRM) on top of theexisting Tivoli Provisioning Manager server, or upgrading TPAE fixes/hotfixes you must check that thefiles are in sync.If the file sizes are different, you must manually align the runtimes.1. Log in to the provisioning server as tioadmin.2. Back up the businessobjects.jar folder:

v TIO_HOME\lwi\runtime\tpm\eclipse\plugins\tpm_pmp\maximoLibs

3. Go to the /WebSphere/AppServer/profiles/ctgAppSrv01/installedApps/ctgCell01/MAXIMO.ear/ andlocate the businessobjects.jar file.

4. Copy the businessobjects.jar file from the MAXIMO.ear/ folder to the Tivoli Provisioning ManagerLWI runtime folder:


cp businessobjects.jar $TIO_HOME/lwi/runtime/tpm/eclipse/plugins/tpm_pmp/maximoLibs/businessobjects.jar

5. Restart the provisioning server.

Maximo business objects from the deployment engine gets out of syncwith the ones in the application serverThe Maximo business objects that the deployment engine uses need to be in sync with the Maximobusiness objects deployed in the application server. If these objects are out of sync, it can potentiallybreak the production deployment engine.

Symptoms

If you install a fix pack for a different base services product in a base services environment, then the fixpack is only deployed on the application server. Because of this, the Maximo business objects that thedeployment engine is using might be out of sync with the ones in the application server, causing errors.

Causes

The Maximo business objects that the deployment engine uses need to be in sync with the Maximobusiness objects deployed in the application server. If these objects are out of sync, it can potentiallybreak the production deployment engine.


If you have Tivoli Provisioning Manager deployed with other base services products, you must re-createand copy the Maximo business objects used by the Web application to the deployment engine. To do this,follow these steps:1. Enter these commands in the command prompt:

MAXIMO_HOMEunzip maximo.ear businessobjects.jar

This will generate a file named businessobjects.jar.

Note: The businessobjects.jar file is extracted from the maximo.ear file that is created afterdeploying any fix pack from the MAXIMO_HOME/deployment/default directory.

2. Copy the businessobjects.jar file into the following directories:v TIO_HOME/eclipse/plugins/pm_pmp/maximoLibs

v TIO_HOME/lwi/runtime/tpm/eclipse/plugins/tpm_pmp/maximoLibs

If there is already a businessobjects.jar file in either directory, overwrite it.

Error CWLAA6003 occurs after CCMDB installationTo display the portlet, you must reinstall the ISC.

Symptoms

After the Change and Configuration Management Database (CCMDB) installation, the Manage Users andManage Groups in the ISC (Integrated Solutions Console) display the following error:CWLAA6003: Could not display the portlet, the portlet may not be started.

Causes

The ISC is corrupted following the CCMDB installation.



To reinstall the ISC:1. Back up the current environment.2. Stop the Server1 stand alone profile or dmgr (deployment manager process)3. Clean up the old logs, and workspace directory content of <WAS Server1 or dmgr>\profiles\

profileName\logs and <WAS Server1 or dmgr>\profiles\profileName\wstemp.4. Run the following command:

v WAS_HOME\profiles\profileName\bin\wsadmin.bat -conntype NONE -f deployConsole.py remove

ISC ear was removed successfully.5. Run the following command:

v

<WAS Server1 or dmgr>\profiles\profileName\bin\wsadmin.bat -conntype NONE -f deployConsole.py install

Check ISC reinstalled successfully.6. Restart Server1 or dmgr process.

Recovering from deployment engine failure during installationIf the deployment engine fails during installation, you must clean it up using the steps in this procedure.

Before you begin

You might see the following messages in the DE_Install.log file, which indicate a problem with thedeployment engine:WaitForStart main Exception is: DRDA_NoIO.S:Could not connect to Derby Network Server on host 127.0.0.1,port 4130.WaitForStart main Caught an Exception in loop #2 while pinging the NetworkServerControl server.

By default, the log file is located in:v C:\Program Files\IBM\Common\acsi\logs\Administrator

where user_name is the name of the user who installed the deployment engine.

First attempt to remove the deployment engine database using the si_inst command:

If the installation was done using the Administrator userC:\Program Files\IBM\Common\acsi\bin\si_inst -r

If the installation was done using a user other than AdministratorC:\Documents and Setting\<userid>\acsi_<user_name>\si_inst -r

where user_name is the name of the user who installed the deployment engine.

If the si_inst command does not remove the deployment engine database, delete it manually.

Removing the deployment engine database on Windows

If the installation was done using the Administrator user:1. In Windows Task Manager, select the jservice.exe process, click End Process, and then click OK.2. Remove the C:\Program Files\IBM\Common directory.3. Remove the %TEMP%\acu_de.log file, if it exists.4. Remove the %TEMP%\<user_name> directory, where user_name is the name of the user that installed the

deployment engine, for example, Administrator.


5. Open the Windows Services panel. If they exist, ensure the IBM ADE Service or ACSI Serviceservices are stopped. While stopping these services is satisfactory, if you want to remove them, deletethe acsisrv entry found in the HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services key of theWindows registry.

6. Reboot the computer.

If the installation was done using a user other than Administrator:1. Remove the C:\Documents and Settings\<user_name>\My Documents\.acsi_<user_name> directory,

where user_name is the name of the user that installed the deployment engine.2. Remove the %TEMP% \acsitempLogs_<user_name> directory.3. Remove the %TEMP% \acsiTemp_<user_name> directory.

Password policy is set to never expire during base servicesinstallationSymptoms

The following message appears in the base services installation log files:The password has been successfully set to NEVER EXPIREfor user db_user on host_name machine

where db_user is the database runtime user. The default value is maximo.

Causes

The message indicates that the user is configured so that the account does not lock during the installprocess. The base services installer did not change the password policy you configured.

Enabling RXA tracingRXA tracing is enabled to allow better troubleshooting in case there are connection problems between theadministrative workstation and the provisioning server.

Before you begin1. Ensure the connection between the administrative workstation and provisioning server is working. On

the administrative workstation, go to:v C:\IBM\SMP\scripts

2. Run the following command:v TestRXA.bat <hostname of TPM server> <username> <password>

If the connection is successful, you are returned a message like:** Successful RXA access to swgc302 using user/password: root/<password>.

swgc302 OS type: IBM AIX.

Procedure1. Set the environment variable ENABLE_RXA_TRACE=yes

2. Check that RXA tracing is enabled in the command window where you launched the installer withthe following command:v echo %ENABLE_RXA_TRACE%

3. Relaunch the base services installer.4. Check the CTG installation trace log for the RXA trace information.


Problems during core components installationSee the following information to diagnose and resolve Tivoli Provisioning Manager core componentsinstallation errors.

Step by step recovery for core components installation (custominstallation)

XMLDefaultCustom

Complete the following steps to recover from problems that you might encounter when installing TivoliProvisioning Manager for the first time using a custom installation.

Note the following general recovery information:v If the installation of a component fails and you need to modify or view the previous fields in a panel,

and then perform recovery, quit and restart the installer and select only the components that remain tobe installed.

v If the installation of a component fails during a post-installation step, for example, database failure,recover by uninstalling the failed component and restarting the installer.

v Where log files are mentioned, TEMP represents:v %TEMP%v For information about uninstalling components, see Chapter 5, “Uninstalling Tivoli Provisioning

Manager,” on page 139.

If a problem occurs during the Cygwin installation and configuration1. Check the log files to determine the problem:

C:\cygwin\var\log\TEMP/tclog_wrapper/downloadCygwinSetup.logTEMP/tclog_wrapper/downloadCygwinRep.logTEMP/tclog_wrapper/instCygwin.logTEMP/tclog_wrapper/cygwin_ssh_config.logTEMP/tclog_wrapper/cygwin_ssh_config.err

2. Resolve the cause and then try again.

2000DB2

If a problem occurs during the DB2 client installation (if using remote database)1. Check the log files to determine the problem:

TEMP/tclog_wrapper/extractDB2Client.logTEMP/tclog_wrapper/extractDB2Client_err.logTEMP/tclog_wrapper/db2install-stdout.logTEMP/tclog_wrapper/db2install-stderr.log

2. Resolve the cause of the problem.3. Uninstall the DB2 client and then try again.

2000DB2

If a problem occurs during the Tivoli Provisioning Manager installation, DB2backup1. Check the log files to determine the problem:

TEMP/tclog_wrapper/DBbackupafterMBS-stdout.logTEMP/tclog_wrapper/DBbackupafterMBS-stderr.log



If a problem occurs during the Tivoli Provisioning Manager installation,WebSphere Application Server backup1. Check the log files to determine the problem:

TEMP/tclog_wrapper/WASbackupctgDmgr01-afterMBS-stdout.logTEMP/tclog_wrapper/WASbackupctgDmgr01-afterMBS-stderr.logTEMP/tclog_wrapper/WASbackupAppSrv01-afterMBS-stdout.logTEMP/tclog_wrapper/WASbackupAppSrv01-afterMBS-stderr.log


If a problem occurs during the Tivoli Provisioning Manager installation,WebSphere Application Server configuration, JVM setup

If you plan to use the same values in the WebSphere Application Server Network DeploymentConfiguration panel after the failure:1. Check the log files to determine the problem:

TEMP/tclog_wrapper/call_was_config.logTEMP/tclog_wrapper/call_was_config_fips.log


If you plan to use different values in the WebSphere Application Server Network DeploymentConfiguration panel after the failure:1. Check the log files to determine the problem:

TEMP/tclog_wrapper/call_was_config.logTEMP/tclog_wrapper/call_was_config_fips.log

2. Resolve the cause of the problem.3. In the WebSphere Application Server console, remove the JVM parameter for the old values that were

used in the WebSphere Application Server Network Deployment Configuration panel.4. Try again.

If a problem occurs during theTivoli Provisioning Manager installation, enginesinstallation1. Check the log files to determine the problem:

TEMP/tclog_wrapper/nonUI_install.logTEMP/tclog_wrapper/nonUI_install_err.logTEMP/tclog

2. Resolve the cause of the problem.3. Restore the database and then try again.

If a problem occurs during the Agent Manager installation, profile creation1. Check the log files to determine the problem:

TEMP/tclog_wrapper/create_wasprofile.logWAS_HOME/AppServer/profiles/casprofile/logs/AboutThisProfile.txt

2. Resolve the cause of the problem.3. Clean up the agent manager profile and then try again.

If a problem occurs during the Agent Manager installation, actual installation

If only the agent manager installation fails and the agent manager profile is removed successfully:1. Check the log files to determine the problem:

TEMP/tclog_wrapper/amtrace.logTEMP/tclog_wrapper/amtrace.errTCA_HOME/logsTCA_HOME/toolkit/logs



If the failure occurs during removal of agent manager profile:1. Check the log files to determine the problem:

TEMP/tclog_wrapper/amtrace.logTEMP/tclog_wrapper/amtrace.errTCA_HOME/logsTCA_HOME/toolkit/logs


If a problem occurs during the Dynamic Content Delivery installation, registrationwith the common agent1. Check the log files to determine the problem:

TEMP/tclog_wrapper/preparePingAM.logTEMP/tclog_wrapper/preparePingAM.errTEMP/tclog_wrapper/call_pingam.logTEMP/tclog_wrapper/call_pingam_err.log

2. Resolve the cause of the problem.3. Verify that the WebSphere Application Server profile for the agent manager is running and start it, if

necessary:v Log in as the tioadmin user and run the following command:

%WAS_HOME%\profiles\<AM profile>\bin\startServer.bat server1

where the default value for <AM profile> is casprofile.4. Attempt the installation again.

If a problem occurs during the Dynamic Content Delivery installation, SSLconfiguration1. Check the log files to determine the problem:

TEMP/tclog_wrapper/config_ssl.logTEMP/tclog_wrapper/config_ssl.errTEMP/tclog_wrapper/soap-sslconfig.logTEMP/tclog_wrapper/soap-sslconfig.err





If a problem occurs during the Dynamic Content Delivery installation, actualinstallation1. Check the log files to determine the problem:

TEMP/tclog_wrapper/getAMPass4CDS.logTEMP/tclog_wrapper/getAMPass4CDS.errTEMP/tclog_wrapper/CDSinstall-stdout.logTEMP/tclog_wrapper/CDSinstall-stderr.logDCD_HOME/log

2. Resolve the cause of the problem.3. Uninstall the dynamic content delivery.


4. Verify that the WebSphere Application Server profile for the agent manager is running and start it, ifnecessary:v Log in as the tioadmin user and run the following command:



If a problem occurs during the Device manager service installation, actualinstallation1. Check the log files to determine the problem:

TEMP/tclog_wrapper/dmsinstalltrace.logTEMP/tclog_wrapper/dmsinstalltrace.err





If a problem occurs during the Device manager service installation, configuration1. Check the log files to determine the problem:

TEMP/tclog_wrapper/dmsconfigtrace.logTEMP/tclog_wrapper/dmsconfigtrace.errDMS_HOME/logs/dms_config_trace.logDMS_HOME/logs/dms_config.log

2. Resolve the cause of the problem.3. If the device manager service database was installed successfully, uninstall the device manager

service.4. If the device manager service database was not installed successfully, resolve the cause of the

problem.5. Verify that the WebSphere Application Server profile for the agent manager is running and start it, if




If a problem occurs during the Device manager service installation, SSLconfiguration1. Check the log files to determine the problem:

TEMP/tclog_wrapper/dms_getpass.logTEMP/tclog_wrapper/dms_getpass_err.log




where the default value for <AM profile> is casprofile.


4. Attempt the installation again.

If a problem occurs during the Tivoli Provisioning Manager for OS Deploymentinstallation1. Check the log files to determine the problem:

TEMP/tclog_wrapper/tpmfosd.logTEMP/tclog_wrapper/tpmfosd.errTEMP/tclog_wrapper/call_importXML4OSD.logTEMP/tclog_wrapper/call_importXML4OSD.err

2. Resolve the cause of the problem.3. Uninstall Tivoli Provisioning Manager for OS Deployment.4. Verify that the WebSphere Application Server profile for the agent manager is running and start it, if

necessary. Log in as the tioadmin user and run the following command:WAS_HOME/profiles/<AM profile>/bin/startServer.[bat|sh] server1


If a problem occurs while configuring WebSphere Application Server to run astioadmin1. Check the log files to determine the problem:

TEMP/tclog_wrapper/cas_runastioadmin.logTEMP/tclog_wrapper/cas_runastioadmin.errTEMP/tclog_wrapper/stop_CASServer_root.logTEMP/tclog_wrapper/stop_CASServer_root.errTEMP/tclog_wrapper/changePermission_cas.logTEMP/tclog_wrapper/changePermission_cas.errTEMP/tclog_wrapper/start_CASServer_tioadmin.logTEMP/tclog_wrapper/start_CASServer_tioadmin.errTEMP/tclog_wrapper/wasND_runastioadmin.logTEMP/tclog_wrapper/wasND_runastioadmin.errTEMP/tclog_wrapper/stop_MXServer_root.logTEMP/tclog_wrapper/stop_MXServer_root.errTEMP/tclog_wrapper/stop_nodedmgr_root.logTEMP/tclog_wrapper/stop_nodedmgr_root.errTEMP/tclog_wrapper/changePermission_was.logTEMP/tclog_wrapper/changePermission_was.errTEMP/tclog_wrapper/start_nodedmgr_tioadmin.logTEMP/tclog_wrapper/start_nodedmgr_tioadmin.err

2. For information how to resolve the problem, see “Error when configuring WebSphere ApplicationServer to run as tioadmin” on page 179.

2000DB2

If a problem occurs while restarting DB2 (if using a local database)1. Check the log files to determine the problem:

TEMP/tclog_wrapper/call_db2_restart.logTEMP/tclog_wrapper/call_db2_restart.err

2. Resolve the cause of the problem.3. Restart DB2 manually.

If a problem occurs while backing up the database1. Check the log files to determine the problem:

TEMP/tclog_wrapper/DBbackupafterTPMCore-stdout.logTEMP/tclog_wrapper/DBbackupafterTPMCore-stderr.log



If a problem occurs during the WebSphere Application Server backup1. Check the log files to determine the problem:

TEMP/tclog_wrapper/WASbackupctgDmgr01-afterTPMCore-stdout.logTEMP/tclog_wrapper/WASbackupctgDmgr01-afterTPMCore-stderr.logTEMP/tclog_wrapper/WASbackupAppSrv01-afterTPMCore-stdout.logTEMP/tclog_wrapper/WASbackupAppSrv01-afterTPMCore-stderr.log


Step by step recovery for core components installation (defaultinstallation)

Default

Complete the following steps to recover from problems that you might encounter when installing TivoliProvisioning Manager for the first time using a default installation.

Note the following general recovery information:v If the installation of a component fails and you need to modify or view the previous fields in a panel,

and then perform recovery, quit and restart the installer and select only the components that remain tobe installed.

v If the installation of a component fails during a post-installation step, for example, database failure,recover by uninstalling the failed component and restarting the installer.

v Where log files are mentioned, TEMP represents:– %TEMP%

v For information about uninstalling components, see Chapter 5, “Uninstalling Tivoli ProvisioningManager,” on page 139.

If a problem occurs during the Cygwin installation and configuration1. Check the log files to determine the problem:

C:\cygwin\var\log\%TEMP%\tclog_wrapper\downloadCygwinSetup.log%TEMP%\tclog_wrapper\downloadCygwinRep.log%TEMP%\tclog_wrapper\instCygwin.log%TEMP%\tclog_wrapper\cygwin_ssh_config.log%TEMP%\tclog_wrapper\cygwin_ssh_config.err


If a problem occurs during the middleware installation1. Check the log files to determine the problem.

C:\ibm\tivoli\mwi\workspace\mwi.logC:\ibm\tivoli\mwi\workspace\mwi.err

Deployment engine log files:MWI_workspace\hostname\deploymentPlan\logs\INSTALL_<timestamp>

2000DB2 DB2 log files:MWI_workspace\hostname\deploymentplan\MachinePlan_hostname\00004_DB2_9.5\install\01_BASE\INSTALL_<timestamp>\logsMWI_workspace\hostname\deploymentPlan\MachinePlan_wind\00004_DB2_9\logs

WebSphere Application Server log files:MWI_workspace\hostname\deploymentplan\MachinePlan_hostname\00009_WAS_ND_6.1\install\01_BASE\INSTALL_<timestamp>\logsMWI_workspace\hostname\deploymentPlan\MachinePlan_hostname\00009_WAS_ND_6.1\logsC:\Program Files\IBM\WebSphere\AppServer\logs\install\

Tivoli Directory Server log files:


MWI_workspace\hostname\deploymentplan\MachinePlan_hostname\00007_ITDS_6.1\install\02_BASE\INSTALL_<timestamp>\logs\MWI_workspace\hostname\deploymentPlan\MachinePlan_hostname\00006_ITDS_DB2_CCMDB\logsMWI_workspace\hostname\deploymentPlan\MachinePlan_hostname\00008_ITDS_Configuration\logs

2. Resolve the cause of the problem.3. Remove the failed component and then try again.

If a problem occurs during the base services installation, actual installation1. Check the log files to determine the problem:

v Run the following command: MAXIMO_HOME\scripts\LogZipper.bat

v Find the [current date]_[timestamp].zip file in the MAXIMO_HOME\debug directory2. Resolve the cause of the problem.3. Uninstall the base services.4. Restore the deployment engine database and try again. For more information, see Backing up and

restoring the deployment engine database.

