Installation Guide For Windows: Ivo I

Tivoli Provisioning Manager
Version 7.2
Installation Guide for Windows

®
Version 7.2
Installation Guide for Windows

Note
Before using this information and the product it supports, read the information in “Notices” on page 235.
Last updated: December 2010

This edition applies to IBM Tivoli Provisioning Manager 7.2 and to all subsequent releases and modifications until
otherwise indicated in new editions.
© Copyright IBM Corporation 2003, 2010.
US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contract
with IBM Corp.
Contents
Chapter 1. Installation overview . . . . 1 Installing Tivoli Provisioning Manager core
Supported platforms and compatibility . . . . . 1 components . . . . . . . . . . . . . . 119
Product components . . . . . . . . . . . . 2 Installing Tivoli Provisioning Manager web
Installation types . . . . . . . . . . . . . 2 components . . . . . . . . . . . . . . 128
Installation process . . . . . . . . . . . . 3
Chapter 4. Post-installation tasks . . . 131
Chapter 2. Preinstallation tasks . . . . 5 Installing the language pack for Tivoli Monitoring
Preinstallation Step 1: Run the prerequisites scanner 6 agent . . . . . . . . . . . . . . . . 131
Preinstallation Step 2: Read the release notes . . . 6 Backing up the administrative workstation . . . 132
Preinstallation Step 3: Plan the topology . . . . . 6 Configuring a web browser for Federal Information
Single-server deployment . . . . . . . . . 7 Processing Standard 140-2 compliance . . . . . 133
Multiserver deployment . . . . . . . . . 8 Starting the provisioning server on Windows . . . 133
Preinstallation Step 4: Allocate appropriate hardware 9 Manually configuring directory synchronization for
Preinstallation Step 5: Verify component WebSphere Application Server Network
requirements . . . . . . . . . . . . . . 12 Deployment . . . . . . . . . . . . . . 134
Supported operating systems and middleware Configuring the LDAP server for user
combinations . . . . . . . . . . . . . 12 authentication only . . . . . . . . . . . 135
Operating system preinstallation tasks . . . . 13 Adding users and security groups . . . . . 136
Database and directory server requirements . . 15 Defining the boot server after installation . . . . 137
Browser requirements . . . . . . . . . . 15 Setting up the infrastructure for software
Preinstallation Step 6: Verify the environment . . . 16 distribution tasks . . . . . . . . . . . . 137
Preinstallation Step 7: Verify requirements for user
names, database names, and user passwords . . . 21 Chapter 5. Uninstalling Tivoli
Preinstallation Step 8: Prepare installation media . . 23 Provisioning Manager. . . . . . . . 139
If using downloaded installation images . . . . 23 Uninstalling Tivoli Provisioning Manager core
If using installation DVDs . . . . . . . . 24 components . . . . . . . . . . . . . . 139
Uninstalling the Tivoli Monitoring agent . . . 139
Chapter 3. Installing Tivoli Provisioning Uninstalling Tivoli Provisioning Manager for OS
Manager . . . . . . . . . . . . . . 25 Deployment . . . . . . . . . . . . . 140
Example deployment scenarios . . . . . . . . 26 Uninstalling Tivoli Provisioning Manager for
Starting the launchpad . . . . . . . . . . 29 Job Management Service federator . . . . . 141
Installing the middleware on Windows, AIX, and Uninstalling Tivoli Provisioning Manager for
Linux . . . . . . . . . . . . . . . . 29 dynamic content delivery . . . . . . . . 143
Planning worksheets for middleware installation 31 Uninstalling the agent manager . . . . . . 143
The middleware installer workspace . . . . . 34 Uninstalling Tivoli Provisioning Manager
The middleware installer logs . . . . . . . 34 engines . . . . . . . . . . . . . . 144
Installing and configuring the middleware with Uninstalling the DB2 client . . . . . . . . 145
the middleware installer . . . . . . . . . 36 Uninstalling the base services and web components 146
Reusing middleware using the middleware Uninstalling middleware . . . . . . . . . 146
installer. . . . . . . . . . . . . . . 45 Removing items remaining after uninstallation . . 147
Using manually configured middleware . . . . 49 Removing application files and configuration
Changing middleware installer configuration settings . . . . . . . . . . . . . . 147
parameters . . . . . . . . . . . . . 93 Removing the Global Unique Identifier . . . . 148
Starting middleware on Windows . . . . . . 94 Uninstalling and reinstalling the deployment
Stopping middleware . . . . . . . . . . 95 engine database . . . . . . . . . . . . 149
Checking middleware status. . . . . . . . 97 Reinstalling Tivoli Provisioning Manager . . . . 150
Installing the base services . . . . . . . . . 98
Planning worksheet for base services installation 110 Appendix A. Troubleshooting
Starting the launchpad . . . . . . . . . 111 installation . . . . . . . . . . . . 151
Remote configuration enablement. . . . . . 111 Problems during middleware installation . . . . 151
Deploying Provisioning Manager EAR files . . 112 Backing up and restoring the deployment
Manually installing Provisioning Manager engine database . . . . . . . . . . . 151
applications into WebSphere Application Server CTGIN9077E error during middleware
Network Deployment . . . . . . . . . 114 installation . . . . . . . . . . . . . 152
Installing the language pack . . . . . . . 116 Links in the launchpad do not work. . . . . 152
© Copyright IBM Corp. 2003, 2010 iii

Errors with the middleware installer . . . . 152 Installation fails after WebSphere Application
DB2 installation fails when configured names do Server is uninstalled . . . . . . . . . . 183
not match . . . . . . . . . . . . . 153 Core components or web components
Database error during installation . . . . . 153 installation hangs during Cygwin installation . 183
Cannot connect to Tivoli Directory Server . . . 154 DB2 BIND warning during Tivoli Provisioning
Cannot connect to the database server during Manager for OS Deployment installation . . . 184
installation . . . . . . . . . . . . . 154 Tivoli Provisioning Manager installation fails
Tivoli Directory Server installation step fails with invalid directory name . . . . . . . 185
during Tivoli Provisioning Manager installation . 155 Silent installation exits before installation is
The Microsoft Active Directory configuration completed . . . . . . . . . . . . . 185
fails . . . . . . . . . . . . . . . 155 Disk space check failure during silent
Error configuring database during middleware installation of Tivoli Provisioning Manager . . 186
installation . . . . . . . . . . . . . 156 Installation fails because of unrecognized font 186
The Tivoli Provisioning Manager installation Cannot use hyphen in domain name suffix field 187
fails with incorrect certificate value . . . . . 156 Installation of dynamic content delivery fails 187
WAS_HOME error when using login window Core components installation fails during the
manager . . . . . . . . . . . . . . 156 dependency check . . . . . . . . . . . 188
Encountering error CTGIN9042E . . . . . . 157 Error message Insert disk 1 . . . . . . . 188
Uninstallation of WebSphere Application Server Tivoli Provisioning Manager does not install
Network Deployment fails after unsuccessful when terminal server is enabled . . . . . . 189
binding to the LDAP directory . . . . . . 158 Editing text files changes permissions . . . . 189
Problems during base services installation . . . . 158 Remote connection to database hangs when
Recovering from a failed installation without the database server is on a multiprocessor computer 189
uninstallation program . . . . . . . . . 159 Step by step recovery for IBM Tivoli Monitoring
Recovering from problems during base services agent manual installation . . . . . . . . 190
installation . . . . . . . . . . . . . 160 Problems during web components installation . . 190
Deployment of MAXIMO.ear fails . . . . . 161 Recovering from errors during a default
Error CTGIN2252I during base services installation . . . . . . . . . . . . . 190
installation . . . . . . . . . . . . . 161 Recovering from errors during web components
Errors CTGIN2381E or CTGIN2489E during installation . . . . . . . . . . . . . 192
Maximo database upgrade . . . . . . . . 162 Deployment engine error during web
The base services installation fails . . . . . 162 components installation . . . . . . . . . 193
The base services installer fails to validate the Node agent not started during web components
installation . . . . . . . . . . . . . 164 installation . . . . . . . . . . . . . 194
Maximo business objects are out of sync Log files for process solution installer . . . . 194
between the deployment engine and the Core components or web components
WebSphere runtime . . . . . . . . . . 164 installation hangs during Cygwin installation . 197
Maximo business objects from the deployment Silent installation of Tivoli Provisioning
engine gets out of sync with the ones in the Manager fails . . . . . . . . . . . . 197
application server . . . . . . . . . . . 165 First discovery fails after installing Cygwin . . 198
Error CWLAA6003 occurs after CCMDB Cygwin installation fails . . . . . . . . . 198
installation . . . . . . . . . . . . . 165 Missing tools from Cygwin installation . . . . 198
Recovering from deployment engine failure Web components installation fails with registry
during installation. . . . . . . . . . . 166 service unavailable Java exception
Password policy is set to never expire during (IURegException) . . . . . . . . . . . 199
base services installation. . . . . . . . . 167 Turning on Admin mode is slow . . . . . . 199
Enabling RXA tracing . . . . . . . . . 167 Other problems. . . . . . . . . . . . . 200
Problems during core components installation . . 168 Log file errors after successful installation on
Step by step recovery for core components Microsoft Windows Server 2008 R2 Standard
installation (custom installation) . . . . . . 168 Edition (x86 64-bit) any SP . . . . . . . . 200
Step by step recovery for core components Cannot log on after successful installation . . . 200
installation (default installation) . . . . . . 173 Collecting information about installation problems 201
Recovering from problems during core
components installation . . . . . . . . . 178 Appendix B. Other installation and
Error when configuring WebSphere Application configuration tasks . . . . . . . . . 205
Server to run as tioadmin . . . . . . . . 179
Installing Tivoli Provisioning Manager with default
Errors creating the agent manager profile . . . 180
values . . . . . . . . . . . . . . . . 205
Agent Manager installation fails . . . . . . 181
Removing a default installation . . . . . . 207
The common agent and the agent manager
Silent installation and other installation tasks . . . 207
cannot be installed . . . . . . . . . . 183
Installing Cygwin manually . . . . . . . . 208
Removing a Cygwin installation . . . . . . 208
iv IBM Tivoli Provisioning Manager Version 7.2 Installation Guide

Installing Cygwin manually . . . . . . . 209 Assigning the new host name to the
Starting and stopping. . . . . . . . . . . 211 provisioning server . . . . . . . . . . 222
Starting and stopping the provisioning server on Updating the database server host name from
Windows . . . . . . . . . . . . . . 211 the administrative workstation . . . . . . 224
Starting and stopping Tivoli Provisioning Updating the remaining host names . . . . . 225
Manager components. . . . . . . . . . 213 Parameters for the host name rename feature 226
Starting and stopping the Tivoli Monitoring Return codes . . . . . . . . . . . . 227
agent . . . . . . . . . . . . . . . 214 WebSphere Application Server tasks . . . . . . 231
Verifying components . . . . . . . . . . 214 Verifying the installation of WebSphere
Signing on to the provisioning server . . . . . 215 Application Server . . . . . . . . . . 232
Signing off the provisioning server . . . . . 216 Compliance with Federal Information Processing
Working with users . . . . . . . . . . . 217 Standard 140-2 . . . . . . . . . . . . . 232
Creating multiple users with maxadmin privileges 217 Installation directories and other paths . . . . . 233
Changing user passwords . . . . . . . . 219
Using the Tivoli Monitoring agent . . . . . . 219 Notices . . . . . . . . . . . . . . 235
Changing the host name for the provisioning
server . . . . . . . . . . . . . . . . 220
Index . . . . . . . . . . . . . . . 239
Required passwords . . . . . . . . . . 221
Adding the parameter values to the property
file . . . . . . . . . . . . . . . . 221
Contents v
vi IBM Tivoli Provisioning Manager Version 7.2 Installation Guide
Chapter 1. Installation overview
A complete Tivoli® Provisioning Manager product installation is composed of multiple application
components, including the Tivoli Provisioning Manager application itself. To better understand the
installation process, you must have a basic understanding of the installation components.
Supported platforms and compatibility

Tivoli Provisioning Manager supports specific operating systems and is compatible with other products
that are installed together with the base services. The base services are a set of common routines that can
be used by higher level functions such as process managers, and other products that are used by Tivoli
Provisioning Manager.
Supported operating systems
Tivoli Provisioning Manager can be installed on the following operating systems:

v Microsoft Windows Server 2008 R2 Enterprise Edition (x86 64-bit)
v Microsoft Windows Server 2008 R2 Standard Edition (x86 64-bit)
v Microsoft Windows Server 2008 Datacenter Edition (x86 64-bit)
v Microsoft Windows Server 2008 Enterprise Edition (x86 64-bit)
v Microsoft Windows Server 2008 Standard Edition (x86 64-bit)
v Microsoft Windows Server 2003 R2 Enterprise Edition SP2 (x86 64-bit)
v Microsoft Windows Server 2003 R2 Standard Edition SP2 (x86 64-bit)
v Microsoft Windows Server 2003 Standard Edition SP2 (x86 64-bit)
v Microsoft Windows Server 2003 Enterprise Edition SP2 (x86 64-bit)
Note: The supported operating systems and versions reflect what was tested with Tivoli Provisioning
Manager. Differences in other editions or changes implemented in other versions for an operating system
might cause errors during or after installation. Therefore, ensure that you are using the specific edition
and version of the operating system as indicated.
Middleware compatibility
Tivoli Provisioning Manager does not support the following middleware, which might be supported by
other products installed on base services:
v Oracle WebLogic Server as an application server
v Microsoft SQL Server as a database server
v Oracle Database as a database server installed on Windows
If you have installed another product on base services with any of these middleware applications, you
cannot share the same middleware or base services installation with Tivoli Provisioning Manager. For
more information about the supported operating system requirements for middleware and other Tivoli
Provisioning Manager components, see “Preinstallation Step 5: Verify component requirements” on page
12.
Base services compatibility
Tivoli Provisioning Manager requires that the version of the base services is version 7.1.1.6. Tivoli
Provisioning Manager V7.2 Fix Pack 1 will not upgrade the base services. After applying the fix pack, the
base services will remain unchanged at version 7.1.1.6.
© Copyright IBM Corp. 2003, 2010 1

Product components
Tivoli Provisioning Manager includes components that provide specific capability.
Table 1. Product components
Component Description
®
Application server: WebSphere Tivoli Provisioning Manager is a Web-based application that uses
Application Server WebSphere Application Server as the application server.
HTTP server: IBM® HTTP Server The HTTP server is a separate, dedicated HTTP server that can be
configured to work with the application server.
Database server: The database server hosts the provisioning database, which includes the
v DB2 ® data model of managed assets. It also stores the Maximo® database which
contains text for the user interface and field-level help.
v If you want to use DB2, you can either install it as part of the Tivoli
Provisioning Manager installation, or use an existing version of DB2 from
your system.
Directory server: Tivoli Directory The directory server provides user authentication and access control.
Server or Microsoft Active Directory v If you want to use Tivoli Directory Server, you can either install it as part
of the Tivoli Provisioning Manager installation, or use an existing version
of Tivoli Directory Server from your system.
v If you want to use Microsoft Active Directory, you must obtain your own
Microsoft Active Directory and install it before installing Tivoli
Tivoli Provisioning Manager for Tivoli Provisioning Manager for Dynamic Content Delivery management
Dynamic Content Delivery center provides centralized control of the uploading, replication, and
management center downloading of files. It also monitors the state of depot servers in
distributed locations and stores file data.
Tivoli Provisioning Manager for Job Also called the device manager service, this component acts as a federated
Management Service federator server that manages job distribution. It pushes incoming jobs to all of the
endpoint agents or regional agents.
The agent manager The agent manager is the server component of the Tivoli Common Agent
Services, and provides secure connections with managed computers on
which the common agent is installed. Tivoli Provisioning Manager uses the
Tivoli Common Agent Services for software distribution and compliance.
Tivoli Provisioning Manager for OS Tivoli Provisioning Manager for OS Deployment is a component used for
Deployment operating system provisioning. It provides operating system management
capability including deployment of captured images and unattended setup.
Tivoli Monitoring agent The Tivoli Monitoring agent is a component that lets you monitor the
provisioning server.
Administrative workstation The administrative workstation is used to deploy Tivoli Provisioning
Manager. After the initial deployment, the administrative workstation is
used to make updates or changes to the deployment and add additional
process manager applications. Changes to the deployment typically require
that the product Enterprise Archive (EAR) files be rebuilt, which can only be
done from the administrative workstation.
Web components The Tivoli Provisioning Manager web components are a set of applications
specific to provisioning.
Installation types
Depending on the operating system, either the custom installation is supported only, or both a custom
and default installation are supported.
2 IBM Tivoli Provisioning Manager Version 7.2 Installation Guide

Tivoli Provisioning Manager offers two installation options: a default and a custom one. To help you
choose your installation type, it is important to understand the differences between them.
Default and custom installations are supported on Windows
The following table compares default and custom installations to help you plan your installation:
Table 2. Default versus custom installation
Default installation Custom installation
For demonstration, evaluation, or testing purposes, or as For managing production enterprise assets and processes.
a learning environment.
Installs Tivoli Provisioning Manager with default Allows you to customize settings such as user names,
settings. installation directories, and port numbers.
You cannot use an existing database server, directory v You can use middleware that is already installed:
server, or application server. The middleware for a
– WebSphere Application Server
default installation is Tivoli Directory Server, DB2, and
WebSphere Application Server. – DB2
– Oracle
– Tivoli Directory Server or Microsoft Active
Directory
v The middleware installer can install DB2, Tivoli
Directory Server, or WebSphere Application Server for
you. Other supported middleware programs must be
preinstalled and configured manually.
All components are installed on a single computer. The database server and the directory server can be
installed on separate computers.
English language installation only. Includes Tivoli Provisioning Manager runtime in
languages other than English.
Installation process
These steps describe the preinstallation tasks, the installation of the software, and post-installation tasks.
1. Verify that you meet all the prerequisites for installation. For more information, see Chapter 2,
“Preinstallation tasks,” on page 5.
2. Start the launchpad to install the product.
For a default installation, proceed to “Installing Tivoli Provisioning Manager with default
Default
values” on page 205.
Custom
Default
XML For a custom installation, install components in the following order:
a. Install the middleware. If you are using existing middleware, it must be installed and configured
as required.
b. Install the base services.
c. Install the language pack on the same computer as the base services.
d. Install Tivoli Provisioning Manager core components on the same computer as the application
server.
e. Install Tivoli Provisioning Manager web components on the same computer as the base services.
For more information about the custom installation, see Chapter 3, “Installing Tivoli Provisioning
Manager,” on page 25.
3. Perform required post-installation tasks. For more information, see Chapter 4, “Post-installation tasks,”
on page 131.
Chapter 1. Installation overview 3

Chapter 2. Preinstallation tasks
Before starting the Tivoli Provisioning Manager installation, verify that your environment meets the
requirements.
1. Run the prerequisites

scanner
2. Read the
release notes
3. Plan the topology
4. Allocate the appropriate

hardware
5. Verify component
requirements
6. Verify the
environment
7. Verify user
requirements
8. Prepare
installation media
Ready for installation
Figure 1. Preinstallation steps for new installation
If the provisioning server does not have Internet access, you must manually install Cygwin. For more
information, see “Installing Cygwin manually” on page 208.

Preinstallation Step 1: Run the prerequisites scanner
To automatically verify if your environment meets the Tivoli Provisioning Manager installation
requirements, use the prerequisites scanner.
Procedure
1. Download the prerequisites scanner from the Integrated Service Management Library at
http://www-01.ibm.com/software/brandcatalog/ismlibrary/details?catalog.label=1TW10OT10.
2. Extract the prerequisites scanner from the .zip or .tar file.
3. Run the prerequisites scanner using the following command, depending on your operating system,
operating system version, and hardware. Run the command from the directory where you extracted
the .tar or .zip file.
Table 3. Prerequisites scanner syntax
Operating system and hardware Syntax
2008 Microsoft Windows Server 2008 prereq_checker.bat "COX,COZ" detail
2003 Microsoft Windows Server 2003 prereq_checker.bat "COY,COZ" detail
In the command, the detail parameter specifies that the results of the prerequisites scanned are
displayed on the console.
4. Review the output of the prerequisites scanner stored in the result.txt file.
What to do next
If the results of the prerequisites scanner indicate failures, complete the tasks from “Preinstallation Step 5:
Verify component requirements” on page 12 to “Preinstallation Step 8: Prepare installation media” on
page 23 to resolve the problems before starting the installation.
Preinstallation Step 2: Read the release notes

Before starting the installation, see the latest documentation updates in the release notes for important
information.
For more information about the latest documentation updates, see Tivoli Provisioning Manager Version
7.2 Release Notes.
Preinstallation Step 3: Plan the topology

Use this information to determine the best deployment option for your environment and business needs.
There are two primary deployment strategies:

Single-server
The single-server topology consists of loading all runtime components, including all middleware,
the administrative workstation, and process managers, onto one server. This is typically used for
evaluation purposes, as a demonstration, or as a learning environment. For managing enterprise
assets and processes, you would typically implement a multiserver topology.
Multiserver
The multiserver topology consists of splitting components across several different servers. This is
beneficial because it optimizes resource use and decreases the workload on each server. This type
of deployment is typical for production use within an enterprise.

A typical deployment process might begin with a single-server topology that would move through phases
of demonstration, functional proof-of-concept, and testing integration within the existing environment,
and then gradually move towards a pilot multiserver environment before finally implementing a
production deployment within the enterprise.
Administrative workstation
The software that deploys the Tivoli Provisioning Manager support component.
Single-server deployment
A single-server deployment is frequently used as an evaluation, educational, or demonstration
configuration.
This topology is used for a default installation, where all components are installed on a single server with
default values.
Provisioning server
- Application server
- Database server
- Directory server
- Base services
- Core components
- Web components
You can install all components on a single server if you are using one of the following operating systems:
v Microsoft Windows Server 2008 R2 Enterprise Edition (x86 64-bit)
v Microsoft Windows Server 2008 R2 Standard Edition (x86 64-bit)
v Microsoft Windows Server 2008 Datacenter Edition (x86 64-bit)
v Microsoft Windows Server 2008 Enterprise Edition (x86 64-bit)
v Microsoft Windows Server 2008 Standard Edition (x86 64-bit)
v Microsoft Windows Server 2003 R2 Enterprise Edition SP2 (x86 64-bit)
v Microsoft Windows Server 2003 R2 Standard Edition SP2 (x86 64-bit)
v Microsoft Windows Server 2003 Standard Edition SP2 (x86 64-bit)
v Microsoft Windows Server 2003 Enterprise Edition SP2 (x86 64-bit)
The administrative workstation must be a separate server if the provisioning server is installed on a
platform that is not supported by the deployment software for the base services and web components.
The deployment software is used to install or update the product, but it is not required during operation
of the product. For details about the supported installation platforms for product components, see
“Preinstallation Step 5: Verify component requirements” on page 12.
The following figure shows a deployment with all the Tivoli Provisioning Manager runtime components
on one server and a separate server being the administrative workstation.
Chapter 2. Preinstallation tasks 7

Provisioning server Administrative workstation
- Application server - Deployment directory
- Database server
- Directory server
- Base services
- Core components
- Web components
Multiserver deployment
Custom
Default
XML
Deployment on multiple servers is the recommended deployment topology for a production environment.
Deployment on multiple servers is only available for a custom installation. When planning your
deployment strategy, determine if it will include systems that are already established in your network.
Installing all new components using the middleware and Tivoli Provisioning Manager installation
programs simplifies the deployment. If you plan to reuse or migrate resources that already exist in your
network, make adjustments to your rollout plan to allow time for bringing the existing resources to
versions that are compatible with Tivoli Provisioning Manager.
In the following figure, Tivoli Provisioning Manager has been deployed on a collection of systems.
Directory server
Database server Provisioning server Administrative workstation

- Application server - Deployment directory
- Base services
- Core components
- Web components
In this figure, components for Tivoli Provisioning Manager are installed on separate systems to promote
load balancing, redundancy, reuse, security, and availability. Components can also be grouped logically
and installed on the same system. In a disparate environment, the collection of servers can be a mixture
of Windows and UNIX servers. The administrative workstation is used to install or update the product,
but it is not required during the operation of the product.
The following deployments are supported depending on the operating system.