If a problem occurs during the base services installation, backup1. Check the log files to determine the problem:

%TEMP%\tclog_wrapper\MBSBackupB4TPM-stdout.log%TEMP%\tclog_wrapper\MBSBackupB4TPM-stderr.log


If a problem occurs during the Tivoli Provisioning Manager installation, DB2backup1. Check the log files to determine the problem:

%TEMP%\tclog_wrapper\DBbackupafterMBS-stdout.log%TEMP%\tclog_wrapper\DBbackupafterMBS-stderr.log


If a problem occurs during the Tivoli Provisioning Manager installation,WebSphere Application Server backup1. Check the log files to determine the problem:

%TEMP%\tclog_wrapper\WASbackupctgDmgr01-afterMBS-stdout.log%TEMP%\tclog_wrapper\WASbackupctgDmgr01-afterMBS-stderr.log%TEMP%\tclog_wrapper\WASbackupAppSrv01-afterMBS-stdout.log%TEMP%\tclog_wrapper\WASbackupAppSrv01-afterMBS-stderr.log


If a problem occurs during the Tivoli Provisioning Manager installation,WebSphere Application Server configuration, JVM setup

If you plan to use the same values in the WebSphere Application Server Network DeploymentConfiguration panel after the failure:1. Check the log files to determine the problem:

%TEMP%\tclog_wrapper\call_was_config.log%TEMP%\tclog_wrapper\call_was_config_fips.log


If you plan to use different values in the WebSphere Application Server Network DeploymentConfiguration panel after the failure:1. Check the log files to determine the problem:

%TEMP%\tclog_wrapper\call_was_config.log%TEMP%\tclog_wrapper\call_was_config_fips.log


2. Resolve the cause of the problem.3. In the WebSphere Application Server console, remove the JVM parameter for the old values that were

used in the WebSphere Application Server Network Deployment Configuration panel.4. Try again.

If a problem occurs during the Tivoli Provisioning Manager installation, enginesinstallation1. Check the log files to determine the problem:

%TEMP%\tclog_wrapper\nonUI_install.log%TEMP%\tclog_wrapper\nonUI_install_err.log%TEMP%\tclog

2. Resolve the cause of the problem.3. Restore the database and then try again.

If a problem occurs during the Agent Manager installation, profile creation1. Check the log files to determine the problem:

%TEMP%\tclog_wrapper\create_wasprofile.logWAS_HOME\AppServer\profiles\casprofile\logs\AboutThisProfile


If a problem occurs during the Agent Manager installation, actual installation

If only the agent manager installation fails and the agent manager profile is removed successfully:1. Check the log files to determine the problem:

%TEMP%\tclog_wrapper\amtrace.log%TEMP%\tclog_wrapper\amtrace.err


If the failure occurs during removal of agent manager profile:1. Check the log files to determine the problem:

TCA_HOME\logsTCA_HOME\toolkit\logs


If a problem occurs during the Dynamic Content Delivery installation, registrationwith the common agent1. Check the log files to determine the problem:

%TEMP%\tclog_wrapper\preparePingAM.log%TEMP%\tclog_wrapper\preparePingAM.err%TEMP%\tclog_wrapper\call_pingam.log%TEMP%\tclog_wrapper\call_pingam_err.log


necessary. Log in as the tioadmin user and run the following command:WAS_HOME\profiles\<AM profile>\bin\startServer.bat server1



If a problem occurs during the Dynamic Content Delivery installation, SSLconfiguration1. Check the log files to determine the problem:

%TEMP%\tclog_wrapper\config_ssl.log%TEMP%\tclog_wrapper\config_ssl.err%TEMP%\tclog_wrapper\soap-sslconfig.log%TEMP%\tclog_wrapper\soap-sslconfig.err




If a problem occurs during the Dynamic Content Delivery installation, actualinstallation1. Check the log files to determine the problem:

%TEMP%\tclog_wrapper\getAMPass4CDS.log%TEMP%\tclog_wrapper\getAMPass4CDS.err%TEMP%\tclog_wrapper\CDSinstall-stdout.log%TEMP%\tclog_wrapper\CDSinstall-stderr.logDCD_HOME\log

2. Resolve the cause of the problem.3. Uninstall the dynamic content delivery.4. Verify that the WebSphere Application Server profile for the agent manager is running and start it, if



If a problem occurs during the Device manager service installation, actualinstallation1. Check the log files to determine the problem:

%TEMP%\tclog_wrapper\dmsinstalltrace.log%TEMP%\tclog_wrapper\dmsinstalltrace.err




If a problem occurs during the Device manager service installation, configuration1. Check the log files to determine the problem:

%TEMP%\tclog_wrapper\dmsconfigtrace.log%TEMP%\tclog_wrapper\dmsconfigtrace.errDMS_HOME\logs\dms_config_trace.logDMS_HOME\logs\dms_config.log

2. Resolve the cause of the problem.


3. If the device manager service database was installed successfully, uninstall the device managerservice.

4. If the device manager service database was not installed successfully, resolve the cause of theproblem.

5. Verify that the WebSphere Application Server profile for the agent manager is running and start it, ifnecessary. Log in as the tioadmin user and run the following command:WAS_HOME\profiles\<AM profile>\bin\startServer.bat server1


If a problem occurs during the Device manager service installation, SSLconfiguration1. Check the log files to determine the problem:

%TEMP%\tclog_wrapper\dms_getpass.log%TEMP%\tclog_wrapper\dms_getpass_err.log




If a problem occurs during the Tivoli Provisioning Manager for OS Deploymentinstallation1. Check the log files to determine the problem:

%TEMP%\tclog_wrapper\tpmfosd.log%TEMP%\tclog_wrapper\tpmfosd.err%TEMP%\tclog_wrapper\call_importXML4OSD.log%TEMP%\tclog_wrapper\call_importXML4OSD.err

2. Resolve the cause of the problem.3. Uninstall Tivoli Provisioning Manager for OS Deployment.4. Verify that the WebSphere Application Server profile for the agent manager is running and start it, if



2000DB2

If a problem occurs while restarting DB2 (if using a local database)1. Check the log files to determine the problem:

%TEMP%\tclog_wrapper\call_db2_restart.log%TEMP%\tclog_wrapper\call_db2_restart.err

2. Resolve the cause of the problem.3. Restart DB2 manually.

If a problem occurs while backing up the database1. Check the log files to determine the problem:

%TEMP%\tclog_wrapper\DBbackupafterTPMCore-stdout.log%TEMP%\tclog_wrapper\DBbackupafterTPMCore-stderr.log



If a problem occurs during the WebSphere Application Server backup1. Check the log files to determine the problem:

%TEMP%\tclog_wrapper\WASbackupctgDmgr01-afterTPMCore-stdout.log%TEMP%\tclog_wrapper\WASbackupctgDmgr01-afterTPMCore-stderr.log%TEMP%\tclog_wrapper\WASbackupAppSrv01-afterTPMCore-stdout.log%TEMP%\tclog_wrapper\WASbackupAppSrv01-afterTPMCore-stderr.log


If a problem occurs during the Process solutions installer1. Check the log files to determine the problem:

%TEMP%\tclog_wrapper\psi_tpm.logMAXIMO_HOME\solutions\logs\TPM_PMP

2. Resolve the cause of the problem.3. Restore the database.4. Restore WebSphere Application Server.5. Restore base services backup and DE database backup from after the base services installation.6. Try again.

Recovering from problems during core components installationIf the core components installation fails, restore the WebSphere Application Server and the database totheir previous states, and then start the core components installation again.

Symptoms

Installation fails during the core components installation.

Resolving the problem1. Uninstall the core components. For more information, see “Uninstalling Tivoli Provisioning Manager

core components” on page 139.2. Log on to the computer where WebSphere Application Server is installed and restore the backup data:

a. Stop WebSphere Application Server Network Deployment:WAS_HOME\profiles\ctgAppSrv01\bin\stopServer.bat MXServer -username <wasadmin_user> -password <wasadmin_password>WAS_HOME\profiles\ctgAppSrv01\bin\stopNode.bat -username <wasadmin_user> -password <wasadmin_password>WAS_HOME\profiles\ctgDmgr01\bin\stopManager.bat -username <wasadmin_user> -password <wasadmin_password>

b. Restore ctgDmgr01 configuration. Enter the command on a single line:WAS_HOME\bin\restoreConfig.bat c:\backups\WASBackup_afterMBS_ctgDmgr01.zip -logfilec:\backups\restore_dmgr.log -user <wasadmin_user> -password <wasadmin_password> -profileName ctgDmgr01

c. Restore ctgAppSrv01 configuration. Enter the command on a single line:WAS_HOME\bin\restoreConfig.bat c:\backups\WASBackup_afterMBS_AppSrv01.zip -logfilec:\backups\restore_appSrv01.log -user <wasadmin_user> -password <wasadmin_password>-profileName ctgAppSrv01

3. Log on to the database server as the database instance owner and restore the database:

2000DB2

a. Open the file TIO_HOME/config/dcm.xml to verify the database name and user name. Thename element contains an alias for the database name, and the username element containsthe user name.

b. Change the user to your DB2 instance owner. The default database owner is ctginst1. Forexample:su - ctginst1

c. Log on as Administrator and open a DB2 command window.


d. Run the following command to check for other running applicationsdb2 list applications

e. If the command lists other applications, run the following command to disconnect themdb2 force applications all

f. End the DB2 session:db2 terminate

g. Stop DB2:v If the server does not have a virtual IP address: db2stopv If the server has a virtual IP address: db2gcf -d -p 0 -i ctginst1

h. Stop all DB2 interprocess communications by running ipclean.i. Start DB2:

v If the server does not have a virtual IP address: db2startv If the server has a virtual IP address: db2gcf -u -p 0 -i ctginst1

j. Delete and uncatalog the existing database:db2 drop db db_name

where db_name is the name of the database.k. If the server has a remote database, attach to the local host alias:

db2 attach to LHOST0 user user_name using password

l. Restore the database backup:db2 restore db db_name user user_name using password from location

wherev db_name is the name of the databasev user_name is the user name of the user restoring the databasev password is the password of the userv location is the full path location of the backup

4. Log on to the computer where WebSphere Application Server is installed and start WebSphereApplication Server:WAS_HOME\profiles\ctgDmgr01\bin\startManager.batWAS_HOME\profiles\ctgAppSrv01\bin\startNode.batWAS_HOME\profiles\ctgAppSrv01\bin\startServer.bat MXServer

5. Restart the core components installation. For more information, see “Installing Tivoli ProvisioningManager core components” on page 119.

Error when configuring WebSphere Application Server to run astioadminTo recover from installation errors when installing the Tivoli Provisioning Manager core components,complete some recovery steps to bring the computer back to a consistent state.

Symptoms

Tivoli Provisioning Manager core components installation failed. The /tmp/tclog_wrapper/tcinstall.loglog file contains one of the following error messages:v Failed to configure the Agent Manager profile to run as tioadmin

v Failed to configure the WebSphere Application Server Network Deployment to run as tioadmin

v Failed to change the ownership of the Agent Manager profile

v Failed to change the ownership of the WebSphere Application Server Network Deployment



If you encounter an installation error when configuring WebSphere Application Server to run under theuser tioadmin, you need to perform some recovery steps to bring the computer back to a consistent state.v If the log contains the error Failed to configure the Agent Manager profile to run as tioadmin:

1. Check the file cas_runastioadmin.log for a detailed error message, and then fix the problem.2. Click Back to the Summary panel, then click Next to continue installation.

v If the log contains the error Failed to configure the WebSphere Application Server NetworkDeployment to run as tioadmin:1. Check the wasND_runastioadmin.log log file for a detailed error message, and fix the problem.2. Click Back to the Summary panel, then click Next to continue installation.

Errors creating the agent manager profileIf the agent manager installation fails, you might need to remove the WebSphere Application Serverprofile manually before reinstalling the agent manager.

Symptoms

During installation of the core components, one of the following errors occurs for the WebSphereApplication Server profile for the agent manager. The profile name is casprofile by default.1. The installer checks the computer to verify that it can create the profile, and the validation fails.2. The validation is successful, but the profile is not successfully created.

Causes

When the core components installer installs the agent manager, it automatically removes the WebSphereApplication Server profile for the agent manager if the agent manager installation fails. In somesituations, the automatic removal might not work and the profile must be removed manually before youtry to install the agent manager again.


Perform the following steps to address the error. The instructions use the default profile namecaseprofile.

Validation failedThe installer checks for the following requirements:v A profile with the same name does not already exist.v If a directory for the profile already exists, it must be empty.v The cell name is the same as WebSphere Application Server Network Deployment cell name.

If the validation fails, check the log files:v %TMP%\tclog_wrapper\validation_casprofile.log (or validation_casprofile.err)

To resolve the error:1. If a profile with the same name already exists, specify a different name in the installer or

remove the existing profile. To remove casprofile, run the following command:WAS_HOME/bin/manageprofiles.[bat|sh] -delete -profileName casprofile

2. If the profile directory already exists, check for an existing casprofile directory. Run thefollowing command:WAS_HOME/bin/manageprofiles.[bat|sh] -listProfiles


If casprofile is not listed, remove the directory WAS_HOME/profiles/casprofile. If casprofile islisted, specify a different profile name or remove the existing profile as described in step 1.

Validation passed but the profile cannot be created

1. Check the following log files to identify the reason why the profile cannot be created.v %TMP%\tclog_wrapper\create_wasprofile.log

2. Fix the error described in the log.3. Click Back in the core components installer to go to the panel before the installation preview.4. Click Next. The installer verifies the requirements to create the profile again. If the validation

is successful, the installer tries to create the profile again. If the validation fails, perform thesteps described in the previous section for a failed validation.

Agent Manager installation failsMultiple causes of agent manager installation failure, and their solutions.

Symptoms

The installation of the agent manager fails during the Tivoli Provisioning Manager installation.

Causes

Consult the agent manager logs to identify the cause of this problem. The agent manager log files arelocated in the AM_HOME\logs directory. Possible causes might include:v The port required for the agent manager installation might be busy.v The agent manager has already been installed on your system.


Solution 1

If no agent manager installation has been performed on the provisioning server before the TivoliProvisioning Manager installation, follow these steps:1. Consult the agent manager log files and make all the necessary changes following the instructions in

the logs.2. Install Tivoli Provisioning Manager again. The provisioning server installer will detect that Tivoli

Provisioning Manager is already installed and will install only the agent manager.

For more details on the agent manager reinstallation, refer to the Tivoli Provisioning Manager InstallationGuide.

Solution 2

If the agent manager was previously installed on the provisioning server, you must uninstall the agentmanager first, and then run the Tivoli Provisioning Manager installation again.

Important: To prevent the loss of data:v Do not uninstall the agent manager until all products that use it have been uninstalled.v Do not clean the agent manager tables from the registry or drop the registry database until all products

that use the registry are uninstalled.

To uninstall the agent manager, follow these steps:1. Stop the agent manager server if it is running:

v As a Windows service:


To stop the agent manager server if the installation program created a Windows service, use theWindows Services window or the Services folder in the Microsoft Management Console to stop theservice with the following name:IBM WebSphere Application Server V6.1 - Tivoli Agent Manager

v On Windows but not as a service:To stop the agent manager server if it is not a Windows service:a. Open a command prompt window.b. Run the following command:

WAS_HOME\profiles\casprofile\bin\stopServer server1

When the agent manager server is stopped, the following message is generated:ADMU4000I: Server server1 stop completed.

2. Optionally, remove agent manager objects from the registry database.v If the registry database is used only by the agent manager and is not shared with another program,

drop the database using the database administration tools for your type of database. If the registryis in a remote database, you might have to perform this step on the remote database server insteadof on the agent manager server.

v If the database is shared with other programs, remove the agent manager-specific tables from thedatabase by following the procedure for your database type. You can do this step on the agentmanager server, even if the registry is in a remote database:

– 2000DB2

a. In a command line window, change to the AM_HOME/db/db2 directory.b. Run the following command:

- db2cmd /c /i /w "RemoveCASTables.bat database_password"

Replace database_password with the DB2 database password.3. Start the uninstallation program for your operating system:

v Use either the Add/Remove Programs window to uninstall the agent manager, or run thefollowing command from a command prompt:AM_HOME\_uninst\uninstall.exe

4. If the agent manager application server is not named AgentManager, determine whether other Webapplications are using that application server. If no other applications are using that applicationserver, you can optionally delete the application server.

5. If you do not need the uninstallation logs, optionally delete the agent manager installation directory.By default, this is the following directory:v C:\Program Files\IBM\AgentManager

Tip: You might have to restart the system before you can delete the agent manager installationdirectory.

6. If the registry is in a remote database, run the following command on the remote database server touninstall the agent manager from that system:java -jar "Agent_Manager_install_dir/_uninstDS/uninstall.jar" -silent

7. If you do not need the uninstallation logs on the remote database server, optionally delete the agentmanager installation directory. By default, this is the following directory:v C:\Program Files\IBM\AgentManager

Tip: You might have to restart the system before you can delete the agent manager installationdirectory.

8. If you will not be reinstalling the agent manager on this system, remove the definition ofTivoliAgentRecovery from your DNS servers.


The agent manager is now uninstalled.

Reinstalling Tivoli Provisioning Manager: Install Tivoli Provisioning Manager again. The installer willdetect that Tivoli Provisioning Manager is already installed, and will install only agent manager.

The common agent and the agent manager cannot be installedThe common agent cannot be installed on the provisioning server if the agent manager is also installedon it.

Symptoms

The common agent and the agent manager cannot be installed.

Causes

Installing the common agent on the provisioning server, where the agent manager is also installed, is notsupported.


Manually uninstall the common agent.

Installation fails after WebSphere Application Server is uninstalledIf the WebSphere Application Server installation directory remains after it was uninstalled, the TivoliProvisioning Manager installation might fail.

Symptoms

The installation of Tivoli Provisioning Manager installation fails if WebSphere Application Server wasuninstalled.

Causes

If WebSphere Application Server was uninstalled but the WebSphere Application Server installationdirectory was not removed, the Tivoli Provisioning Manager installer might identify WebSphereApplication Server as installed, and then fail during theTivoli Provisioning Manager installation.


If WebSphere Application Server was uninstalled on the computer, perform the following steps:v Ensure that the WebSphere Application Server installation directory is removed. The default location is:

– C:\Program Files\IBM\WebSphere\AppServer

v Click Back in the installer until you reach the Configure the target servers panel. Click Next so thatthe installer can check again for installed components. On the Validation Summary panel, the Foundcolumn displays No if WebSphere Application Server is fully uninstalled. You can now continue withthe installation.