Table 4. Supported topologies for the administrative workstation when Windows is installed on the provisioning server
Separate server: Separate server:
Platform used for Separate server: Separate server: SUSE Linux(r) Red Hat Enterprise
the provisioning any supported AIX® 6.1 TL3 (IBM Enterprise Server Linux 5 Update 4
server Same server Windows platform System p® 64-bit) 10 SP3 (x86 64-bit) (x86 64-bit)
Windows - any
supported platform
Supported multiserver topologies
The following components can be on a separate server:

v The database server.
v The directory server.
v The administrative workstation. This must be on a separate computer if the provisioning server is
installed on a platform that is not supported by the deployment software for the base services and web
components.
Reusing middleware
You can reuse existing middleware as Tivoli Provisioning Manager components. For example, you might
have a database instance in an existing database server, which already has established access policies,
redundancy measures, and backup plans in place. If you plan to reuse existing middleware, ensure that
they are at the level supported by Tivoli Provisioning Manager. The middleware and installation
programs do not provide a mechanism for patching servers at previous version levels, nor do these
programs provide remote prerequisite checks to ensure that they are at the correct level.
The following middleware can be reused:

Can be automatically configured
DB2 9.5 FP3a and Tivoli Directory Server 6.2.0.2 and 6.1.0.10. For information about specific
platforms for which Tivoli Directory Server 6.1.0.10 is supported, see “Preinstallation Step 5:
Verify component requirements” on page 12. For information about reusing middleware, see
“Reusing middleware using the middleware installer” on page 45.
Must be manually installed and configured
IBM WebSphere Application Server, Oracle Database (if supported), and Microsoft Active
Directory. For more information, see “Using manually configured middleware” on page 49.
Preinstallation Step 4: Allocate appropriate hardware

Hardware requirements depend on usage. For hardware requirements for software that is not listed in
this section, see the documentation provided with that product.
Processor requirements for the provisioning server

v 2.4 GHz x86 64-bit or AMD64 processor

Minimum memory requirements
Table 5. Minimum memory requirements for single and multiserver topology
Single-server topology Multiserver topology
8 GB RAM
DB2 server
4 GB RAM
WebSphere Application Server Network Deployment
6 GB RAM
Tivoli Directory Server
2 GB RAM
Administrative workstation requirements

v 2 GHz processor (minimum)
v 2 GB RAM (minimum)
v 10 Mbit/s network connection between administrative system and middleware servers (minimum)
Note: The deployment engine used by the base services is always installed in the Windows system root
directory of the administrative workstation, by default, C:\program files\ibm\acsi, regardless of the
directory specified during the installation. Ensure that permissions are set to allow the deployment
engine to be installed in the Windows root directory.
Disk space
The following table details the disk space that must be allocated to each directory for the installation
process. Because these directories do not exist before installation, you must ensure that the parent
directory of these directories has sufficient space available for the installation.
Network file systems: Tivoli Provisioning Manager includes a lightweight infrastructure run time that
uses file system locking to manage concurrency. These lock files are managed in the lightweight
infrastructure installation directory under the TIO_HOME directory in the file system. If you are
installing Tivoli Provisioning Manager on a network file system, ensure that the file system has adequate
lock management support. For example, in a high availability disaster recovery configuration, if the
primary computer fails and is no longer available, the file system must be able to automatically unlock all
the locks associated with the primary computer. If this type of lock support is unavailable, you can create
soft links for the following directories to a local file system with correct lock management support:
v TIO_HOME/lwi/conf
v TIO_HOME/lwi/logs
Windows disk space requirements
Ensure that you have 60 GB of available space on disk C:\, as detailed in the following table.
Table 6. Disk space requirements for Windows
Required
Component Directory free space
Installation images user-specified location 12 GB
Base services deployment directory C:\ibm\SMP 5 GB
Base services language pack C:\ibm\SMP 100 MB
System temporary directory %TEMP% 2.5 GB

Table 6. Disk space requirements for Windows (continued)
Required
Temporary space
If you use the system temporary directory (%TEMP%) for all three types of temporary space, a total of 6 GB is
required. Otherwise, ensure that you have enough space in each of the temporary locations.
Default Temporary space for the middleware user-specified location (the default value is 1 GB
installer %TEMP%)
Default Temporary space for the software user-specified location (the default value is 6 GB
repository %TEMP%)
System temporary directory %TEMP% 2.5 GB

Installation components
Cygwin C:\Cygwin 200 MB
GSK toolkit C:\ibm\gsk7 10 MB
Tivoli Provisioning Manager C:\Program Files\IBM\tivoli\tpm 6 GB
Tivoli Monitoring agent C:\ibm\tivoli\ITM 250 MB
Tivoli Provisioning Manager for OS Deployment C:\Program Files\IBM\TPMfOSd 5 MB
C:\Program Files\Common Files\IBM Tivoli 150 MB
Tivoli Provisioning Manager for OS Deployment C:\tpmfosd 150 MB
data directory
The agent manager C:\Program Files\IBM\AgentManager 100 MB
Tivoli Provisioning Manager for Job Management C:\Program Files\IBM\DeviceManager 200 MB
Service federator
Tivoli Provisioning Manager for Dynamic C:\Program Files\IBM\tivoli\CDS 150 MB
Content Delivery
Common Tivoli files, including common logs C:\Program Files\IBM\tivoli\common\COP\logs 100 MB
2000
DB2 DB2 server SystemDrive:\Program Files\IBM\SQLLIB 1 GB
2000
DB2 DB2 database instance C:\CTGINST1 10 GB
2000
DB2 SystemDrive:\Program Files\IBM\SQLLIB 1.5 GB
Custom
Default
XML DB2 client (for multiserver
deployment)
Tivoli Directory Server C:\Program Files\IBM\LDAP\V6.2 450 MB
Tivoli Directory Server database C:\IDSCCMDB 900 MB
Files for the Tivoli Directory Server database C:\idslap-idsccmdb 1 MB
WebSphere Application Server C:\Program Files\IBM\WebSphere\AppServer 4 GB
IBM HTTP Server C:\Program Files\IBM\HTTPServer 1.1 GB
Files for the middleware installer C:\ibm\tivoli\mwi 100 MB
Solution installer used by the middleware C:\Program Files\IBM\Common\acsi 400 MB
installer and the base services installer
Common Tivoli files C:\Program Files\tivoli 25 MB
IBM JRE C:\Program Files\IBM\Java50 250 MB
Default Back up files for a default installation C:\backup 2 GB

Table 6. Disk space requirements for Windows (continued)
Required
Note:
v You might require more space on File Allocation Table (FAT) drives with large cluster sizes than with New
Technology File System (NTFS) drives.
v Plan for additional disk space for database growth. The required disk space depends on various factors, including
the configuration of the database and the number of managed target computers. For example, if you are
managing 50000 targets, allocate 50 GB of free disk space. Consider storing the database on a separate, dedicated
storage device, so that performance is not affected by other applications that are accessing the same device.
DVD drive
If you are using DVDs to install the product, each computer in your topology must have a DVD drive.
Preinstallation Step 5: Verify component requirements

Tivoli Provisioning Manager contains a number of components and products that work together. Ensure
that you meet the requirements for all the product components.
Supported operating systems and middleware combinations

This section outlines the middleware combinations with the supported operating systems and versions.
The Tivoli Provisioning Manager software is installed on the same computer as the application server. If
you are using a multiserver topology, ensure that you verify the component requirements on each
computer in the topology.
v “Supported operating systems and middleware combinations for Windows”
Supported operating systems and middleware combinations for Windows

Note: Cygwin 1.5.10 or later is required on the provisioning server. You can install Cygwin either as part of the Tivoli
Provisioning Manager installation or manually before installing Tivoli Provisioning Manager. Because Cygwin cannot
be installed correctly in a XEN environment, installation of Tivoli Provisioning Manager in a XEN environment is not
supported.
Application
Database server Directory server
IBM
WebSphere
Application
Server IBM Tivoli Microsoft
Network Directory Active
Oracle Deployment Server 6.1.0.10 Directory 2003 Administrative
Operating system and platform DB2 9.5 FP3a Database 6.1.0.29 or 6.2.0.2 SP2 workstation
Microsoft Windows Server 2008 R2 Enterprise 6.2.0.2 only
Edition (x86 64-bit)
Microsoft Windows Server 2008 R2 Standard 6.2.0.2 only
Microsoft Windows Server 2008 Datacenter 6.2.0.2 only
Microsoft Windows Server 2008 Enterprise 6.2.0.2 only
Microsoft Windows Server 2008 Standard 6.2.0.2 only
Microsoft Windows Server 2003 R2 Enterprise 6.2.0.2 only
Edition SP2 (x86 64-bit)
Microsoft Windows Server 2003 R2 Standard 6.2.0.2 only

Note: Cygwin 1.5.10 or later is required on the provisioning server. You can install Cygwin either as part of the Tivoli
Provisioning Manager installation or manually before installing Tivoli Provisioning Manager. Because Cygwin cannot
be installed correctly in a XEN environment, installation of Tivoli Provisioning Manager in a XEN environment is not
supported.
Application
Database server Directory server
IBM
WebSphere
Application
Server IBM Tivoli Microsoft
Network Directory Active
Oracle Deployment Server 6.1.0.10 Directory 2003 Administrative
Operating system and platform DB2 9.5 FP3a Database 6.1.0.29 or 6.2.0.2 SP2 workstation
Microsoft Windows Server 2003 Enterprise
Microsoft Windows Server 2003 Standard
Operating system preinstallation tasks

Before installation, perform the following tasks depending on your operating system.
Windows preinstallation tasks

Verify that the 8.3 file format is enabled
1. Open a command prompt window and run
fsutil behavior query disable8dot3
2. If the output is disable8dot3 = 0, then the 8.3 file format is enabled. Otherwise, run
fsutil behavior set disable8dot3 0
Check requirements for Windows services
From the Control Panel, open the Services panel and check the following services:
1. DNS Client: Disable this service so that host names are not cached and are always resolved by a DNS
server with current IP addresses.
2. Remote Registry: Ensure that this service is enabled.
3. Windows Management Instrumentation: Ensure that this service is started.
2003
Check if Terminal Server is installed and verify its settings
1. Click Start > Control Panel.
2. Click Add or Remove Programs and Click Add/Remove Windows Components.
3. In the list, verify that Terminal Server is installed.
4. If Terminal Server is installed, configure Terminal Server to install mode. Open a command prompt
and run the command:
change user /install
Check Windows Scripting Host
By default, Windows Scripting Host is installed.
To check if Windows Scripting Host is enabled: 2008

2. Click Programs.
3. Under Default Programs, click Make a file type always open in a specific program.

4. In the list, verify that VBS VBScript script file is listed as a file type.
2003
1. In Windows Explorer, click Tools > Folder Options.

2. Click the File Types tab and verify that VBS VBScript script file is listed as a file type.
Verify that NetBIOS is enabled
NetBIOS must be enabled because the Tivoli Provisioning Manager computer has a static IP address.
To verify that NetBIOS is enabled: 2008

2. Under Network and Internet, click View network status and tasks.
3. Under Tasks, click Manage network connections.
4. Right-click Local area connection and click Properties.
5. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
6. Click Advanced and click the WINS tab.
7. Under NetBIOS setting, select Default.
2003
1. From the Control Panel, open the Network Connections panel.
2. Right-click the local area connection, and then click Properties.
3. In the list, select Internet Protocol (TCP/IP) and click Properties.
4. Click Advanced and click the WINS tab.
5. Under NetBIOS setting, select Default.
Verify required user rights
When installing WebSphere Application Server and DB2 on Windows 2003 and later operating systems,
the user who installs the product must be a member of administrators group and also have
administrative permissions. If you are a member of a local administrators group and you use a local user
account, you can enable the built-in Administrator account and use it to connect:
From the Control Panel, click Administrative Tools > Local Security Policy > Local Policies > User
Rights Assignment. You must add the Administrator account to the following required rights:
v Act as part of the operating system
v Create token object
v Lock pages in memory
v Log on as a service
v Adjust memory quotas for a process
v Replace a process level token
Disable automatic updates
By default, the Windows automatic updates are enabled. If you do not disable them, some Windows
updates require a reboot of the provisioning server, which might cause the Tivoli Provisioning Manager
installation to fail. For information about disabling Windows updates, see your Microsoft Windows
documentation.
2008
Uninstall Global Secure ToolKit
If Global Secure ToolKit (GSKit) is installed on your system, you must uninstall it before you start the
installation, otherwise the installation might fail.

Database and directory server requirements
Ensure that you meet the requirements for your operating system or database before installing Tivoli
Database server requirements

DB2 is supported on Windows, UNIX, and Linux. Oracle Database is supported on UNIX and Linux.
2000
DB2
DB2 Enterprise Server 9.5 FP3a
If you are planning to use DB2 as your database, review the following information:
v To meet the table space disk space requirements for the DB2 installation, ensure that you have a
minimum of 8 GB of free space in the DB2 installation directory.
Directory server requirements

Either Tivoli Directory Server or Microsoft Windows Server 2003 Active Directory are supported as
directory server.
If you are planning to use Tivoli Directory Server as your directory server, review the following
information:
v Depending on the operating system, Tivoli Directory Server can be installed either automatically, as
part of the middleware installation, or must be installed manually.
v If you are installing a new Tivoli Directory Server, and you do not have corporate password change
procedures already in place, you must perform the steps in “Changing user passwords” on page 219
before attempting to change user passwords.
Microsoft Windows Server 2003 Active Directory
If you are planning to use Microsoft Windows Server 2003 Active Directory as your directory server,
review the following information:
v Microsoft Active Directory Application Mode (ADAM) is not supported.
v You must obtain your own Microsoft Active Directory installation media and install it before installing
Tivoli Provisioning Manager.
v Before installing and setting up your Microsoft Active Directory system, ensure that you meet all
requirements, as detailed in the Microsoft Active Directory documentation.
Browser requirements
Tivoli Provisioning Manager requires a browser to run the installation launchpad and the web interface.
Ensure that you meet the browser requirements.
The following web browsers are supported:

v Microsoft Internet Explorer version 6.0 or 7.0 with the latest patch.
v Mozilla Firefox 3.0 and higher.
To verify the Mozilla Firefox version, run:
firefox -version
Ensure that the command returns no errors before starting the installation.
Note: You can remove the browser and the associated packages after the installation is completed.

Preinstallation Step 6: Verify the environment
Verify rules for host names, IP addresses, ports, remote network connections, and other environment
requirements.
Host names and IP addresses
The following requirements apply to host names:

v A fully qualified domain name must be configured. For example, if the host name is river and the
domain name is example.com, the fully qualified domain name is river.example.com. This value is
case-sensitive.
v A static IP address must be configured. A dynamic IP address is not supported for the provisioning
server.
2008 To configure a static IP address:

2. Under Network and Internet, click View network status and tasks.
3. Under Tasks, click Manage network connections.
4. Right-click Local area connection and click Properties.
5. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
6. Ensure that Use the following IP address is selected and enter the IP address that you are using for
the provisioning server. If you do not know the IP address, contact your system administrator.
2003 To configure a static IP address:

1. Click Start > Control Panel > Network Connections.
2. Right-click the LAN connection that represents your network adapter and click Properties.
3. Select Internet Protocol (TCP/IP) and click Properties.
4. Ensure that Use the following IP address is selected and enter the IP address that you are using for
the provisioning server. If you do not know how to set a static IP address, contact your network or
system administrator.
Resolving host names with a DNS server
If you are using a DNS server to resolve host names, the host name must be configured on the DNS
server. Also, the host name configured on the DNS server must match the host name configured in the
operating system. To verify that the host names match, complete the following steps:
1. Check the host name configured in the operating system. Run the following command:
hostname
The command returns the short host name for the computer, for example, mycomputer.
2. 2008 Verify the computer name information:
a. Click Start > Control Panel > System and Maintenance > System.
b. Under Computer name, domain, and workgroup settings, verify that Full computer name
displays the fully qualified domain name of the computer. For example mycomputer.example.com.
This value is case-sensitive.
c. If you need to modify the name, complete the following steps:
1) Click Change Settings.
2) In the System Properties dialog box, click Change.
3) Verify that the Computer name field displays the correct host name. For example, mycomputer.
Change the name if necessary.
4) Click More.
5) In the DNS Suffix and NetBIOS Computer Name dialog box, verify that the Primary DNS
suffix of this computer field displays the correct domain name suffix. For example,
example.com. Change the suffix if necessary.
3. 2003 Verify the computer name information:

a. Right-click My Computer and click Properties.
b. Click the Computer Name tab.
c. Verify that the Full computer name field displays the fully qualified domain name of the
computer. For example mycomputer.example.com.
d. If you need to modify the name, complete the following steps:
1) Click Change.
2) In the Computer Name Changes window, verify that the Computer name field displays the
correct host name. For example, mycomputer. Change the name if necessary.
3) Click More.
4) In the DNS Suffix and NetBIOS Computer Name dialog box, verify that the Primary DNS
suffix of this computer field displays the correct domain name suffix. For example,
example.com. Change the suffix if necessary.
4. Check the host name configured on the DNS server. Run the following command:
nslookup host_name
where host_name is the short host name returned in the previous step.
The nslookup command returns the fully qualified domain name configured on the DNS server, for
example, mycomputer.example.com.
5. 2008 If the nslookup command does not return the correct domain name, ensure that your
network connection is correctly configured to resolve domain names:
a. Click Start > Control Panel.
b. Under Network and Internet, click View network status and tasks.
c. Under Tasks, click Manage network connections.
d. Right-click Local area connection and click Properties.
e. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.
f. Click Advanced.
g. Click the DNS tab.
h. If Append these DNS suffixes (in order) is selected, ensure that the domain name is listed at the
top of the list of DNS suffixes.
i. If the domain name is not included in the list, click Add to add the domain name and click the up
arrow icon to position it at the top of the list.
6. 2003 If the nslookup command does not return the correct domain name, ensure that your
network connection is correctly configured to resolve domain names:
a. Click Start > Settings > Control Panel > Network Connections.
b. Right-click the local area connection, and then click Properties.
c. Select Internet Protocol (TCP/IP) and then click Properties.
d. Click Advanced.
e. Click the DNS tab.
f. If Append these DNS suffixes is selected, ensure that the domain name is listed at the top of the
list of DNS suffixes.
g. If the domain name is not included in the list, click Add to add the domain name and click the
up arrow button to position it at the top of the list.
h. Click OK.
Resolving host names with a hosts file
If you are using a hosts file to resolve IP addresses, the file must be configured correctly. The file is
typically located in:
v C:\WINDOWS\system32\drivers\etc\hosts
Verify that you can run the command ping localhost successfully. If you receive an error, there might be
a problem with the format of your hosts file. The file must include the following information, in the order
that is specified:
v The IP address, fully qualified domain name, and host name of the computer where you are running
the installer as the first entry.

v The IP address 127.0.0.1, the fully qualified domain name localhost.localdomain, and the host name
localhost.
For example, for a computer with the host name river, the file content is like the following example:
#IP address Fully Qualified Domain Name Short Name
10.0.0.12 river.example.com river
127.0.0.1 localhost.localdomain localhost
Remote configuration for multiserver topologies
If you are using a multiserver topology, the base services installation uses Remote Execution and Access
(RXA) to configure middleware. To use RXA, a supported remote access protocol must be enabled on
each computer on which you are installing middleware and an administrative user must be configured
on each computer for remote access.
In a remote configuration, accessing network drives on the local or remote system is not supported.
v You must use a user name with administrative access to connect to the computer.
v The remote access protocol must be SMB. Ensure that the default protocols are enabled:
– Client for Microsoft Networks or the server equivalent.
– File and Printer Sharing for Microsoft Networks.
v Cygwin SSH is not supported. If Cygwin is installed on a remote Windows computer, the SSH daemon
must be stopped. To stop SSH, run:
cygrunsrv --stop sshd
v If you are using a firewall, ports 137 (NetBIOS name service) and 139 (NetBIOS session) must not be
blocked.
v To ensure correct operation, RXA requires access to the hidden remote administrative disk share, to
access %TEMP% and other directories. To access remote registries, RXA requires access to the
Interprocess Communications share (IPC$). To do this:
1. Click Start > Control Panel > Administrative Services > Services.
2. Ensure that the following services are started:
– Computer Browser.
– Routing and Remote Access.
Networking requirements
If you want to support IPv6 addressing in Tivoli Provisioning Manager, Cygwin 1.7 or later must be
installed.
Network media speed settings

1. Open the device manager by running the command devmgmt.msc from the Start > Run menu.
2. Right-click Network adapters and click Properties.
3. Under the Advanced tab, set the Link Speed & Duplex option. Contact your system administrator to
set the option to the correct value.
Port requirements
Verify dynamic port allocation:

1. At a command prompt, run:
netsh int ipv4 show dynamicport tcp
netsh int ipv4 show dynamicport udp
2008

netsh interface ipv4 show dynamicportrange tcp
2. In the output, check the starting port value. If port numbers in the range 8800 - 10000 are listed,
change the starting port value by running:
netsh int <ipv4|ipv6> set dynamic <tcp|udp> start=number num=range
where number is the starting port number and range is the total number of ports. Ensure that you do
not set the starting port number to a value in the range from 8800 to 10000, because the ports in this
range are used by WebSphere Application Server.
The ports listed in the following table must be available.
Note: A PING command issued from the administrative workstation during installation must receive a
response from each server involved in the deployment. Ensure that each middleware host server is
configured to respond to PING requests.
Table 7. Communication ports used by Tivoli Provisioning Manager. In the Direction column the arrow points from
the source port to the destination port.
Usage Protocol Provisioning server Direction Managed computer port
port
The agent manager TCP 9511, 9512, 9513 ← any
BootDiscovery UDP (multicast) 4011 ← any
IP:233.1.0.1
DCHP REPLY UDP 67 → 68
DHCP REQUEST UDP (broadcast) 67 ← any
Directory server admin 3538
daemon port
Directory server admin 3539
daemon secure port
Directory server port 389
Directory server secure 636
port
Eclipse embedded TCP 1527 ← any
database
FASTPort UDP 4025 ← any
FileServerPort UDP 4013 ← any
FileMCAST-Address UDP any → 10000
HTTPServer 80 (9080)
MTFTPPort UDP 4015 ← any
MTFTPClients UDP (multicast) any → 8500
IP:233.1.0.1
NBPServer UDP 4012 ← any
NetBIOS name service TCP 137 ← 137
→
Used during installation. In
multiserver topologies, enable
the port on a remote database
server or remote directory
server.
PROXY DHCP UDP 4011 ← any

Table 7. Communication ports used by Tivoli Provisioning Manager (continued). In the Direction column the arrow
points from the source port to the destination port.
SMB/NetBIOS TCP any → 445
SNMP UDP any → 161
SNMP-TRAP UDP 162 ← any
SSH TCP any → 22
Telnet TCP 23 ← any
TFTP UDP 69 ← any
TS TCP any → 3389
WebSphere Application TCP 8881, 9082, 9045, 9046, ← any
Server 9443
WebSphere Application 8879
Server SOAP port
WebSphere Application 9043, 9044
Server Administrative
Console secure port
WebSphere Application 9060, 9061
Server Administrative
Console
Web Server port 9430
2000
DB2 DB2 instance 50005
port
SSH requirements
1. The file /etc/ssh/sshd_config exists. This file contains SSH configuration settings that are used to
validate other SSH requirements for installation.
2. root access is permitted by the SSH daemon (sshd). In the file /etc/ssh/sshd_config, ensure that the
PermitRootLogin line is not commented out and that the value for this setting is yes.
3. SSH must be running to perform installation. To check the status of SSH, run:
ps -ef | grep sshd
If SSH is running, an entry for /usr/sbin/sshd is displayed.
POWER7®
1. Add JAVA_COMPILER=NONE to /etc/environment on the system.
2. Ensure JAVA_HOME is not set in the environment.
3. Edit the $PATH environment variable to remove any directories containing a JRE. As an example,
remove /usr/java5/jre/bin:/usr/java5/bin from the path.
4. Start the launchpad using:
cd /usr/IBM/source/install
JAVA_COMPILER=NONE
./launchpad.sh
Note: The DB2 shipped with the middleware installer is not supported on Power7.
Using an X session
1. Download the VNC package from http://www-03.ibm.com/systems/power/software/aix/linux/
toolbox/download.html.
2. Install the package by running the command:

rpm -ivh package_name
where package_name is the name of the package that you downloaded.

3. Log on as the user that connects to VNC.
4. Start the VNC server. VNC prompts you for the password for a VNC connection.
You might need to adjust the color depth and resolution with the depth and geometry options. For
example, Firefox requires a 24-bit color depth or a greater color depth. A lower color depth might
cause browser failures. Set the geometry option so that the size of the VNC window is appropriate for
your current display settings and video card. The following command sets color depth to 24-bit and
resolution to 1280 by 1024:
/usr/bin/X11/vncserver -depth 24 -geometry 1280x1024
To connect to the VNC desktop from a Windows computer:

v Using HTTP:
1. Go to http://host_name:5801.
v Using VNC client:
1. Install a VNC client.
2. Run the VNC client and enter:
host_name:port_number
where host_name is the host name of the AIX computer. The default port number for the connection is
5801. You can find the port number in $HOME/.vnc/host_name:display_number.log.
You can also access VNC desktop using other VNC clients.
Antivirus software or process-intensive software
Check the computers in your installation topology for processes that consume many system resources,
such as a scheduled thorough antivirus scan. These processes can cause some installation operations to
time out. Stop or reschedule these processes before starting the installation.
Reinstalling Tivoli Provisioning Manager
You must uninstall Tivoli Provisioning Manager completely before attempting to install again. For more
information, see Chapter 5, “Uninstalling Tivoli Provisioning Manager,” on page 139.
Preinstallation Step 7: Verify requirements for user names, database

names, and user passwords
Verify requirements for user names, database names, user passwords, and names for DB2 objects such as
database instances.
General requirements for user names, database names, and user passwords
The following general rules apply to all user names, database and database instance names, and user
passwords.
User names
The following restrictions apply to characters in a user name:
v Unless otherwise stated in other rules in this section, names can only contain English
alphanumeric characters or the following characters: period (.), at sign (@), hyphen (-), and
underscore (_).
v 2000
DB2 The following additional restrictions on user names apply:
– Names cannot begin with a number or with the underscore (_) character.