Core components or web components installation hangs duringCygwin installationProblems with your Cygwin installation might cause the installer to hang during prerequisite verification.

Symptoms


While the installer verifies prerequisites during Tivoli Provisioning Manager core components or webcomponents installation, the following message appears:The Installation Wizard is checking the system prerequisites.

After waiting a few minutes, the installer seems to hang and the Next button remains disabled.

Causes

There might be a problem with your Cygwin installation.

Resolving the problem1. Close the installer.2. Verify if Cygwin is installed.3. If Cygwin is not installed, install it manually. If Cygwin is installed, uninstall and then reinstall it

manually. For more information, see “Installing Cygwin manually” on page 208.

DB2 BIND warning during Tivoli Provisioning Manager for OSDeployment installationYou need to perform the BIND commands if your DB2 client and server are 9.5 and 9.1 respectively.

Symptoms

The following message appears in the installation panel:WARNING: DB2 bind warning occurred during Tivoli Provisioning Managerfor OS Deployment installation. You must bind again after the installation.For more information, see the Troubleshooting Guide.

Causes

If you have a DB2 client version 9.5 and a DB2 server version 9.1, the IBM® Data Server Runtime Clientcannot be used to bind the database utilities and DB2 CLI bind files.


Perform the BIND commands from an IBM Data Server Client (or other DB2 database product) that isrunning on the same operating system and the same DB2 version and fix pack level as the Data ServerRuntime Client.1. To get access to perform the BIND commands, run the following command:

set DB2INSTANCE=DB_INSTANCE

where DB_INSTANCE is the DB2 instance that was used to install Tivoli Provisioning Manager. Thedefault instance name is ctginst1.

2. To BIND, run the following commands:db2 terminatedb2 CONNECT TO TPMFOSDdb2 BIND path\db2schema.bnd BLOCKING ALL GRANT PUBLIC SQLERROR CONTINUEdb2 BIND path\@db2ubind.lst BLOCKING ALL GRANT PUBLIC ACTION ADDdb2 BIND path\@db2cli.lst BLOCKING ALL GRANT PUBLIC ACTION ADD

where path is the full path name of the directory where the bind files are located, such asINSTHOME\sqllib\bnd where INSTHOME represents the home directory of the DB2 instance. db2ubind.lstand db2cli.lst contain lists of required bind files used by DB2 database products. Packages that arealready bound will return an SQL0719N error. This is expected.


3. Verify that the Tivoli Provisioning Manager for OS Deployment is running. For more information, see“Starting and stopping Tivoli Provisioning Manager components” on page 213.

Tivoli Provisioning Manager installation fails with invalid directorynameTivoli Provisioning Manager installation fails if its installation directory name is longer than eightcharacters and the Windows short name capability is disabled.

Symptoms

Tivoli Provisioning Manager fails with an error message that is like the following:’D:\Program’ is not recognized as an internal or external command,operable program or batch file.

Causes

This error occurs when all of the following conditions are true:v You selected a different installation directory from the default directory.v The selected path contains a space, and the folder name with the space does not exist.v Short name capability is disabled.

By default, Windows supports the ability to create short names for directories whose names contain morethan eight characters. These abbreviated names contain the first six characters of the original name andthen a two-character extension. For example, D:\Program Files can be abbreviated by the system asD:\Progra~1. This capability must be enabled if you want to install Tivoli Provisioning Manager in adirectory other than the default directory, and if the directory name contains spaces.


To check the current configuration of short name capability, run the following command:fsutil behavior query disable8dot3

The command returns one of the following messages:

disable8dot3 = 0Short name capability is enabled.

disable8dot3 = 1Short name capability is disabled.

If short name capability is disabled, run the following command to enable it:fsutil behavior set disable8dot3 0

Silent installation exits before installation is completedThe silent installation of Tivoli Provisioning Manager exits prematurely if WebSphere Application Serveris not running.

Symptoms

The silent installation program for Tivoli Provisioning Manager exits before the installation is completed.

Causes

WebSphere Application Server was not started before the silent installation started.



Before you run the silent installation:1. Ensure that WebSphere Application Server is started.2. Ensure that WebSphere Application Server security is not running.

Disk space check failure during silent installation of TivoliProvisioning ManagerThe silent installation of Tivoli Provisioning Manager will exit prematurely if disk space check fails.

Symptoms

The silent installation of core components for Tivoli Provisioning Manager exits before the installation iscompleted. The tcinstall.log file contains the following error message:[timestamp] ERROR DiskSpaceCheckWizardAction - Disk space check failed.[partition]- [required space] MB of disk space is required, but only [free space] MB is available

Causes

There is insufficient free space on the partition mentioned.


Increase the amount of free space on the partition. If the required free space and available free space aredifferent by a margin of 1000 MB, run the following command to bypass the disk space checks:-W DiskSpaceSeq.active="False"

Command example:install/bin/setupSolarisSparc64.bin -options <response file path and name>-silent -W WzdSeq_PreInstallCheck.active="false" -W DiskSpaceSeq.active="False"

Installation fails because of unrecognized fontAn installation error occurs if a recognized font cannot be resolved on startup. This can be fixed bychanging the font settings in Reflection X.

Symptoms

During installation, the installation fails with the following error:An error has occurred. See the log file/var/tmp/TopologyInstaller/workspace/.metadata/.log

The log file also contains an error that begins with org.eclipse.swt.SWTError: Font not valid.

Causes

This error has been observed when accessing a remote computer with Reflection X. The error occurs if arecognized font cannot be resolved at startup time.


You can fix the problem by changing font settings in Reflection X.1. In the Reflection X Client Manager, navigate to Settings > Fonts. Change Sub directories and font

servers to 100dpi 75dpi misc hp sun ibm dec.


2. Reconnect to the computer that you are doing the installation on, and then run the installer again.

Cannot use hyphen in domain name suffix fieldYou cannot use the hyphen (-) character in the Domain Name Suffix field when specifying WebSphereApplication Server settings on the Tivoli Provisioning Manager configuration tab. If you must use ahyphen, do a silent installation with a modified response file.

Symptoms

The DNS suffix does not accept hyphens.

Causes

This issue applies to a custom installation. When you specify WebSphere Application Server settings onthe Tivoli Provisioning Manager configuration tab of the installer, you cannot use the hyphen (-) characterin the Domain Name Suffix field.


If you need to include a hyphen in the domain name suffix, perform a silent installation with a modifiedresponse file.1. Create your response file for a silent installation. Omit any hyphens from the domain name suffix. See

the appendix in the Tivoli Provisioning Manager Installation Guide instructions on creating a responsefile for silent installations.

2. Open the response file in a text editor and modify the domain name suffix so that it includes thehyphen character. Save your changes.

3. Perform a silent installation. See the appendix "Performing a silent installation" in the TivoliProvisioning Manager Installation Guide for instructions.

Installation of dynamic content delivery failsIf the PATH variable does not properly indicate where Java is installed, the dynamic content deliveryinstallation will fail.

Symptoms

Installation of the dynamic content delivery service fails. In the log file /opt/ibm/tivoli/ctgde/logs/cds_upgrade.txt, the following error is displayed:INSTALLER_PATH=/extra/ibm/tivoli/tio/CDS/scripts/./setup.binChecking the environmentvariables specified in the JVM files to find the JVM...Verifying... /bin/java -cp /tmp/istemp7613004171417/Verify.jarVerify java.vendorjava.versionVerification passed for / using the JVM file /tmp/istemp7613004171417/relative_to_upgrade.jvm.JavaHome is not resolved correctly in the jvm file /tmp/istemp7613004171417/relative_to_upgrade.jvm.Failed to launch the application.

Causes

The location of Java cannot be found by the installer. This error occurs when Java is installed in the/bin/java directory, when /bin is the directory listed in the PATH variable.


To fix the error, update the PATH variable so that the java command does not contain the /bin directory.1. To confirm the location of Java, run this command:


which java

If this command is unavailable on your system, run the following command instead:type java

2. If the returned value is /bin/java, run the following command to display the contents of the PATHvariable:echo $PATH

3. If the first part of the path is /bin, update the PATH variable so that /bin does not resolve the javacommand, you can:v Move /bin to the end of the list of paths in the PATH variable. Normally the java command will

resolve to /usr/bin/java.v Create a symbolic link for /bin/java under another directory and add that path to the front of the

PATH variable. For example, if you have a link in /usr/bin to the java command, ensure that/usr/bin is at the front of the PATH variable, or place /usr/bin before /bin in the list of paths.

Core components installation fails during the dependency checkThe core components installation exits with an error message during the dependency check.

Symptoms

The following error message appears:ERROR: Installation did not complete successfully.View the log at \tclog_wrapper\tcinstall.log for more details.

Causes

There are multiple versions of Cygwin on the system registry which interfere with the dependency check.

Resolving the problem1. Uninstall Cygwin and install the correct version. For more information, see Installing Cygwin.2. Restore the database backup taken after installing the base services. By default, the backup is stored

in:

v 2000DB2 <backup_dir>/DB2Backup_AfterMBS

where <backup_dir> is the directory that you selected at the end of the base services installation.3. Select Back followed by Next to try again.

Error message Insert disk 1Symptoms

During installation, an error message Insert disk 1 appears.

Causes

This is caused by a limitation of the package installer program.


If you receive this error, insert the Installation DVD for your operating system.


Tivoli Provisioning Manager does not install when terminal server isenabledThe terminal server needs to be stopped before installing Tivoli Provisioning Manager, or else adb2.exeapplication error will occur and the installation will fail.

Causes

The Tivoli Provisioning Manager installation fails with DB2 when the terminal server is enabled. There isa db2.exe application error. The DB2 command will not work.


Stop the terminal server, restart the computer, and then install again.

Editing text files changes permissionsVarious factors can change permissions when editing text files.

Symptoms

Files in a UNIX or Cygwin environment have specific permissions for the owner of the file, the group forthe file, and other users.

Causes

There are various factors that can cause can change the permissions of a file. Consider the followingfactors when editing text files:v Default user permissions. Each user has default permissions for files that they create, and those

defaults can be changed with the umask command. This means that file permissions for the user whocreated a file can be different than the permissions for another user. If you edit a file in Cygwin usingan editor such as vi, it is recommended that you log on as the owner of the file.

v If you are using a text editor that automatically creates file backups, your updated file might havedifferent permissions than the original file.

You can check the current permissions of a file in Cygwin by typing the following command:ls -l filename

where filename is the name of the file.


If you need to edit text files, ensure that the updated file retains the original file permissions.

Remote connection to database hangs when database server is on amultiprocessor computerThere might not be enough connection managers allocated from the database server. Provide additionalconnection managers and take the number of processors into account when calculating the value of agiven computer.

Symptoms

When the database server is on a multiprocessor computer, the remote connection to the database mighthang. The database server then logs the following error in the db2diag.log file:DIA3208E Error encountered in TCP/IP protocol support. TCP/IP function "accept".Socket was "920". Errno was "10061".


Causes

Not enough connection managers are allocated from the database server.

Resolving the problem1. Update the database registry DB2TCPCONNMGRS to enable the database server to provide additional

connection managers.2. Considering that DB2TCPCONNMGRS takes values between 1 and 8, use the following formula to

determine the value of a given computer:Calculate the square root of the number of processors and then round up to a maximum value of 8.

3. Run the following command to update the registry:db2set DB2TCPCONNMGRS=<value_calculated>

4. After changing the registry value, restart DB2 as follows:db2stop forcedb2start

For more information, refer to the DB2 product documentation.

Step by step recovery for IBM Tivoli Monitoring agent manualinstallationComplete the following steps to recover from problems that you might encounter when manuallyinstalling Tivoli Monitoring agent for the first time.

Symptoms

If you receive an error during the monitoring agent manual installation, check the log files to determinethe problem.

Resolving the problem1. Check the log files:

ITM_HOME\InstallITM/IBM Tivoli Monitoring for Provisioning<timestamp>.log

2. Resolve the cause of the problem.3. Uninstall the Tivoli Monitoring agent.4. Verify that the WebSphere Application Server profile for the agent manager is running and start it, if

necessary. Log in as the tioadmin user and run the following command:WAS_HOME/profiles/<AM profile>/bin/startServer.[bat|sh] server1


Problems during web components installationSee the following information to diagnose and resolve Tivoli Provisioning Manager web componentsinstallation errors.

Recovering from errors during a default installationIf the default installation fails, remove the installation and try the reinstall again.

Symptoms

Installation failed during a default installation with the error message Failed to install IBM TivoliProvisioning Manager Web components.


http://www.ibm.com/software/data/db2/udb/support/manualsv8.html


The following steps describe how to remove a default installation when:v The default installation failed during web components installation.v The installation completed successfully.

The following variables are used in the steps:

%BACKUPDIR%The directory you specified in the Backup Files Location field of the default installation installer.

%PASSWORD%The password you specified in the Generic Password field of the default installation installer.

%DBTIMESTAMP%The timestamp of the most recent database backup file in the %BACKUPDIR% directory. An example filename is:MAXDB71.0.CTGINST1.NODE0000.CATN0000.20081009193807.00

In this example, 20081009193807 is the timestamp.1. Restore the base services folder and open a DOS command prompt.

a. Exit the default installation installer and if it is still running.b. Delete the C:\ibm\SMP folder.c. Extract the contents of %BACKUPDIR%\MBSBackupBeforeTPM.zip to C:\

d. Open a DOS command window.2. Stop WebSphere Application Server. Run each command that starts with call on a single line.

call "C:\Program Files\IBM\WebSphere\AppServer\profiles\ctgAppSrv01\bin\stopNode.bat"-username wasadmin -password %PASSWORD%call "C:\Program Files\IBM\WebSphere\AppServer\profiles\ctgDmgr01\bin\stopManager.bat"-timeout 1200 -username wasadmin -password %PASSWORD%

3. Restore the DB2 database:a. Open a DB2 command window by running the following command at the command prompt:

db2cmd

b. Run the following command in the DB2 command window: set db2instance=ctginst1

c. Restart the database.

Server does not have a virtual IPRun the following commands:db2stop forcedb2start


If you are using a virtual IP address for the DB2 server, use the following commands. Inthis example, the database instance is ctginst1.db2gcf -d -p 0 -i ctginst1db2gcf -u -p 0 -i ctginst1

d. Restore the database. Enter the entire command on a single line.db2 "restore database MAXDB71 user db2admin using %PASSWORD% from %BACKUPDIR% takenat %DBTIMESTAMP% with 3 buffers buffer 1000 without rolling forward without prompting"

e. Close the DB2 window.4. Restore WebSphere Application Server configurations. Run each command that starts with call on a

single line.call "C:\Program Files\IBM\WebSphere\AppServer\profiles\ctgAppSrv01\bin\restoreConfig.bat"%BACKUPDIR%\WASBackup_afterTPMCore_AppSrv01.zip -location C:\Progra~1\IBM\WebSphere\AppServer\profiles\ctgAppSrv01\config\-logfile %BACKUPDIR%\restore_ctgAppSrv01.log -username wasadmin -password %PASSWORD% -profileName ctgAppSrv01


call "C:\Program Files\IBM\WebSphere\AppServer\profiles\ctgDmgr01\bin\restoreConfig.bat"%BACKUPDIR%\WASBackup_afterTPMCore_ctgDmgr01.zip -location C:\Progra~1\IBM\WebSphere\AppServer\profiles\ctgDmgr01\config\-logfile %BACKUPDIR%\restore_ctgDmgr01.log -username wasadmin -password %PASSWORD% -profileName ctgDmgr01

5. Restore the deployment engine registry. Run the following command at the command prompt:call "C:\Program Files\ibm\Common\acsi\bin\de_restoredb.cmd" -bfile "%BACKUPDIR%\DEBackupBeforeTPM"

6. Remove the deployed information center. Run the following command at the command prompt:rmdir /S /Q "C:\Program Files\IBM\WebSphere\AppServer\systemApps\isclite.ear\tpm_olh.war"

7. Start WebSphere Application Server. Run each command that starts with call on a single line.call "C:\Program Files\IBM\WebSphere\AppServer\profiles\ctgDmgr01\bin\startManager.bat"call "C:\Program Files\IBM\WebSphere\AppServer\profiles\ctgAppSrv01\bin\startNode.bat"

8. Run the default installation again. You must use the same user name and password that you used torun the default installation previously.

Recovering from errors during web components installationIf the web components installation fails, you must restore the provisioning server back to its previousstate, before installing the web components.

Symptoms

The web components installation has failed with the error message Failed to install IBM TivoliProvisioning Manager Web components.

Resolving the problem1. Log on to the administrative workstation as the Administrator user.2. Restore the base services folder:

a. Exit the installer if it is still running.b. Delete the base services directory. The default values are:

v C:\ibm\SMP

c. Restore the backup of the base services home directory to the removed base services folder. Thebackup name is backup_folder/MBSBackupBeforeTPM.zip, where backup_folder is the location thatyou specified in the launchpad after installing the base services.

3. Restore the deployment engine registry. Enter the following command on a single line:call "C:\Program Files\ibm\Common\acsi\bin\de_restoredb.cmd" -bfile"base_services_folder\DE_BACKUPS\AfterActions<timestamp>"

where base_services_folder is the directory where the base services are installed.4. Log on to the computer where WebSphere Application Server is installed as tioadmin and recover the

backup data:a. Stop WebSphere Application Server Network Deployment.

WAS_HOME\profiles\app_profile\bin\stopNode.bat-username was_adminID -password was_admin_pwd

WAS_HOME\profiles\dm_profile\bin\stopManager.bat-username was_adminID -password was_admin_pwd

where,

app_profileThe WebSphere Application Server profile.

was_adminIDThe WebSphere Application Server administrator ID. If you are using read-only LDAPauthentication, the default user ID is wasadmin.


was_admin_pwdThe password for the WebSphere Application Server administrator. If you are using read-onlyLDAP authentication, enter the password for the wasadmin user.

dm_profileThe deployment manager profile.

b. Restore the deployment manager profile configuration. Enter the following command on a singleline:WAS_HOME\bin\restoreConfig.bat backup_folder\WASBackup_afterTPMCore_ctgDmgr01.zip -logfilebackup_folder\restore_dmgr.log -user was_adminID-password was_admin_pwd -profileName dm_profile

where backup_folder is the backup directory where the backup data is stored.c. Restore the application server profile configuration. Enter the following command on a single line:

WAS_HOME\bin\restoreConfig.bat backup_folder\WASBackup_afterTPMCore_AppSrv01.zip -logfilebackup_folder\restore_appSrv01.log -user was_adminID-password was_admin_pwd -profileName app_profile

5. Remove the deployed information center if it exists using the Administrator user. To do this, deletethe file WAS_HOME/systemApps/isclite.ear/tpm_olh.war.

6. 2000DB2 Log on to the database server as the database instance owner and recover the database.a. Run the following command:

set DB2INSTANCE=<db2instance>

The default value for <db2instance> is CTGINST1 db2cmd.b. Restore the database. Enter the following command on a single line:

db2 restore database MAXDB71 user db_adminID using db_admin_pwdfrom backup_files_location/DB2Backup_AfterTPMCore/ with 3 buffersbuffer 1000 without rolling forward without prompting

db_adminIDThe database instance owner that was used to install Tivoli Provisioning Manager.

db_admin_pwdThe password of the database instance owner that was specified during Tivoli ProvisioningManager installation.

backup_files_locationThe directory specified in the Backup Files Location field in the Directories for CoreComponents panel.

7. Log on to the computer where WebSphere Application Server is installed and start WebSphereApplication Server.WAS_HOME\profiles\dm_profile\bin\startManager.batWAS_HOME\profiles\app_profile\bin\startNode.bat

Deployment engine error during web components installationWhile installing the web components, you might encounter errors.

Symptoms

While installing the web components, the following error is generated:Error: The IBM Autonomic Computing Deployment Engine is not working. Start or restartthe IBM Autonomic Computing Deployment Engine.



Restart the deployment engine. Run the command:v net start "IBM ADE Service"

Node agent not started during web components installationIf you are able to log on to the WebSphere Application Server, but you receive this error, the problemmight be a mismatch between data that is stored in the properties for the installation and the values youare providing.

Symptoms

An error is displayed, indicating that the node agent was not started during web components installation.

Causes

This error can be created from a variety of causes. Check the following items:1. Verify this that the node agent is started. Log on to the WebSphere Application Server console for the

node agent and see if the status is green. You can also run the startNode.bat command to check if thenode agent is started.

2. If the node agent is running, check the node agent logs for an error that indicates that the node agentis not started. The following error is an example:

Oct 8, 2008 3:09:18 PM com.ibm.tivoli.ccmdb.install.common.config.was.CfgConfigWebSphere runJythonScriptINFO: NOTE ^[runJythonScript] Result: 105^n^Oct 8, 2008 3:09:18 PM com.ibm.tivoli.ccmdb.install.common.config.was.CfgConfigWebSphere runJythonScriptFINE: NOTE ^STDOUT: WASX7246E: Cannot establish "SOAP" connection to host "MYMACHINE" because of an authentication failure.Ensure that user and password are correct on the command line or in a properties file.Exception message (if any): "ADMN0022E: Access is denied for the getProcessType operation on Server MBean because ofinsufficient or empty credentials."WASX7213I: This scripting client is not connected to a server process; please refer to the log fileC:\IBM\SMP\wasclient\logs\wsadmin.traceout for additional information.

In this example, the start script cannot determine if the node agent is running because it cannot accessthe server due to incorrect credentials. If you are able to log on to the WebSphere Application Server,but you receive this error, the problem might be a mismatch between data that is stored in theproperties for the installation and the values you are providing.


If the error is what was described above, then follow these steps:1. In <Maximo_HOME>\maximo\en\script, back up the V7110_props.xml.2. Modify the V7110_props.xml file so that it only includes values that do not exist in your MAXPROP

table. Query the MAXPROP table to see what properties have been added to the database. Forexample, if the property mxe.db.logSQLTimeLimit is already in the table, remove the<Add_property.....> tag for that entry in the XML file.

3. Rename the file to V7110_props.dbc.4. Import the base services properties located in <Maximo_HOME>\maximo\en\script\V7110_props.xml.5. In the \ibm\SMP\maximo\tools\maximo\ directory, run the updatedb command.6. After importing the properties successfully, rename the V7110_props.dbc file so that it will not be

imported again.

Log files for process solution installerA chart of log file descriptions and locations.

The process solution installer is called by the web components installer to deploy the web components.The following log files are associated with installation of web components.


Table 22. Log file information

Log type Description Location

Package log These files contain the StdOut andStdErr output of external commandslaunched by the package as it isprocessed by the deployment engine.These log files are typically vital tothe debugging of package issues.

In general, logs have two parts, a.out and .err file, both with thesame pre-extension file name. The.out files contain the contents of theStandard Output stream as generatedby the external command. The .errfiles contain the contents of theStandard Error stream. It is commonfor one part to be blank, providedthere was no error output (or if therewere only error outputs).

You might discover numerous (10-20)package log files generated for anyparticular package installed.

MAXIMO_HOME\solutions\logs\<PACKAGE_NAME>\

For instance, if PSI encounters anerror in the Change package, and thebase services installation directory isC:\IBM\SMP, then the logs for theChange Package would be found in:C:\IBM\SMP\solutions\logs\Change_PMP\.

Tivoli Provisioning Manager log The are logs kept by the PSIsubsystem.

MAXIMO_HOME\logs\CTGInstallMessageXX.log

MAXIMO_HOME\logs\CTGInstallTraceXX.log

XX is a two-digit number such as 00.These logs contain the trace output ofthe PSI subsystem.

Note: You might encounter messageslike the following in theMAXIMO_DEPLOY_ERR.err file found inthe MAXIMO_HOME\solutions\logsdirectory for a process manager onceit has been installed:

v sys-package-mgr: processing newjar, C:\IBM\SMP\lib\icl.jar

v sys-package-mgr: processing newjar, C:\IBM\SMP\lib\CTGInstallCommon.jar

v sys-package-mgr: processing newjar, C:\IBM\SMP\lib\CTGInstallResources.jar

Although these messages are foundin the error log file, they areinformational only, and do notrepresent deployment errors. Thesemessages can be safely ignored.


Table 22. Log file information (continued)


Solution Install/Deployment EngineLogs

These are logs kept by the IBMSolution Installer/Deployment enginerun time. PSI uses the IBMtechnology as the means to installand track installed packages. Thisrun time has its own logging system.

Note: After an installation these logswill contain sensitive credentials. It isstrongly recommended that theselogs be removed after a successfulinstall.

C:\Program Files\IBM\Common\acsi\logs\<USERNAME>\de_msg.log

C:\Program Files\IBM\Common\acsi\logs\<USERNAME>\de_trace.log

So for instance, if you installed underthe user name tioadmin, the logswould be found under:

v C:\Program Files\IBM\Common\acsi\logs\tioadmin\de_msg.log

v /usr/ibm/common/acsi/tioadmin/de_msg.log

WebSphere Application Server Logs These are logs kept of connections,exceptions, and other failuresexperienced by the WebSphereApplication Server in its day-to-dayrunning. These logs are often helpfulin the diagnosis of errors inparticular EAR files or otherback-end operations, such asdatabase connections.

WAS_HOME\profiles\<PROFILE>\logs\AboutThisProfile.txt

WAS_HOME\profiles\<PROFILE>\logs\<SERVER_NAME>\startServer.log

WAS_HOME\profiles\<PROFILE>\logs\<SERVER_NAME>\stopServer.log

WAS_HOME\profiles\<PROFILE>\logs\<SERVER_NAME>\SystemErr.log

WAS_HOME\profiles\<PROFILE>\logs\<SERVER_NAME>\SystemOut.log

For example, if your WebSphereApplication Server is installed in theC:\IBM\WebSphere\AppServer\, yourprofile name is AppSrv01, and yourserver name is server1, your logswould be in this location:C:\IBM\WebSphere\AppServer\profiles\AppSrv01\logs\AboutThisProfile.txt

Maximo Logs There are also a few logs kept byMaximo itself. These are useful intracking the progress, success, andfailure of a few back-end commandsprovided by Maximo.

MAXIMO_HOME\maximo\tools\maximo\log\updatedb<TIMESTAMP>.log

For example, if your base servicesinstallation directory isC:\IBM\SMP\Maximo, and that you runthe UpdateDB command on April19th at approximately 5:06:07PM, thelogging information would be writtento these files: C:\IBM\SMP\Maximo\tools\maximo\log\updatedb20070419170607.log


Table 22. Log file information (continued)


WAS Thin Client Logs The WAS thin client is themechanism by which the processmanager packages communicate withthe WebSphere Application Server. Ifthis automated deployment fails, theexact actions the Thin Client tookand the associated responses from theWebSphere Application Server arestored in logs.

MAXIMO_HOME\wasclient\logs\CTGIN_wsadmin.traceout

MAXIMO_HOME\wasclient\logs\wsadmin.traceout

MAXIMO_HOME\wasclient\logs\wsadmin.valout

It is a good practice to rename existing logs before attempting a package installation. It is useful to have alog that consists only of the information related to the success or failure of current package installation tofacilitate problem determination.

Core components or web components installation hangs duringCygwin installationProblems with your Cygwin installation might cause the installer to hang during prerequisite verification.

Symptoms

While the installer verifies prerequisites during Tivoli Provisioning Manager core components or webcomponents installation, the following message appears:The Installation Wizard is checking the system prerequisites.

After waiting a few minutes, the installer seems to hang and the Next button remains disabled.

Causes

There might be a problem with your Cygwin installation.

Resolving the problem1. Close the installer.2. Verify if Cygwin is installed.3. If Cygwin is not installed, install it manually. If Cygwin is installed, uninstall and then reinstall it

manually. For more information, see “Installing Cygwin manually” on page 208.

Silent installation of Tivoli Provisioning Manager failsA silent installation of Tivoli Provisioning Manager will fail if Cygwin is not installed.

Symptoms

The silent installation of Tivoli Provisioning Manager fails.

Causes

Cygwin is not installed. Tivoli Provisioning Manager requires Cygwin, and required Cygwin settings areconfigured during the installation process. Cygwin is not automatically installed during the TivoliProvisioning Manager silent install.


Install Cygwin manually before running the silent installation.


First discovery fails after installing CygwinAfter installing Cygwin, the first discovery fails because of a missing directory. Create the directory andthen proceed normally.

Symptoms

During the first discovery target server validation after installing Cygwin, an error message like thefollowing is displayed:First discovery failed: /home/administrator does not exist

Causes

After Cygwin is installed, no /home/Administrator directory is created. When the first discovery does notdetect this directory, the error message is displayed.

Resolving the problem1. Click OK to close the error window.2. Double-click the Cygwin icon on the Windows desktop on the Tivoli Provisioning Manager compute

to create the missing directory.3. Click Next in the installer to continue with the installation.

Cygwin installation failsCygwin installation will not work if the download site is unavailable. Choose a different download siteand try again.

Symptoms

The Cygwin installation fails.

Causes

The download site that you chose for the Cygwin install might be unavailable.

Resolving the problem1. Click Back.2. Select a different download site from the Cygwin Download Mirror Sites list.3. Click Next to continue with the installation.

If the problem persists, cancel the installation, uninstall Cygwin, and then attempt to install Cygwinmanually. For more information, see “Installing Cygwin manually” on page 208.

Missing tools from Cygwin installationIf you installed Cygwin manually, you might be missing some of the required Cygwin installationpackages and be missing tools such as Telnet or FTP as a result.

Symptoms

You receive an error message that refers to missing tools, such as Telnet or FTP.

Causes

If you installed Cygwin manually, you might be missing some of the required Cygwin installationpackages.



Verify that you have a fresh Cygwin installation with all the required Cygwin packages. For moreinformation, see “Installing Cygwin manually” on page 208.

Web components installation fails with registry service unavailableJava exception (IURegException)

Symptoms

The following IURegException appears in MAXIMO_HOME\logs\CTGInstallTrace00.log:FINE: ENTER^java.lang.RuntimeException: com.ibm.ac.si.iuregistry.IURegException:IURegistryServiceUnavailable


Ensure that the deployment engine is working by running the following commands and examine theoutput:1. Program Files\IBM\Common\acsi\setenv

2. Program Files\IBM\Common\acsi\bin\listIU

If the listIU command reports no output or a return code of 2, then the deployment engine is not in aworking state.1. Check the log files under Program Files\IBM\Common\acsi\logs\Administrator.2. Use the Windows Control Panel to stop and start the service called IBM ADE Service.3. Run the listIU command again.4. Start the web component installation again.

Turning on Admin mode is slowInteractive user sessions or background processing might be occurring at the same time Admin mode isturning on. It will eventually turn on if left alone, but you can also use it immediately by running theconfigdb command.

Symptoms

Turning on Admin mode from the Database Configuration application takes a long time.

Causes

Interactive user sessions or background processing might be occurring at the same time Admin mode isturning on.


Typically, if left alone, Admin mode will eventually turn on. However, if you need to quickly applydatabase configuration changes, you can manually run the configdb command to get into Admin modewithout waiting.

Note: You must have login access to the installation admin workstation to run the configdb command.

Follow the steps below to quickly turn on Admin mode:1. Stop the application server, WebSphere MX server, either using the WebSphere Administrative

Console or the command line.


2. Stop the deployment engine using the tio.cmd stop command.3. Run the configDB command. For more information about this command, see the section called

Configuring the database in the System Administrator Guide.

Other problemsSee the following information to diagnose and resolve other problems and installation errors.

Log file errors after successful installation on Microsoft WindowsServer 2008 R2 Standard Edition (x86 64-bit) any SPAfter a successful installation of Tivoli Provisioning Manager on Microsoft Windows Server 2008 R2Standard Edition (x86 64-bit) any SP, several log files might contain error messages. These particular errormessages do not indicate a problem with your installation and you can ignore them.

Symptoms

After successfully installing Tivoli Provisioning Manager, several log files contain error messages.

Diagnosing the problem

Several log files contain error messages. Some of the log files that contain error messages are:v TIO_LOGS/trace.log

v TIO_LOGS/console.log

v TIO_LOGS/install_wrapper/tcinstall.log

The error messages look like the following:ERROR [Workflow Dispatcher] (WorkflowDispatcher.java:243): COPDEX040EAn unexpected deployment engine exception occurred: java.lang.ClassNotFoundException: com.ibm.tivoli.orchestrator.de.dto.maximo.DeploymentRequestDAO.


You can ignore these error messages. They do not indicate a problem with your installation.

Cannot log on after successful installationIf you specify a user ID during base services installation that does not exactly match the correspondingTivoli Provisioning Manager database user ID, the installation completes successfully but you cannot login to Tivoli Provisioning Manager. The user ID authentication validation between LDAP and the TivoliProvisioning Manager MAXUSER table is case-sensitive so the values must be identical.

Symptoms

After successfully installing Tivoli Provisioning Manager using the "Use WebSphere application securityonly for authentication" option, you cannot log in to Tivoli Provisioning Manager as the Admin user. Youreceive the following error message when you try to log in:BMXAAA0035E - The user Admin is not recognized. Please contact your system administrator

Causes

If the Tivoli Provisioning Manager user ID in the MAXUSER table does not exactly match the user IDvalue in LDAP, the user ID is not recognized and you cannot log in. When you try to log in, the TivoliProvisioning Manager authentication service validates the user ID with the user ID value in LDAP. Theuser ID validation is case-sensitive so the Tivoli Provisioning Manager table name value and the user IDvalue in LDAP must be identical.



To resolve this problem, you can update the user ID values in the Tivoli Provisioning ManagerMAXUSER and the CREDENTIALS_PASSWORD database tables to match the LDAP values. To do this,complete the following steps:1. Determine the value of the MAXUSER table. For example, if your LOGINID is Maxadmin, run a SQL

command like the following:SELECT USERID,LOGINID FROM MAXUSER WHERE LOGINID=’Maxadmin’

This returns output like:USERID LOGINID--------------------------------------------------MAXADMIN Maxadmin

1 record(s) selected.

2. Update the database record to match the LDAP record by running a SQL command like the followingone:UPDATE MAXUSER SET LOGINID=’<ldap_loginname>’ WHERE LOGINID=’Maxadmin’

For example, if LOGINID in LDAP is maxadmin, update the database table as follows:UPDATE MAXUSER SET LOGINID=’maxadmin’ WHERE LOGINID=’Maxadmin’

3. Determine the values of the CREDENTIALS_PASSWORD table by running a command like thefollowing:SELECT USER_NAME FROM CREDENTIALS_PASSWORD WHERE USER_NAME=’Maxadmin’

4. If there are no values in the CREDENTIALS_PASSWORD table, you can proceed to log in to TivoliProvisioning Manager. If there are values in the CREDENTIALS_PASSWORD table, run the followingcommand:UPDATE CREDENTIALS_PASSWORD SET USER_NAME=’maxadmin’ WHERE USER_NAME=’Maxadmin’

You should now be able to log in to Tivoli Provisioning Manager.

For information about the user attribute mappings between LDAP and Tivoli Provisioning Manager, seeAttribute mapping from LDAP to IBM Tivoli Provisioning Manager in the information center.

Collecting information about installation problemsUse this list to collect information when contacting IBM Tivoli Software Support.

If you need to contact IBM Tivoli Software Support, collect the following information.v Operating system type and version, including service packs and fix packs.v Hardware description.v The installation log files. You can use the IBM Support Assistant to collect log files.

For information about IBM Support Assistant, see Using log files for troubleshooting in the informationcenter.

Note: Log files are encoded in UTF-8 format. When you are viewing log files, ensure that you areusing a text editor that supports UTF-8, for example Windows Notepad.

v The version of WebSphere Application Server. Run the following command from the WAS_HOME/bindirectory:genVersionReport.bat

The command generates a report called versionReport.html, which identifies the installed version ofWebSphere Application Server and all installed maintenance packages.


v The version of the database server.

2000DB2 To check the version of DB2, run db2level

v The version of Java. Change to the WAS_HOME directory and run:java -version

v Installation media type (disks or electronic download) and level.v Any Windows event log relevant to the installation error.v Windows services that were active during the installation, for example, antivirus software.v If you are logged on to the computer locally. Running the installation using Remote Desktop is not

supported.v If you are logged on as a local administrator or a domain administrator. Cross-domain installation is

not supported.

Procedure

1. Default If you performed a default installation, review information about the values used for theinstallation. You might need this information to perform some recovery actions. You can also use thesevalues if want to reinstall the product using the custom installation option.

2. Middleware installation: See “The middleware installer logs” on page 34 for information about themiddleware installation logs.

3. Discovery: The installer uses discovery software to identify software and hardware on your computer.

Table 23. Discovery logs

Type of information Header

Installation of Inventorydiscovery

If there are installation errors, checkv %TEMP%\cit\cit.log

Inventory discovery scanlog

v %TEMP%\CITTrace.log

The results of discovery The files are located in:

v %TEMP%

Results are stored in XML files with the fully qualified domain name in the file name.For example if the fully qualified domain name is tpmserver.example.com, the filenames include:

cit_tpmserver.example.com_output.xmltpmserver.example.com_hwoutput.xmltpmserver.example.com_swoutput.xmltpmserver.example.com_vpdoutput.xml

For some errors, for example, insufficient disk space, you can click Back in the installer to go to thepanel before the error occurred, resolve the problem by making more space available, and then clickNext to continue with the installation.v %TIO_LOGS%\install

4. Software installation: The following log files are created during the software installation:

Table 24. Log files for product components

Component Log file

Cygwin Log files are located in %TEMP%\cygwin-logs


Table 24. Log files for product components (continued)

Component Log file

Tivoli ProvisioningManager core components %TIO_LOGS%\install

Logs for the Tivoli Provisioning Manager core component installer are located inTIO_LOGS/install_wrapper.