– You cannot use SQL reserved words.
–
- Names can be in upper, lower, and mixed-case.
- Group names and user names can contain up to 30 bytes.
- When not using Client authentication, non-Windows 32-bit clients connecting to Windows
with user names longer than 8 bytes are supported when the user name and password are
specified explicitly.
– User and group names cannot:
- Be USERS, ADMINS, GUESTS, PUBLIC, LOCAL, or any SQL reserved word.
- Begin with IBM, SQL, or SYS.
– User and group names must also follow the rules forced on specific operating systems by
the related systems.
Database and database instance names
For instance names, the rules for user names and group names apply. In addition:
DB2 database instance
v Instance names can have up to 8 bytes.
v Instance names cannot contain the # character.
v No instance can have the same name as a service name.
Tivoli Directory Server database and instance names
v Database names must be unique within the location in which they are cataloged. This
location is:
– A logical disk.
v Database alias names must be unique within the system database directory. When a
new database is created, the alias defaults to the database name. As a result, you
cannot create a database using a name that exists as a database alias, even if there is no
database with that name.
v Database and database alias names can have up to 8 bytes.
v Database and instance names:
– Can have up to 8 bytes.
– Cannot be any of the following values: USERS, ADMINS, GUESTS, PUBLIC,
LOCAL, idsldap.
– Cannot begin with any of the following values: IBM, SQL, SYS.
– Cannot include accented characters.
– Cannot include special characters @, #, and $ if you intend to use the database in a
communications environment. Because these characters are not common to all
keyboards, do not use them if you plan to use the database in another language.
– Can include the following characters:
- A through Z
- a through z
- 0 through 9
– Must begin with one of the following characters:
- A through Z
- a through z
User passwords
Some restrictions apply to passwords that you can use. Verify the following requirements:
v Passwords can only contain English alphanumeric characters or the following characters:
period (.), hyphen (-), and underscore (_).
v Do not use a period (.) if it is at the end of the password.

v Do not use these characters in passwords:
& ^ < > " ’ ) ( | ! ? $ # % ` \ + <space character>
v 2000
DB2 The following rules apply to DB2 user passwords. See your DB2 documentation for
further information.
– Passwords cannot begin with an ampersand (&).
– Passwords can be a maximum of 14 bytes.
v Some operating systems and databases might have more password rules, such as minimum
length and simplicity. For more information, see the operating system and database
documentation.
Additional considerations
Some security controls configured in your environment can prevent the Tivoli Provisioning
Manager installer from creating the required user accounts on your system for installation. Some
factors include:
v Permissions or access control lists configured for the computer can prevent the installer from
creating users, creating user-related files and directories, or assigning permissions.
v If a password that you specify during installation does not conform to the password policy
configured in your environment, the user creation process fails for the user associated with the
noncompliant password.
If you encounter problems with user creation during installation you might need to manually
create the required users to ensure compliance with all security policies and compliance with
Tivoli Provisioning Manager requirements. The installer can then use the configured user
accounts and user settings to perform the installation.
Additional user requirements on Windows

v In addition to the created users, a user with administrator access is required to start the installation.
The user must belong to the Administrators group. The default Windows user Administrator has the
required access.
v Users are created as system accounts in the operating system. Domain account users defined on a
directory server are not supported for the users required during installation.
Preinstallation Step 8: Prepare installation media

The Tivoli Provisioning Manager package includes installation media for Tivoli Provisioning Manager
and the prerequisite software.
As a licensed customer, you can get the installation media from:

v The IBM Passport Advantage® web site.
v The installation DVDs.
Note:
v Microsoft Active Directory installation images are not provided. If you are using Microsoft Active
Directory, you must obtain the installation media yourself.
If using downloaded installation images

Procedure
1. Download the installation images from Passport Advantage. For more information, go to
http://www.ibm.com/support/docview.wss?rs=1015&uid=swg24026704.
2. Download all installation images into a single directory on the provisioning server. For example:
C:\install_images

3. Extract the contents of all installation images into the directory that you have created. You must
extract the files on the computer where you are running the installer so that the files have the correct
permissions. You can extract the installation images in any order. If you get a message saying that a
file is replaced by another one, select Yes.
v Use Winzip
4. If you have Cygwin installed, run the following command to set the appropriate permissions:
chmod -R 775 extract_dir
where extract_dir is the full path of the directory where you extracted the images.
If using installation DVDs

v To start the installation launchpad and run installers from the launchpad, use the appropriate
Installation DVD for your operating system.
v During middleware installation, when prompted, use the appropriate Middleware DVD for your
operating system and hardware.
v During core components installation, when prompted, use the appropriate Core Components DVD for
your operating system and hardware. Some operating systems and hardware might require more than
one DVD.
v For some Tivoli Provisioning Manager for OS Deployment features, such as installing additional Tivoli
Provisioning Manager for OS Deployment servers, you need the Installation Supplemental DVD.

Chapter 3. Installing Tivoli Provisioning Manager
This topic provides information about running a custom installation, where you can customize
installation settings and use a multiserver topology.
The following diagram shows the high-level steps for a custom installation.
1. Install or reuse
middleware
2. Install base
services
3. Install core
components
Legend 4. Install web

components
Provisioning server
Software is installed
Figure 2. Custom installation steps
1. Install or reuse middleware

The database server, directory server, and application server must be installed first. You can use
supported middleware that you have already installed or use the middleware installer to install new
middleware.
2. Install base services
As part of the base services installation, you can install support for languages other than English by
installing the language pack on the same computer as the base services.
3. Install core components
The core components must be installed on the computer where you installed WebSphere Application
Server during the middleware installation step.
4. Install web components
The web components must be installed on the computer where you installed the base services.

Example deployment scenarios
The following examples show the high level steps for different deployment scenarios.
Example 1: Full installation: single-server installation
In this example, you are installing all product components on one computer with DB2 as the database
and Tivoli Directory Server as the directory server. This installation scenario is only supported if you are
using an operating system that supports the administrative workstation software for deploying base
services and web components. For information about the supported operating systems, see
“Preinstallation Step 5: Verify component requirements” on page 12.
1. Start the launchpad.
2. From the launchpad, install the middleware.
3. From the launchpad, install the base services. You can import your middleware settings from the
middleware workspace to use default values for the installation settings.
4. From the launchpad, install the core components. You can import your middleware settings from the
middleware workspace to use default values for the installation settings.
5. From the launchpad, install the web components.
6. See Chapter 4, “Post-installation tasks,” on page 131 for any additional configuration that is required
after installation.
Example 2: Full installation: single-server installation with a separate

administrative workstation
The administrative workstation software is only supported on specific operating systems. If you want to
install all runtime components on a single computer using a different operating system, you must use a
separate computer for the administrative workstation.
Computer 1
Provisioning server
Computer 2
1. On Computer 1, start the launchpad.
2. From the launchpad, install the middleware.
middleware workspace on the provisioning server.
5. On Computer 1, from the launchpad, install the core components. You can import your middleware
settings from the middleware workspace to use default values for the installation settings.
6. On Computer 2, from the launchpad, install the web components.
after installation.
Example 3: Full installation: multiserver topology
In this example, you are doing a full installation of all product components and you want to install DB2
and Tivoli Directory Server on separate computers.
Computer 1
Install DB2
Computer 2
Install Tivoli Directory Server

Computer 3
Install WebSphere Application Server and other components. In this example, the computer is a
Windows computer, therefore a separate administrative workstation is not required.
WebSphere Application Server must be installed after the directory server so that you can secure it with
the directory server.
1. Create a middleware workspace in a directory location that is accessible to all computers in the
topology. This is the simplest way to share the installation data for installed middleware between
each computer and the various installers you run. For more information about the middleware
workspace, see “The middleware installer workspace” on page 34.
Note: If you do not use a shared location for the middleware workspace, a separate
topology.properties file is saved for each middleware installation that you perform on each
computer. You must manually consolidate the data into a single topology.properties file and copy
the middleware workspace to a local directory on each computer in the topology as you perform the
installation.
3. From the launchpad, run the middleware installer to install DB2.
4. On Computer 2, manually create the workspace directory. The default location is:
v C:\ibm\tivoli\mwi\workspace
5. Copy your middleware settings to the next computer:
a. Copy the topology.properties file from Computer 1 to the middleware workspace on Computer
2. The default location of the topology.properties file is:
b. Edit the topology.properties file on Computer 2 so that the middleware installer is aware that
the database server settings are from another computer. In each line, change machine1 to
machine2. For example, this line for the database server:
machine1.DB2_SERVER_9_1_1.db2.fenced.user=tx2fenc1
Must be changed to:

Leave the original topology.properties file on Computer 1 unchanged.

7. From the launchpad, run the middleware installer to install Tivoli Directory Server.
3.
the database server and directory server settings are from another computer. Change machine1
settings from the directory server to machine3. Leave the topology.properties on Computer 1
and Computer 2 unchanged.
10. From the launchpad, run the middleware installer to install WebSphere Application Server.
middleware workspace on the provisioning server.
12. From the launchpad, install the core components. Import the middleware settings from the
middleware workspace.
after installation.
Chapter 3. Installation tasks 27

Example 4: Reuse an existing directory server
The topology for this example is the same as the previous one, but you are using an existing directory
server instead of installing a new one.
Computer 1
Install DB2
Computer 2
Reuse an existing Tivoli Directory Server installation
Computer 3
Install WebSphere Application Server and other components. In this example, this computer is a
Windows computer so that a separate administrative workstation is not required.
WebSphere Application Server must be installed after the directory server so that you can secure it with
the directory server.
1. Create a middleware workspace in a directory location that is accessible to all computers in the
topology. This is the simplest way to share the installation data for installed middleware between
each computer and the various installers you run. For more information about the middleware
workspace, see “The middleware installer workspace” on page 34.
Note: If you do not use a shared location for the middleware workspace, a separate
topology.properties file is saved for each middleware installation that you perform on each
computer. You must manually consolidate the data into a single topology.properties file and copy
the middleware workspace to a local directory on each computer in the topology as you perform the
installation.
3. From the launchpad, run the middleware installer to install DB2.
2.
the database server settings are from another computer. In each line, change machine1 to
machine2. For example, this line for the database server:
Must be changed to:

Leave the original topology.properties file on Computer 1 unchanged.

5. On Computer 2, ensure that your existing directory server is configured correctly for Tivoli
Provisioning Manager. You can use the middleware installer to verify your directory server
configuration. See “Verifying an existing Tivoli Directory Server with the middleware installer” on
page 48.
3.
the database server and directory server settings are from another computer. Change machine1
settings from the directory server to machine3. Leave the topology.properties on Computer 1
and Computer 2.
8. From the launchpad, run the middleware installer to install WebSphere Application Server.

9. From the launchpad, install the base services. Import your middleware settings from the middleware
workspace on the provisioning server.
10. From the launchpad, install the core components. Import the middleware settings from the
middleware workspace.
after installation.
Example 5: Install Tivoli Provisioning Manager with another product in a base

services environment
Tivoli Provisioning Manager is compatible with other products installed on Version 7.1.1.6 of the base
services. There are some limitations to compatibility considerations described in “Supported platforms
and compatibility” on page 1.
The installation of other products with Tivoli Provisioning Manager requires additional planning and
manual configuration steps. For some examples of the installation process for Tivoli Provisioning
Manager and another product in a base services environment, see Installation of IBM Tivoli Change and
Configuration Management Database and Tivoli Service Request Manager® with Tivoli Provisioning
Manager version 7.2 in the Tivoli Provisioning Manager wiki.
Starting the launchpad

The launchpad lets you install all components that are required for Tivoli Provisioning Manager.
Procedure
1. Log on to an account with system administration privileges.
2. If you are using DVDs, insert the Installation DVD for Windows. The disk must be inserted for the
duration of the installation.
3. Run launchpad64.exe (Windows 64-bit) or launchpad.exe (Windows 32-bit) from the root directory.
4. In the launchpad, select a language and click OK.
Results
The launchpad panel is displayed.
When the launchpad is running, the generated launchpad messages are captured in a hidden log frame.
To display the log frame on the bottom of the launchpad panels during run time, hold Ctrl and click in
the banner frame of the launchpad. Messages that are generated while the launchpad is running are not
automatically saved on the hard disk. You can save the messages from a runtime session by clicking Save
at the bottom of the log frame and specifying where you want to save the file.
Installing the middleware on Windows, AIX, and Linux

Before you can install Tivoli Provisioning Manager, there are several middleware products that must be
deployed.
This topic provides information for installing the middleware on Windows, AIX, and all Linux operating
systems except SUSE Linux Enterprise Server 11.
The middleware installer provides an interface for installing and deploying middleware in a reliable
manner. The following table describes middleware deployment options:

Table 8. Middleware installation options
Application Installation options
Application server You must install a new instance of WebSphere Application Server 6.1.0.29. If you want
to use an existing WebSphere Application Server, you must install and configure it
manually. For more information, see “Manually configuring WebSphere Application
Server” on page 70.
The application server deployment must be secured with a directory server. You must
choose to use a local or remote Tivoli Directory Server or Microsoft Active Directory.
Database server
v 2000
DB2 You can install a new instance of DB2 or use an existing instance.
Directory server
You can install a new instance of Tivoli Directory Server or use an existing
instance. If you choose to install a new instance of Tivoli Directory Server,
you must choose to install a new DB2 instance or reuse an existing DB2
server. Alternatively, you can use the Tivoli Provisioning Manager database
server for the DB2 data store if the Tivoli Provisioning Manager database
server uses DB2. If you choose to install the directory server but not the
database server, the middleware installer will attempt to locate an existing
database instance to use. If it fails to locate an existing instance, it installs a
database for use with the directory server.
Microsoft Active Directory
You must install and configure the software manually. For more information,
see “Manually configuring Microsoft Active Directory” on page 60.
Additional software The middleware installer performs a number of additional tasks. If you will not be
using the middleware installer and will be configuring the existing middleware
resources manually, you also need to perform the following tasks:
v Configure VMM after the application server and the directory server have been
installed and configured. The directory server contains information about Tivoli
Provisioning Manager users and groups and it communicates that information to
the Maximo database using VMM to provide security and access to Tivoli
Provisioning Manager applications. For more information, see “Manually
configuring Virtual Member Manager on WebSphere Application Server” on page
71.
v Configure authentication services. For more information, see “Manually
configuring the authentication service” on page 82.
The middleware installer deploys software on the computer where you are running it. To deploy
middleware on separate computers, the middleware installer must be run on each computer in the
topology you have chosen. Ensure you have a strategy for deploying middleware for each system you
plan to use in your deployment. If you deploy a component using the middleware installer on a system,
for example, DB2, and then later decide you would also like to add Tivoli Directory Server to that same
system, you must undeploy DB2 before redeploying it in the same middleware installer deployment plan
that included Tivoli Directory Server. When installing Tivoli Provisioning Manager middleware on a
system, you must install all the middleware intended for that system at one time.
A process ID is generated each time the middleware installer is used to install or uninstall a set of
middleware products. The process ID will appear on the file system in various places related to logs and
generated files, such as file names, directory names, and log messages. The process ID is used to group
logs and other generated files that are related to the same invocation of the middleware installer. It also
separates logs and other generated files that are related to different invocations of the middleware
installer. The process ID is a string of the format [operation_MMdd_HH.mm], where operation is a string
indicating the operation being performed, such as "INSTALL" or "UNINSTALL", MM is a two-digit

number (1-12) indicating the current month, dd is a two-digit number (1-31) indicating the current day in
the month, HH is a two-digit number (0-23) indicating the current hour, and mm is a two-digit number
(0-59) indicating the current minute. Here are some examples of process ID values:
v [INSTALL_0924_15.45]
An installation started on September 24 at 3:45pm
v [UNINSTALL_1216_09.59]
An uninstallation started on December 16 at 9:59am
Planning worksheets for middleware installation

Before you start the middleware installation, use the planning worksheets to record the values to specify
when you install the middleware. You can also use the worksheets if you manually configure or reuse
existing middleware. For distributed deployments, record multiple values where appropriate.
Users and groups
In this table, list the users and groups that you want to create if you do not want to use the default
values.
Table 9. Users and groups created during middleware installation
User Group Description Your value
db2admin v Administrators DB2 administrator. Windows Service
user ID.
v DB2ADMNS
v DB2USERS
maximo Used for Maximo database
configuration.
wasadmin Not a system user. User ID created for use with IBM
WebSphere Application Server Network
Deployment.
Directory locations
In this table, list the middleware directory locations to use.

Table 10. Directory locations
Setting Default Your value
Workspace directory user_home\ibm\tivoli\mwi\
workspace
Middleware images source directory n/a
Compressed images directory n/a
Uncompressed images directory n/a
2000
DB2

DB2 configuration
In this table, list the configuration values to use when you install DB2.
Table 11. DB2 configuration
Installation directory v SystemDrive:\Program
Files\IBM\SQLLIB
DAS user v db2admin
Instance name ctginst1
Port 50005
Database instance user ID v db2admin
DB2 administrators group v DB2ADMNS
DB2 users group DB2USERS
Use same user name and password YES
for remaining DB2 Services
Configure Tools Catalog NO
This value is relevant for reuse

scenarios only.
Enable operating system security for YES
DB2 objects
This value is relevant for reuse
scenarios only.
DB2 instance port 50000
Data table space name MAXDATA
Data table space size 5000 MB
Temporary table space name MAXTEMP
Temporary table space size 1000 MB
WebSphere Application Server Network Deployment configuration
List the configuration values to use when you install WebSphere Application Server Network
Deployment.
Table 12. WebSphere Application Server Network Deployment configuration
Installation location v C:\Program Files\IBM\WebSphere\
AppServer
WebSphere Administration user name wasadmin
Deployment Manager profile name ctgDmgr01
Application server profile name ctgAppSrv01
Cell name ctgCell01
Deployment Manager node name ctgCellManager01
Application server node name ctgNode01
HTTP server installation location v C:\Program Files\IBM\HTTPServer

Table 12. WebSphere Application Server Network Deployment configuration (continued)
HTTP port 80
This port might be in use. Ensure

that you either free this port, or use
another port that is unassigned.
HTTP admin server port 8008
HTTP plug-in profile name ctgAppSvr01
IBM Tivoli Directory Server configuration
In this table, list the configuration values to use when you install IBM Tivoli Directory Server.
Table 13. IBM Tivoli Directory Server configuration
Installation location v C:\Program Files\IBM\LDAP\V6.2
Administrator distinguished name cn=root
Organizational unit ou=SWG
Organization and country suffix o=IBM,c=US
Directory server secure port 636
Administration port 3538
Administration secure port 3539
Database name security
Instance name idsccmdb
Instance port 50006
Instance user name idsccmdb
Microsoft Active Directory configuration
List the configuration values to use when you install Microsoft Active Directory.
Table 14. Microsoft Active Directory configuration
LDAP base entry DC=itsm,DC=com
User suffix OU=Users,OU=SWG,DC=itsm,DC=com
Group suffix OU=Groups,OU=SWG,DC=itsm,DC=com
Organization container suffix DC=itsm,DC=com
Bind distinguished name CN=Administrator,CN=Users,DC=itsm,DC=com

The middleware installer workspace
The middleware installer is designed to record the options you select during install in a directory referred
to as the workspace, and then configure the components selected as a single deployed application. The
recorded options can also be imported by other installers so that some fields can be filled automatically
for you.
Once a plan has been deployed, the middleware installer cannot subsequently deploy additional features
and products onto the computer at a later time. The existing plan must first be completely removed
through the middleware installer before a different set of features and products can be deployed.
The composition and details of the deployment, as well as any logs generated by the middleware installer
process are located in the workspace.
By default, the middleware installer workspace is defined as:

The workspace can be defined on a shared resource that is made available to all the systems that will run
the middleware installer. Locating the workspace on a shared resource avoids the need to copy files such
as the topology file manually from one computer to another.
The workspace contains the following items:

Deployment Plan
The deployment plan is a collection of installation steps, configuration parameters for those steps,
and target computer information. It is generated through the middleware installer and it resides
in the workspace directory.
When deployment steps are changed, the existing deployment plan is deleted and replaced with
the new deployment plan.
The deployment plan configuration files contain information about the deployment plan itself.
Whenever a deployment plan is modified, which includes reconfiguration of existing deployment
choices, the deployment plan configuration files will be deleted and regenerated when the
deployment plan is redeployed.
Topology File
The topology file describes the configuration parameters of the middleware deployment. This file
is created and then updated after every deployment or undeployment. If you have not defined a
workspace that is centrally located and accessible to all the systems that will be receiving
middleware, this file will have to be copied to the workspace of each computer where
middleware is being deployed. The contents of this file can be used by the Tivoli Provisioning
Manager installation program to populate its panels with meaningful default values.
This file is saved in <workspace>/topology.properties.
Logs Log files that contain information about the deployment can be found in the workspace directory.
In addition, log files native to the middleware itself are also contained in this directory.
The middleware installer logs

The middleware installer log files are located in the workspace directory that was defined in the
middleware installation program.
The different types of log files are described below.

User interface logs
The logs generated by the middleware installation program user interface are located in the
workspace directory.

The middleware installation program logs all information in <workspace_loc>/mwi.log. The
default workspace locations are:
The mwi.log file is the high-level log file that was generated by the most recent invocation of the
middleware installation program. If an error occurs, examine this log file first. An entry in this
log file can direct you to a lower-level log file.
Log files named mwi.logX, where X is a number, are copies of the mwi.log file from earlier
invocations of the middleware installation program. So, for example, mwi.log0 is produced after
the first invocation of the middleware installation program, mwi.log1 is produced after the second
invocation of the middleware installation program, and so on.
Logs for steps run by the user interface
In addition to collecting input from the user, the middleware installation program performs
system checks, for example:
v dependency checking to ensure the operating system meets the deployment requirements
v inventorying the software on the system to locate existing instances of middleware products
deployed by the middleware installation program
v checking the available disk space to ensure there is enough for the deployment
Each of these checks is produced in the form of a step so that it can also be run as part of the
deployment plan. When the user interface runs a step, it copies the step into a subdirectory of the
workspace directory. The log files generated by a step are located in the same subdirectory and
follow the same pattern as a step that is run as part of the deployment plan.
Logs for the deployment plan
The deployment plan is located in the directory <Workspace Directory>/host
name/deploymentPlan, where host name is the host name of the current system. Each time the
deployment plan is used to install or uninstall middleware products, a process ID is assigned and
log files are generated.
The log files for the deployment plan are located in the subdirectory logs/processID. The
primary log file for the deployment plan is DeploymentPlan.log, a high-level log file that lists the
steps invoked as part of the deployment plan.
Logs for the workstation plan
The machine plan is located in the directory <Workspace Directory>/host name/deploymentPlan/
MachinePlan_host name. The log files for the machine plan are located in the logs subdirectory.
The primary log files for the machine plan are named MachinePlan_host name_processID. These
log files contain the output generated by ANT when running the machine plan ANT script.
Logs for steps in the deployment plan
Each step in the deployment plan is located in a directory named <Workspace Directory>/host
name/deploymentPlan/MachinePlan_host name/stepNum_stepID, where stepNum is the sequence
number of this step in installation processing order of the deployment plan and stepID identifies
the step. The log files for the step are located in the logs subdirectory.
Some steps can provide a message log file named stepID_processID.message, which contains a
few entries that summarize the result of invoking the step. All steps will provide a trace log file
named stepID_processID.log, which contains many entries, typically including information about
the input parameters and the substeps invoked.
Logs for substeps
Each step contains one or more substeps. The substeps perform the actual installation, uninstall
and checking work for the middleware installation program.
Each substep is located in the directory <Workspace Directory>/host name/deploymentPlan/
MachinePlan_host name/stepNum_stepID/operation/substepNum_substepID, where operation is the
ANT target in the step ANT script that invokes this substep. substepNum is the sequence number

of this substep in the processing order of the step, and substepID identifies the substep. Typical
values for operation are install, uninstall, and check.
The log files for the substep are typically located in a subdirectory named processID/logs.
Log files generated by the native middleware installation programs will also be kept here.
Installing and configuring the middleware with the middleware installer

This procedure explains how to use the middleware installer to create a deployment plan that is
responsible for installing and configuring prerequisite middleware products.
Before you begin

v When entering values for host names, use fully qualified host names. This value is case-sensitive. For
information about verifying host names, see Resolving host names with a DNS server in “Preinstallation
Step 6: Verify the environment” on page 16.
v You can force the use of alphanumeric host names within the middleware installation program by
starting it from the command line and the forceHostname=true parameter. For example:
mwi-console -V forceHostname=true
v When installing and configuring middleware, consider the following special character restrictions:
Table 15. Special character restrictions for middleware configuration
Naming convention Restrictions
2000
DB2DB2 naming conventions for group names, v Names and IDs cannot be any of the following values:
user names, and user IDs USERS, ADMINS, GUESTS, PUBLIC, LOCAL, or any
SQL-reserved word.
v Names and IDs cannot begin with IBM, SQL, SYS, or
the underscore character (_).
v Group names and user names can contain up to 30
bytes.
2000
DB2 DB2 naming conventions for DB2 instances v Instance names can have up to eight bytes and cannot
contain the # character.
v No instance can have the same name as a service
name.
2000
DB2 DB2 naming conventions for passwords v Passwords can be a maximum of 14 bytes.
v Do not use the special characters @ # $
IBM Tivoli Directory Server naming conventions for v Database names must be unique within the location in
databases and database aliases which they are cataloged. This location is:
– a logical disk
v Database alias names must be unique within the
system database directory. When a new database is
created, the alias defaults to the database name. As a
result, you cannot create a database using a name that
exists as a database alias, even if there is no database
with that name.
v Database and database alias names can have up to
eight bytes.
v Do not use the special characters @ # $ because they
are not common to all keyboards.