If these logs are not available, you can also check the following locations:

%TMP%\tclog and %TMP%\tclog_wrapper

WebSphere ApplicationServer WebSphere Application Server

v %TEMP%\was-logs\was-ismp-install.log

WebSphere Application Server SystemOut log

v %WAS_HOME%\profiles\ctgAppSrv01\logs\MXServer\SystemOut.log

Logs created by WebSphere Application ServerLogs are stored in the following locations:v %WAS_HOME%\logs

<user_root>\logs

v where <user_root> is the WebSphere Application Server profile installationpath. The defaults are:

– %WAS_HOME%\profiles\ctgDmgr01\logs

– %WAS_HOME%\profiles\ctgAppSrv01\logs

DB2 The main installation logs are located in:

v %TEMP%\db2_install_log.#####

Search for additional log files that start with db2 for other log information.

Agent Manager Agent Manager

v AgentManager\logs\AMReturnValues.log

v AgentManager\logs\am_upgrade.log

where AgentManager is the Agent Manager installation directory.

Agent Manager certificate generationwsadmin.traceout

Dynamic Content Delivery Check the following location:

v C:\Program Files\IBM\tivoli\common\ctgde

The log files are:

v trace_manager_install.log

v trace_isx_install.log

v *.out

v *.err

Ensure that you check the *.out and *.err files, even if they are 0 KB.

If you see errors starting with The system cannot find the path specified in theMC-WAS-install-AS-CAS.err file, you can ignore them as they do not indicate aproblem with the Dynamic Content Delivery services.


Table 24. Log files for product components (continued)

Component Log file

Tivoli ProvisioningManager for JobManagement Servicefederator

The following log files are in TIO_HOME\DeviceManager\log:

DMS_install.logContains information about the Tivoli Provisioning Manager for JobManagement Service federator installation.

dms_config_trace.logContains detailed installation information when Tivoli Provisioning Managerfor Job Management Service federator server and database is configured. Italso contains trace information after running the DMSconfig orDMSremoveconfig command with the showtrace option

dms_config_trace.logContains messages after running the DMSconfig or DMSremoveconfigcommand.

Values used for configuration are in:

TIO_HOME\DeviceManager\config\DMSconfig.properties

The base services Collect the log files from the computer where the base services are installed:

v Run the following command:

– MAXIMO_HOME\scripts\LogZipper.bat

v Find the [current date]_[timestamp].zip file in the MAXIMO_HOME\debug directory.

v CTGInstallMessage[nn].log and CTGInstallTrace[nn].log in the followingdirectories:

– C:\Documents and Settings\Administrator

Collect the log files from the computer where WebSphere Application Server isinstalled:

v Logs under the application server directory, for example, C:\IBM\WebSphere\AppServer\profiles\ctgAppSrv01\logs

v Deployment manager logs in the deployment manager directory, for example,C:\WebSphere\DeploymentManager\logs

Tivoli common directory The Tivoli common log directory:

v C:\Program Files\IBM\tivoli\common\COP\logs

5. Starting Tivoli Provisioning Manager. When you start Tivoli Provisioning Manager, the filetio_start.log is created in the default location:v C:\Program Files\IBM\tivoli\common\COP\logs

6. Uninstallation: When you uninstall Tivoli Provisioning Manager core components, the log files arelocated in:v %TIO_LOGS%\uninstallIf the logs are not available in this location, check the following location:v %TMP%/tclog_uninstall


Appendix B. Other installation and configuration tasks

The topics in this section provide information about installation and configuration tasks that support theinstallation of Tivoli Provisioning Manager.

Installing Tivoli Provisioning Manager with default valuesDefault

In a default installation, all software is installed on a single Windows computer and default values areused for installation settings.

Before you begin

The following limitations apply to the default installation:v A default installation is only supported on Windows.v A default installation is only supported on disk C:\. Verify that the disk space requirements are met on

disk C:\.v A default installation is not supported in Japanese due to limitations with the directory server

installation. You must perform a custom installation instead.

The following diagram shows the high level steps for a default installation.

To install Tivoli Provisioning Manager using a default installation:

Procedure1. Log on with an account with system administration privileges.2. Double-click launchpad64.exe (Windows 64-bit) or launchpad.exe (Windows 32-bit) from the

launchpad directory. If you are installing from a DVD, the launchpad is on the Installation DVD forWindows.

3. In the launchpad, select a language and click OK.4. Click Default Installation and click Run default installation.5. In the Welcome panel, click Next.6. On the Select Components panel, leave all the check boxes selected.7. If you selected Tivoli Provisioning Manager for OS Deployment, accept the license agreement and

click Next.

Post-installationSoftware installation

3. Verify yourinstallation

2. Perform requiredconfiguration

Software is installed

1. Run the defaultinstallation

Figure 3. Default installation steps


8. If Cygwin is already installed, specify the directory where Cygwin is installed and click Next.v If you do not require support for IPv6 communication in the Tivoli Provisioning Manager

environment, Cygwin 1.5.10 or later is required.v If you require support for IPv6 communication in the Tivoli Provisioning Manager environment,

Cygwin 1.7 or later is required.

If you want to install Cygwin, specify all required fields and click Next.

Select a Cygwin download mirror siteSelect a location that you want to use to download Cygwin installation files. A location thatis geographically closest to you is recommended.

User NameSpecify the user name for running the Cygwin SSH service.

9. On the Default Installation panel, specify the remaining settings for the installation and then clickNext.

Generic Password for Default InstallationSpecify the password that you want to use for the main Tivoli Provisioning Manageradministrator user, tioadmin, the database instance owner, and other administrator userscreated during installation. The password must meet DB2 password requirements describedin “Preinstallation Step 7: Verify requirements for user names, database names, and userpasswords” on page 21.

Workstation Login User NameSpecify the administrator user that you are using to perform the installation. The defaultWindows administrator user is Administrator.

Location of ImagesSpecify the full path for the directory that contains the installation images. If you want tocopy the installation images from disks, select the Copy installation images from mediacheck box and specify the location of the images.

Specify the temporary directory for uncompressing installation imagesSelect a temporary directory location to use during installation for extracting installation filesfrom installation images.

Fully-Qualified Host NameThe fully qualified domain name of the computer. For example, tpmserver.example.com. Thisvalue is case-sensitive.

Backup Files LocationThe installer creates a backup of the database and key configuration files after the corecomponent installation completes successfully. Specify the location where you want to storethe backup.

When you click Next, the installer validates the workstation login information and then displays asummary of your installation settings. If you selected the option to copy installation files fromDVDs, you will be prompted to insert the DVDs so that the files can be copied. After the DVDs arecopied, insert the Installation DVD for Windows again.

10. Review your installation settings and then click Next.

Results

The default installation is complete.

When the launchpad is running, the generated launchpad messages are captured in a hidden log frame.To display the log frame on the bottom of the launchpad panels during run time, hold Ctrl and click inthe banner frame of the launchpad. Messages that are generated while the launchpad is running are notautomatically saved on the hard disk. You can save the messages from a runtime session by clicking Save


at the bottom of the log frame and specifying where you want to save the file.

What to do next

Start Tivoli Provisioning Manager by running the following command:tio start tpm

After it has started, open a web browser and log on by typing: https://host_name:9443/maximo. Oncelogged on, the user name and password are maxadmin and maxadmin.

Removing a default installation

To remove a completed default installation, you must restore a system image that was captured beforeyou started the installation. This approach is useful in situations where you have installed TivoliProvisioning Manager for testing or evaluation purposes.

To remove a default installation at different stages, because the installation has failed, see “Step by steprecovery for core components installation (default installation)” on page 173.

When you have completely removed all Tivoli Provisioning Manager software, you can reinstall theproduct if needed.

Silent installation and other installation tasksThe following tasks are not mandatory for a Tivoli Provisioning Manager installation, but might be usefuldepending on the configuration and products that you are using together with Tivoli ProvisioningManager. These topics can be found in the Tivoli Provisioning Manager wiki.

Installation of Tivoli Change and Configuration Management Database (CCMDB)with Tivoli Provisioning Manager

See Installation of IBM Tivoli Change and Configuration Management Database and Tivoli ServiceRequest Manager with Tivoli Provisioning Manager version 7.2.

This task provides high-level instructions for installing Tivoli Provisioning Manager 7.2 to coexist withTivoli Change and Configuration Management Database (CCMDB) 7.2.0.1 on the same system.

Installation of Tivoli Service Request Manager (SRM) with Tivoli ProvisioningManager

See Installation of IBM Tivoli Change and Configuration Management Database and Tivoli ServiceRequest Manager with Tivoli Provisioning Manager version 7.2.

This task provides high-level instructions for installing Tivoli Provisioning Manager 7.2 to coexist withTivoli Service Request Manager (SRM) 7.2.0.1 on the same system.

Silent installation

Default installation. See Installing Tivoli Provisioning Manager silently - default installation

Custom installation. See Installing Tivoli Provisioning Manager silently - custom installation

Uninstalling IBM Agent Controller

Manually installing the IBM Tivoli Agent Controller

Appendix B. Other installation tasks 207





https://www.ibm.com/developerworks/wikis/display/tivoliprovisioningmanager/Installing+Tivoli+Provisioning+Manager+silently+default+installation

https://www.ibm.com/developerworks/wikis/display/tivoliprovisioningmanager/Installing+Tivoli+Provisioning+Manager+silently+-+custom+installation

https://www.ibm.com/developerworks/wikis/display/tivoliprovisioningmanager/Manually+installing+the+IBM+Tivoli+Agent+Controller

Installing the monitoring agent for Tivoli Provisioning Manager

Manually installing the monitoring agent for Tivoli Provisioning Manager

Checking WebSphere Application Server status and version

Checking WebSphere Application Server status and version

Backing up the database and important data

Backing up the database and important data

Changing default passwords

Changing default passwords

Changing the transfer mode for the DVD-ROM

Changing the transfer mode for the DVD-ROM

Updating the port for the information center

Updating the port for the information center

Installing Cygwin manuallyThe Tivoli Provisioning Manager core components installer and web components installer require a freshinstallation of Cygwin, and the computer must have only one Cygwin installation.

Before you beginv If you do not require support for IPv6 communication in the Tivoli Provisioning Manager environment,

Cygwin 1.5.10 or later is required.v If you require support for IPv6 communication in the Tivoli Provisioning Manager environment,

Cygwin 1.7 or later is required.

Note: Install Cygwin just before installing the core components. During a middleware installationCygwin might cause an installation failure.

If an existing version of Cygwin is installed, perform the following steps to remove it. For additionaldetails, see Setting up Cygwin. After Cygwin is removed, you can install it again.

Removing a Cygwin installation

To remove Cygwin:1. Remove all Cygwin services such as sshd, cron, cygserver, and inetd. If the service is running, stop it

with the following command:cygrunsrv -E name

where name is the name of the service. Then uninstall the service with the following command:cygrunsrv -R name

2. Stop the X11 server if it is running, and stop any Cygwin programs that might be running in thebackground. Remove all mount information with the following command:umount -A


https://www.ibm.com/developerworks/wikis/display/tivoliprovisioningmanager/Manually+installing+the+monitoring+agent+for+Tivoli+Provisioning+Manager

https://www.ibm.com/developerworks/wikis/display/tivoliprovisioningmanager/Checking+WebSphere+Application+Server+status+and+version

https://www.ibm.com/developerworks/wikis/display/tivoliprovisioningmanager/Backing+up+the+database+and+important+data

https://www.ibm.com/developerworks/wikis/display/tivoliprovisioningmanager/Changing+default+passwords

https://www.ibm.com/developerworks/wikis/display/tivoliprovisioningmanager/Changing+the+transfer+mode+for+the+DVD-ROM

https://www.ibm.com/developerworks/wikis/display/tivoliprovisioningmanager/Updating+the+port+for+the+information+center

http://cygwin.com/faq/faq.setup.html

Exit the command prompt and ensure that no Cygwin processes remain.3. Delete the Cygwin installation directory and all its subdirectories.

v If you receive an error about an object is in use, ensure that all services are stopped and all Cygwinprograms are closed.

v If you receive a Permission Denied error, modify the permissions or ownership to your useraccount on the files or folders that caused the error. To change ownership for the Cygwin folderfrom Windows Explorer, right-click the Cygwin folder and click Properties. On the Security tab,click Advanced. On the Owner tab, ensure that your account is listed as the owner. Select theReplace owner on subcontainers and objects check box and then click OK.

4. Delete the Cygwin shortcuts on the Desktop and Start Menu.5. If you added Cygwin to your system path, remove it.6. If you set the CYGWIN environment variable, remove it.7. In Windows Registry, delete the registry tree Software\Cygnus Solutions under HKEY_LOCAL_MACHINE

and HKEY_CURRENT_USER, if it exists. Normally, the only information stored in the registry is the mountinformation.

8. Reboot the computer.

Installing Cygwin manually

To install Cygwin manually:1. Log on to the Windows computer using a user account with administrator privileges.2. Go to www.cygwin.com and install an appropriate version of Cygwin based on the Cygwin version

requirements.3. On the Select Package panel of the Cygwin installer, clear the Hide obsolete and administrative

packages check box.4. Select the following packages:

Table 25. Cygwin packages

Category Package

AdminAll default packages and the following additional packages:croncygrunsrv (contains cygrunsrv.exe)shutdown

ArchiveAll default packages and the following additional packages:cabextractsharutilsunzipzip

Base All default packages and the following additional packages:

bash (contains bash.exe)gzip (contains gzip.exe)

Database All default packages

DevelAll default packages and the following additional package:cvs

DocAll default packages and the following additional package:perl_manpages


http://www.cygwin.com

Table 25. Cygwin packages (continued)

Category Package

EditorsAll default packages and the following additional packages:edvim

Gnome All default packages

Graphics All default packages

InterpretersThe following packages:expect (contains expect.exe)gawkperl

Libs All default packages

Mail All default packages

Math All default packages

Net All default packages and the following additional packages:

curlinetutils (telnet, ftp)openssh (contains ssh.exe)openssl (contains ssl.exe)pingrsyncurlgrabber

Publishing All default packages

ShellsAll default packages and the following additional packages:ashbash (contains bash.exe)

System All default packages

TextAll default packages and the following additional package:util-linux

UtilsAll default packages and the following additional packages:ccryptcpiocygutilsdiffutilsfilekeychaintime

WebAll default packages and the following additional package:wget

X11 All default packages

PostInstallLast All default packages

python All default packages

5. After installation, add the Cygwin\bin directory to your Windows %PATH% environment variable. Thedirectory must be the first one in the %PATH% variable.


a. On the desktop, right-click My Computer and click Properties.b. Click the Advanced tab.c. Click Environment Variables.d. In the System Variables section, edit the value of the Path variable. The following example shows

a Path value with the Cygwin\bin directory at the beginning. The actual contents of the variablewill depend on the configuration of your computer.

PATH=C:\Cygwin\bin;%SystemRoot%\system32

6. Ensure that permissions are set properly. Open a Cygwin console and run the following commands:chmod +r /etc/passwdchmod +r /etc/groupchmod 755 /var

7. Ensure that SSH is running. To set up SSH, run the command ssh-host-config -y locally on thecomputer. Running it from a remote desktop can cause problems with Tivoli Provisioning Managerinstallation.

8. If you modified the PATH variable, reboot the computer before you continue with Tivoli ProvisioningManager installation to ensure that the changes take effect.

Starting and stoppingStarting and stopping the provisioning server.

See the following topics for more information about starting and stopping the provisioning server.

Starting and stopping the provisioning server on WindowsStarting the provisioning server allows you work with the web interface.

Starting the provisioning serverBefore you begin1. Ensure that the middleware applications are started. These services are started automatically after

installation or after a reboot, except for the Tivoli Directory Server database instance andadministration daemon. To start the middleware, see “Starting middleware on Windows” on page 94.

2. 2008 Select the option Run as administrator for all the commands that you run from%TIO_HOME%\tools. For more information about user account control in Windows 2008, see UserAccount Control Step-by-Step Guide.

Use the following procedure if the provisioning server is stopped and you must restart it. After a reboot,the provisioning server is not started automatically, so you must start it manually. By default, when youstart the provisioning server, the WebSphere Application Server profiles associated with the provisioningserver are also started.

For information about other start and stop options for the provisioning server, see the tio command inthe Reference section of the information center.

You can start the provisioning server in one of the following ways:v From the Windows desktopv From the command line

Important: The database server and directory server must be running before starting the provisioningserver and remain running while the provisioning server is running. The provisioning servercommunicates with the database to perform most of your actions on the web interface, includingretrieving the data to be displayed, running provisioning tasks, and tracking and recording status andactivity. The provisioning server uses the directory server to authenticate users when they log on and tovalidate access permissions while using the product.




Procedure1. Log on as the tioadmin or the Administrator user.2. Start the provisioning server.

From the Windows desktopDouble-click TPM Start.

From the command line

a. Change to %TIO_HOME%\tools.b. Type tio.cmd start

3. When prompted, enter the WebSphere Application Server administrator user name and password.

Results

When the provisioning server is ready, the message TIO startup completed. is displayed.

If the provisioning server does not start, check the following log files for errors:v %TIO_LOGS%\tio_start.log

v %TIO_LOGS%\tio_start_service.log

v %TIO_LOGS%\policyengine\policyengine_start.log

v %TIO_LOGS%\agentshellserver\agentshellserver_start.log

v %TIO_LOGS%\dmsresultserver\dmsresultserver_start.log

v %TIO_LOGS%\activityplan\activityplanengine_start.log

Note: If you see errors that start with [ERROR] Failed to get reports in the tio_start.log file orFailed to connect to server in the console.log or trace.log files, these errors can be ignored and donot indicate a problem starting the provisioning server.

If the provisioning server is not properly stopped and preventing startup, run the TPM Stop icon or thetio.cmd stop command again to stop the provisioning server properly. When the provisioning server isproperly stopped, you can start the provisioning server.

Stopping the provisioning serverIf you must make configuration changes to the provisioning server, or if you change a defaultadministrator password, you must stop the provisioning server.

You can stop the provisioning server in one of the following ways:v From the Windows desktopv From the command line

By default, when you stop the provisioning server, the WebSphere Application Server profiles associatedwith the provisioning server are also stopped.

For information about other start and stop options for the provisioning server, see the tio command inthe Reference section of the information center.

Procedure1. Log on as the tioadmin user.2. Stop the provisioning server.

From the Windows desktop:Double-click TPM Stop.

From the command line


a. At a command prompt, go to %TIO_HOME%\tools.b. Type tio.cmd stop

3. If you must stop other components or middleware, you must stop them separately. See the followinginformation:a. “Starting and stopping Tivoli Provisioning Manager components”b. “Stopping middleware” on page 95

Results

Upon successful shutdown, the message TIO shutdown completed. is displayed.