Table 15. Special character restrictions for middleware configuration (continued)
IBM Tivoli Directory Server naming conventions for v Values must not be longer than eight characters and
users, groups, databases, and instances cannot be any of the following values: USERS,
ADMINS, GUESTS, PUBLIC, LOCAL, or idsldap
v Values cannot begin with IBM, SQL, or SYS.
v Values must not include accented characters.
v Values can include characters A through Z, a through
z, and 0 through 9.
v Values must begin with characters A through Z or a
through z.
v Double-byte characters cannot be used in
administrator passwords values.
v Passwords cannot contain the following special
characters: ` ' \ " |
WebSphere Application Server naming conventions for v The administrator name cannot contain the following
users and passwords characters: / \ * ,: ;=+?|< > & % ’"] [> # $ ~ ( )
{ }
v The administrator name cannot begin with a period.
v The administrator name cannot contain leading and
trailing spaces.
Middleware installation program naming conventions v The middleware installation program does not validate
that your password is compliant with the operating
system of the target host. The passwords that you
provide must be valid for your environment.
v The middleware installation program does not check
for accented characters in user name values. The use
of accented characters might cause errors.
v You cannot use the % character.
v When entering LDAP values for Provisioning Manager installation panel fields, entries in LDIF files, or
values you enter directly into a directory instance using the tools available from the directory server, be
aware of the product-specific syntax rules for using special characters in an LDAP string. In most cases,
to make special characters readable by the directory server, they must be preceded by an escape
character. Failing to escape special characters contained in an LDAP string used with Provisioning
Manager might result in Provisioning Manager errors.
Many directory server products consider a blank space as a special character that is part of the LDAP
string. Therefore, if you mistakenly enter an LDAP string that contains a blank, at the end of a field
value, for example, and you do not precede the blank character with an escape character, you might
encounter Provisioning Manager errors that are difficult to troubleshoot.
See the product documentation for your directory server for more information about special characters
in LDAP strings.
v When you install middleware using the middleware installation program, you are prompted for user
IDs to initiate the installation of DB2, WebSphere Application Server, and IBM Tivoli Directory Server.
You can either supply an existing system user ID, or allow the middleware installation program to
create a user ID. The installation can fail if you supply an existing user account to install DB2 or IBM
Tivoli Directory Server and that user account is not located under the /home directory.
v In some cases, fields and labels displayed within the middleware installer are not correctly displayed
on the panel when installing through remote sessions. Use the middleware installer locally on the
system that hosts the middleware. If you experience display problems, minimize and then maximize
the middleware installer to force it to display the panel again.

v When installing middleware using the middleware installer, do not install multiple products into the
same custom directory. For example, when installing DB2, IBM Tivoli Directory Server, and WebSphere
Application Server Network Deployment on the same computer, do not install them all in a custom
directory called C:\ISM_middleware. However, you can install them in C:\ISM_middleware\DB2,
C:\ISM_middleware\ITDS, and C:\ISM_middleware\WAS. You also cannot install one middleware product
in a custom directory and then install another middleware product in a subdirectory of that custom
directory. For example, you cannot install WebSphere Application Server Network Deployment into the
custom directory C:\ISM_middleware, and then install IBM Tivoli Directory Server in
C:\ISM_middleware\ITDS.
v 2000
DB2 To install a DB2 instance for an existing user, run the following command:
ln -s /home_directory/<username> /home/<username>
The instructions in this section are for a typical installation using default values. In addition, these
instructions assume that you are using the middleware installer to install a complete set of middleware
for use with Tivoli Provisioning Manager on a single computer. If you intend to deploy middleware
products across an array of computers, you must run the middleware installer on each computer,
selecting which piece of middleware to install on that particular computer. In this case, you encounter a
subset of the panels included in these instructions that are relevant to the middleware that you want to
install on a computer.
Procedure
1. Check for an existing installation of the solution installer. The default installation location is:
v C:\Program Files\IBM\Common\acsi
If the solution installer is already installed, start the service:
v Check the Services control panel. If the IBM ADE service is not running, start it.
2. If you are installing middleware on a computer with a virtual IP address, the middleware installer
does not allow you to select from a list of IP address host names. Perform the following steps on
each computer where you are installing the middleware with the middleware installer:
a. Configure the computer so that it is using the virtual IP address. For example, if the computer is
configured for the address 9.31.26.3, but the virtual IP address is 9.31.26.12, configure the
computer for 9.31.26.12.
b. Configure the computer so that it is using the virtual host name that is bound to the virtual IP
address. For example, if the computer is configured for the host name real.example.com, but the
virtual host name is virtual.example.com, configure the computer for the host name
virtual.example.com.
c. You can now start the middleware installer. Ensure that you specify the virtual IP address and
virtual host name for each middleware application that is installed on a computer where you
configured a virtual IP address and host name.
4. In the launchpad navigation pane, click Custom Installation.
5. Under 1. Install the middleware, click Verify middleware installation prerequisites. After verifying
and confirming the prerequisites, return to the custom installation page.
6. Click Install middleware.
7. Select a language for the installation and click OK.
8. In the Welcome panel, click Next.
9. Accept the license agreement, and then click Next.
10. In the Choose Workspace panel, specify the directory for the middleware installer workspace, and
then click Next.
The default location for the workspace is the last workspace location used by this user, as specified
in the middleware user preferences node.

v If no previous workspace location exists in the middleware user preferences node, then the default
location for the workspace is:
– C:\ibm\tivoli\mwi\workspace
v If the selected directory does not exist, it is created.
v If you specify an invalid path, the letters of the path are used to create a directory under
Launchpad/Install/MWI.
For example, you specify a path of myworkspace, a valid drive letter is missing from the path. The
workspace is therefore created in Launchpad\Install\MWI\myworkspace.
After deployment, the middleware installer also generates a topology file in this directory called
topology.properties. If you are installing middleware on more than one computer, you must copy
this file to each computer where you are installing middleware. For example, if you install the
database server on computer A first and then install directory server and application server on
computer B, you must:
a. Copy the topology.properties file from computer A to the middleware workspace on computer
B. The default location of the topology.properties file is:
b. Edit the topology.properties file on computer B so that the middleware installer is aware that
the database server settings are from another computer. In each line, change computera to
computerb. For example, this line for the database server:
computera.DB2_SERVER_9_1_1.db2.fenced.user=tx2fenc1
Must be changed to
computerb.DB2_SERVER_9_1_1.db2.fenced.user=tx2fenc1
The original topology.properties file on computer A must remain unchanged.

When you complete the installation of the directory server and application server on computer B, the
topology.properties file includes computerb values for the database server and computera values for
the directory server and application server. The topology.properties file can also be used after
middleware installation by the Tivoli Provisioning Manager installer to configure the product core
components.
11. From the Install IBM Autonomic Deployment Engine panel, click Next.
12. From the Deployment Choices panel, select the features to install on this computer, and then click
Next.
Database server
The Tivoli Provisioning Manager database is used to store information about configuration
items and how they relate to each other.
Directory server
Data maintained by the directory server is used to secure Tivoli Provisioning Manager.
Important for Tivoli Directory Server: If you are installing Tivoli Directory Server, DB2 is
also installed because Tivoli Directory Server uses DB2 as its database.
J2EE server
The J2EE server is used to host and manage the Tivoli Provisioning Manager application.
If you choose to only install the J2EE server portion of the Tivoli Provisioning Manager
middleware, you are prompted to supply the directory server that you use to secure it. Your
choices are to secure with an existing instance of Tivoli Directory Server, or an existing
instance of Microsoft Active Directory.
Secure the J2EE server using the Directory server
Select this option to use a directory server to secure the J2EE server. If you do not want to

maintain the J2EE server using the directory server, do not select this option. You cannot
install the directory server using the middleware installer.
If you want to use base services authentication without using an LDAP server in your
environment, do not select this check box.
If you want to use base services authentication and continue to use an LDAP server in your
environment, leave this check box selected.
13. From the Deployment Plan Summary window, click Next.
Note: If you have specified the virtual IP address and virtual host name for each middleware
application that is installed on a computer, you do not have to manually specify the host name of
the computer that you are running the installation from in the next step.
14. In the Configurable Host Name panel, if you want to manually specify the host name of the
computer that you are running the installation from, select the Override the local machine
hostname option and enter a host name value in the Hostname field. Select this option only if you
want to manually specify the host name of the system instead of having the installation program
programmatically detect it. This option is useful when there is more than a single host name
assigned to the system, such as in cases where a system has more than one network interface, or it is
configured to support virtual IP addresses. When this option is selected, you are required to provide
a resolvable host name. You cannot clear this option once it has been selected, however, you are able
to change the value of the Hostname field. If you started the middleware installation program from
the command line using the forceHostname=true parameter, then you are required to provide an
alphanumeric value in the Hostname field. An IP address results in an error message. Once this
option has been selected, you cannot clear it. However, you can change the value you enter in the
Hostname field.
15. In the Password Reuse panel, you can select the Use this password as the value for all subsequent
passwords check box and enter a password value, which lets you use the same password in all
panels of the middleware installation program. The password that you specify must meet the
restrictions for all passwords. If you do not want to use this option, clear the Use this password as
the value for all subsequent passwords check box. Click Next.
16. Enter the following configuration parameters for DB2 Enterprise Edition Server and then click Next.
Install location
Enter the location to install DB2. The default is:
v SystemDrive:\Program Files\IBM\SQLLIB
DB2 Administration Server username
Enter the DB2 administrative account name:
v The default value is db2admin.
DB2 Administration Server password
Enter the password for the DB2 administrative account.
17. Enter the following configuration parameters for the default database instance and click Next.
Default Instance Name
Enter the name of the default database instance. The default value is:
v DB2
Default Instance Port
Enter the port that the default database instance uses. The default value is 50000.
Default Instance Username
Enter the user name for the default database instance. The default value is:
v db2admin
Default Instance Username Password
Enter the password for the default database instance user name.

18. Enter the following configuration parameters for the Tivoli Provisioning Manager database instance,
and then click Next.
Instance name
Enter the name of the Tivoli Provisioning Manager database instance. The default value is
ctginst1.
Port Enter the port that the Tivoli Provisioning Manager database instance uses. The default value
is 50005.
Instance username
Enter the user name for the Tivoli Provisioning Manager database instance. The default
value is:
v db2admin
Instance username password
Enter the password for the Tivoli Provisioning Manager database instance user name.
19. Enter information about the DB2 user groups:
DB2 administrators group
Enter the name of the DB2 administrators group. The default value is:
v DB2ADMNS
DB2 users group
Enter the name of the DB2 users group. The default value is DB2USERS.
20. Enter the following configuration parameters for IBM Tivoli Directory Server, and then click Next.
Install location
Enter the location to install Tivoli Directory Server. The default value is:
v C:\Program Files\IBM\LDAP\V6.2
Administrator distinguished name
Enter the distinguished name of the Tivoli Directory Server administrator. The default value
is cn=root.
Administrator password
Enter the password for the Tivoli Directory Server administrator.
21. Enter the following configuration parameters for IBM Tivoli Directory Server, and then click Next.
Organizational unit
Enter the name of the Tivoli Directory Server organizational unit to use with Tivoli
Provisioning Manager. The default value is ou=SWG.
Organization and country suffix
Enter the name of the Tivoli Directory Server organization and country suffix to use with
Tivoli Provisioning Manager. The default value is o=IBM,c=US.
Directory server port
Enter the port number of the Tivoli Directory Server. The default value is 389.
Directory server secure port
Enter the secure port number of the Tivoli Directory Server. The default value is 636.
Administration port
Enter the administration port number of the Tivoli Directory Server. The default value is
3538.
Administration secure port
Enter the secure administration port number of the Tivoli Directory Server. The default value
is 3539.
22. Enter the following configuration parameters for theTivoli Directory Server database instance, and
then click Next.

Database name
Enter the name of the DB2 database you are using to hold Tivoli Directory Server data. The
default value is security.
Instance name
Enter the name of the Tivoli Directory Server database instance. The default value is
idsccmdb.
Port Enter the port number used by the Tivoli Directory Server database instance. The default
value is 50006.
Instance user password
Enter the password for the instance user ID.
23. Enter the following configuration parameters for WebSphere Application Server security, and then
click Next.
Note: The middleware installer does not validate all LDAP settings that you enter in the installer.
When entering installation values, entries in LDIF files, or values you enter directly into a directory
instance using the tools provided with the directory server, be aware of the product-specific syntax
rules for using special characters in an LDAP string. In most cases, special characters must be
preceded by an escape character in order to make them readable by the directory server. Failing to
escape special characters contained in an LDAP string used with Tivoli Provisioning Manager might
result in errors.
Many directory server products consider a blank space as a special character that is part of the
LDAP string. Therefore, if you mistakenly enter an LDAP string that contains a blank, at the end of
a field value for example, and you do not precede the blank character with an escape character, you
might encounter errors. See the product documentation for your directory server for more
information about special characters in LDAP strings.
LDAP Host Name
Enter the fully qualified domain name of the system hosting the LDAP instance to use for
WebSphere Application Server security. This value is case-sensitive.
A fully qualified domain name includes the host name and the domain suffix. For example,
tpmserver.example.com. This value is case-sensitive. If you are using virtual host names and
IP addresses for the computer, ensure that you specify the correct virtual host name in the
fully qualified domain name.
Enter the port number used by the LDAP server to use for WebSphere Application Server
security. The default value is 389.
LDAP base entry
Enter the LDAP base entry of the LDAP instance to use for WebSphere Application Server
security. The default value is ou=SWG,o=IBM,c=US
User suffix
Enter the user suffix of the LDAP instance to use for WebSphere Application Server security.
The default value is ou=users,ou=SWG,o=IBM,c=US
Group suffix
Enter the group suffix of the LDAP instance to use for WebSphere Application Server
security. The default value is ou=groups,ou=SWG,o=IBM,c=US
Organization container suffix
Enter the organizational container suffix of the LDAP instance to use for WebSphere
Application Server security. The default value is ou=SWG,o=IBM,c=US

24. Enter the following configuration parameters for WebSphere Application Server security, and then
click Next.
Bind distinguished name
Enter the bind distinguished name for binding to the LDAP instance. The default value is
cn=root.
Bind password
Enter the password for the bind distinguished name.
25. Enter the following configuration parameters for WebSphere Application Server, and then click Next.
Install location
Enter the location to install WebSphere Application Server. The default value is:
v C:\Program Files\IBM\WebSphere\AppServer
WebSphere Administration username
Enter the WebSphere Application Server administrative account name. The default value is
wasadmin.
WebSphere Administration password
Enter the password for the WebSphere Application Server administrative account.
Deployment Manager profile name
Enter the WebSphere Application Server profile name of the deployment manager server.
The default value is ctgDmgr01.
Application server profile name
Enter the WebSphere Application Server profile name of the application server. The default
value is ctgAppSrv01.
Cell name
Enter the WebSphere Application Server Cell name. The default value is ctgCell01.
Deployment Manager node name
Enter the name of the WebSphere Application Server deployment manager node. The default
value is ctgCellManager01.
Application server node name
Enter the name of the WebSphere Application Server node. The default value is ctgNode01.
Update Installer install location
Enter the location where the WebSphere Application Server update installer is installed. The
default value is:
v C:\Program Files\IBM\WebSphere\UpdateInstaller
28. Enter the following configuration parameters for IBM HTTP Server, and then click Next.
Install location
Enter the location to install IBM HTTP Server. The default value is:
v C:\Program Files\IBM\HTTPServer. If you install IBM HTTP Server into a directory path
that includes spaces, such as Program Files, you cannot start and stop the IBM HTTP
Server from the administrative console. You must stop the IBM HTTP Server from the
command line. If you choose to install IBM HTTP Server into a directory path that does
not contain any spaces, you can start and stop IBM HTTP Server from within the
administrative console.
HTTP port
Enter the port used by the IBM HTTP Server. The default value is 80.

Admin Server port
Enter the port to use to administer IBM HTTP Server. The default value is 8008.
29. Accept the following configuration parameter for WebSphere Application Server plug-in for the IBM
HTTP Server and click Next.
Profile name
The default value is ctgAppSrv01. This value cannot be changed.
30. Specify the location of the middleware images, and then click Next. If you are installing from DVDs,
insert the Middleware DVD for your operating system and platform before you click Next.
Copy the middleware install images from the source media to a specified directory
Select this option to copy the middleware images from the product media to a directory that
you specify.
Specify a directory containing all the required middleware install images
Select this option if you intend to specify a directory that already contains all the
middleware installation images.
31. If you selected the option to copy install images from the source media, specify the source and
destination directories, and then click Next. If you selected the option to specify a directory that
already contained the middleware images, specify that directory, and then click Next.
To confirm the integrity of the images before deploying the middleware, select the option for
checksum validation. It is recommended to select this option to avoid any installation failures at a
later stage during installation. If the checksum operation fails, click Back and copy the images again
before proceeding.
If you do not select this option and the middleware images are corrupted or are not accessible from
the directory specified, an error might occur. To resolve the error, replace the corrupted middleware
image and then restart the middleware installation program.
32. Specify a directory to use for middleware installer temporary files and extracted middleware
installation images, and then click Next.
33. From the Deployment Plan Operation panel, select Deploy the plan and click Next. You can also
change the deployment plan or parameters that you have previously configured in this panel.
34. From the Deployment Plan and Parameter Configuration summary panel, review the contents of the
summary and click Deploy.
35. Once the deployment completes successfully, click Finish.
36. If you are installing middleware on more than one computer, perform the following steps:
Ensure that you copy the topology.properties file from the workspace to the workspace of the next
computer where you are installing middleware.
37. If you are installing middleware on a computer with a virtual IP address, complete the following
steps:
a. Verify that the virtual IP address and host name are correctly configured.
v In the middleware workspace, check the topology.properties file.
v 2000
DB2 Check the file db2nodes.cfg:
– The file is located in the DB2 installation directory. The default location is C:\Program
Files\IBM\SQLLIB.
b. On each computer where you configured the virtual IP address and host name, you can now
configure the original IP address and host name values and configure the virtual IP as a
secondary IP address. Continuing with the example in step 2 on page 38, you would make the
following changes:
1) Change the IP address 9.31.26.12 back to the original value of 9.31.26.3.
2) Change the host name virtual.example.com back to the original real.example.com.
3) Run the command to configure the second IP address. For example:
ifconfig eth0:1 9.31.26.12 netmask 255.255.255.240

38. If you are using a virtual IP address on the computer where the DB2 server for Tivoli Provisioning
Manager or the DB2 server for Tivoli Directory Server is installed, run the following DB2 command
on the computer:
db2set -g DB2SYSTEM=virtual_hostname
Replace virtual_hostname with the virtual host name.

Example: If DB2 is installed on a computer with the virtual host name database.example.com and
Tivoli Directory Server is installed on the computer with the virtual host name ldap.example.com:
a. Run this command on the computer database.example.com :
db2set -g DB2SYSTEM=database.example.com
b. Run this command on the computer ldap.example.com :
db2set -g DB2SYSTEM=ldap.example.com
Results
The middleware is now installed.
What to do next
1. Back up the WebSphere Application Server configuration. In the launchpad navigation pane, click
Custom Installation and click 1.3 Back up WebSphere configuration. Follow the instructions on the
panel to back up, then return to the custom installation page.
2. Back up the deployment engine database. In the launchpad navigation pane, click Custom
Installation and click 1.4 Back up the deployment engine database. Follow the instructions on the
panel to back up, then return to the custom installation page.
Alternatively, instead of backing up the WebSphere Application Server configuration and the
deployment engine database, you can capture an entire system image of the provisioning server.
3. If you want to remove the symbolic link, run the following command:
rm /home/<username>
CAUTION:
Future fix packs can rely on this symbolic link.
Reusing middleware using the middleware installer

You can use the middleware installer to configure some middleware products. Other middleware
products must be configured manually if you want to reuse them.
If you intend to reuse existing middleware servers with Tivoli Provisioning Manager, they must be
configured before installing Tivoli Provisioning Manager. This section contains information about
configuring existing DB2, Tivoli Directory Server, and Microsoft Active Directory servers using the
middleware installer.
You cannot use the middleware installer to configure an existing Oracle Database (if supported) or
WebSphere Application Server. See “Using manually configured middleware” on page 49 for more
information about those servers. This information also applies if you decide that you want to reuse
existing middleware servers but you want to configure them to work with Tivoli Provisioning Manager
manually instead of allowing the Tivoli Provisioning Manager installation program to configure them.
When installing and configuring middleware in the middleware installer and the Tivoli Provisioning
Manager installation program, consider the following restrictions:

Table 16. Special character restrictions for middleware configuration
2000
DB2 DB2 naming conventions for group names, v Names and IDs cannot be any of the following values:
user names, and user IDs USERS, ADMINS, GUESTS, PUBLIC, LOCAL, or any
SQL-reserved word.
v Names and IDs cannot begin with IBM, SQL, SYS, or
the underscore character (_).
v Group names and user names can contain up to 30
bytes.
2000
DB2 DB2 naming conventions for DB2 instances v Instance names can have up to eight bytes and cannot
contain the # character.
v No instance can have the same name as a service
name.
2000
DB2 DB2 naming conventions for passwords v Passwords can be a maximum of 14 bytes.
v Do not use the special characters @ # $
IBM Tivoli Directory Server naming conventions for v Database names must be unique within the location in
databases and database aliases which they are cataloged. This location is:
– a logical disk
v Database alias names must be unique within the
system database directory. When a new database is
created, the alias defaults to the database name. As a
result, you cannot create a database using a name that
exists as a database alias, even if there is no database
with that name.
v Database and database alias names can have up to
eight bytes.
v Do not use the special characters @ # $ because they
are not common to all keyboards.
IBM Tivoli Directory Server naming conventions for v Values must not be longer than eight characters and
users, groups, databases, and instances cannot be any of the following values: USERS,
ADMINS, GUESTS, PUBLIC, LOCAL, or idsldap
v Values cannot begin with IBM, SQL, or SYS.
v Values must not include accented characters.
v Values can include characters A through Z, a through
z, and 0 through 9.
v Values must begin with characters A through Z or a
through z.
v Double-byte characters cannot be used in
administrator passwords values.
v Passwords cannot contain the following special
characters: ` ' \ " |
WebSphere Application Server naming conventions for v The administrator name cannot contain the following
users and passwords characters: / \ * ,: ;=+?|< > & % ’"] [> # $ ~ ( )
{ }
v The administrator name cannot begin with a period.
v The administrator name cannot contain leading and
trailing spaces.

Table 16. Special character restrictions for middleware configuration (continued)
Middleware installation program naming conventions v The middleware installation program does not validate
that your password is compliant with the operating
system of the target host. The passwords that you
provide must be valid for your environment.
v The middleware installation program does not check
for accented characters in user name values. The use
of accented characters might cause errors.
v You cannot use the % character.
Configuring an existing DB2 with the middleware installer

You can use the middleware installer to configure an existing DB2 database.
Before you begin

v Verify installation prerequisites described in Chapter 2, “Preinstallation tasks,” on page 5.
v To avoid installation errors, ensure that you review all requirements described in “Preinstallation Step
7: Verify requirements for user names, database names, and user passwords” on page 21. The
middleware installer does not validate all names and passwords entered in the installer.
v Always use fully qualified domain names when entering values for computer host names.
v The following users and groups must already exist on the system. If they do not exist on the system,
you must create them before running the Tivoli Provisioning Manager installation program.
Users
– db2admin
Groups
– db2admns
To configure an existing DB instance for reuse with Tivoli Provisioning Manager:
Procedure
1. Login as a user with administrative authority.
2. Launch the middleware installer from the launchpad.
3. Proceed through the middleware installer panels as instructed in “Installing and configuring the
middleware with the middleware installer” on page 36, until you reach the Deployment Choices
panel.
4. From the Deployment Choices panel, select Database Server, and then click Next. The Tivoli
middleware installer will display any instances of DB2 found on the system.
5. From the Installation drop-down menu, select the appropriate instance to reuse, and then click Next.
6. Complete the installation by proceeding through the remainder of the middleware installer
panels. Refer to “Installing and configuring the middleware with the middleware installer” on page
36 for more information.
7. If you are using a virtual IP on the computer where the DB2 server for Tivoli Provisioning Manager is
installed, run the following DB2 command on the computer:

Example: If DB2 is installed on a computer with the virtual host name database.example.com, run this
command on the computer database.example.com:

What to do next
Proceed to “Installing the base services” on page 98.
Verifying an existing Tivoli Directory Server with the middleware installer

If you have an existing IBM Tivoli Directory Server installation that you would like to reuse for
Provisioning Manager, you can verify that it will work with Provisioning Manager using the middleware
installer.
Before you begin

v Verify installation prerequisites described in Chapter 2, “Preinstallation tasks,” on page 5.
v To avoid installation errors, ensure that you carefully review all requirements described in
“Preinstallation Step 7: Verify requirements for user names, database names, and user passwords” on
page 21. The middleware installer does not validate all names and passwords entered in the installer.
The middleware installer validates the following:

v The version of Tivoli Provisioning Manager.
v The Tivoli Directory Server is running.
v The Base DN information that you supply in the Tivoli Provisioning Manager.
The middleware installer does not create a Tivoli Directory Server instance for use with Tivoli
Provisioning Manager. If you want to reuse an existing Tivoli Provisioning Manager, supply the correct
Administrator Distinguished Name and password, LDAP BASE DN, Directory server port, and the
Administration port information for that instance on the middleware installer panels when prompted.
If you intend to host a new Tivoli Directory Server instance on your existing Tivoli Directory Server,
you must create it before running the middleware installer. More information about creating an
instance can be found in “Manually configuring IBM Tivoli Directory Server” on page 54.
Supply the correct Administrator Distinguished Name and password, the correct LDAP BASE DN,
Directory server port, and Administration port information for that instance on the middleware
installer panels.
To verify an existing instance of Tivoli Directory Server:
Procedure
1. Log in as a user with administrative authority.
2. Launch the middleware installer from the launchpad.
3. Proceed through the middleware installer panels as instructed in “Installing and configuring the
panel.
4. From the Deployment Choices panel, select Directory Server, and then click Next. The middleware
installer displays any instances of Tivoli Directory Server found on the system.
5. From the Installation drop-down menu, select the appropriate instance to reuse, and then click Next.
6. Complete the installation by proceeding through the remainder of the middleware installer
panels. Refer to “Installing and configuring the middleware with the middleware installer” on page
36 for more information.
7. If you are using a virtual IP on the computer where Tivoli Directory Server is installed, run the
following DB2 command on the computer:

Example: If Tivoli Directory Server is installed on the computer with the virtual host name
ldap.example.com, run this command on the computer ldap.example.com:

What to do next
Install the base services.
Using manually configured middleware

Manual installations involve configuring middleware components, the database server, the directory
server, and the application server to work with Tivoli Provisioning Manager before using the Tivoli
Provisioning Manager installation program.
You can elect to have one or more Tivoli Provisioning Manager middleware components configured
automatically by the middleware installer. Alternatively, you can choose to manually configure one or
more of the middleware servers to work with Tivoli Provisioning Manager.
You must complete the manual configuration of each server you plan to not configure using the
autoconfiguration feature of the Tivoli Provisioning Manager installation program before you run the
Tivoli Provisioning Manager installation program.
Manually configuring the database server

If you do not want the installation program to automatically configure the database server, configure the
database server manually before you use the installation program.
Installing the DB2 server: 2000

DB2
Follow these procedures to install the DB2 server.
Before you begin

v Ensure you have a minimum of 8 gigabytes of free space in the DB2 installation directory.
v Ensure that your system meets other installation, memory, and disk requirements. For information
about the DB2 requirements, and security issues to consider when installing DB2, refer to the DB2
documentation. The DB2 installer automatically calculates required disk space and determines if you
have sufficient space. Also ensure that you allocate sufficient disk space for growth of the database.
This section provides basic installation instructions for a typical installation of DB2. If you require more
information, refer to the installation information in the DB2 information center.
Use the DB2 installation media provided with Tivoli Provisioning Manager to ensure that you are using
the correct version.
Procedure
1. Log on as administrator.
2. If you are using disks, insert the DVD.
3. If you are using installation images, copy the archive file that starts with DB2_ESE_V91 to the
directory you want to install DB2. Select the file for the language that you want to install. Extract the
contents of the archive file.
4. Change to the folder ese\image and run setup.exe to start the DB2 Setup wizard.
5. The IBM DB2 Setup Launchpad opens. From this window, review installation prerequisites and the
release notes for the latest information and then proceed with the installation.
6. Click Install Products.
7. Select DB2 UDB Enterprise Server Edition and click Next.
8. In the Welcome screen, click Next.
9. Accept the licence agreement and click Next.

10. Accept the default value (Typical) and click Next.
11. Select the Install DB2 UDB Enterprise Server Edition on this computer check box and click Next.
12. Continue with the installation and use the default values suggested by the installer.
13. After the installation completes, a status page opens. Click the Status report tab to ensure your
installation was successful.
14. Perform the following post-installation steps:
a. Run the following commands:
db2set DB2COMM=TCPIP
db2set DB2BQTRY=120
db2set DB2BQTIME=2
db2set DB2AUTOSTART=YES
b. If you are using a virtual IP on the computer where the DB2 server for Tivoli Provisioning
Manager is installed, run the following DB2 command on the computer:

Example: If DB2 is installed on a computer with the virtual host name database.example.com,
run this command on the computer database.example.com:
What to do next
1. Configure DB2 for use with Tivoli Provisioning Manager by either manually configuring settings or
by running the middleware installer to automatically configure settings. See “Configuring an existing
DB2 with the middleware installer” on page 47.
2. Proceed to “Installing the DB2 client.”
Installing the DB2 client: 2000

DB2
Follow these procedures to install the DB2 client.
This section provides basic installation instructions for a typical installation of DB2. If you require more
information, refer to the installation information in the DB2 information center.
Use the DB2 installation media provided with Tivoli Provisioning Manager to ensure that you are using
the correct version.
If you are using DB2 on a separate node, the DB2 client must be preinstalled on the Tivoli Provisioning
Manager computer. During Tivoli Provisioning Manager installation, the database client is used to
connect to the DB2 server and configure it for use with Tivoli Provisioning Manager.
Procedure
1. Log on as a user with administrator access.
2. If you are using DVDs, insert the disk into the disk drive.
3. If you are using images, copy the archive file that starts with DB2_CLIENT_V95 to the directory you
want to install DB2.
4. Change to the folder CLIENT and run setup.exe to start the DB2 Setup wizard.
5. The IBM DB2 Setup Launchpad opens. From this window, review installation prerequisites and the
release notes for the latest information and then proceed with the installation.
6. Click Install Products.
7. Select DB2 Administration Client and click Next.
8. In the Welcome screen, click Next.

10. Accept the default value (Typical) and click Next.
11. Accept the default values for the remaining panels.
12. On the summary panel, review your settings. Note the DB2 client installation directory. You will
need this information for Tivoli Provisioning Manager installation.
13. Click Finish to start the installation.
Manually configuring DB2 9.x:
This section contains instructions for manually configuring DB2 9.x servers for use by Provisioning
Manager.
To configure an existing DB2 9.x server for use with Provisioning Manager, complete the following steps
before launching the Provisioning Manager installation program:
Procedure
1. Create system users:
a. Log on to the system as a user that has administrative permissions on the system.
b. Create a system group and system users. The middleware installer creates a ctginst1 user that
owns the database instance and assigns that user to a group called db2iadm1. If you are
configuring DB2 manually, you need to create users and groups manually using user
management tools available on the system. Create users named ctginst1 and maximo and assign
the ctginst1 user to a group named db2iadm1. For the maximo user, it is not necessary to assign
a specific group. You can use these user and group name values, or use custom values of your
own, but be sure to substitute them where appropriate in this procedure. For AIX, use SMIT to
add the users. After the user IDs have been created, log on to the system using the user IDs and
change the password for each account.
2. Create the DB2 instance:
a. Use the following command to create the DB2 instance:
db2icrt -s ese -u db2admin,password -r 50005,50005 ctginst1
Depending upon your environment, you might have to run this command from the
/opt/ibm/db2/V9.5/instance directory. Alternatively, you can add this information to your PATH.
b. Set the listening port for the instance:
db2 update dbm cfg using svcename 50005
c. Set instance service to start automatically:
sc config ctginst1-0 start= auto
where <instance name> is the login name of the instance.

d. Start the ctginst1 database instance:
db2start
3. Create a database:
a. Open up the DB2 Control Center for the instance you plan to use:
1) Open a command window.
2) Type the following commands:
set DB2INSTANCE=ctginst1
db2set DB2COMM=tcpip
3) Type the following command:
db2cc
1) Open a command window.
2) Type the following commands:

set DB2INSTANCE=ctginst1
db2set DB2COMM=tcpip
3) Type the following command:
db2cc
b. From the DB2 Control Center, navigate to All Systems > <System hosting the database
instance> > Instances.
c. Right-click the Databases folder located below the instance name, and then select Create
Database > With Automatic Maintenance.
d. From the Specify a name for your new database panel, enter maxdb71 for both the Database name
and Alias fields.
e. If using DB2 9.1, enable the Enable database for XML option. This option creates a Unicode
database with a code set of UTF-8.
f. Click Next.
g. From the Specify where to store your data panel, click Next. Alternatively, if you do not want to
use the database path as the storage path, specify a different directory. If you specify a path, the
directory must exist.
h. From the Select your maintenance strategy panel, select Yes, I can specify an offline
maintenance window of at least an hour when the database is inaccessible, and then click
Next.
i. From the Specify when offline automatic maintenance activities can run panel, provide scheduling
details for offline maintenance, and then click Next.
j. From the Provide a valid SMTP server panel, enter the name of the SMTP server that is used to
communicate DB2 messages concerning this database, and then click Next.
k. From the actions review panel, review the choices you have made, and then click Finish.
The database is created.
4. Configure the database:
a. Right-click the maxdb71 database created in the previous step, and choose Configure
Parameters.
b. From the Database Configuration panel, select the LOGFILSIZ value and click the button labeled
with the ellipsis (...) in the Value column.
c. Enter 4096, and then click OK.
d. If using DB2 9.1, from the Database Configuration panel, select the APP_CTL_HEAP_SZ value. If
using DB2 9.5 or higher, select the appl_memory value. Click the button labeled with the ellipsis
(...) in the Value column.
e. Enter 1024, and then click OK.
f. From the Database Configuration panel, select the APPLHEAPSZ value and click the button
labeled with the ellipsis (...) in the Value column.
g. Enter 1024, and then click OK.
h. From the Database Configuration panel, select the LOCKLIST value and click the button labeled
with the ellipsis (...) in the Value column.
i. Enter 30000, and then click OK.
j. From the Database Configuration panel, select the LOGSECOND value and click the button
labeled with the ellipsis (...) in the Value column.
k. Enter 4, and then click OK.
l. From the Database Configuration panel, click OK.
m. Click Close.
n. Restart the database by right-clicking the ctginst1 instance, clicking Stop, and then clicking
Start.
5. Add users to the database:

a. Once the database has restarted, right-click it and select Authorities.
b. From the User tab of the Database Authorities window, click Add User.
c. From the Add User dialog box, select the user maximo, and then click OK.
d. From the Database authorities window, highlight the user maximo and click Grant All.
e. Click OK.
Alternatively, you can use the following commands to complete the steps from the command line:
connect to maxdb71
grant dbadm,createtab,bindadd,connect,create_not_fenced_routine,implicit_schema,
load,create_external_routine,quiesce_connect,secadm on database to user maximo
6. Create table space:
a. From the DB2 Control Center, locate and right-click the Table Spaces entry under the DB2
database that you created for use with Provisioning Manager.
b. From the right-click menu, select Create.
c. Specify MAXDATA as your new table space, and then click Next.
d. Select Regular as the type of table space and then click Next.
e. Click Create to create a buffer pool for the table space.
f. Specify MAXBUFPOOL as your new buffer pool, and then change the Page size value to 32 and the
Size in 32 KB pages value to 4096.
g. Ensure the Create buffer pool immediately choice is selected, and then click OK.
h. Highlight the newly created buffer pool and click Next.
i. From the Specify the extent and prefetch sizes for this table space panel, choose the Between 200
MB and 2 GB option, and leave Extent size as 32, and then click Next.
j. Define a hard disk drive specification by choosing Server (SCSI), and then click Next.
k. Click Finish.
create bufferpool maxbufpool immediate size 4096 pagesize 32 k
create regular tablespace maxdata pagesize 32 k managed by automatic storage

extentsize 16 overhead 12.67 prefetchsize 16 transferrate 0.18 bufferpool
maxbufpool dropped table recovery on
Note: By default, index data is stored in the data table space. If you would rather create a separate
index table space, you could create one now.
7. Grant permissions for the table space:
a. From the DB2 Control Center, locate and right-click the MAXDATA table spaces entry under the
DB2 database that you created for use with Provisioning Manager.
b. From the right-click menu, select Privileges.
c. Click Add User.
d. Select the user maximo, and then click OK.
e. From the Privileges drop-down menu, select Yes, and then click OK.
grant use of tablespace maxdata to user maximo
Note: If you created a separate index table space, you must grant permissions for it at this time.
8. Create a schema:
a. From the DB2 Control Center, locate and right-click the Schema entry under the DB2 database
that you created for use with Provisioning Manager.

c. Specify a name for your new schema, and then click OK. This name must be the same as was
used for the database user ID.
d. Right-click on the new schema name and select Privileges.
e. From the Privileges drop-down menu, select Add User, and then select the maximo user.
f. Click OK.
g. Select the maximo user and then click Grant all.
h. From the dialog box, select No Grant, and then click OK.
CREATE SCHEMA MAXIMO AUTHORIZATION ADMINISTRATOR
GRANT CREATEIN,DROPIN,ALTERIN ON SCHEMA MAXIMO TO USER MAXIMO
9. Create a temporary table space:
a. From the DB2 Control Center, locate and right-click the table spaces entry under the DB2
database that you created for use with Provisioning Manager.
c. Specify MAXTEMP for your new table space, and then click Next.
d. Select System temporary as the type of table space and then click Next.
e. Select the previously created buffer pool MAXBUFPOOL, and click Next.
f. From the Specify the extent and prefetch sizes for this table space panel, choose the Between 200
MB and 2 GB option, and leave Extent size as 32, and then click Next.
g. Define a hard disk drive specification by choosing Server (SCSI), and then click Next.
h. Click Finish.
CREATE SYSTEM TEMPORARY TABLESPACE MAXTEMP PAGESIZE 32K MANAGED BY AUTOMATIC STORAGE
EXTENTSIZE 16 OVERHEAD 12.67 PREFETCHSIZE 16 TRANSFERRATE 0.18 BUFFERPOOL MAXBUFPOOL
10. Ensure that you have DB2 Enterprise Server Edition 9.5 FP3a installed. See the DB2 support page for
more information.
Manually configuring the directory server

You must complete the manual configuration of the directory server before you use the Tivoli
Provisioning Manager installation program if you choose to not have the Tivoli Provisioning Manager
installation program automatically configure it.
Be aware that the various DN and suffix values listed in these sections must be replaced with values that
are applicable to existing LDAP hierarchies within your organization.
Important: When entering LDAP values for Tivoli Provisioning Manager installation panel fields, entries
in LDIF files, or values you enter directly into a directory instance using the directory server's own tools,
be aware of the product-specific syntax rules for using special characters in an LDAP string. In most
cases, special characters must be preceded by an escape character in order to make it readable by the
directory server. Failing to escape special characters contained in an LDAP string used with Tivoli
Provisioning Manager will result in Tivoli Provisioning Manager errors.
Many directory server products consider a blank space as a special character that is part of the LDAP
string. Therefore, if you mistakenly enter an LDAP string that contains a blank, at the end of a field
value, for example, and you do not precede the blank character with an escape character, you might get
Tivoli Provisioning Manager errors.
See the product documentation for your directory server for more information about special characters in
LDAP strings.
Manually configuring IBM Tivoli Directory Server:

To configure Tivoli Directory Server before starting the Tivoli Provisioning Manager installation program,
you must create an instance of IBM Tivoli Directory Server.
Before you begin
Note: Sharing a DB2 instance between Tivoli Provisioning Manager and Tivoli Directory Server is not
recommended. During the installation, the database instance is restarted, which could disrupt the
availability of Tivoli Directory Server to your enterprise. If you are using the automated installation
programs, separate instances are created for use by Tivoli Provisioning Manager and Tivoli Directory
Server.
Procedure
1. Create a user on the system and assign it to the appropriate group.
Create the user db2admin and make it a member of the following groups:
v Windows Administrators
v DB2ADMNS
v DB2USERS
2. If the Instance Administration tool is not already started, log on as an administrator on the system
and start the tool:
v Click Programs > IBM Tivoli Directory Server 6.2 > Instance Administration Tool.
3. In the Instance Administration tool, click Create an instance.
4. In the Create a new instance window, click Create a new directory server instance and click Next.
5. From the Instance details window, complete the following fields and click Next.
User name
Select idsccmdb as the system user ID of the user who owns the instance. This name is also
the name of the instance.
Install location
Enter the location where the instance files are stored.
Encryption seed string
Type a string of characters that are used as an encryption seed. This value must be a
minimum of 12 characters.
Instance description
Enter a brief description of the instance.
6. In the DB2 instance details panel, enter idsccmdb as the value for the DB2 instance name field and
click Next.
7. In the TCP/IP settings for multihomed hosts panel, select Listen on all configured IP addresses,
8. In the TCP/IP port settings panel, complete the following fields and click Next.
Server port number
Enter 389 as the contact port for the server.
Server secure port number
Enter 636 as the secure port for the server.
Admin daemon port number
Enter 3538 as the administration daemon port.
Admin daemon secure port number
Enter 3539 as the administration daemon secure port.
9. In the Option steps panel, leave the following options selected and click Next.

Configure admin DN and password
You want to configure the administrator DN and password for the instance now.
Configure database
You want to configure the database for the directory server now.
10. In the Configure administrator DN and password window panel, complete the following fields and
click Next.
Administrator DN
Enter cn=root for the administrator distinguished name.
Administrator Password
Enter a password for the Administrator DN.
11. In the Configure database panel, complete the following fields and click Next.
Database user name
Enter idsccmdb as the database user.
Password
Enter the password for the idsccmdb user.
Database name
Enter idsccmdb as the database to be used with this directory instance.
12. In the Database options panel, complete the following fields and click Next.
Database install location
Enter the location where you want the database instance to be created:
v This value must be a drive letter.
Ensure that you have at least 80 MB of free disk space in the location that you specify and
that additional disk space is available to accommodate growth as new entries are added to
the directory.
Character-set option
Leave the Create a universal DB2 database (UTF-8/UCS-2) option selected.
13. In the Verify settings panel, review the instance creation details provided and click Finish to create
the idsccmdb instance.
14. Click Close to close the window and return to the main window of the Instance Administration tool.
15. Click Close to exit the Instance Administration tool.
16. Start the IBM Tivoli Directory Server Configuration tool:
v Click Programs > IBM Tivoli Directory Server 6.2 > Instance Administration Tool.
17. Select Manage suffixes.
18. In the Manage suffixes panel, type the following suffix and click Add.
o=IBM,c=US
19. Click OK.
20. Create the following users in the LDAP repository. These users are required so that Virtual Member
Manager can secure Provisioning Manager.
v wasadmin
v maxadmin
v mxintadm
v maxreg
To create the users, you must create an LDIF file with the required information. Add the DN
information, for example:
ou=SWG,o=IBM,c=US
ou=users

Note: ou=SWG,o=IBM,c=US in this example indicate an organization unit called SWG. SWG houses the
ou=users organization units to place the users created for Provisioning Manager. DC=IBM and
DC=COM indicate a domain forest of ibm.com. You can replace the example with the directory
structure of your own organization.
Define the required users and their position within the ou=users DN entries you created.
Here is an example of an LDIF file that uses default values:
dn: o=ibm,c=us
objectClass: top
objectClass: organization
o: IBM
dn: ou=SWG, o=ibm,c=us

ou: SWG
objectClass: top
objectClass: organizationalUnit
dn: ou=users,ou=SWG, o=ibm,c=us

ou: users
objectClass: top
dn: cn=wasadmin,ou=users,ou=SWG, o=ibm,c=us

uid: wasadmin
userpassword: wasadmin
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: person
objectclass: top
title: WebSphere Administrator
sn: wasadmin
cn: wasadmin
dn: uid=maxadmin,ou=users,ou=SWG, o=ibm,c=us

userPassword: maxadmin
uid: maxadmin
objectClass: inetorgperson
objectClass: top
objectClass: person
objectClass: organizationalPerson
sn: maxadmin
cn: maxadmin
dn: uid=mxintadm,ou=users,ou=SWG, o=ibm,c=us

userPassword: mxintadm
uid: mxintadm
objectClass: top
objectClass: person
sn: mxintadm
cn: mxintadm
dn: uid=maxreg,ou=users,ou=SWG, o=ibm,c=us

userPassword: maxreg
uid: maxreg
objectClass: top
objectClass: person
sn: maxreg
cn: maxreg
After the creation of users, you are required to create the following groups and assign the maxadmin
user to them. An LDIF file with the following content needs to be created:

dn: ou=groups,ou=SWG,o=ibm,c=us
ou: groups
objectClass: top
dn: cn=maxadmin,ou=groups,ou=SWG, o=ibm,c=us

objectClass: groupofnames
objectClass: top
member: uid=dummy
member: uid=maxadmin,ou=users,ou=SWG,o=IBM,c=US
member: uid=mxintadm,ou=users,ou=SWG,o=IBM,c=US
cn: maxadmin
dn: cn=maximousers,ou=groups,ou=SWG, o=ibm,c=us

objectClass: top
member: uid=dummy
member: uid=maxreg,ou=users,ou=SWG,o=IBM,c=US
cn: maximousers
dn:cn=TPDEPLOYMENTSPECIALIST,ou=groups,ou=SWG,O=IBM,C=US
objectclass: groupofnames
cn: TPDEPLOYMENTSPECIALIST
dn:cn=TPCOMPLIANCEANALYST,ou=groups,ou=SWG,O=IBM,C=US
cn: TPCOMPLIANCEANALYST
dn:cn=TPCONFIGURATIONLIBRARIAN,ou=groups,ou=SWG,O=IBM,C=US
cn: TPCONFIGURATIONLIBRARIAN
dn:cn=TPDEVELOPER,ou=groups,ou=SWG,O=IBM,C=US
cn: TPDEVELOPER
dn:cn=TPADMIN,ou=groups,ou=SWG,O=IBM,C=US
cn: TPADMIN
dn:cn=TPWEBSERVICEUSER,ou=groups,ou=SWG,O=IBM,C=US
cn: TPWEBSERVICEUSER
To create the users and update the membership of the LDAP repository, run the following command:
ldapmodify -a -D cn=root -w <password> -i <file_name>
If you create the LDIF file on a Windows computer, remove the ^M characters from the file before
using.
21. In the IBM Tivoli Directory Server Configuration tool, click Import LDIF data. Click Browse to
locate the LDIF file and click Import.
22. Close the IBM Tivoli Directory Server Configuration tool and restart the server.
23. If you are using a virtual IP address on the computer where Tivoli Directory Server is installed, run
the following DB2 command on the computer:

Example: If Tivoli Directory Server is installed on the computer with the virtual host name
ldap.example.com, run this command on the computer ldap.example.com:
What to do next
Proceed to “Installing Tivoli Provisioning Manager core components” on page 119.
Installing Microsoft Active Directory:
You must manually install Microsoft Active Directory before installing Tivoli Provisioning Manager.
Before you begin
Ensure that the computer meets the hardware and software requirements for Microsoft Active Directory
on Windows 2003. Requirements for use with Tivoli Provisioning Manager include:
v Microsoft Active Directory must be installed on a separate computer.
v The latest Windows 2003 service pack is installed.
v The primary network card has a static IP address. This setting is required for the DNS and Active
Directory subsystems.
1. Click Start > Control Panel > Network Connections.
2. Right-click the connection that represents your primary network adapter and click Properties.
3. Select Internet Protocol (TCP/IP), and click Properties.
4. Ensure that Use the following IP address is selected and enter the IP address and subnet mask for
the server. Add a gateway if required.
5. Enter the IP address of the server in the Preferred DNS server field.
v Install and configure DNS. If it is not currently installed, perform the following steps:
1. In the Windows Control Panel, double-click Add or Remove Programs and then click Add/Remove
Windows Components.
2. Click Networking Services in the list of components, but do not select the check box if it was not
already selected. Click Details and select the Domain Name System check box.
3. Click OK and then Next and complete the installation of DNS.
To Install Microsoft Active Directory:
Procedure
1. Ensure that you log on to the computer with an administrator account to perform installation.
2. Click electing Start > Administration Tools > Configure your Server .
3. In the Welcome page, click Next.
4. In the Operating system compatibility panel, click Next.
5. On the Domain Controller Type panel, select Domain controller for a new domain and click Next.
6. On the Create New Domain panel, select Domain in a new forest and click Next.
7. On the New Domain Name panel, enter the DNS suffix for your new Active Directory. This name
will be used during Tivoli Provisioning Manager installation, so make a note of it. Click Next.
8. On the NetBIOS Domain Name panel, enter the NetBIOS name of the domain. The first part of the
DNS name is typically sufficient. Click Next.
9. On the Database and Logs panel, select the folders for the Database and Logs. The default value is
C:\Windows\NTDS. Click Next.

10. On the Shared System Volume panel, enter a valid directory for the system volume.
C:\Windows\Sysvol is the default. Click Next to continue.
11. If you configured DNS successfully, the Permissions setting panel is displayed. Select Permissions
compatible only with Windows 2000 or Windows Server 2003. Click Next.
12. On the Directory Services Restore Mode Administrator Password panel, enter a valid password to be
used when running the Directory Services in Restore Mode. Click Next
13. Verify the settings and Click Next to begin the Active Directory configuration. The server will be
rebooted as part of the process.
What to do next
You are now ready to configure Microsoft Active Directory.
Manually configuring Microsoft Active Directory:
To manually configure Microsoft Active Directory for use with Tivoli Provisioning Manager, complete
these steps before installing Tivoli Provisioning Manager.
Before you begin

v While Microsoft Windows Server 2008 is supported as a platform for the administrative workstation, or
for hosting middleware, Microsoft Active Directory on Microsoft Windows Server 2008 is not
supported.
v The users and passwords created in the following steps need to match this exact configuration for the
deployment to succeed. The Microsoft Active Directory security policy might need to be altered
temporarily to allow the creation of these accounts in the format described. After successful
installation, these default passwords can be changed to conform to a stricter security policy.
v Use this procedure if you plan to create users and groups manually in Microsoft Active Directory. The
installation program gives you the opportunity to have these users and groups created automatically
during the installation, provided that you have properly set up SSL communication between Microsoft
Active Directory and IBM WebSphere Application Server, as described in “Configuring SSL between
Microsoft Active Directory and WebSphere Application Server Network Deployment” on page 65.
Procedure
1. Click Start > Control Panel > Administrative Tools > Microsoft Active Directory Users and
Computers and then select the domain that you are working with.
2. Edit the domain functional level by selecting Action > Raise Domain Functional Level.
3. Select Microsoft Windows Server 2003 from the Select an available domain functional level menu,
and then click Raise.
4. Click OK.
5. When the domain raise task has completed, click OK.
6. In the Microsoft Active Directory Users and Computers user interface, right-click the domain you
want to work with and select New > Organizational Unit.
7. Enter a name for the new Organizational Unit (OU), for example, SWG, and then click OK.
8. Create a group object under the SWG organizational unit:
a. Right-click the SWG OU, and select New > Organizational Unit.
b. Enter Groups as the name for the new OU then click OK.
9. Create a users object under the SWG organizational unit:
a. Right-click the SWG OU, and select New > Organizational Unit.
b. Enter Users as the name for the new OU and click OK.
10. Create the MAXADMIN group:
a. Right click the Groups OU and select New > Group.

b. From the New Object - Group dialog, enter the following values and click OK.
Group name
Enter MAXADMIN. This value must be capitalized.
Group name (pre-Windows 2000)
Enter MAXADMINPRE2K as the pre-Windows 2000 group name.
This value must be capitalized and must be different than the name entered for Group
name.
Group scope
Global
Group type
Security
11. Create the MAXIMOUSERS group:
a. Right click the Groups OU and select New > Group.
b. From the New Object - Group dialog, enter the following values and click OK.
Group name
Enter MAXIMOUSERS. This value must be capitalized.
Group name (pre-Windows 2000)
Enter MAXIMOUSERS as the pre-Windows 2000 group name.
This value must be capitalized.
Group scope
Global
Group type
Security
12. Create the wasadmin user:
a. Right click the Users OU and select New > User.
b. From the New Object - User dialog, enter the following values and click Next.
First name
Enter wasadmin.
Initials
Leave this field blank.
Last name
Full name
Enter wasadmin.
User login name
Enter wasadmin in the first field. Leave the default value of the second field.
User login name (pre-Windows 2000)
This field is filled with the same value (wasadmin) entered for the User login name.
c. From the next panel, enter the following information and click Next:
Password
Enter the password for wasadmin. This value must have a minimum of eight characters.
User must change password at next logon
Ensure this check box is cleared.
User cannot change password
Ensure this check box is selected.

Password never expires
Account is disabled
The preceding values are examples. You must set these fields to values that comply with the
password policy of your organization.
d. Review the password settings in the summary panel, and click Finish.
13. Create the maxadmin user:
b. From the New Object - User dialog, enter the following values, and then click Next:
First name
Enter maxadmin.
Initials
Last name
Full name
Enter maxadmin.
User login name
Enter maxadmin in the first field. Leave the default value of the second field.
This field is filled with the same value (maxadmin) entered for the User login name.
c. From the next panel, enter the following information and click Next.
Password
Enter the password for maxadmin. This value must have a minimum of eight characters.
Account is disabled
14. Create the mxintadm user:
First name
Enter mxintadm.
Initials
Last name

Full name
Enter mxintadm.
User login name
Enter mxintadm in the first field. Leave the default value of the second field.
This field is filled with the same value (mxintadm) entered for User login name.
Password
Enter the password for mxintadm. This value must have a minimum of eight characters.
Account is disabled
15. Create the maxreg user:
First name
Enter maxreg.
Initials
Last name
Full name
Enter maxreg.
User login name
Enter maxreg in the first field. Leave the default value of the second field.
This field is filled with the same value (maxreg) entered for the User login name.
Password
Enter the password for the maxreg user. This value must have a minimum of eight
characters.