If the provisioning server does not stop, check the following log files for errorsv %TIO_LOGS%\tio_stop.log

v %TIO_LOGS%\tio_stop_service.log

If the provisioning server is not properly stopped, run the TPM Stop icon or the tio.cmd stop commandagain to stop the provisioning server properly.

Starting and stopping Tivoli Provisioning Manager componentsUse these instructions if you need to start or stop specific Tivoli Provisioning Manager componentsmanually.

All WebSphere Application Server profiles are started automatically by Tivoli Provisioning Manager,except webserver1. The webserver1 profile is started automatically with the HTTP server.

Procedure1. Log on as an administrative user.2. To start a component, run the appropriate commands.

Tivoli Provisioning Manager for OS Deployment

v Starts automatically after installation or after a reboot.a. Log on as an administrative user.b. Open a command window and run:

net start remboservernet start remboagent

Alternatively, you can start Tivoli Provisioning Manager for OS Deployment from the Servicescontrol panel.

Tivoli Monitoring agent

v Starts automatically after installation or after a reboot:a. Click Start, and select Run.b. Type services.msc, and click OK.c. Select Monitoring Agent for Tivoli Provisioning Manager - Primary, and click Start the

service.The agent manager

v Starts when you start Tivoli Provisioning Manager.a. Change to the AM_HOME\bin directory.b. Run the following command:

startServer.bat


To verify the status of the agent manager, go to http://host_name:9513/AgentMgr/Info. A statuspage is displayed for the agent manager with information about the agent manager version andconfiguration.

3. To stop a component, run the appropriate command.Tivoli Provisioning Manager for OS Deployment

a. Log on as an administrative user.b. In a command window, type the following commands:

net stop remboagentnet stop remboserver

Note: You can also stop Tivoli Provisioning Manager for OS Deployment from the Services controlpanel.The agent manager

a. Change to the WAS_HOME\profiles\casprofile\bin directory.b. Run the following command:

stopServer.bat server1 -username wasadmin_username -password wasadmin_password

Starting and stopping the Tivoli Monitoring agentComplete these steps to manually start or stop the Tivoli Monitoring agent.

Procedure1. To start the monitoring agent:

a. Click Start, and select Run.b. Type services.msc, and click OK.c. Select Monitoring Agent for Tivoli Provisioning Manager - Primary, and click Start the service.

2. To stop the monitoring agent:a. Click Start, and select Run.b. Type services.msc, and click OK.c. Select Monitoring Agent for Tivoli Provisioning Manager - Primary, and click Stop the service.

Verifying componentsVerify that you can access the main interface and that main components are running.

Procedure1. Start Tivoli Provisioning Manager:

v “Starting and stopping the provisioning server on Windows” on page 2112. Verify the installation of the device manager service:

a. In a supported web browser, type the following URL:https://host_name:9045/dmserver/TraceServlet?trace=set

If you see the word SUCCESS!, the device manager service is successfully installed.b. Check the log file WAS_HOME/profiles/ctgAppSrv01/logs/MXServer/DMSMsg1.log for any additional

information.3. Verify that you can log on to the dynamic content delivery management center:

a. In a supported web browser, type the following URL:https://host_name:9045/admin

b. Log on with the Tivoli Provisioning Manager administrator user name and password that youspecified during core components installation. The default user is maxadmin.


If you can log on successfully, the dynamic content delivery management center was installedsuccessfully.

4. Verify the status of the agent manager. In a supported web browser, type the following URL:https://host_name:9511/AgentMgr/Info

Information about the agent manager version and configuration is displayed.5. If you installed Tivoli Provisioning Manager for OS Deployment, verify the installation:

a. In a supported web browser, type: https://host_name:9443/maximob. Click Go To > Deployment > OS Management > Boot Servers.c. In the list of boot servers, verify that a computer with the Tivoli Provisioning Manager host name

is in the list. This is the parent boot server.d. Click the Configuration tab to view information about the boot server.

6. Verify that you can log on to the WebSphere administrator console. In a supported web browser, typethe following URL:https://host_name:9043/ibm/console

Log on with the WebSphere administrator user name and password. The default user name iswasadmin.

7. If you configured compliance with Federal Information Processing Standard (FIPS) 140-2 duringinstallation, verify that FIPS compliance is enabled.a. Click Go To > Administration > Provisioning > Provisioning Global Settings.b. Click the FIPS tab.c. Check the value of the variable called FIPS. If the check box is selected, FIPS compliance is

enabled. If the check box is cleared, FIPS compliance is disabled.

Signing on to the provisioning serverFor security reasons, you must sign on to the provisioning server.

Before you begin

The following web browsers are supported:v Microsoft Internet Explorer version 6.0 or 7.0 with the latest patch.v Mozilla Firefox 3.0 and higher.

To verify the Mozilla Firefox version, run:firefox -version

Ensure that the command returns no errors before starting the installation.

Make sure that the following requirements are met:v The provisioning server is running.v You know the fully qualified domain name of the provisioning server. For example,

hostname.domain.com.v You know your user name and password for the provisioning server.v Do not use the maxadmin user to perform provisioning tasks. Before starting to use Tivoli Provisioning

Manager, the maxadmin user must set up security roles and users for your organization. Specific rolescan be assigned to perform different provisioning tasks. For more information, see the Controlling useraccess topics in the Provisioning User Guide.

v You have read the Controlling user access topics in the Tivoli Provisioning Manager information centerto understand how security is implemented in Tivoli Provisioning Manager.


Table 26. Users and groups

User Groups

wasadmin

maxadmin (maxadminusr for MS Active Directory) maxadmin

mxintadm maxadmin

maxreg

The following example command lists users in a standard Tivoli Directory Server installation:ldapsearch -D cn=root -w <password> -s sub -b "o=ibm,c=us" objectclass=person

The following example command lists all members of the maxadmin group:ldapsearch -D cn=root -w <password> -s base -b "cn=maxadmin,ou=groups,ou=swg,o=ibm,c=us" objectclass=* ibm-allmembers

You can also use an LDAP browser tool to help you to obtain user and group information from yourdirectory server.

For the users maxadmin, maxadminusr, and mxintadm, the password for each user ID is the same as the UserName (for example, maxadmin is both the user name and the default password). For the wasadmin user, thepassword is the one that you specified during installation.

Note: User names and passwords are case sensitive. The default user names and passwords arelowercase.

To sign on to the provisioning server:

Procedure1. Start the web browser and type https://host_name:port/maximo, where host_name is the fully

qualified domain name of the provisioning server. This value is case-sensitive. The default portnumber is 9443.

2. In the Log On window, type your User ID and Password and click Log On.

Results

You are now signed on to the provisioning server, which displays the Start Center.

If you have problems logging on, verify the following:v Your system meets the logon prerequisites.v Your user name and password are correct.v In Internet Explorer, check the security settings in the browser.

1. Click Tools > Internet Options.2. Click the Security tab.3. If you are using customized settings for any of the web content zones, click Default Level to use

the default security level and then try to log on again.

Signing off the provisioning server

To prevent unauthorized access to the web interface, log off the provisioning server after you havecompleted your tasks. By default, you are automatically logged off after 30 minutes of inactivity.


Procedure

Click Sign Out to sign out of the web interface.

Results

You are now signed out of the web interface.

What to do next

You must completely close all tabs and exit the browser after logging off the web interface to completelyend the session. If you do not exit the browser after logging off, another user can open a new tab andaccess the web interface without logging on.

Working with usersTo create multiple users, define group privileges and add them to the database.

See the following topics for more information about working with users.

Creating multiple users with maxadmin privilegesTo create multiple maxadmin users, define group privileges and add them to the database.

Procedure1. Create the following required users and groups in the directory:

v The MAXIMOUSERS group with the maxadmin, maxreg, and mxintadm users.v The MAXADMIN group with the maxadmin and mxintadm users.

2. Set the following environment variable:set skipwasvalidation=yes

3. Set up a silent installation response file with the following lines:RUN_CONFIG_YES=0RUN_CONFIG_NO=1

and ensure that the health check is turned off.4. After the installation is completed, update the c:\ibm\smp\etc\install.properties file with the

following properties:mxe.adminloginid=<maxadmin>mxe.adminuserid=<maxadmin>mxe.adminPasswd=<maxadmin pwd>mxe.reguser=<maxreg>mxe.int.dfltuser=<mxintegration>

5. In the c:\ibm\smp\scripts directory, run the following command:taskRunner CONTINUE STOPONERROR

6. Run the following SQL commands:

v 2000DB2 Connect to the database. Open a DB2 command window and run the followingcommand:connect to maxdb71 user dbusername using dbpassword

where dbusername and dbpassword are the runtime user name and password used to connect to thedatabase.Run the following code:


insert into maxuser \( userid, personid, status, type, defsite, querywithsite, defstoreroom,storeroomsite, \pwhintquestion, pwhintanswer,forceexpiration, pwexpiration, failedlogins,databaseuserid, \password,loginid, maxuserid, memo, sysuser, inactivesites,screenreader,rowstamp) values \(’NEWMAXADM’, ’NEWMAXADM’, ’ACTIVE’, ’TYPE 1’, null,1, null, null, \null, null,0, null, 0, null, \cast(’ABC’ as varchar(128) for bit data),’newmaxadm’, NEXTVAL FORMAXUSERSEQ, null, 1, 1, 0, NEXTVAL FOR MAXSEQ)

insert into maxuser \( userid, personid, status, type, defsite, querywithsite, defstoreroom,storeroomsite, \pwhintquestion, pwhintanswer,forceexpiration, pwexpiration, failedlogins,databaseuserid, \password,loginid, maxuserid, memo, sysuser, inactivesites,screenreader,rowstamp) values \(’NEWMAXREG’, ’NEWMAXREG’, ’ACTIVE’, ’TYPE 1’, null,1, null, null, \null, null,0, null, 0, null, \cast(’ABC’ as varchar(128) for bit data),’newmaxreg’, NEXTVAL FOR MAXUSERSEQ,null, 1, 1, 0, NEXTVAL FOR MAXSEQ)

insert into maxuser \( userid, personid, status, type, defsite, querywithsite, defstoreroom,storeroomsite, \pwhintquestion, pwhintanswer,forceexpiration, pwexpiration, failedlogins,databaseuserid, \password,loginid, maxuserid, memo, sysuser, inactivesites,screenreader,rowstamp) values \(’NEWMXINTADM’, ’NEWMXINTADM’, ’ACTIVE’, ’TYPE 1’, null,1, null, null, \null, null,0, null, 0, null, \cast(’ABC’ as varchar(128) for bit data),’newmxintadm’, NEXTVAL FOR MAXUSERSEQ,null, 1, 1, 0, NEXTVAL FOR MAXSEQ)

insert into groupuser (groupuserid,userid,groupname,rowstamp) \values \(NEXTVAL FOR GROUPUSERSEQ,’NEWMAXADM’,’TPADMIN’,NEXTVAL for MAXSEQ)

insert into groupuser (groupuserid,userid,groupname,rowstamp) \values \(NEXTVAL FOR GROUPUSERSEQ,’NEWMAXADM’,’TPCOMPLIANCEANALYST’,NEXTVAL for MAXSEQ)

insert into groupuser (groupuserid,userid,groupname,rowstamp) \values \(NEXTVAL FOR GROUPUSERSEQ,’NEWMAXADM’,’TPCONFIGURATIONLIBRARIAN’,NEXTVAL for MAXSEQ)

insert into groupuser (groupuserid,userid,groupname,rowstamp) \values \(NEXTVAL FOR GROUPUSERSEQ,’NEWMAXADM’,’TPDEPLOYMENTSPECIALIST’,NEXTVAL for MAXSEQ)

insert into groupuser (groupuserid,userid,groupname,rowstamp) \values \(NEXTVAL FOR GROUPUSERSEQ,’NEWMAXADM’,’TPDEVELOPER’,NEXTVAL for MAXSEQ)

NEWMAXADMThe value for MAXADMIN

NEWMXINTADMThe value for MXINTADM

NEWMAXREGThe value for MAXREG

7. Continue with the installation process.


Changing user passwordsUser passwords cannot be changed in the web interface. Tivoli Directory Server provides a WebAdministration Tool so that users can change their password.

The Web Administration Tool is not installed by default. See the documentation for details on how toinstall the Web Administration Tool: http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.IBMDS.doc/install27.htm.

After the Web Administration Tool is installed, users can update their password:

Procedure1. Start the Web Administration Tool using the following command:

v <install_path>\idstools\bin\startWebadminApp.bat

where install_path is the directory where you installed Tivoli Directory Server. For detailedinstructions, see the topic called Starting the Web application server to use the Web AdministrationTool: http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.IBMDS.doc/install18.htm.

2. Launch the tool using the following web address:http://<hostname>:12100/IDSWebApp/IDSjsp/Login.jsp

where hostname is the host name of the Tivoli Directory Server.3. Log on to the tool with your user name.4. Click User properties > Change password.

If users receive the following error when they try to change their password, they do not havepermission to update their own password:GLPWCO025WThe password cannot be changed. The user does not havethe authority to modify the password.

The LDAP administrator can update the permissions by running the following command:ldapmodify -D <adminDN> -w <AdminPwd> -i <modifyACL.ldif>

For example:ldapmodify -D cn=root -w password -i modifyACL.ldif

where the modifyACL.ldif file contains the following information, for example:dn: cn=tioappadmin,dc=ibm,dc=comchangetype: modifyadd: aclentryaclentry: access-id:cn=this:at.userpassword:rwsc

Replace cn=tioappadmin,dc=ibm,dc=com with your user dn.After the command is run, users have the correct permissions to update their own passwords.

Using the Tivoli Monitoring agentThe monitoring agent for Tivoli Provisioning Manager enables you to monitor Tivoli ProvisioningManager and to perform basic operations with Tivoli Provisioning Manager.

The monitoring agent can identify, notify you of, and correct common problems with the application thatit monitors. The software includes the following features:v Monitoringv Data gathering


http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.IBMDS.doc/install27.htm




v Event management

The monitoring agent for Tivoli Provisioning Manager can provide the following functions:

Availability MonitoringProvides information about the provisioning server and the components that are dependent onTivoli Provisioning Manager.

Task MonitoringCollects information about tasks that were executed in the last few days and tasks that arescheduled for today.

Before you use the monitoring agent for Tivoli Provisioning Manager, you must install the monitoringagent support on the Tivoli Enterprise Monitoring Server, Tivoli Enterprise Portal Server, and TivoliEnterprise Portal desktop client. For information about these tasks, see the topic Installing and enablingapplication support in the IBM Tivoli Monitoring Version 6.2.2 information center.

What to do nextv For information about manual installation of the monitoring agent, see Manually installing the

monitoring agent for Tivoli Provisioning Manager in the Tivoli Provisioning Manager wiki.v If you are working in a Windows environment, continue with a regular upgrade of the monitoring

agent.v For more information on upgrading the Tivoli Monitoring agent, see the topics Deploying monitoring

agents across your environment and Updating agents in the IBM Tivoli Monitoring Version 6.2.2information center .

v For information about using the monitoring agent, see Monitoring agent for Tivoli ProvisioningManager User Guide.

Changing the host name for the provisioning serverWhen the host name and IP address need to be changed for theTivoli Provisioning Manager server, a fewupdates must be performed on the database, related components, and configurations. This process is notalways recoverable, it is highly recommended that you create a backup image of the server beforerunning the host name rename feature.

To rename the host, log on to the provisioning server and follow the instructions in sequence. If anyissues occur, try to resolve the error and continue from the current step. Script execution tracks where itfailed and skips any steps which had been previously performed.

Note: If the database or directory server is remote, which means it is on another system other than theTivoli Provisioning Manager server:v Changing the host name for the remote database system is not covered by this feature.v Changing the LDAP server system using a different host name is not covered by this feature.

High Availability and Disaster Recovery Considerations

A common reason to perform a host name and IP change is in preparation for a High Availability andDisaster Recovery (HADR) configuration. The Tivoli Provisioning Manager HADR solution is based onthe usage of a Service IP, and the host name change solution may be used to establish the Service IP. Forexample:1. Determine the Service IP address for the provisioning server HADR cluster.2. Perform the host change scenario described herein using the Service IP.3. Proceed with the HADR configuration.







For an existing HADR configuration, the host change scenario has not been validated. While in theory thesolution is general purpose, general HADR considerations such as ensuring that the operational state ofthe resource group is offline, would have to be considered. Given the installation-specific nature of manyHADR solutions, it is recommended to contact Tivoli Provisioning Manager support if a host namechange is required for an active provisioning server cluster.

For more information about HADR, see High availability disaster recovery

Required passwordsHost name rename requires the input of passwords on some components.

Changing the host name is completed using a series of steps which includes execution of two scriptswhich modify the application configurations.

Table 27. Required passwords for changing the host name on the new provisioning server

Component Password

DB2 The password for the database instance or the databaseruntime user.

Agent Manager The password for the resource manager user name. Thisis the user name to connect to the agent manager.

Resource Manager SSL The default password for the resource manager isCDSRMPASS.

WebSphere Application Server The password for the WebSphere Application Serveradministrator.

Adding the parameter values to the property fileWhen changing the host name, you run two scripts. Complete the property file with all the parametervalues that the scripts use when changing the host name.

There is one property file that manages all the parameters required for the scripts to back up the oldprovisioning server to change the host name to the new provisioning server. Edit the property file andadd all the values for the parameters. When you run the scripts, the parameter values are pulled fromthis file.

These parameters are used for the scripts that are run on the new provisioning server:v tpmChangeDBHostv tpmChangeOtherHost

Requirements for the property files:

v All parameters that specify a value in brackets ([]) are example values and must be reviewed. If theexample value is correct, delete the brackets. If the example value is not correct, delete the examplevalue and the brackets and type the correct value. The script checks that all brackets are removed forrequired parameters.

Procedure1. Open the property file.

v TIO_HOME/tools/rename_host/script_win.properties


2. Add the parameter values to change the other host names (the values are case-sensitive):




v dbIsRemote

v dbInstanceName

v dbPort

v dbHome

v dbOSUser

v wasUser

v wasCellName

v fqNewHostName

v fqOldHostName

v tpmfosdDataDir

v TrustedCertificateQuery.Host

v CatalogueService.Host

v httpServerHome

v AgentManagerQuery.Host

v AgentQuery.Host

v amPort

v CertManagement.Host

v Registration.Server.Host

v amUser

v dmgrSoapPort

v ldapType

See “Parameters for the host name rename feature” on page 226 for a list of parameters and theirdefault values, or example values, and descriptions.

3. Remove any database-specific parameters that do not apply to your provisioning environment. Forexample, if you use DB2 database, remove any parameters that are specific to Oracle database.

4. Review the list of parameters and values to ensure that they are correct.5. Save the property file.

What to do next

When you are satisfied that the parameter values are correct, proceed to “Assigning the new host nameto the provisioning server.”

Assigning the new host name to the provisioning serverTo change the host name of Tivoli Provisioning Manager, some manual steps are required after assigningthe new host name.