Account is disabled
16. Add users to the MAXADMIN group:
a. Click the Groups object under the SWG OU.
b. Double-click the MAXADMIN group listed in the Groups pane.
c. From the MAXADMIN properties dialog, select the Members tab and then click Add.
d. From the Select Users, Contacts, Computers, or Groups dialog, click Advanced.
e. On the Advanced panel, click Find Now.
f. From the Search results list, select the maxadmin and mxintadm users and click OK. Ensure that you
are selecting the maxadmin user and not the maxadmin group from this list.
g. Click OK.
17. Add users to the MAXIMOUSERS group:
a. Click the Groups object under the SWG OU.
b. Double-click the MAXIMOUSERS group listed in the Groups pane.
c. From the MAXIMOUSERS properties dialog, select the Members tab and then click Add.
d. From the Select Users, Contacts, Computers, or Groups dialog, click Advanced.
e. On the Advanced panel, click Find Now.
f. From the Search results list, select the maxadmin, mxintadm, and maxreg users, and then click OK.
Ensure that you are selecting the maxadmin user and not the maxadmin group from this list.
g. Click OK.
18. Using the same procedure for creating the MAXADMIN group, create the following groups:
v TPADMIN
v TPCOMPLIANCEANALYST
v TPDEPLOYMENTSPECIALIST
v TPDEVELOPER
v TPWEBSERVICEUSER
19. Using the same procedure for adding the maxadmin user to the MAXADMIN group, add the maxadmin
user to the following groups:
v TPADMIN
v TPCOMPLIANCEANALYST
v TPDEPLOYMENTSPECIALIST
v TPDEVELOPER
v TPWEBSERVICEUSER
Note: The TPWEBSERVICEUSER group for the Web Service interface is configured in the
user-factory.xml file as follows:
<ws-security-role>TPWEBSERVICEUSER<\ws-security-role>
To configure this group to use another role, you must add the roles to both the LDAP and the
Tivoli Provisioning Manager database using VMMSYNC.
20. Exit the Microsoft Active Directory Users and Computers user interface.

Results
Microsoft Active Directory configuration is complete and you are now ready to install the remaining
middleware and configure the application server to use Microsoft Active Directory.
Configuring SSL between Microsoft Active Directory and WebSphere Application Server Network Deployment:
Configuring SSL between Microsoft Active Directory and WebSphere Application Server Network
Deployment allows the installation program to create users.
Before you begin
To enable the Provisioning Manager installation program to automatically create users and groups within
Microsoft Active Directory, you have to configure SSL communication between Microsoft Active Directory
and WebSphere Application Server Network Deployment.
You must enable SSL for Microsoft Active Directory, generate a certificate, and then add that certificate to
WebSphere Application Server Network Deployment.
Changing the name or domain of the certificate authority at any point invalidates certificates previously
issued from that authority.
Ensure that you have host name resolution set up properly in your environment. Communication failures
occur if the computer hosting Microsoft Active Directory cannot resolve host names for systems that have
been issued certificates.
Ensure that you have already installed Microsoft Internet Information Services with ASP extensions
enabled on the system before configuring the certificate service required for SSL. Microsoft Internet
Information Services are a prerequisite of the certificate service. Microsoft Internet Information Services
can be added as a Windows component from the Add/Remove Programs dialog. Add this component by
selecting the Internet Information Services or Application Server component and installing it. If you have
IBM HTTP Server installed on the same system, you cannot use port 80 for IBM HTTP Server. If IBM
HTTP Server was configured to use port 80, you must change it to another value because Microsoft
Internet Information Services must use port 80. After you verify that these two conditions are met,
proceed with setting up certificate services as described in this procedure.
Procedure
1. Add the Certificate Services component:
a. From the Control Panel of the Microsoft Active Directory server, select Add or Remove
Programs. Then select Add/Remove Windows Components.
b. From the Windows Components panel, select the Certificate Services option, and then click
Next.
c. From the CA Type panel, select Stand alone root CA, select the Use custom settings to generate
the key pair and CA certificate option, and then click Next.
d. From the Public and Private Key Pair panel, select Microsoft Strong Cryptographic Provider for
the CSP value, select SHA-1 as the Hash algorithm, set the Key length to 2048, and then click
Next.
e. From the CA Identifying Information panel, enter host_name.itsm.com in the Common name for
this CA field, enter DC=itsm,DC=com for the Distinguished name suffix, set the Validity period to
5 years, and then click Next. The values used in this step are example values only. Replace these
values with the details of the computer hosting Microsoft Active Directory.
f. From the Certificate Database Settings panel, you can keep the default value of
C:\WINDOWS\system32\CertLog for both the Certificate database and Certificate database log
fields, and then click Next. Configuration of the component now begins.

g. Click Finish.
h. Restart the system.
2. Download a CA certificate:
a. Launch Internet Explorer.
b. Select Tools > Internet Options > Security and click Sites.
c. From the Trusted Sites dialog box, enter http://host_name.itsm.com in the Add this web site to
the zone: field, click Add, and then click Close.
d. Enter http://host_name.itsm.com/certsrv in the browser.
e. From the Certificate Services page, click Download a CA certificate, Certificate Chain, or CRL.
f. From the Download a CA Certificate, Certificate Chain, or CRL page, click install this CA
certificate chain. When the task has completed successfully, click the back button.
g. From the Download CA Certificate, Certificate Chain, or CRL page select Current for the CA
certificate value, select Base 64 for the Encoding method, and then click Download a CA
Certificate.
h. When prompted, specify the type as Security Certificate and save the security certificate file as
serverRootCA.cer
3. Add the Certificates Snap-in:
a. Launch the Microsoft Management Console.
b. Select File > Add/Remove Snap-in.
c. From the Add/Remove Snap-in dialog box, click Add.
d. From the Add Standalone Snap-in dialog box, select Certificates and then click Add.
e. Select Computer account and then click Next.
f. Select Local computer: (the computer this console is running on) and click Finish.
g. From the Add Standalone Snap-in dialog box, select Certification Authority and then click Add.
h. Select Local computer: (the computer this console is running on) and click Finish.
i. Click Close to close the Add Standalone Snap-in dialog box.
j. Click OK on the Add/Remove Snap-in dialog box to close it.
4. Transfer certificates to a store:
a. In the Microsoft Management Console, navigate to Console Root > Certificates (Local
Computer) > Third-Party Root Certification Authorities.
b. Right-click Certificates and select All Tasks > Import.
c. From the File to Import panel of the Certificate Import wizard, browse to the location of the
serverRootCA.cer file, select it, and then click Next.
d. From the Certificate Store panel, select Place all certificates in the following store, click Next,
and then click Finish.
5. Create and submit a request to the CA:
a. Using Internet Explorer, navigate to http://host_name.itsm.com/certsrv. From the Certificate
Services page, click Request a certificate.
b. From the Request a Certificate page, click advanced certificate request.
c. From the Advanced Certificate Request page, click Create and submit a request to this CA.
d. From the Advanced Certificate Request page, enter the following information and then click
Submit.
Identifying Information
Enter the fully qualified name of the computer hosting Microsoft Active Directory in the
Name field. This value must be capitalized, for example HOST_NAME.ITSM.COM.
Type of Certificate Needed
Select Server Authentication Certificate.

Key Options
For the CSP field, select Microsoft RSA SChannel Cryptographic Provider.
Select the Automatic key container name, Mark keys as exportable, and Store certificate
in the local computer certificate store options.
For the Key Size field, you can either accept the default value of 1024, or change it to a
more appropriate value.
Additional Options
Set the Request Format option to PKCS10.
For the Hash Algorithm field, select SHA-1.
For the Friendly Name field, enter the same exact value as entered for the Name field.
Default values are sufficient for the remaining fields on this page.
e. Click Home to return to the home page for Certificate Services.
6. Install the certificate:
a. In the Microsoft Management Console, navigate to Console Root > Certification Authority
(Local) > host_name.itsm.com > Pending Requests.
b. In the right pane, right-click the ID of the request, and then select All Tasks > Issue.
c. From Internet Explorer, on the Certificate Services page, click View the status of a pending
certificate request.
d. From the View the Status of a Pending Certificate Request page, click the certificate request you
created.
e. From the Certificate Issued page, click Install this certificate.
f. Restart the system.
7. Verify the private key:
a. When the system has restarted, start the Microsoft Management Console and navigate to Console
Root > Certificates (Local Computer) > Personal > Certificates.
b. In the right pane, double-click the entry displayed in uppercase.
c. From the Certificate dialog box, ensure you can find the statement You have a private key that
corresponds to this certificate, and then click OK.
d. In the right pane, double-click the entry displayed in lowercase.
e. From the Certificate dialog box, ensure you can find the statement You have a private key that
corresponds to this certificate, and then click OK.
8. Configure the connection:
a. Launch the Microsoft LDP utility.
b. Select Connection.
c. Select Connect.
d. Enter host_name.itsm.com for Server, 636 for Port, select SSL, and then click OK. Review the
information displayed to verify your configuration values.
9. Export certificate files:
a. Launch the Microsoft Management Console and navigate to Console Root > Certificates (Local
Computer) > Personal > Certificates.
b. Right-click the uppercase certificate entry and select All Tasks > Export
c. From the Certificate Export wizard Welcome panel, click Next.
d. From the Export Private Key panel, select No, do not export private key, and then click Next.
e. From the Export File Format panel, select Base-64 encoded X.509(.CER), and then click Next.
f. From the File to Export panel, export the certificate as serverRootCA.cer, click Next, and then
click Finish.

g. Right-click the lowercase certificate entry and select All Tasks > Export.
h. From the Certificate Export wizard Welcome panel, click Next.
i.From the Export Private Key panel, select No, do not export private key, and then click Next.
j.From the Export File Format panel, select Base-64 encoded X.509(.CER), and then click Next.
k.From the File to Export panel, export the certificate as serverAuthCert.cer, click Next, and then
click Finish.
10. Add signer certificates:
a. Copy serverRootCA.cer and serverAuthCert.cer to the WebSphere Application Server Network
Deployment system.
b. Start the WebSphere Application Server Network Deployment administrative console.
c. From the WebSphere Application Server Network Deployment administrative console, select
Security > SSL certificate and key management.
d. Click Keystores and certificates.
e. Click CellDefaultTrustStore.
f. Click Signer certificates and then click Add.
g. From the Add signer certificate page, enter MSADServerRootCA for the Alias, enter the path
(including the file name) to the serverRootCA.cer file in the File name field, and then click OK.
h. Click Add.
i. Enter MSADServerAuthCert for the Alias, enter the path (including the file name) to the
serverAuthCert.cer file in the File name field, and then click OK.
11. Configure security:
a. From the WebSphere Application Server Network Deployment administrative console, select
Security > Secure administration, applications, and infrastructure.
b. From the Available realm definitions drop-down list, select Federated repositories, and then
click Configure.
c. Click the repository identifier for Microsoft Active Directory listed in Repositories in the realm
table.
d. Update the following properties and then click OK.
Port Update this value to 636.
Login properties
Set this value to cn.
Requires SSL communications
Ensure that this option is selected.
Use specific SSL alias
Ensure that this option is selected with a value of CellDefaultSSLSettings.
e. Click Supported entity types and verify that the PersonAccount entity type is set to cn. If it is
not set to cn, click the PersonAccount entity type and set it and then save the changes.
f. Restart the domain manager.
Securing WebSphere Application Server with Microsoft Active Directory using the middleware
installation program:
If you have an existing Microsoft Active Directory instance, you can use it to secure WebSphere
Application Server when you install it on the system. You can either configure it manually, or by using
the middleware installation program.

Before you begin
Note that before running the Provisioning Manager installation program, you must manually create the
users and groups listed in “Manually configuring Microsoft Active Directory” on page 60. You can
perform this step after you have installed middleware using the middleware installation program, but it
must be completed before you begin using the Provisioning Manager installation program.
The middleware installation program will prompt you for LDAP configuration parameters to use with
WebSphere Application Server.
To have the middleware installation program use an existing Microsoft Active Directory instance to
secure WebSphere Application Server, complete the following steps:
Procedure
1. Log on as a user with administrative authority.
2. Start the middleware installation program from the launchpad.
3. Navigate the middleware installation program panels as instructed in “Installing and configuring the
panel.
4. From the Deployment Choices panel, clear the Directory Server deployment option, and then click
Next. In the next panel, you will be given the choice of selecting an existing instance of IBMTivoli
Directory Server or Microsoft Active Directory to secure WebSphere Application Server.
5. In the Deployment Plan Summary window, click Next to configure the parameters displayed. The
deployment plan is generated and you will be provided details about the plan.
6. In the Configurable Host Name panel, if you want to manually specify the host name of the
computer you are running the installation from, select the Override the local machine hostname
option and enter a host name value in the Hostname field. Select this option only if you want to
manually specify the host name of the system instead of having the installation program
programmatically detect it. Use this option when there is more than a single host name assigned to
the system, such as in cases where a system has more than one network interface, or it is configured
to support virtual IP addresses. When this option is selected, you are required to provide a
resolvable host name. You cannot clear this option once it has been selected, however, you will be
able to change the value of the Hostname field. If you launched the middleware installation program
from the command line using the forceHostname=true parameter, then you will be required to
provide an alphanumeric value in the Hostname field. An IP address will result in an error
message. Once this option has been selected, you will not be able to clear it. However, you can
change the value you enter in the Hostname field.
7. In the Password Reuse panel, you can select Use this password as the value for all subsequent
passwords, enter a password value, and then click Next, which will allow you to use the same
password as the default user password value in all panels of the middleware installation program. If
you do not want to use this option, ignore the Use this password as the value for all subsequent
passwords option, and click Next.
8. Select Secure with Microsoft Active Directory, and click Next.
9. Configure the following values for WebSphere Application Server security, and then click Next.
LDAP Host name
Enter the fully qualified name of the server hosting Microsoft Active Directory.
Enter the directory server port. For example, 389
LDAP base entry
Enter the LDAP base entry of the instance. For example, DC=itsm,DC=com
User suffix
Enter the user suffix for the instance. For example, OU=Users,OU=SWG,DC=itsm,DC=com

Group suffix
Enter the group suffix for the instance. For example, OU=Groups,OU=SWG,DC=itsm,DC=com
Organization container suffix
Enter the organization container suffix for the instance. For example, DC=itsm,DC=com
In this example, itsm is the domain name. You must replace itsm with the name of your
own domain.
10. Supply the following configuration values for WebSphere Application Server security, and then click
Next.
Enter the bind distinguished name for the instance. For example,
CN=Administrator,CN=Users,DC=itsm,DC=com
This value assumes that the Administrator user is already a member of the itsm domain. You
must replace itsm with the name of your own domain.
Bind password
Enter the password for the Administrator user on the system hosting Microsoft Active
Directory.
11. Complete the installation by navigating the remainder of the middleware installation program
panels.
For more informaton, see “Installing and configuring the middleware with the middleware installer”
on page 36.
Manually configuring WebSphere Application Server

If you do not want the Tivoli Provisioning Manager installation program to configure WebSphere
Application Server automatically, you must configure the application server manually before you use the
Tivoli Provisioning Manager installation program.
Creating WebSphere Application Server profiles:
This procedure provides task information for creating WebSphere Application Server profiles.
Before you begin
You cannot use the Profile Management tool to create profiles for 64-bit platforms. For 64-bit platforms,
see Creating and deleting IBM WebSphere Application Server profiles at http://publib.boulder.ibm.com/
infocenter/wasinfo/v6r1/index.jsp?topic=/com.ibm.websphere.nd.doc/info/ae/ae/tpro_profiles.html.
To create WebSphere Application Server profiles before running the Tivoli Provisioning Manager
installation program:
1. Launch the profile creation wizard.
2. Click Next in the Welcome dialog box.
3. Select the Create a deployment manager option. Click Next.
4. Accept the default value or specify a Profile name. Click Next.
5. Accept the default installation location. Click Next.
6. Accept the default values or specify the Node name, Host name, and Cell name. Click Next.
7. Review the assigned port numbers. Click Next. Note the Administrative port number. You will use
this context when invoking the console through a browser.
8. Select the Run the Application Server as a Windows service and log on as a local system account.
Click Next.
9. Click Next in the Profile summary dialog box.
10. Select the Launch the First steps console option. Click Finish.

11. Click the Installation verification link.
12. After Installation Verification completes, close the output window.
13. Use the launchpad command and click the Profile creation wizard to open the First Steps window
(if not open already).
14. Click Next in the Welcome dialog box.
15. Select Create a custom profile. Click Next.
16. Accept the default values or specify the appropriate information. Click Next.
17. Specify a unique Profile name. Click Next.
18. Accept the default directory path. Click Next.
19. Specify a unique node name and the computer name (or IP address) of the machine where you are
performing this installation. Click Next.
20. Review the port number listings. Click Next.
21. Click Next in the Profile summary dialog box.
22. Select the Launch the First steps console check box. Click Finish.
23. Click Exit. If another First steps window is open, close it.
Manually configuring Virtual Member Manager on WebSphere Application Server:
This procedure provides task information for manually configuring Virtual Member Manager (VMM) to
secure Tivoli Provisioning Manager.
Before you begin
Ensure you have a wasadmin user created in your LDAP repository.
During the installation process, the Tivoli Provisioning Manager installation program provided you with
the option of automatically configuring Tivoli Provisioning Manager middleware. If you chose to have
the middleware installer program automatically configure the middleware, then it will, among other
tasks, perform Virtual Member Manager (VMM) configuration for you. If not, you must manually
configure VMM.
VMM lets you access and maintain user data in multiple repositories, and federate that data into a single
virtual repository. The federated repository consists of a single named realm, which is a set of
independent user repositories. Each repository can be an entire external repository or, in the case of
LDAP, a subtree within that repository. The root of each repository is mapped to a base entry within the
federated repository, which is a starting point within the hierarchical namespace of the virtual realm.
Note that if you intend to configure VMM to use SSL with a federated LDAP repository, it must be done
only after a successful Tivoli Provisioning Manager installation. If VMM is configured to use SSL with a
federated LDAP repository before completing the Tivoli Provisioning Manager installation, the installation
will fail. Do not configure a WebSphere Application Server VMM LDAP federated repository to use SSL
with an LDAP directory before installing Tivoli Provisioning Manager. Configure SSL after the Tivoli
Provisioning Manager installation program has completed successfully.
To add an LDAP directory to the VMM virtual repository, you must first add the LDAP directory to the
list of repositories available for configuration for the federated repository and then add the root of
baseEntries to a search base within the LDAP directory. Multiple base entries can be added with different
search bases for a single LDAP directory.
The values provided here are for example purposes only. If you are using IBM Tivoli Directory Server,
enter the values used during the installation and configuration of IBM Tivoli Directory Server. If you are
using Microsoft Active Directory, substitute values you used in “Securing WebSphere Application Server
with Microsoft Active Directory using the middleware installation program” on page 68 and “Manually

configuring Microsoft Active Directory” on page 60 where appropriate in this procedure. You will also
have to modify the VMMCRONTASK as shown in “Manually configuring directory synchronization for
WebSphere Application Server Network Deployment” on page 134.
To add IBM Tivoli Directory Server or Microsoft Active Directory to Virtual Member Manager:
Procedure
1. Log on to the admin console and go to Security > Secure administration, applications, and
infrastructure.
2. Locate the User account repository section, select Federated repositories from the Available realm
definition field and click Configure.
3. Click Manage repositories located under Related Items.
4. Click Add to create the repository definition under the current default realm.
5. Enter the following values, click Apply and click Save.
Repository identifier
For IBM Tivoli Directory Server, enter ISMITDS.
For Microsoft Active Directory, enter ISMMSAD.
Directory type
For IBM Tivoli Directory Server, select IBM Tivoli Directory Server Version 6.
For Microsoft Active Directory, select Microsoft Windows Server 2003 Active Directory.
Primary host name
Enter the fully-qualified host name or IP address of the IBM Tivoli Directory Server or the
Microsoft Active Directory server.
Port Enter 389.
Support referrals to other LDAP servers
Set to ignore.
For IBM Tivoli Directory Server, enter cn=root
For Microsoft Active Directory, enter CN=Administrator,CN=Users,DC=itsm,DC=com
need to replace itsm with the name of your own domain.
Bind password
Login properties
Leave this value blank.
Certificate mapping
Select EXACT_DN.
6. To return to the Federated repositories page, click Security > Secure administration, applications,
and infrastructure, select Federated repositories from the Available realm definitions list, and click
Configure.
7. Locate the Repositories in the realm section and click Add Base entry to Realm. Note that if there is
an existing file repository entry in the Repositories in the realm table, you must select it, click
Remove, and save the change, after creating the new entry.
8. Enter the following values, click Apply and click Save.
Repository
For IBM Tivoli Directory Server, select ISMITDS.
For Microsoft Active Directory, select ISMMSAD.

Distinguished name of a base entry that uniquely identifies this set of entries in the realm
For IBM Tivoli Directory Server, enter ou=SWG,o=IBM,c=US
For Microsoft Active Directory, enter DC=itsm,DC=com
Distinguished name of a base entry in this repository
This value assumes that the Administrator user is a member of the itsm domain. You need
to replace itsm with the name of your own domain.
9. From the Federated repositories configuration page, enter the following values, click Apply and click
Save.
Realm name
Enter ISMRealm.
Primary administrative user name
Enter wasadmin. This value must be a valid user from the configured LDAP repository.
Server user identity
Select Automatically generated server identity.
Ignore case for authorization
Select this check box.
10. Click Supported entity types and click PersonAccount.
11. From the PersonAccount configuration page, enter the following values, click OK and click Save.
Entity type
Verify that the value is PersonAccount.
Base entry for the default parent
For IBM Tivoli Directory Server, enter ou=users,ou=SWG,o=IBM,c=US
For Microsoft Active Directory, enter CN=Users,DC=itsm,DC=com
Relative Distinguished Name properties
Enter uid.
12. Click Supported entity types and click Group.
13. From the Group configuration page, enter the following values:
Entity type
Verify that the value is Group.
For IBM Tivoli Directory Server, enter ou=groups,ou=SWG,o=IBM,c=US
For Microsoft Active Directory, enter CN=Groups,DC=itsm,DC=com
Enter cn
14. Click Supported entity types, and then click OrgContainer.
15. From the OrgContainer configuration page, enter or verify the following values, click OK and click
Save.

Entity type
Verify that the value is OrgContainer.
Enter o;ou;dc;cn
16. Navigate to Security > Secure administration, applications, and infrastructure.
17. From the Secure administration, applications, and infrastructure configuration page, complete the
following fields, click Apply and click Save.
a. Enable Enable administrative security.
b. Enable Enable application security.
c. Deselect Use Java 2 security to restrict application access to local resources.
d. From Available realm definition, select Federated repositories.
e. Click Set as current.
18. Deploy WIM.ear. WIM ear must be deployed in order for Provisioning Manager to launch in context
to systems, such as TADDM servers, that are hosting the authentication service client.
a. Open a command prompt on the system that hosts WebSphere Application Server, and change
directory to WAS_HOME\bin.
b. Log on to the wsadmin shell by opening a command prompt and issuing the following
command:
wsadmin.bat -username <WebSphere Admin User ID> -password
<WebSphere Admin Password>
c. Deploy the file:
wsadmin>set wimAppname "WIM"
wsadmin>set wimCell "ctgCell01"
wsadmin>set wimNode "ctgCellManager01"
wsadmin>set wimServer "dmgr"
wsadmin>set wimEar "/opt/IBM/WebSphere/AppServer/systemApps/wim.ear"
wsadmin>set attrib {}
wsadmin>append attrib "-appname $wimAppname -cell $wimCell -node $wimNode
-server
$wimServer -systemApp"
wsadmin>$AdminApp install $wimEar $attrib
d. Save the configuration:
wsadmin>$AdminConfig save
e. Exit the wsadmin shell by typing exit.
19. Restart WebSphere Application Server and the managed nodes by running the following commands:
a. <WAS_HOME>\profiles\ctgDmgr01\bin\stopManager.bat
b. <WAS_HOME>\profiles\ctgAppSrv01\bin\stopNode.bat
c. <WAS_HOME>\profiles\ctgDmgr01\bin\startManager.bat
d. <WAS_HOME>\profiles\ctgAppSrv01\bin\startNode.bat
Configuring Virtual Member Manager for Maximo authentication:
This procedure provides task information for configuring Virtual Member Manager (VMM) for Maximo.

If you chose to have the middleware installer program automatically configure the middleware, then it
will, among other tasks, perform Virtual Member Manager (VMM) configuration for you. If not, you
must manually configure VMM.
Procedure
1. Log on to the admin console and go to Security > Secure administration, applications, and
infrastructure.
2. Locate the User account repository section, select Federated repositories from the Available realm
definition field and click Configure.
3. From the Federated repositories configuration page, enter the following values, click Apply and then
click Save.
Realm name
Enter defaultWIMFileBasedRealm.
Primary administrative user name
Enter wasadmin.
Server user identity
Select Automatically generated server identity.
Ignore case for authorization
Select this check box.
4. In the General Properties, enter the password for the wasadmin user and click OK.
5. Navigate to Security > Secure administration, applications, and infrastructure.
6. From the Secure administration, applications, and infrastructure configuration page, complete the
following fields, click Apply and then click Save.
v From the Available realm definitions, select Federated repositories and Set as current.
v Click Apply, and then click Save.
v Enable Administrative security.
v Disable Application security.
v Deselect Use Java 2 security to restrict application access to local resources.
7. Restart WebSphere Application Server and the managed nodes by running the following commands:
a. <WAS_HOME>\profiles\ctgDmgr01\bin\stopManager.bat
b. <WAS_HOME>\profiles\ctgAppSrv01\bin\stopNode.bat
c. <WAS_HOME>\profiles\ctgDmgr01\bin\startManager.bat
d. <WAS_HOME>\profiles\ctgAppSrv01\bin\startNode.bat
Configuring WebSphere Application Server Network Deployment:
Use this procedure to perform WebSphere Application Server Network Deployment configuration tasks.
If you choose to manually configure Provisioning Manager middleware for use with Provisioning
Manager, you must manually configure the WebSphere Application Server Network Deployment.
Procedure
1. Manually copy the keystore file from the WebSphere Application Server Network Deployment
manager host to a temporary directory on the administrative workstation. For example,
<WAS_HOME>/profiles/ctgDmgr01/etc/trust.p12. You need this keystore later during installation.
2. Invoke a browser window and open the administrative console by typing: http://
<server_name>:9060/admin. This URL address depicts the default port number (9060) and context
(admin) for the administrative console. Enter a user name to log in. Note the browser is redirected to
a secure port (9043).