Before you begin1. Ensure that the following middleware is running:

v Database server.v WebSphere Application Server.v LDAP server.

For details on how to start these systems, see:v “Starting middleware on Windows” on page 94

2. Ensure the fully qualified host name for the provisioning server defined in the data model contains alllowercase characters before performing the host name change operation:a. From the Start Center, click Go To > Deployment > Provisioning Computers.


b. Search for the provisioning server and check if the host name is defined all lowercase characters.c. Search for the file repository using the provisioning server host name. Ensure that the name is

defined in all lowercase characters. Click Go To > IT Infrastructure > Provisioning Inventory >File Repositories.

d. Ensure that there are all lowercase characters for the provisioning server host name inTIO_HOME\xml\tpmfosdbootserver.xml file.


This procedure changes the host name for the server and updates most of the Tivoli ProvisioningManager database configurations.

Procedure1. Log on to the new provisioning server.

v Log on to the new provisioning server as administrator.2. Change the new host name and new IP address of the provisioning server. Follow the naming

convention used by the original host name that you are changing. For example, if the host name is afully qualified host name, use a fully qualified host name for the new name. It is recommended thatthe user use only lowercase characters.To change the host name:a. On the desktop, right-click My Computer and select Properties.b. From the Computer Name tab, click Change.c. In the Computer name field, enter the host name of the old provisioning server.d. Click OK to save your changes.To change the IP address:a. Navigate to Control Panel > Network Connections and double-click the local area network

connection that you are using.b. In the list, select Internet Protocol (TCP/IP) and click Properties.c. In the IP address field, enter the IP address of the old provisioning server.d. Save your changes.

3. Reboot the provisioning server. If Tivoli Provisioning Manager is setup to run automatically, it mayfail now because the host name has been changed after the system has restarted. To stop theprovisioning server:v TIO_HOME\tools\tio stop

4. Validate the host name and IP address of the provisioning server.a. Host name: At the command prompt, type hostname. The new host name of the new provisioning

server is returned.b. IP address: At the command prompt, type ping <hostname>, where <hostname> is the host name of

the new provisioning server. The new IP address of the new provisioning server is returned.5. Stop any WebSphere Application Server Java processes that are running.

v Use the Task Manager to stop the running processes.6. Open a command window, or command shell, and run the following script from the

TIO_HOME/tools/rename_host/ directory:v tmpChangeDBHost.cmd

When the script runs, you are prompted for the database administrator user or database instance userpassword.




7. 2000DB2 If your database is remote, restart the database after running the tpmChangeDBHostcommand.

8. To validate that the change was successful, go to TIO_LOGS/rename_host and open thetpmChangeDBHost_status.log. The log lists the status of each step that was completed. All steps aremarked as DONE.

9. Reboot the provisioning server.

Results

When the script runs, it updates the host name of the provisioning server in the following areas:v The MAXPROPVALUE table

v 2000DB2 Local database server only: The DB2 registry, the MAXPROPVALUE table and relevant databaseconfiguration parameters.

If you encounter any issues when the changing the host name script runs, view the potential problemsand log files so that you can resolve the issue and continue.v “Return codes” on page 227

What to do next

Proceed to “Updating the database server host name from the administrative workstation.”

Updating the database server host name from the administrativeworkstationChange the host name and the IP address for the database server.

On the administrative workstation, update the base services maximo.properties file to change the IP orhost name for the database server, or to update the password.

Procedure1. Log on to the administrative workstation and navigate to MAXIMO_HOME/etc. Edit the

install.properties file by replacing the OldHostname with the NewHostname and save yourchanges.

Note: If you have a remote database server, proceed to “Updating the remaining host names” onpage 225.

2. Navigate to MAXIMO_HOME\maximo\applications\maximo\properties and back up themaximo.properties file using a binary editor. Do not touch the binary part of the file. Use caution anddo not edit the last line or any lines containing symbol characters. After backing up the file, edit themaximo.properties file by replacing the OldHostname with the NewHostname and save yourchanges. If necessary, update the password for the user to access the database.

3. If the following line exists in the maximo.properties file, delete the line:mxe.crontask.donotrun=ALL

4. Log on to the provisioning server as tioadmin.5. Navigate to TIO_HOME\lwi\runtime\tpm\eclipse\plugins\tpm_pmp\properties and back up the

existing maximo.properties file.6. Use binary mode to copy the maximo.properties file that you created on the administrative

workstation to the TIO_HOME\lwi\runtime\tpm\eclipse\plugins\tpm_pmp\properties directory onthe new provisioning server. Replace the existing maximo.properties file.

Note: After the maximo.properties file is copied from a Windows administration workstation to anon-windows provisioning server, you may see leading and trailing control characters in the file.


Before you continue, remove these characters using a file-conversion utility like dos2unix. If Maximofails to start later on, restore the back-up file and redo the changes.

What to do next

Proceed to “Updating the remaining host names.”

Updating the remaining host namesUse the script to update the host names for the directory server, WebSphere Application Server, thesoftware distribution infrastructure, and Tivoli Provisioning Manager for OS Deployment.

Before you begin

Ensure that the following middleware is running before you continue:v The LDAP server and the administrative daemon.v The database server.

For details on how to start your LDAP server, the administrative daemon, and the database server, seev “Starting the provisioning server on Windows” on page 133


Procedure1. Open a command window and run the following script from the TIO_HOME/tools/rename_host/

directory:v tpmChangeOtherHost.cmd

Note: This process can take some time. If the process times out while running the script, relaunch thescript, it picks up from where it left off.You are prompted for some of the following passwords:

Table 28. Component passwords

Component Password

WebSphere Application Server The password for theWebSphere Application Serveradministrator.

DB2 The password for the database instance user.

Agent Manager The password for the resource manager user name forthe Agent Manager.

Resource Manager SSL The default password is CDSRMPASS.

2. To validate that the changes were successful, navigate to TIO_LOGS/rename_host and open thetpmChangeOtherHost_status.log. The log lists the status of each step that was completed. All stepsmust be marked as DONE. You can also check the following files to see the updated information:a. Open the TIO_HOME/config/endpoint.properties file to see the host name of the provisioning

server.b. Open the TIO_HOME/config/dcm.xml file. The web address in the <URL> tag must point to the

database host name.3. Navigate to TIO_HOME\lwi\runtime\tpm\eclipse\plugins\tpm_pmp\properties and ensure the

following lines exist in the maximo.properties file with the correct values:




mxe.crontask.donotrun=ALLmxe.report.birt.disablequeuemanager=1mxe.rmi.enabled=0

4. Reconfigure Cygwin so that the Cygwin login function works correctly after the host name change:a. Log on as administrator on the provisioning server.b. At a Cygwin prompt, back up and then delete the files in the /etc/passwd and /etc/group

directories.c. Run the following commands:

mkpasswd -l > /etc/passwdmkgroup -l > /etc/group/usr/bin/ssh-host-config

5. Restart the IBM Tivoli Provisioning Manager server.

Results

When you run the host name script, the following tasks are completed:1. Updates the host name in the user-factory.xml file if the directory server is located on the same

computer as the new provisioning server.2. Updates the host name for WebSphere Application Server ND.3. Updates the host name for the scalable distribution infrastructure.4. Updates the Tivoli Provisioning Manager for OS Deployment host name.5. Updates the dcm.xml file for database configuration if database reference points to local hostname.6. Changes the host name in the tivoli.send.conf and tivoli.receive.conf files.

If you encounter any issues when the script runs, view the potential problems and log files so that youcan resolve the issue and continue.

What to do next

Proceed to “Return codes” on page 227.

Parameters for the host name rename featureVarious parameters are required for each of the scripts that are used in changing the host name. Acomplete list of the parameters, descriptions, and example values are provided here.

Table 29. Parameters for scripts for Windows and UNIX computers. Add the values to the parameters in thescript_win.properties and script_unix.properties filesParameter name Parameter description Default/Example value

AgentManagerQuery.Host The fully qualified host name for the agentmanager query service. This value iscase-sensitive.

exampleNewHost.ibm.com

AgentQuery.Host The fully qualified host name for the agentmanager query service. This value iscase-sensitive.


amPort The agent manager public registration port. 9511

amUser The agent manager resource manager username.

The IBM Tivoli Provisioning Manager newinstaller creates the user name, tpmManager.Unless you have changed this user name afterthe installation, use the default.

tpmManager

CatalogueService.Host The fully qualified host name for the catalogservice. This value is case-sensitive.


cdsHome Dynamic content delivery installation directory.v C:\Program Files\ibm\Tivoli\CDS\


Table 29. Parameters for scripts for Windows and UNIX computers (continued). Add the values to the parameters inthe script_win.properties and script_unix.properties filesParameter name Parameter description Default/Example value

CertManagement.Host The fully qualified host name for the agentmanager certification manager. This value iscase-sensitive.


dbInstanceNamev

2000DB2 The database instance namectginst1

dbIsRemote Indicate the location of the database server.

v Specify no if the database server is local; onthe same computer as the provisioning server.

v Specify yes if the database server is remote;on a separate computer than the provisioningserver.

This value must be specified.

v2000DB2 ctginst1

dbHome The local database directory, or the databaseclient directory if the database is remote.

C:\Program Files\ibm\SQLLIB

dbPort The database host port.

If you have configured DB2 with a differentport, change the value to the correct portnumber.

v2000DB2 50005

v2000Oracle 1521

dmgrSoapPort The deployment manager SOAP port. 8879

fqNewHostName The new fully qualified host name for the IBMTivoli Provisioning Manager. This value iscase-sensitive, and must contain only lowercasecharacters.

examplenewhost.ibm.com

fqOldHostName The old fully qualified host name for the IBMTivoli Provisioning Manager. This value is NOTcase-sensitive.

exampleOldHost.ibm.com

httpServerHome The HTTP server home directory.v C:\Program Files\IBM\HTTPServer

ldapType The specified LDAP type that is in use.v ITDS

v MSAD

v MAXIMO

Registration.Server.Host The fully qualified host name for the agentmanager registration server. This value iscase-sensitive.


tpmfosdDataDir The directory where the Tivoli ProvisioningManager for OS Deployment configuration, logs,and image files are located.

If you do not have this installed, you canremove the parameter.

v C:\tpmfosd files

TrustedCertificateQuery.Host The fully qualified host name for the agentmanager trusted certificate query service. Thisvalue is case-sensitive.


wasCellName The WebSphere Application Server cell name. ctgCell01

wasUser WebSphere Application Server administratoruser.

wasadmin

Return codesReview the list of return codes for information about how to resolve any problems during the host namechange.

Table 30. List of return codes

Code Description

12005 Reorganizing the dynamic content delivery database failed.

16000 A generic error occurred in the hostname rename process. See the stepdetails to resolve the issue.


Table 30. List of return codes (continued)

Code Description

16001 No script name has been provided for tracking. Ensure that all the"TrackBatch" calls in the '%LaunchTitle%'includes a script name and tryagain.

16002 The '%LaunchTitle%' must be run as the '%runasuser%' user. Log out and login as '%runasuser%' and run the script again.

16003 The TIO_HOME environment must be defined. See the information center fordetails.

16004 The user must belong to the '%TIOADMIN_GRP%' group to do theinstallation. Assign the user to the group and try again.

16005 Cannot find the '%SETUPCMD%' file. The Tivoli Provisioning Managerenvironment might be corrupted. See the information center for details.

16006 Unable to find the product version for Tivoli Provisioning Manager in the'%TIO_HOME%/config/build-version.properties' file. See the informationcenter for details.

16007 Unable to determine the product version of Tivoli Provisioning Manager.See the information center for details.

16009 The TIO_LOGS environment is not defined so the process logs will be storedin the %TMP% directory. Run the script as the tioadmin user and try again.

16011 Option "%~1" is not valid. Check the usage syntax and try again.

16012 Option "%~1" is missing a value. Check the usage syntax and try again.

16013 The '%DEST_DIR%' directory cannot be created because of the%ERRLEVEL% code. Fix the error and try again.

16015 The host name rename process cannot be performed on the current version'%VERSION%'. The required version is '%FEATURE_VERSION%'.

16017 The host name rename process is not supported for this Linux architecture,See the information center for details.

16018 The host name rename process is not supported for this operating system.See the information center for details.

16019 The '%SETUPCMD%' script cannot be run. Use the 'chmod +x' command toexecute this script.

16021 The TERM variable is not properly set. Set it to 'ansi', 'xterm' or 'vt100'.

16022 The '%TIO_LOG%' value of the TIO_LOG variable must be defined as a validdirectory. See the information center for details.

16025 There is an unsupported database type '%DB_TYPE%'. The 'type' valueunder the TIO_HOME/config/dcm.xml file must be set to 'db2jcc' or 'ORACLE'.

16027 The user name for the database cannot be determined. Check the’username’ value under the TIO_HOME/config/dcm.xml file.

16028 The database name cannot be determined. Check the 'name' value under theTIO_HOME/config/dcm.xml file.

16036 A file compression utility is either not installed or the compressionexecutable path is not included in PATH variable, put the file compressionutility in the PATH variable.

16040 Reserved error for internal messages about invalid script tracking. Check thecode syntax if this error is reported.

16045 The '%DEST_DIR%' directory cannot be located. Check the directory path.

16046 Changing the DB2 host name failed.

16047 Changing the Oracle Database host name failed.



Code Description

16048 Updating the database Maximo properties failed.

16049 Changing the WebSphere Application Server host name failed.

16050 Updating the Agent Manager host name failed.

16051 Changing the Tivoli Provisioning Manager for OS Deployment host namefailed.

16052 Restarting Tivoli Provisioning Manager for OS Deployment failed.

16053 A user has selected to exit the current process to change the inputparameters.

16054 Failed to find the file with the DB2 configuration file path.

16055 '%EXPECTING%' options include bracketed default values. They must bereplaced with actual values without brackets in the '%PropertyFile%' file.

16057 Failed to update endpoint.properties.

16058 Failed to update the user-factory.xml file.

16059 Failed to update the tpm-cds-authentication.properties file.

16060 Failed to update the config.csv file.

16061 Failed to update the dcm.xml file.

16062 Failed to open the target file.

16063 Failed to open the temporary file.

16064 The script input arguments are missing or invalid.

16065 Failed to update tec-event-customer-info.xml file.

16066 Failed to update tivoli.send.conf file.

16067 Failed to update tivoli.receive.conf file.

16068 Failed to register the dynamic content delivery service.

16069 The default compressed file utility cannot be located in the TivoliProvisioning Manager installation. Set the zipBackupFiles file to false inthe '%PropertyFile%' file, run the script again and then perform a manualcompressed file on the backup files.



Code Description

16077 Failed to import tpmfosdbootserver.xml to create the Tivoli ProvisioningManager for OS Deployment boot server object.

This error occurs when the script tpmChangeOtherHost.cmd or fails tocreate the parent OS deployment server on the provisioning server using thedata in tpmfosdbootserver.xml.

The source of the failure might be:

v Problems with database connectivity

v Incorrect data in the database

v An invalid tpmfosdbootserver.xml file

To resolve the error:

1. Verify that the ctginst1 database is started.

2. Verify that the name of the Tivoli Provisioning Manager server object inthe data model is either the short host name or fully qualified domainname of the provisioning server. This value is case-sensitive.

3. In tpmfosdbootserver.xml, verify that the host-server attribute is eitherthe short host name or fully qualified domain name of the provisioningserver. This value is case-sensitive.

4. When you have performed all the previous steps, runtpmChangeOtherHost.cmd or to continue with the migration.

16078 Unable to find the fully qualified new Tivoli Provisioning Manager hostname from the TIO_HOME/lwi/runtime/tpm/eclipse/plugins/tpm_pmp/properties/maximo.properties file. The host name checking failed.

16079 Unable to find the fully qualified Tivoli Provisioning Manager old hostname from the TIO_HOME/xml/tpmserver.xml file. The host name checkingfailed.

16086 The host name value returned by the 'hostname' command is different thanthe new Tivoli Provisioning Manager fully qualified host name. Check thevalues and ensure that they match.

16087 Failed to update the information center host name.

23003 Failed to create %NEW_DB_NAME% database [DB2 ReturnCode=%RETURNCODE%][Error Description=%RETURN_MSG%]. Correct the issueand run the script again.

23004 Failed to connect to database. Ensure that the user name and password arevalid and run the script again.

23005 Failed to restore %TC_DB% database [DB2 Return Code=%RETURNCODE%][Error Description=%RETURN_MSG%]. Correct the issue and run the scriptagain.

23006 Failed to copy the database schema. Ensure there is enough disk space andcorrect any issues reported.

23007 Failed to drop the original database schema. Correct any reported issuesand run the script again.

23008 Failed to drop the database temporary table. Ensure that no other databaseclients are accessing the database and run the script again.

23009 Failed to drop the database temporary function. Ensure that no otherdatabase clients are accessing the database and run the script again.

23010 Failed to drop the database temporary stored procedure. Ensure that noother database clients are accessing the database and run the script again.



Code Description

23011 Failed to drop the database temporary schema. Ensure that no otherdatabase clients are accessing the database and run the script again.

23013 Failed to install the database schema renaming stored procedures. Check thetmp_ prefixed.log files in the tmp or temp directory for error messages.

23014 Failed to back up the %TC_DB% database. Check the reported issues andrun the script again.

23015 REGEDIT failed to export DB2 registry to the file.

23016 Failed to open exported registry file.

23017 Failed to open the file for registry import.

23018 REGEDIT failed to import the DB2 registry from the file.

23019 The script input arguments are missed or they are not valid. Check for thevalidity of all input parameters. If the problem persists, contact IBMSupport.

23020 Failed to get the property value from the database MAXPROPVALUE table.Validate the database user in the TIO_HOME/config/dcm.xml file and run thescript again.

23021 Failed to update the property value in the database MAXPROPVALUE table.Contact IBM Support.

23022 Failed to update the database configuration. Contact IBM Support.

23023 Failed to set the database parameter. Verify and correct the database systemconfiguration and run the script again.

23024 Failed to alter the database buffer pool. Verify and correct the databasesystem configuration and run the script again.

23025 Failed to extract and save the path to the database configuration files.Ensure that there is enough disk space and correct any reported issues.

23026 Failed to stop the Database Administrator Server. Verify and correct the stateof the database and run the script again.

23027 Failed to start the Database Administrator Server. Verify and correct thestate of the database and run the script again.

23028 Failed to start the database manager. Verify and correct the state of thedatabase and run the script again.

23029 Failed to update database admin configuration. Verify and correct thedatabase issue reported and run the script again.

23030 Failed to get the database admin configuration. Verify and correct thedatabase issue reported and run the script again.

23031 Failed to process the CDB schema during the database restore. Contact IBMSupport.

23032 The table aliases in the CDB schema do not match with the expected list.Contact IBM Support.

WebSphere Application Server tasksWebSphere Application Server

See the following topics for more information about WebSphere Application Server.


Verifying the installation of WebSphere Application ServerUse the First Steps tool to verify the installation of WebSphere Application Server.