3. Create the MXServer Application Server. This step is only necessary if you did not install WebSphere
Application Server Network Deployment using the middleware installation program.
a. Expand the Servers link and click Application servers.
b. Click New.
c. Type MXServer and click Next.
d. Accept all default settings and click Next.
e. Accept default settings and click Next.
f. Click Finish.
g. Click Preferences.
h. Select the Synchronize changes with Nodes check box, and then click Apply.
i. Click Save.
j. Click OK.
4. Edit JVM Memory Settings for the application server.
a. From the Servers link in the navigation tree click Application servers.
b. Click MXServer in the main window.
c. From the Server Infrastructure group, expand the Java and Process Management link.
d. Click Process Definition.
e. Click Java Virtual Machine.
f. Scroll down and type 512 for Initial Heap Size and 1024 for Maximum Heap Size and click OK.
g. Click Save in the messages box.
5. Edit JVM Memory Settings for the deployment manager.
a. From the System administration link in the navigation tree click Deployment manager.
b. From the Server Infrastructure group, expand the Java and Process Management link.
c. Click Process Definition.
d. Click Java Virtual Machine.
e. Scroll down and type 512 for Initial Heap Size and 1024 for Maximum Heap Size and click OK.
f. Click Save in the messages box.
6. Start the application server.
b. Select the check box beside MXServer.
c. Click Start.
7. Identify the HTTP Transfer Port Numbers.
a. Expand Servers > Application servers, and click MXServer from the main window.
b. Open the Web Container Settings and click Web container transport chains.
c. Note the default port number as it appears with WCInboundDefault (9080).
8. Create the virtual host.
a. Expand the Environment link from the navigation tree.
b. Click Virtual Hosts.
c. Click New.
d. In the General Properties section, type maximo_host in the Name box.
e. Click Apply.
f. Click Save.
g. From the Virtual Hosts window, click maximo_host.
h. Click the Host Aliases link.
i. Click New.

j. Type * (asterisk) for Host Name and type the HTTP port number (by default 80).
k. Click OK.
l. Click New.
m. Type * (asterisk) for Host Name and type 9061 for the port number.
n. Click OK.
o. Click New.
p. Type * (asterisk) for Host Name and type 9443 for the port number.
q. Click OK.
r. Click New.
s. Type * (asterisk) for Host Name and type 9080 for the port number.
t. Click OK.
u. Click New.
v. Type * (asterisk) for Host Name and type 9044 for the port number.
w. Click OK.
x. From the navigational breadcrumb trail, click maximo_host.
y. Click Apply and then click OK.
z. Click Save.
9. Enable automatic startup of the application server when the node agent is started:
b. Click MXServer in the main window.
c. From the Server Infrastructure group, expand the Java and Process Management link.
d. Click Monitoring Policy.
e. Set Node restart state to RUNNING and click OK.
f. Click Save.
Creating a Windows service for the node agent:
If your WebSphere Application Server is hosted on a Windows system, you can create a Windows service
for starting the WebSphere node agent.
You can optionally start the node agent as a Windows service.

1. Open a command prompt.
2. Change directory to <WAS_HOME>\bin.
3. Type the following command with no line breaks (case sensitive).
WASService -add NodeAgent -serverName nodeagent -profilePath
"<WAS_HOME>\profiles\Custom01" -wasHome
"<WAS_HOME>" -logRoot
"<WAS_HOME>\profiles\Custom01\logs\nodeagent" -LogFile
"<WAS_HOME>\profiles\Custom01\logs\nodeagent\startServer.log"
-restart true
where <WAS_HOME> is the directory where WebSphere Application Server is installed.

4. Close the command prompt.
WebSphere Application Server management: The tasks contained in this section must be performed
regardless of whether you chose to install a new instance of WebSphere Application Server, or chose to
reuse an existing server.
IBM provides comprehensive information about running and administering WebSphere Application
Server at this URL:

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp
Starting and stopping the WebSphere Application Server:
This procedure provides task information for starting and stopping the WebSphere Application Server.
Before you begin
Before you start the administrative console, verify that these server processes are running.
Table 17. Listing of server processes
Server Go To
HTTP Server
%HTTP_SERVER_HOME%\bin\apache -k start
%HTTP_SERVER_HOME%\bin\apache -k stop
Deployment
%WAS_HOME%\profiles\ctgDmgr01\bin\startManager.bat
Manager
%WAS_HOME%\profiles\ctgDmgr01\bin\stopManager.bat
Node Agent
%WAS_HOME%\profiles\ctgAppSrv01\bin\startNode.bat
%WAS_HOME%\profiles\ctgAppSrv01\bin\stopNode.bat
ITDS Instance
1. Click Start, and select Run.

2. Type services.msc and click OK.
3. Select IBM Tivoli Directory Server Instance V6.2 - idsccmdb, and click Start
the service.
An application server named MXServer was created during installation.
To start the MXServer application, complete the following steps:

1. Start the Deployment Manager:
2. Start the Node:
3. Start the web server:
%WAS_HOME%\profiles\ctgAppSrv01\bin\startServer.bat webserver1
Alternatively, you can start the MXServer from the WebSphere Application Server administrative console.
1. Open a browser window and enter the following web address:
http://host_name:9060/ibm/console
where host_name is the host name of the WebSphere Application Server and 9060 is the default port
number for the administrative console.
2. Enter an administrative user ID and password to log in, if one is required.
3. From the administrative console navigation pane, click Servers > Application Servers.
4. Select the check box next to MXServer, the name of the WebSphere Application Server.
5. Click Start.

To stop the administrative console:
1. Open a browser window and enter the following web address:
http://host_name:9060/ibm/console
where host_name is the host name of the WebSphere Application Server and 9060 is the default port
number for the administrative console.
2. Enter an administrative user ID and password to log in, if one is required.
3. From the administrative console navigation pane, click Servers > Application Servers.
4. Select the check box next to MXServer, the name of the WebSphere Application Server.
5. Click Stop.
Securing the WebSphere Application Server Administrative Console:
You can secure the Administrative Console so that only authenticated users can use it.
VMM must have been configured on the server where WebSphere Application Server is installed before
securing the console.
Once you have enabled VMM for WebSphere Application Server security, you perform several steps to
secure the console. First you identify users (or groups) that are defined in the active user registry. After
you decide which users you want to access the console, you can determine their level of access by
assigning roles. The roles determine the administrative actions that a user can perform. After enabling
security, a user must enter a valid administrator user ID and password to access the console.
You can use the Administrative Group Roles page to give groups specific authority to administer
application servers through the administrative console. Click Security > Secure administration,
applications, and infrastructure > Administrative Group Roles to view the available administrative
group roles.
Table 18. Administrative group roles and permissions
Admin Role Description
Administrator Has operator permissions, configurator permissions, and the permission that is
required to access sensitive data.
Operator Has monitor permissions and can change the runtime state. For example, the
operator can start or stop services.
Configurator Has monitor permissions and can change the application server configuration.
Monitor Has the least permissions. This role primarily confines the user to viewing the
application server configuration and current state.
deployer Users granted this role can perform both configuration actions and runtime
operations on applications.
adminsecuritymanager Fine-grained administrative security is available using wsadmin only. However,
you can assign users and groups to the adminsecuritymanager role on the cell level
through wsadmin scripts and the administrative console. Using the
adminsecuritymanager role, you can assign users and groups to the administrative
user roles and administrative group roles. However, an administrator cannot assign
users and groups to the administrative user roles and administrative group roles
including the adminsecuritymanager role.
iscadmins Has administrator privileges for managing users and groups from within the
administrative console only.
Note: To manage users and groups, click Users and Groups in the console navigation tree and then click
either Manage Users or Manage Groups.

Complete the following steps to map users and groups to security roles:
Procedure
1. Select Applications > Enterprise applications > application_name.
2. Under Detail properties, click Security role to user/group mapping.
3. Select the role and click either Look up users or Look up groups. Different roles can have different
security authorizations. Mapping users or groups to a role authorizes those users or groups to access
applications defined by the role. Users and groups are associated with roles defined in an application
when the application is installed or configured. Use the Search pattern field to display users in the
Available list. Click >> to add users from the Available list to the Selected list.
4. Restart all the application servers.
Configuring WebSphere Application Server to run as a Windows service:
Configuring WebSphere Application Server to run as a Windows service can make it more convenient to
manage.
To configure WebSphere Application Server to run as a Windows service:
Procedure
1. Start the WebSphere Application Server Administrative Console by opening a browser window and
entering the following URL:
http://<host_name>:9060/ibm/console
2. Enter an administrative user ID and password.
3. Click Servers > Application Servers.
4. Select MXServer and click Start.
5. Select MXServer and click Stop.
6. Open a command prompt window.
7. Navigate to the bin folder where you installed the Maximo application server, for example,
C:\Program Files\IBM\WebSphere\AppServer\bin.
8. Run the WASService command with the following parameters:
serverName
Name of Maximo application server, MXServer.
profilePath
The profile directory of the server, for example, C:\Program Files\IBM\WebSphere\AppServer\
profiles\ctgAppSrv01
wasHome
Home folder for MXServer, for example, C:\Program Files\IBM\WebSphere\AppServer\
profiles
logRoot
Folder location of MXServer log file, for example, C:\Program Files\IBM\WebSphere\
AppServer\logs\ manageprofiles\ctgAppSrv01
logFile
Log file name for MXServer (startServer.log)
restart Restarts the existing service automatically if the service fails when set to true.
9. Enter the following WASService command and press Enter.
WASService add MXServer serverName MXServer
profilePath C:\Program Files\IBM\WebSphere\AppServer\profiles\
ctgAppSrv01wasHome <D:>\IBM\WebSphere\AppServer

logRoot C:\Program Files\IBM\WebSphere\AppServer\logs\manageprofiles\
ctgAppSrv01
logFile C:\Program Files\IBM\WebSphere\AppServer\logs\manageprofiles\
ctgAppSrv01\startServer.log restart true
10. Open a Services window and double-click MXServer.
11. Change the Startup type field value to Automatic.
12. Click Start to start the service, then click OK.
Configuring the WebSphere Application Server node agent to run as a Windows service:
A node agent is a server running on every host computer in the deployed network. It performs
administrative functions. Configuring the WebSphere Application Server node agent to run as a Windows
service can make it easier to manage.
To configure the WebSphere Application Server node agent to run as a Windows service:
Procedure
1. Start the WebSphere Application Server 6.0 Administrative Console by opening a browser window
and entering the following URL:
http://<host_name>:9060/ibm/console
2. Enter an administrative user ID and password.
3. To stop the node agent, click System Administration > Node agents. In the System Administration
pane, select the check box beside the name of the Node Agent (for example, nodeagent), and click
Stop.
4. Open a command prompt window.
5. Navigate to the bin folder where you installed the node agent, for example, C:\Program
Files\IBM\WebSphere\AppServer\bin.
6. Run the WASService command with the following parameters:
serverName
Name of node agent, for example, nodeAgent.
profilePath
The profile directory of the server, for example, C:\Program Files\IBM\WebSphere\AppServer\
profiles\ctgAppSrv01
wasHome
Home folder for MXServer, for example, C:\Program Files\IBM\WebSphere\AppServer\
profiles
logRoot
Folder location of node agent log file, for example, C:\Program Files\IBM\WebSphere\
AppServer\logs\manageprofiles\ ctgAppSrv01
logFile
Log file name for node agent (startServer.log).
restart Restarts the existing service automatically if the service fails when set to true.
7. Enter the following WASService command and press Enter.
WASService
-add NodeAgent
-serverName nodeagent
-profilePath C:\Program Files\IBM\WebSphere\AppServer\profiles\ctgAppSrv01
-wasHome <D:>\IBM\WebSphere\AppServer
-logRoot <D:>\IBM\WebSphere\AppServer\logs\nodeagent
-logFile <D:>\IBM\WebSphere\AppServer\logs\nodeagent\startServer.log
-restart true
8. Open a Services window and double-click nodeagent.

9. Change the Startup type field value to Automatic.
10. Click Start to start the service, and then click OK.
Manually configuring the authentication service:
Use this information to manually configure the authentication service.
Before you begin
This section provides information you can use to manually configure an authentication service on Tivoli
Provisioning Manager that will provide the authentication for launch in context. This allows you to
launch in context from Tivoli Provisioning Manager to the user interface of another server, for example,
TADDM, provided that it has the authentication client installed and shares the same directory server for
authentication. Under this scenario, you are only required to authenticate once to the server hosting the
client.
These instructions are provided for configuring the authentication service manually. The middleware
installer installs and configures the authentication service when used to install the middleware.
To configure the authentication service:
Procedure
1. Open a command prompt on the system that hosts WebSphere Application Server, and change
directory to <WAS_HOME>/bin.
2. Restart Deployment Manager, Application Server, and MXServer using the correct profile names:
<WAS_HOME>\profiles\ctgAppsrv01\bin\stopServer.bat MXServer
-username <WebSphere Admin>
-password <WebSphere Admin password>
<WAS_HOME>\profiles\ctgAppsrv01\bin\stopNode.bat
<WAS_HOME>\profiles\ctgDmgr01\bin\stopManager.bat
<WAS_HOME>\profiles\ctgAppsrv01\bin\startManager.bat
<WAS_HOME>\profiles\ctgAppsrv01\bin\startNode.bat
<WAS_HOME>\profiles\ctgDmgr01\bin\startServer.bat MXServer
3. Log onto the wsadmin shell by opening a command prompt and issuing the following command:
v wsadmin.exe -username <WebSphere Admin User ID> -password <WebSphere Admin Password>
4. Verify that you do not already have authentication services deployed:
wsadmin>$AdminApp view authnsvc_ctges
This command returns an exception similar to the following:

WASX7015E: Exception running command: "$AdminApp view authnsvc_ctges";
exception information: com.ibm.ws.scripting.ScriptingException:
WASX7280E: An application with name "authnsvc_ctges" does not exist.
5. Copy the IBMESSAuthnSvc.ear file to your local system. This file is located in the <Operating
System>\WS-ESS_6.1_GA directory of the Middleware DVD for your operating system and platform.
6. Deploy the IBMESSAuthnSvc.ear file:
wsadmin>$AdminApp install <file_path>/IBMESSAuthnSvc.ear {-usedefaultbindings -deployws -appname authnsvc_ctges–node (nodeName) –server serverName |[-cluster (clustername
If nodeName was set to the default value by the middleware installation program, the value is
ctgNode01. If serverName was set to the default value by the Tivoli Provisioning Manager installation
program, the value is MXServer.

7. Save the configuration:
8. Exit the wsadmin shell by typing exit.
9. Stop WebSphere Application Server and the managed nodes:
<WAS_HOME>/profiles/ctgAppSrv01/bin/stopNode.sh -username <WebSphere Admin> -password <WebSphere Admin password>
<WAS_HOME>/profiles/ctgDmgr01/bin/stopManager.sh -username <WebSphere Admin> -password <WebSphere Admin password>
10. Copy the com.ibm.security.ess.server_config.6.2.0.jar file to the <WAS_HOME>/plugins directory
on your local system. This file is located in the <Operating System>\WS-ESS_6.1_GA directory of the
Middleware DVD for your operating system and platform.
11. Restart WebSphere and the managed nodes:
<WAS_HOME>/profiles/ctgDmgr01/bin/startManager.sh
<WAS_HOME>/profiles/ctgAppSrv01/bin/startNode.sh
12. Log back into the wsadmin shell.
13. Configure the service:
wsadmin>$AdminTask configureESS
14. Verify that the service is configured:
wsadmin>$AdminTask isESSConfigured
This command returns a value of true.

15. Create an LTPA Key:
wsadmin>$AdminTask createESSLTPAKeys {-password <password>}
If the key password is ever lost, you will need to create a key. Ensure that all clients connecting to
the service use the new export key file you generate.
16. Synchronize the configuration:
wsadmin>set dmgr [$AdminControl completeObjectName type=DeploymentManager,*]
wsadmin>$AdminControl invoke $dmgr syncActiveNodes true
17. Stop and restart WebSphere and the managed nodes:
v <WAS_HOME>\profiles\ctgAppSrv01\bin\stopNode.bat -username <WebSphere Admin> -password
<WebSphere Admin password>
v <WAS_HOME>\profiles\ctgDmgr01\bin\stopManager.bat -username <WebSphere Admin> -password
<WebSphere Admin password>
v <WAS_HOME>\profiles\ctgDmgr01\bin\startManager.bat
v <WAS_HOME>\profiles\ctgAppSrv01\bin\startNode.bat
18. Export the newly created key:
wsadmin>$AdminTask exportESSLTPAKeys {-pathname <path_name>}
For example:
wsadmin>$AdminTask exportESSLTPAKeys {-pathname /root/avenESSLTPAKeyFile.exported}
19. Add the role called TrustClientRole to the WebSphere administrator user that you specified during
the TADDM installation. This will provide added security for the authentication service by restricting
the users that can authenticate to the authentication service to only those with the TrustClientRole
role. Refer to the “Configuring the client authentication” topic contained in the “Configuring for
WebSphere federated repositories” section of the TADDM administrator's guide for more information
about configuring client authentication.
Manually configuring JMS queues:
This procedure provides details on steps to configure JMS queues, which must be completed before
deploying Tivoli Provisioning Manager EAR files.

Before you begin
During the installation process, the Tivoli Provisioning Manager installation program provided you with
the option of automatically configuring the middleware. If you elected to have the Tivoli Provisioning
Manager installation program automatically configure the middleware, then it will, among other tasks,
create and configure JMS message queues for you. If you elected to manually configure Provisioning
Manager middleware for use with Provisioning Manager, you will have to manually configure these
message queues.
To configure the JMS queues:
Procedure
1. Start the WebSphere Application Server.
2. Launch Internet Explorer and open the WebSphere Application Server Administrative Console by
typing the following URL:
http://<server_name>:<port_number>/ibm/console
For example, enter a URL similar to the following sample URL:
http://localhost:9060/ibm/console
3. At the login screen, enter your User ID, then click Log in. This action opens the Welcome screen for
the WebSphere Application Server Administrative Console.
4. Start the MXServer server by navigating to Servers > Application Servers, selecting MXServer, and
then clicking Start.
5. Click System administration > Console preferences.
6. Select the Synchronize changes with Nodes option, and then click Apply.
7. Click Service Integration > Buses to open the Buses dialog. A bus is a group of interconnected
servers and clusters that have been added as members of the bus.
8. Click New to open the Buses > New dialog box where you can add a new service integration bus.
9. Enter intjmsbus as the name of the new bus in the Name field.
10. Deselect the Bus security check box. If you leave this box checked, intjmsbus inherits the Global
Security setting of the cell.
11. Click Next.
12. Click Finish.
13. Click Save. This step propagates the JMS bus setup to the cluster configuration. Confirm that the
build completed screen displays the following information:
v Bus name, for example, intjmsbus.
v Auto-generated, unique ID (UUID), for example, 4BCAC78E15820FED.
v The Secure option is unchecked.
Adding a server to the service integration bus:
A server must be defined for the service integration bus.
Procedure
1. From the WebSphere Application Server Administrative Console, click Service Integration > Buses
to open the Buses dialog box.
2. Click intjmsbus to open the Buses > intjmsbus dialog box.
3. Under Topology, click Bus members.
4. In the Buses > intjmsbus > Bus members dialog box, click Add to open the Add a new bus member
dialog box.

5. Click the Server drop-down arrow, and select the server name ctgNode01:MXServer to add to the
bus, and then click Next.
6. Check that the File store radio button is selected, and then click Next.
7. From the Provide the message store properties panel, click Next.
8. Click Finish.
9. Click Save.
10. Click OK.
11. Select intjmsbus.
12. Change the value of the High message threshold field to a minimum value of 500,000 messages, and
then click Apply.
If the number of messages awaiting processing exceeds the High Message Threshold you set, the
application server will take action to limit the addition of new messages in the processing queues.
Depending on your message requirements, you might want to enter a higher message threshold
value. You can determine an optimal message threshold setting by monitoring the messaging in/out
queues and the impact of the message threshold setting on system performance. You might, for
example, lower the threshold value if a higher value is degrading system performance.
If you decide to change the High message threshold setting after the initial configuration, you must
open the Additional Properties menu in the Administrative Console and change the threshold value
for each child configuration.
13. Click Save.
14. Click OK.
Creating the service integration bus destination for the continuous inbound (CQINBD) queue:
You must create a service integration bus destination for the continuous inbound (CQINBD) queue.
Before you begin
To add a logical address for the continuous inbound bus destination queue (CQINBD) within the JMS
bus, complete the following steps:
Procedure
3. Click Destinations under Destination resources to open the Buses > intjmsbus > Destinations
dialog box.
A bus destination, for example CQINBD, is a virtual place within a service integration bus where
applications can attach and exchange messages.
4. Click New to open the Create new destination dialog box.
5. Leave Queue checked as the destination type, and click Next to open the Create new queue dialog
box.
6. Type CQINBD in the Identifier field and Continuous Queue Inbound in the Description field, then click
Next to open the Create a new queue for point-to-point messaging dialog box.
7. Select the Bus Member pull-down and choose Node=ctgNode01:Server=MXServer as the bus
member that will store and process messages for the CQINBD bus destination queue.
8. Click Next to open the Confirm queue creation dialog box.
9. Review your selections, then click Finish to complete the creation of the CQINBD bus destination
queue.

10. Navigate the path Buses > intjmsbus > Destinations, then click CQINBD to open the configuration
dialog box.
11. Click None as the Exception destination value.
12. Click Apply.
13. Click Save.
Creating the service integration bus destination for the sequential inbound (SQINBD) queue:
You must create the service integration bus destination for the sequential inbound (SQINBD) queue.
To add a logical address for the sequential inbound bus destination queue (SQINBD) within the service
integration bus, complete the following steps:
Procedure
dialog box. A bus destination is a virtual place within a service integration bus where applications
can attach and exchange messages.
box.
6. Enter SQINBD in the Identifier field and Sequential Queue Inbound in the Description field, then click
Next to open the Create a new queue for point-to-point messaging dialog box. Note that you must
use this value and it must contain only uppercase letters.
7. Select the Bus Member pull-down and choose Node=ctgNode01:Server=MXServer.
9. Review your selections, then click Finish to complete the creation of the SQINBD bus destination
queue.
10. Navigate the path Buses > intjmsbus > Destinations, then click SQINBD to open the configuration
dialog box.
11. Click None as the Exception destination value.
12. Click Apply.
13. Click Save.
Creating the service integration bus destination for the sequential outbound (SQOUTBD) queue:
You must create the service integration bus destination for the sequential outbound (SQOUTBD) queue.
To add a logical address for the sequential outbound bus destination queue (SQOUTBD) within the
service integration bus, complete the following steps:
Procedure
dialog box. A bus destination, for example SQOUTBD, is a virtual place within a service integration
bus where applications can attach and exchange messages.

box.
6. Enter SQOUTBD in the Identifier field and Sequential Queue Outbound in the Description field, then
click Next to open the Create a new queue for point-to-point messaging dialog box. Note that you
must use this value and it must contain only uppercase letters.
7. Select the Bus Member pull-down and choose Node=ctgNode01:Server=MXServer as the bus
member that will store and process messages for the SQOUTBD bus destination queue.
9. Review your selections, then click Finish to complete the creation of the queue.
10. Navigate the path Buses > intjmsbus > Destinations, then click SQOUTBD to open the
configuration dialog box where you must make the following changes:
a. Click None as the Exception destination value.
b. Click Apply.
c. Click Save
Creating the JMS connection factory:
Add a connection factory for creating connections to the associated JMS provider of point-to-point
messaging queues.
Procedure
1. From the WebSphere Application Server Administrative Console, click Resources > JMS >
Connection factories.
2. From the Scope list select Cell=ctgCell01.
3. Click New.
4. Verify that the Default Messaging Provider is selected and click OK.
5. Enter the following information:
Name Enter intjmsconfact.
JNDI name
Enter jms/maximo/int/cf/intcf
Bus name
Select intjmsbus.
6. Click Apply.
7. Click OK.
8. Click Save.
Creating the continuous inbound (CQIN) JMS queue:
You must create a JMS queue (CQIN) as the destination for continuous inbound point-to-point messages.
To create the CQIN JMS queue, complete the following steps:
Procedure
1. From the WebSphere Application Server Administrative Console, click Resources > JMS > Queues.
2. From the Scope drop-down list, select Cell=ctgCell01.
3. Click New.
5. Enter the following information, and click OK.
Name Enter CQIN.

Note that this value must contain only uppercase letters.
JNDI name
Enter jms/maximo/int/queues/cqin
Bus name
Select intjmsbus.
Queue name
Select CQINBD.
6. Click OK.
7. Click Save.
Creating the sequential inbound (SQIN) JMS queue:
You must create a JMS queue (SQIN) as the destination for sequential inbound point-to-point messages.
To create the JMS queue (SQIN), complete the following steps:
Procedure
3. Click New.
Name Enter SQIN.
JNDI name
Enter jms/maximo/int/queues/sqin
Bus name
Select intjmsbus.
Queue name
Select SQINBD.
6. Click OK.
7. Click Save.
Creating the sequential outbound (SQOUT) JMS queue:
You must create a JMS queue (SQOUT) as the destination for sequential outbound point-to-point
messages.
To create the JMS queue (SQOUT), complete the following steps:
Procedure
3. Click New.
Name Enter SQOUT.