Procedure

To verify the installation of WebSphere Application Server, use the First Steps tool. This tool is located inthe app_server_root/firststeps directory. Run the appropriate file for your operating system:v firststeps.bat

Compliance with Federal Information Processing Standard 140-2A Federal Information Processing Standard (FIPS) is a standard issued by the United States NationalInstitute of Standards and Technology (NIST) for federal government computer systems. Standard 140-2specifies requirements for cryptography modules.

FIPS 140-2 compliance is only available for new installations of Tivoli Provisioning Manager. For moreinformation about these standards, see the National Institute of Standards and Technology.

Tivoli Provisioning Manager support for FIPS 140-2 includes:

Centralized cryptographic module using FIPS 140-2 compliant providersFor FIPS 140-2 compliance, the Java virtual machine is configured to use compliant providers.WebSphere Application Server integrates cryptographic modules including Java Secure SocketExtension (JSSE) and Java Cryptography Extension (JCE). These modules are validated for FIPS140-2 compliance. You can view the validation information on the NIST Web site.

FIPS 140-2 cryptographic services for credentials in a service access point.The deployment engine runs provisioning workflows against managed computers using acombination of protocols and credentials. Credentials are encrypted using FIPS-compliantalgorithms.

The following protocols are supported:v File Transfer Protocol (FTP) and Telnetv ICMP, for the ping commandv SCP, for secure remote transfer of a file from one computer to another using the SSH protocolv SSH, for secure remote accessv SNMP, for queries and configurations. If the SNMP protocol is used, credentials for the service

access point are required for snmp-set and snmp-get operations.

Services are provided by the operating system or additional utilities and software applications.

FIPS-compliant connections to UNIX computers that do not have the common agent.

For running commands locally on managed computers, the following services are used forconnections:v RXA, which uses SMB and SSH protocols. SMB uses the NT LAN Manager authentication

protocol which is not FIPS-compliant.v SSH, SCP, and Telnet using scriptlets. When FIPS 140-2 compliance is enabled, these services

must be run in FIPS mode, using a version of the cryptographic library that has been FIPS140-2 certified. OpenSSH is not FIPS 140-2 compliant, so an alternative FIPS-compliant SSHproduct must be used.

FIPS-compliant SSL for the Common Agent ServicesIf FIPS 140-2 compliance is enabled, the agent manager and the common agent are configured touse FIPS certified Java providers. Use of compliant signature and encryption algorithms is alsoconfigured. The agent manager and common agent configuration provides:v FIPS-compliant SSL from agent shell server in the deployment engine to the common agent.


http://csrc.nist.gov/publications/fips/

http://csrc.nist.gov/groups/STM/cmvp/documents/140-1/140val-all.htm

v FIPS-compliant SSL from the common agent to the agent manager, job management servicefederator, and dynamic content delivery service management center.

Limitations

Due to limitations of some software components used by Tivoli Provisioning Manager, the followinglimitations apply in a FIPS-enabled environment:

For Windows computers that do not have the common agent:v SMB connections provided by RXA are not FIPS-compliant. The SMB protocol is used for discovery

operations on Windows computers and is available in a FIPS-enabled environment.v The OpenSSH package included with Cygwin is not FIPS compliant. To make an SSH connection

compliant, you must install a FIPS-compliant SSH product. For more information, see the white paperTivoli Provisioning Manager: FIPS 140-2 Enablement in the Integrated Service Management Library athttp://www-01.ibm.com/software/brandcatalog/ismlibrary/details?catalog.label=1TW101084.

The following product components are not FIPS-compliant:v Tivoli Provisioning Manager for OS Deployment. Integration with Tivoli Provisioning Manager for OS

Deployment is not supported when FIPS compliance is enabled in Tivoli Provisioning Manager. TheTivoli Provisioning Manager for OS Deployment interface is not accessible when FIPS compliance isenabled.

v IBM Tivoli Monitoring Agent.

Installation directories and other pathsThis topic provides information about installation directories and other path variables.

The following variables are used to represent installation and other directory paths. In some cases, thevariable name matches the name of an environment variable that is set in the operating system. Forexample, TIO_HOME represents the environment variable:v %TIO_HOME%

Table 31. Path variables

Path variable Component Default directory

AM_HOME The agent manager v C:\Program Files\IBM\AgentManager

APDE_HOME Automation Package DeveloperEnvironment

APDE_HOME/eclipse

DB2_HOME DB2 v SystemDrive:\Program Files\IBM\SQLLIB

SystemDrive is the disk drive that contains thehardware-specific files used to start Windows.Typically, the system drive is C.

DCD_HOME Tivoli Provisioning Manager fordynamic content delivery

v %Program Files%\IBM\tivoli\CDS

DMS_HOME The device manager serviceinstallation directory

v C:\Program Files\ibm\DeviceManager

ECLIPSE_HOME Eclipse Defined by the user.

HTTP_HOME IBM HTTP Server v C:\Program Files\IBM\HTTPServer

ITM_HOME Tivoli Monitoring agent v C:\ibm\tivoli\ITM


http://www-01.ibm.com/software/brandcatalog/ismlibrary/details?catalog.label=1TW101084

Table 31. Path variables (continued)

Path variable Component Default directory

JAVA_HOME Java Runtime Environment v For Automation Package DeveloperEnvironment, APDE_HOME\java\jre. Forexample:

– C:\APDE\java\jre

v For IBM Tivoli Provisioning Manager,WAS_HOME/java

MAXIMO_HOME The base services v C:\IBM\SMP

MWI_workspace Middleware installer directory v C:\ibm\tivoli\mwi\workspace

2000Oracle OSD_DATADIR Tivoli Provisioning Manager for OSDeployment data directory

Default data directory for Tivoli ProvisioningManager for OS Deployment parent servers:

v %SYSTEMDRIVE%\tpmfosd files

Default data directory for Tivoli ProvisioningManager for OS Deployment child servers:

v %SYSTEMDRIVE%\TPMfOSd Files

2000Oracle OSD_HOME Tivoli Provisioning Manager for OSDeployment installation directory

Parent servers, installed by the TivoliProvisioning Manager installer:

v %COMMONPROGRAMFILES%\IBM Tivoli

Child servers, installed by the TivoliProvisioning Manager for OS Deploymentworkflows:

v %COMMONPROGRAMFILES%\IBM Tivoli

TCA_HOME common agent v C:\Program Files\tivoli\ep

TDS_HOME Tivoli Directory Server v C:\Program Files\IBM\LDAP\V6.2

TIO_HOME Tivoli Provisioning Manager v C:\Program Files\IBM\tivoli\tpm

TIO_LOGS Tivoli Provisioning Manager runtimelogs

v C:\Program Files\IBM\tivoli\common\COP\logs

%TEMP% Windows directory for temporary files When logged on as Administrator,C:\Documents and Settings\Administrator\Local Settings\Temp

WAS_HOME WebSphere Application Server v C:\Program Files\IBM\WebSphere\AppServer


Notices

This information was developed for products and services offered in the U.S.A.

IBM may not offer the products, services, or features discussed in this document in other countries.Consult your local IBM representative for information on the products and services currently available inyour area. Any reference to an IBM product, program, or service is not intended to state or imply thatonly that IBM product, program, or service may be used. Any functionally equivalent product, program,or service that does not infringe any IBM intellectual property right may be used instead. However, it isthe user's responsibility to evaluate and verify the operation of any non-IBM product, program, orservice.

IBM may have patents or pending patent applications covering subject matter described in thisdocument. The furnishing of this document does not grant you any license to these patents. You can sendlicense inquiries, in writing, to:

IBM Director of LicensingIBM CorporationNorth Castle DriveArmonk, NY 10504-1785U.S.A.

For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual PropertyDepartment in your country or send inquiries, in writing, to:

Intellectual Property LicensingLegal and Intellectual Property LawIBM Japan Ltd.1623-14, Shimotsuruma, Yamato-shiKanagawa 242-8502 Japan

The following paragraph does not apply to the United Kingdom or any other country where suchprovisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATIONPROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS ORIMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OFNON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Somestates do not allow disclaimer of express or implied warranties in certain transactions, therefore, thisstatement may not apply to you.

This information could include technical inaccuracies or typographical errors. Changes are periodicallymade to the information herein; these changes will be incorporated in new editions of the publication.IBM may make improvements and/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.

Any references in this information to non-IBM Web sites are provided for convenience only and do not inany manner serve as an endorsement of those Web sites. The materials at those Web sites are not part ofthe materials for this IBM product and use of those Web sites is at your own risk.

IBM may use or distribute any of the information you supply in any way it believes appropriate withoutincurring any obligation to you.


Licensees of this program who wish to have information about it for the purpose of enabling: (i) theexchange of information between independently created programs and other programs (including thisone) and (ii) the mutual use of the information which has been exchanged, should contact:

IBM Corporation2Z4A/10111400 Burnet RoadAustin, TX 78758 U.S.A.

Such information may be available, subject to appropriate terms and conditions, including in some casespayment of a fee.

The licensed program described in this document and all licensed material available for it are providedby IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement orany equivalent agreement between us.

Information concerning non-IBM products was obtained from the suppliers of those products, theirpublished announcements or other publicly available sources. IBM has not tested those products andcannot confirm the accuracy of performance, compatibility or any other claims related to non-IBMproducts. Questions on the capabilities of non-IBM products should be addressed to the suppliers ofthose products.

COPYRIGHT LICENSE:

This information contains sample application programs in source language, which illustrate programmingtechniques on various operating platforms. You may copy, modify, and distribute these sample programsin any form without payment to IBM, for the purposes of developing, using, marketing or distributingapplication programs conforming to the application programming interface for the operating platform forwhich the sample programs are written. These examples have not been thoroughly tested under allconditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of theseprograms. The sample programs are provided "AS IS", without warranty of any kind. IBM shall not beliable for any damages arising out of your use of the sample programs.

Trademarks

IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International BusinessMachines Corp., registered in many jurisdictions worldwide. Other product and service names might betrademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at“Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml.

Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarksof Adobe Systems Incorporated in the United States, and/or other countries.

IT Infrastructure Library is a registered trademark of the Central Computer and TelecommunicationsAgency which is now part of the Office of Government Commerce.

Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon,Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or itssubsidiaries in the United States and other countries.

Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.

Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in theUnited States, other countries, or both.


http://www.ibm.com/legal/copytrade.shtml

ITIL is a registered trademark, and a registered community trademark of the Office of GovernmentCommerce, and is registered in the U.S. Patent and Trademark Office.

UNIX is a registered trademark of The Open Group in the United States and other countries.

Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/orits affiliates.

Other product and service names may be trademarks of IBM or other companies.

Notices 237


Index

Numerics1.3 Back up WebSphere

Configuration 152

Aadministrative workstation 6administrative workstationbacking

up 132agent manager

unistalling 143authentication service 82

Bbase services

installation troubleshootingfails to validate 164fails without deployment

engine 162invalid LDAP names 159overview 159recovering from problems 160

removing 146troubleshooting

broken link 167binding LDAP directory 158browser

configuring for FIPS 140-2compliance 133

browser requirementsinstallation 15

CCCMDB

CWLAA6003 165changing

host 220name 220

changing the host namedatabase server

updating the host name 224scripts

parameters for the newcomputer 226

commandsBIND

FDCC 184compatibility

installation 1compliance

Federal Information ProcessingStandard 140-2 232

component requirementsinstallation 12, 15operating system 13

componentsTivoli Provisioning Manager 2

components (continued)verifying after installation 214

configure Virtual Member Manager 75configuring LDAP server

for user authentication only 135configuring VMM 75core components

error messagesrecovery from failure 179

installing 119Cygwin 188error when creating agent manager

profile 180hangs in Cygwin 183, 197recovery from failure 179troubleshooting overview 168,

178uninstalling 144

Creating MEA registation 113CTGIN9077E

error 152, 193custom installation 25

installing silently 207CWLAA6003 165Cygwin

installing 208fails without download site 198first discovery failure 198missing tools 198

uninstalling 208

Ddatabase upgrade errorMaximo 162DB2

BIND commands 184installing

client 50server 49

troubleshootingdatabase error during

installation 153install failure from mismatched

names 153remote connection hangs on

multiprocessor computer 189DB2 client

uninstallation 145default installation 205

installing silently 207Dependency checker

Core components installation 188deploying EAR files 113deployment engine 159deployment engine failure 166device manager service

uninstalling 141directories

default values 233DVD

disk 1 188

dynamic content deliverytroubleshooting

install fails because Java notfound 187

uninstalling 143

EEAR files 112enabling RXA tracing 167error CTGIN2381E 162error CTGIN2489E 162error messages

core componentsrecovery from failure 179

error CTGIN22521I 161installation

after uninstalling WebsphereApplication Server 183

base services 161invalid directory name 185

errorsreturn codes for migration 227

FFDCC

Microsoft Windows VistaCOPCOM618E 199

Federal Information Processing Standardbrowser configuration for standard

140-2 133standard 140-2 232

FIPSSee Federal Information Processing

Standardfirewalls

required ports 16

Ggroups

creating 217

Hhardware

allocating 9hardware requirements

installation 9host name

prerequisitescompleting the property file 221

property fileparameter values 221

scriptsparameter values 221


host nameschanging

database server 224installation requirements 16migrating

components 225provisioning server 222

IIBM Agent Controller

installing and uninstalling 207installation 29, 59

base servicesfails without deployment

engine 162invalid LDAP names 159troubleshooting 159

cannot connect to databaseserver 154

cannot connect to Tivoli DirectoryServer 154

cannot install agent manager andTivoli Common Agent on sameprovisioning server 183

core componentserror when creating agent manager

profile 180hangs in Cygwin 183, 197recovery from failure 179troubleshooting 168

Cygwinfails without download site 198first discovery failure 198missing tools 198

DB2database error 153failure from mismatched

names 153DB2 client 50DB2 server 49dynamic content delivery

failure because Java notfound 187

error messagesafter uninstalling Websphere

Application Server 183base services 161invalid directory name 185

fails with agent manager 181Microsoft Active Directory

configuration error 155incorrect certificate value

error 156middleware

for migration 29insufficient disk space error 152

middleware troubleshooting 151operating systems and

middleware 12other problems

troubleshooting 200Reflection X failure from unrecognized

font 186requirements 5requirements for browsers 15requirements for components 12, 15

installation (continued)requirements for operating system 13supported topologies 6Tivoli Directory Server

cannot write files to homedirectory 155

Tivoli Provisioning Managerfailure with terminal server

enabled 189recovery steps 201

types 3web components

hangs in Cygwin 183, 197node agent error 194removing default installation 190restoring the provisioning

server 192troubleshooting 190

WebSphere Application Serverinvalid domain name suffix 187verifying 232

installation directories 233installation DVDs 23installation images 23installation process 3installing 82

custom installation problems 168Cygwin 208default installation problems 173prerequisite software products 36, 93Tivoli Provisioning Manager core

components 119instance names

rules 21IP addresses

installation requirements 16

Llaunchpad

links do not work 152starting 29, 111

LDAP servermigrating

passwords 219upgrading

passwords 217Linux

troubleshootingediting files changes

permissions 189log files

troubleshooting information 201web components

troubleshooting process solutioninstaller 194

logging offthe provisioning server 216

logging onerror when using login window

manager 156provisioning server 215

MManually building EAR files 112Manually deploying EAR files 113Maximo authentication 75Maximo business objects 164MEA registration 113Microsoft Active Directory

installing 59middleware 29, 36, 93

installinginsufficient disk space error 152

uninstalling 146middleware configuration

base services installationvalidation 164

middleware installation 152, 193Error configuring database 156

migrationreturn codes 227

missing XML 156monitoring agent for Tivoli Provisioning

Managerinstalling 207

Nnetworking

antivirus softwareinstallation requirements 16

installation requirements 16

Ooperating systems combinations

middleware 12out of sync 164

Ppasswords

device manager serviceFDCC 167

provisioning server password 221required for changing the host

name 221rules 21updating after migration 219updating after upgrade 217

path variables 233ports

required 16post-installation configuration 131preinstallation checklist 5prerequisite 36, 93prerequisites

checking automatically 6prerequisites scanner

running 6provisioning

server 220provisioning server

restarting on Windows 211starting after installation on

Windows 133starting on Windows 211


provisioning server (continued)stopping on Windows 211

Rrecovering deployment engine 159reinstalling

Tivoli Provisioning Manager 150removing the deployment engine 166requirements

antivirus software 16firewalls 16host names 16installation media 16IP addresses 16multibyte text 16networking 16ports 16remote configuration 16SSH 16X session 16

runtime 164RXA tracing 167

Sscalable distribution infrastructure 137security

Federal Information ProcessingStandard 140-2 232

setting global variables 137signing off

the provisioning server 216signing on

provisioning server 215silent installation 207

disk space check 186exits before completion 185fails without Cygwin 197

software distribution 137SSL signer

verifying 128starting

Tivoli Provisioning Manager for OSDeployment 213

starting the provisioning server 211starting the provisioning server after

installationon Windows 133stopping

monitoring agent 214stopping the provisioning server 211

Ttioadmin

installing core components fails 179Tivoli Directory Server

passwords 217, 219Tivoli Monitoring agent

starting 214uninstalling 139using 219

Tivoli Provisioning Managercomponents 2reinstalling 150uninstalling 139

Tivoli Provisioning Manager (continued)uninstalling components 139

Tivoli Provisioning Manager for OSDeployment

starting 213uninstalling 140

Tivoli Provisioning Manager with anotherproduct

installing 207Tivoli Provisoning Manager

installationfailure with terminal server

enabled 189topologies

supported for installation 6troubleshooting

Admin mode is slow 199installation 151

base services 159core components 168other problems 200web components 190

installing base services 160log files

process solution installer 194troubleshooting information

for installation 151troubleshooting installation

middleware 151

Uuninstallation WebSphere Application

Server Network Deployment 158uninstalling

agent manager 143Cygwin 208DB2 client 145device manager service 141dynamic content delivery 143middleware 146the base services 146Tivoli Monitoring agent 139Tivoli Provisioning Manager 139Tivoli Provisioning Manager

components 139Tivoli Provisioning Manager core

components 144Tivoli Provisioning Manager for OS

Deployment 140UNIX

editing files changes permissions 189updating administrative

workstation 224updating workstation configuration 224user authentication

configuring LDAP server 135user names

rules 21users

creating 217

VVirtual Member Manager 75

WWeb Administration Tool

installing 217, 219web components

installationrestoring the provisioning

server 192installation troubleshooting

hangs in Cygwin 183, 197node agent error 194overview 190restoring the provisioning

server 190log files

process solution installer 194WebSphere Application Server 164

checking status 207checking version 207installing

verifying the installation 232troubleshooting

deployment of MAXIMO.earfails 161

invalid domain name suffix 187not in sync with Maximo business

objects 165WebSphere Application Server tasks 231Windows XP

COPCOM618EFDCC 199

Index 241


��

Printed in USA