JNDI name
Enter jms/maximo/int/queues/sqout
Bus name
Select intjmsbus.
Queue name
Select SQOUTBD.
6. Click OK.
7. Click Save.
Creating JMS activation specification for the continuous inbound queue (CQIN):
You must activate the continuous inbound queue (CQIN) before it can receive messages.
Complete the following steps to activate the CQIN queue:
Procedure
1. From the WebSphere Application Server Administrative Console, click Resources > JMS > Activation
Specifications.
3. Click New to complete the General Properties section for the new JMS activation specification.
4. Click OK.
5. Enter the following information, and then click OK.
Name intjmsact
This value is case sensitive. This value must be lowercase.
JNDI name
intjmsact
Destination type
Queue
Destination JNDI name
jms/maximo/int/queues/cqin
Bus name
intjmsbus
Maximum concurrent endpoints
10
6. Click Save.
7. Restart MXServer under Servers > Application servers.
Error queues:
You can create an optional error queue that will receive redirected messages from the continuous queue
(CQIN) when the messages go in error.
Creating the service integration bus destination for the inbound error queue (CQINERRBD):
You must add a logical address for the inbound error queue (CQINERRBD) within the JMS bus.
Complete the following steps:

Procedure
dialog box. A bus destination is a virtual place within a service integration bus where applications
can attach and exchange messages.
box.
6. Enter CQINERRBD in the Identifier field and Error Queue Inbound in the Description field, then click
Next to open the Create a new queue for point-to-point messaging dialog box. Note that you must
use this value and it must contain only uppercase letters.
7. Select the Bus Member pull-down and choose Node=ctgNode01:Server=MXServer.
9. Review your selections, then click Finish to complete the creation of the CQINERRBD bus
destination queue.
10. Navigate the path Buses > intjmsbus > Destinations, then click CQINERRBD to open the
configuration dialog box where you must make the following changes:
a. Click Specify and enter CQINERRBD as the exception destination value.
b. Change the Maximum failed deliveries value to 5.
This is the maximum number of times you want the system to process a failed messaging
attempt before forwarding the message to the exception destination.
11. Click Apply.
12. Click Save.
15. Select CQINBD.
16. Specify CQINERRBD as the exception destination. Set the Maximum failed deliveries value to 5.
17. Click OK.
18. Click Save.
Creating the error (CQINERR) JMS queue:
After creating the Error Queue Bus Destination, you create the Error queue.
To create the Error queue, complete the following steps:
Procedure
3. Click New.
Name Enter CQINERR.

JNDI name
Enter jms/maximo/int/queues/cqinerr
Bus name
Select intjmsbus.
Queue name
Select CQINERRBD.
6. Click OK.
7. Click Save.
Creating JMS activation specification for the inbound error queue (CQINERR):
You must activate the continuous inbound queue (CQINERR) before it can receive messages.
Complete the following steps to activate the CQINERR queue:
Procedure
1. From the WebSphere Application Server Administrative Console, click Resources > JMS > Activation
Specifications.
3. Click New to complete the General Properties section for the new JMS activation specification.
4. Click OK.
Name Enter intjmsacterr.
This value must only contain lowercase letters.
JNDI name
Enter intjmsacterr.
Destination type
Enter Queue.
Destination JNDI name
jms/maximo/int/queues/cqinerr
6. Click OK.
7. Click Save.
Manually creating a data source for the persistent store:
If you chose to manually configure WebSphere Application Server Network Deployment and if you
intend to persist messages, you must create a data source in order to store JMS messages in a DB2
database. You will select whether you want to persist messages or not during base services installation.
You have the option of having WebSphere Application Server Network Deployment use a DB2 database
to store JMS messages. For more information about WebSphere Application Server Network Deployment
message storage, including the usage of products other than DB2, see the WebSphere Application Server
documentation and Planning the configuration of a messaging engine to use a data store.
To create a data source for the persistent store, complete the following steps:
Procedure
1. Create a system user and password on the server hosting the database server. For example, a user
named mxsibusr with a password of mxsibusr.
2. Create and configure the database:

a. Open DB2 Control Center.
b. Navigate down to the Databases folder listed under your system.
c. Right-click the Databases folder and select Create Database > Standard.
d. Create a database named maxsibdb using default settings.
e. Once the database has been created, expand the maxsibdb database and select User and Group
objects.
f. Right-click DB Users and select Add.
g. Select mxsibusr from the User drop-down list.
h. Grant all authorities to the mxsibusr user with the exception of Security administrator authority.
i. Click Apply.
j. Verify that you can connect to the database using the mxsibusr user by right-clicking maxsibdb
and selecting Connect.
3. Configure J2C authentication data and JDBC provider in WebSphere Application Server Network
Deployment.
a. Open and log on to the WebSphere Application Server Network Deployment Administrative
Console.
b. Navigate to Security > Secure administration, applications, and infrastructure.
c. Under the Authentication header, click on Java Authentication and Authorization Service > J2C
authentication data.
d. Click New.
e. Complete the following fields in the User identity form:
Alias maxJaasAlias
User ID
mxsibusr
Password
Password that you created for mxsibusr.
Description
SIB database user alias.
f. Click Apply, and then click Save.
g. From the WebSphere Application Server Administrative Console navigation pane, go to Resources
> JDBC > JDBC Providers.
h. Click Scope and then select Cell=ctgCell01.
i. Click New.
j. Specify the following values:
Database type
DB2
Provider type
DB2 Universal JDBC Driver Provider
Implementation type
XA data source
Name maxJdbcProvider
k. Click Next.
l. Complete the WebSphere Application Server variable ${DB2UNIVERSAL_JDBC_DRIVER_PATH}
field with a value of <WAS_HOME>ctgMX\lib. For example, C:\Program Files\IBM\WebSphere\
AppServer\ctgMX\lib.
m. Click Next.

n. Click Finish.
o. Click Save.
4. Open a command prompt and copy <DB2_HOME>/java/db2jcc.jar and <DB2_HOME>/java/
db2jcc_license_cu.jar to the <WAS_HOME>\ctgMX\lib directory. Go back to Resources > JDBC > JDBC
Providers > maxJdbcProvider, and correct the Class path if required for both db2jcc.jar and
db2jcc_license_cu.jar. Ensure that each jar file has the full path from
${DB2UNIVERSAL_JDBC_DRIVER_PATH}
5. Configure WebSphere Application Server:
a. From the WebSphere Application Server Network Deployment Console, navigate to Resources >
JDBC > Data sources.
b. Click Scope and then select Cell=ctgCell01.
c. Click New.
d. Specify the following values:
Data source name
intjmsds
JNDI name
jdbc/intjmsds
e. From the Component-managed authentication alias and XA recovery authentication alias
drop-down list, select maxJaasAlias.
f. Click Next.
g. Choose Select an existing JDBC provider, and then select maxJdbcProvider from the drop-down
list.
h. Click Next.
i. Specify the following values:
Database name
maxsibdb
Driver type
4
Server name
Specify the DB2 server host name.
Port number
Specify the DB2 port number. For example, 50005.
j. Ensure the Use this data source in container managed persistence (CMP) option is enabled, and
then click Next.
k. Click Finish.
l. Click Save.
6. Verify the data source by selecting intjmsds, and then clicking Test Connection.
Changing middleware installer configuration parameters

You can change the configuration parameters you have entered for a deployment plan before deploying
the plan. You can use this option if you chose to cancel the deployment of the deployment plan that you
developed by exiting the middleware installer. Configuration parameters for a plan can be changed only
before deploying the deployment plan.
Before you begin
This information assumes that you have developed a deployment plan, entered configuration parameters
for the plan, and then exited the middleware installer before actually deploying the deployment plan.

To change middleware installer configuration parameters:
Procedure
1. Start the middleware installer from the launchpad and advance to the Choose Workspace panel.
2. Specify the directory that you previously used as the middleware installation program workspace,
3. Select Edit the configuration parameters, and then click Next.
4. Advance along the middleware installation program panels and make adjustments.
5. When you reach the Deployment Plan Operation panel, select Deploy the plan, and then click Next.
6. From the Deployment Plan and Parameter Configuration summary panel, review the contents of the
summary, and then click Next.
7. From the Select Middleware Image Directories panel, enter the location for compressed images for the
middleware contained in the deployment plan, and a directory to use to hold the extracted images.
Once you have entered the two locations, click Next.
8. Once the deployment completes successfully, click Finish.
Starting middleware on Windows

Middleware servers and services must be active before installing the base services installer, the Tivoli
Provisioning Manager core components, and the Tivoli Provisioning Manager Web components.
The middleware that you need to start depends on your current task. The following table summarizes the
possible options:
Table 19. Steps to start middleware
Situation Action
Middleware is installed, The middleware is started for you when the middleware installation is complete. If you
but you have not have not rebooted the server or stopped middleware, you can continue with the
completed the Tivoli installation.
Provisioning Manager
installation.
You rebooted the The Tivoli Directory Server database instance and administration server must be
computer. started manually.
When all middleware is started, continue with the next step:

v If you are in the process of installing Tivoli Provisioning Manager, you can now
continue with installation.
v If you have completed the Tivoli Provisioning Manager installation, see “Starting
and stopping the provisioning server on Windows” on page 211.
You have stopped When all middleware is started, continue with the next step:
middleware. v Start middleware that is stopped in the following order:
See “Checking middleware status” on page 97 for steps to verify that middleware is
started.
v If you have completed the Tivoli Provisioning Manager installation, see “Starting
and stopping the provisioning server on Windows” on page 211.
Procedure
1. Log on as a user with administrative permissions.
2. 2000
DB2 Start DB2. In the following examples, the database instance is named ctginst1.
If the server does not have a virtual IP address
a. Click Start and select Run.

b. Type services.msc and click OK.
c. Select DB2 - DB2COPY1 - CTGINST1-0 and click Start the service.
If the server has a virtual IP address
db2gcf -u -p 0 -i ctginst1
3. Start the Tivoli Directory Server administration server:
c. Select IBM Tivoli Directory Admin Server V6.2 - idsccmdb, and click Start the service.
Alternatively, run the following command from the command line:
idsdiradm -I idsccmdb
4. Start Tivoli Directory Server. In the following examples, the database instance for Tivoli Directory
Server is named idsccmdb.
a. Start the Tivoli Directory Server database instance:
1) Click Start and select Run.
2) Type services.msc and click OK.
3) Select DB2 - DB2COPY1 - IDSCCMDB and click Start the service.
db2gcf -u -p 0 -i idsccmdb
b. Start the Tivoli Directory Server instance:
1) Click Start and select Run.
2) Type services.msc and click OK.
3) Select IBM Tivoli Directory Server Instance V6.2 - idsccmdb, and click Start the service.
Alternatively, run the following command:
idsslapd -I idsccmdb
Important: The directory server instance must remain as a manual startup type to synchronize
correctly with the database in the context of Tivoli Provisioning Manager.
If you want to configure Tivoli Directory Server to start automatically with the operating system,
see Starting the directory server instance at operating system startup in the Tivoli Directory Server
information center.
5. Start IBM HTTP Server and WebSphere Application Server webserver1 profile:
c. Select IBM HTTP Server 6.1 and click Start the service.
Alternatively, run apache from the command line.
6. Start other WebSphere Application Server profiles:
Start the deployment manager
WAS_HOME\profiles\ctgDmgr01\bin\startManager.bat
Start Node
WAS_HOME\profiles\ctgAppSrv01\bin\startNode.bat
Stopping middleware
Follow these procedures to stop middleware. If you need to restart a middleware application, you must
stop the application before restarting.

Procedure
1. Stop Tivoli Provisioning Manager.
2. Stop the WebSphere Application Server MXServer profile.
a. Change to the WAS_HOME\profiles\ctgAppSrv01\bin directory.
b. Run the following command:
stopServer.bat MXServer -username wasadmin_username -password wasadmin_password
The following parameters are used in the commands:
wasadmin_username
The WebSphere Application Server administrator user name.
wasadmin_password
The password for the specified user name.
3. Stop Tivoli Directory Server. The commands in these steps use the default instance name idsccmdb.
a. Stop the database instance.
1) Log on as a user with administrator access.
2) At a command prompt, open a DB2 window with the command db2cmd.
3) If you have Tivoli Directory Server on the same computer as the Tivoli Provisioning Manager
database, set the instance name:
set db2instance=idsccmdb
4) Run the following command to check for other running applications:
db2 list applications
5) If the command lists other applications, run the following command to disconnect them:
db2 force applications all
6) Stop DB2:
Server does not have a virtual IP
Run the following command:
db2stop
Note: The db2stop command can only be run at the server. No database connections
are allowed when running this command; however, if there are any instance
attachments, they are forced off before the instance is stopped.
Server has a virtual IP
If you are using a virtual IP address for the DB2 server, use the following command to
stop the database:
db2gcf -d -p 0 -i idsccmdb
b. Change to the TDS_HOME/bin directory.
c. Stop Tivoli Directory Server.
ibmdirctl –D cn=root –w password -h host_name stop
password
The password for the base DN (cn=root).
host_name
The host name of the Tivoli Directory Server computer.
4. Stop the DB2 database instance. The commands in these steps use the default instance name ctginst1.
a. Log on as a user with administrator access.
b. At a command prompt, open a DB2 window with the command db2cmd.
c. If you have Tivoli Directory Server on the same computer as the Tivoli Provisioning Manager
database, set the instance name:

set db2instance=ctginst1
d. Run the following command to check for other running applications:
e. If the command lists other applications, run the following command to disconnect them:
f. Stop DB2:
Run the following command:
db2stop
Note: The db2stop command can only be run at the server. No database connections are
allowed when running this command; however, if there are any instance attachments, they
are forced off before the instance is stopped.
If you are using a virtual IP address for the DB2 server, use the following command to stop
the database. In this example, the database instance is ctginst1.
db2gcf -d -p 0 -i ctginst1
Checking middleware status

Follow these procedures to check the status of middleware.
Procedure
v 2000
DB2 To check the status:
1. Log on as Administrator.
2. Open the Services control panel.
3. Find the DB2 instance and check the status of the service. If there are multiple DB2 instances listed,
find the one for the Tivoli Provisioning Manager database owner.
v To check the status of Tivoli Directory Server:
1. Log on as Administrator.
2. Open the Services control panel.
3. Find the entry for the IBM Tivoli Directory Server and check the status of the service.
v To check the status of Microsoft Active Directory:
Click Start > Programs > Administrative Tools > Manage Your Server. In the list of server roles, verify
that the server is configured with the Domain Controller (Active Directory) role.
v To check the status of WebSphere Application Server:
Tivoli Provisioning Manager profile
1. Change to the WAS_HOME\profiles\ctgAppSrv01\bin directory.
2. Run the command:
serverStatus MXServer -username wasadmin_username -password wasadmin_password
The following parameters are used in the commands:
wasadmin_username
The WebSphere Application Server administrator user name.
wasadmin_password
The password for the specified user.

Installing the base services
After you have installed the middleware, you can install the base services. You must install the base
services on either the provisioning server or the administrative workstation, if your configuration requires
the use of an administrative workstation.
Before you begin

v Make sure that the middleware applications are started. If you installed the middleware with the
middleware installer, the middleware applications are started automatically after installation. If you
have rebooted the computer or if you installed the middleware manually, see:
– “Starting middleware on Windows” on page 94
v Review the planning worksheet for information about the base services installation settings. See
“Planning worksheet for base services installation” on page 110.
v If using an administrative workstation, temporarily shut down any non-critical processes that could
have a negative effect on the installation, such as anti-virus software.
v When entering values for host names, use fully qualified host names. This value is case-sensitive. For
information about verifying host names, see Resolving host names with a DNS server in “Preinstallation
Step 6: Verify the environment” on page 16.
v Enable a remote execution and access service on every system with middleware installed. Each remote
system must support a remote access protocol and accept remote logins from a user name and
password configured on the target server. Remote access protocols include SSH and Windows SMB. If
the remote system is a Windows server, you must configure remote execution and access to use SMB.
v Enable RXA tracing to allow better troubleshooting in case there are connection problems between the
administrative workstation and the provisioning server. For more information, see “Enabling RXA
tracing” on page 167.
v If the operating system user ID that you use for the installation contains Russian language characters,
the installation might fail when attempting to install language packages. You might get error messages
CTGIN2289E and CTGIN0158E. To avoid this problem, install the product using a user ID with
administrative authority that contains only English language characters.
v 2000
DB2 Complete the following tasks to prepare the DB2 database:
– The database instance owner home directory must have 8 GB of space available regardless of
whether a database is installed in that location.
– The user ID for the DB2 instance administrator must have SYSADM (administration) authority. You
enter this user ID on the DB2 Administration screen and on the Remote Access Authorization screen
of the Provisioning Manager installation program. See the DB2 product documentation for
information about creating a user with SYSADM (administration) authority on the DB2 server.
v 2000
DB2 To avoid high system memory usage by DB2, you can set the following DB2 property and
then restart the DB2 server:
db2 update dbm cfg using KEEPFENCED NO
v Because of DB2 installation requirements, you might have removed the TEMP and TMP environment
variables in order to get DB2 to install successfully (DB2 might fail to install when the path string used
for the TMP and TEMP environment variables is too long). However, these environment variables must
be defined before launching the product launchpad or product installation program if you are
installing the product on the same Windows system that is hosting DB2. To resolve the problem,
remove the temporary environment variables before the DB2 installation and then redefine them, in
preparation for the product installation.
v If you are installing Tivoli Provisioning Manager in a language other than English, you must accept the
default values for database table space size and index table space size. On the Summary panel, these
values are displayed as null. If you need to customize the table space sizes, either run the base services
installer in English and configure the database manually outside of the base services installer, or
modify the table space sizes after installation.

v For WebSphere Application Server Network Deployment, ensure that the Cell and all related nodes are
actively running.
v The database instance owner home directory must have 8 GB of space available regardless of whether
a database will be installed into that location.
v Do not use localhost for host name values in the installation program. Specify the fully qualified host
name of the system for all host name values. This value is case-sensitive.
The following instructions are for a multiserver installation using default values and assume that you
want the base services installer to automatically configure middleware across multiple computers. If you
get errors, resolve them before continuing with the installation.
If you cancel the installation program after entering values across several installation panels, the
installation program recalls the values the next time you start the base services installation program
again. You can restore the default values in the base services installation program by deleting the file
MAXIMO_HOME/applications/maximo/properties/maximo.properties. If you cannot locate the
maximo.properties file in the MAXIMO_HOME directory, look for it in the system temporary directory.
To install the base services:
Procedure
1. Check for an existing installation of the solution installer. The default installation location is:
If the solution installer is already installed, start the service:
3. In the launchpad navigation pane, click Custom Installation, then click Verify base services
installation prerequisites. After verifying and confirming the prerequisites, return to the custom
installation page.
4. Click Install base services and required components.
6. In the Introduction panel, click Next.
7. In the Package Summary panel, review the package deployment actions, and then click Next.
8. Accept the license agreement and click Next.
9. In the Choose Install Folder panel, specify the base services installation directory, and then click
Next. The path that you specify must not contain spaces. The default values are:
v C:\IBM\SMP
10. In the Choose Deployment panel, select the Custom option.
Note: The Simple option is not supported.

11. In the Import Middleware Configuration Information panel, specify that you want to use the field
values that you enter into the middleware installer fields as default values for those same fields in
the base services installer.
Import middleware configuration information
Select this check box if you want to allow the base services installer to reuse the values
entered in the middleware installer.
If you installed the middleware manually, leave this check box clear and enter the required
values in the subsequent panels from the base services installer.

Note: If you select this feature while installing using RXA, the workspace location that you
specify must reside locally on the remote system, and cannot be located on a network drive
of the remote system.
Host name
Enter the fully qualified domain name of the system where the middleware installer was
run. This value is case-sensitive.
User ID
Enter the user ID that was used to run the middleware installer on the computer specified in
the Host name field.
Password
Enter the password for the user.
Workspace location
Enter the location of the topology file that contains the values entered for the middleware
installer. This file is found in the workspace that was defined during the middleware
installation. For more information, see “The middleware installer workspace” on page 34.
12. In the Database Type panel, select the product that you are using for the maximo database and click
Next.
Important for database support: SQL Server is not a supported database.
Oracle is not supported when the provisioning server is installed on Windows.

13. In the Database panel, enter configuration information about the database, and then click Next.
2000
DB2
Host name
Enter the fully qualified domain name of the computer hosting DB2, for example,
database.example.com. This value is case-sensitive.
Port Enter the port being used by the DB2 instance. The default value is 50005.
Database Name
Enter the name of the database to use with Tivoli Provisioning Manager. The default
database name is maxdb71. The database is created if it does not exist.
Instance
Enter the name of the database instance to be used with Tivoli Provisioning Manager. The
default instance name is ctginst1. This instance is created if it does not exist. However, the
user and its associated home directory must exist on the DB2 server.
Database User ID
Enter the user ID used for Tivoli Provisioning Manager to access DB2. This user ID cannot
be the same as the instance administrator user ID. The default value is maximo.
Database Password
Enter the password for the user ID used to access DB2.
14. In the Automate Database Configuration panel, select Automate database creation and
configuration, and then click Next. This option allows the base services installer to automatically
configure the database for use by Tivoli Provisioning Manager. Examples of automated tasks include
creating table spaces, creating database tables, creating database schemas, and creating users.
Note: If you do not want the base services installer to configure the database automatically, you
must configure it manually before the installation of the base services.
15. In the Remote Access Authorization panel, enter authorization information for the automatic
database configuration feature, and then click Next.

User ID
Enter a user ID for the base services installer to access the system that is hosting the
database to be used with Tivoli Provisioning Manager.
Enter administrator.
Password
Enter the password for the user ID.
See “Remote configuration enablement” on page 111 for details about how to ensure successful
remote access between the Provisioning Manager installation program and the remote server.
16. In the Database Administration panel, enter configuration information about the database, and then
click Next.
2000
DB2
Installation directory
Enter the directory where DB2 is installed. The default values are:
v C:\Program Files\IBM\SQLLIB
Instance administrator user ID
Enter the user ID for the administrator of the DB2 instance. The default values are:
v db2admin
This user ID cannot be the same as the database user ID. This user must have DB2
administration authority, which is referred to as SYSADM authority in the DB2 product
documentation. For more information about creating this user, see the DB2 product
documentation.
Instance administrator password
Enter the password for the DB2 instance administrator user ID.
Windows service user ID
Enter the user ID used to start the DB2 service on Windows. This user ID must have
administrative authority on the system. The default value is db2admin.
Windows service password
Enter the password for the user ID used to start the DB2 service on Windows.
17. In the Database Tablespace panel, enter information about the table space of the database, and then
click Next.
2000
DB2
Data tablespace name

Enter the name of the table space to be created in DB2 for Tivoli Provisioning Manager. The
table space is created if it does not exist. The default value is MAXDATA.
Data tablespace size
Enter a size, in megabytes, for the data table space. The value must be 5000 Mb or greater.
Temporary tablespace name
Enter the name for the temporary table space to be created for DB2. Temporary table spaces
hold data during sorting or collating actions. The table space is created if it does not exist.
The default value is MAXTEMP.
Temporary tablespace size (Mb)
Enter a size for the temporary table space. The default value is 1000 Mb.
Index tablespace name
Enter a name for the index table space. The default value is MAXDATA.
Index tablespace size
Enter a size, in megabytes, for the index table space. The value must be greater than 3000
Mb. The default is 5000 Mb.

18. In the Application Server Type panel, select WebSphere Application Server.
Important for application server support: Oracle WebLogic Server is not supported.
19. In the WebSphere Connectivity panel, enter host information about the WebSphere Application
Server, and then click Next.
Host name
Enter the fully qualified domain name of the system hosting WebSphere Application Server.
This value is case-sensitive. Alternatively, you can provide the IP address for the system.
SOAP port
Enter the SOAP port of the WebSphere Application Server system. The default value is 8879.
20. In the Automate WebSphere configuration panel, select Automate WebSphere configuration and
click Next. This option allows the installation program to automatically configure WebSphere
Application Server for use by Tivoli Provisioning Manager.
Note: If you do not select the option to configure WebSphere Application Server automatically, you
must have configured the middleware manually before installing the base services. For more
information about the manual configuration tasks.
If your provisioning server is installed on Windows, AIX, or Linux (except for SUSE Linux
Enterprise Server 11), see “Manually configuring WebSphere Application Server” on page 70.
21. In the WebSphere Remote Access Authorization panel, enter authorization information for
WebSphere Application Server configuration, and then click Next.
Operating system user ID
v Enter a valid user ID for the base services installer to access the system that is hosting
WebSphere Application Server. This user ID must have administrative rights on the
machine you are accessing.
Operating system password
Enter the password for the system user ID.
22. In the WebSphere Application Server Network Deployment Configuration panel, enter values for the
following fields, and then click Next.
WebSphere installation directory
Enter the directory where WebSphere Application Server is installed on the host system. For
example:
User ID
Enter the administrative user ID used to access WebSphere Application Server. The default
value is wasadmin.
Password
Enter the password for the administrative user ID used to access WebSphere Application
Server.
Profile name
Enter the name for the WebSphere Application Server profile. The default value is ctgDmgr01.
23. In the WebSphere Application Server Configuration panel, enter the following information, and then
click Next.
Web server port
Enter the Web server port used by WebSphere Application Server. The default value is 80.
Web server name
Enter the name of the Web server. The default value is webserver1.

Node name
Enter the name of the WebSphere Application Server node containing the application server.
The default value is ctgNode01.
Application server
Enter the name of the WebSphere Application Server to associate with Tivoli Provisioning
Manager. If the application server does not exist, it is created. The default value is MXServer.
24. In the Security panel, select a method for authenticating and authorizing users and groups and click
Next.
Use WebSphere application security for authentication and authorization
Choose this option to automatically configure WebSphere Application Server Network
Deployment application security to manage users and groups for authentication and
authorization purposes. This option requires application security to already be enabled in
Important: You must select this option if you want to use LDAP and Microsoft Active
Directory for authentication and authorization.
Use WebSphere application security only for authentication
Choose this option to automatically configure WebSphere Application Server Network
Deployment application security for authentication only and allow Maximo security to
manage groups and user to group memberships. With this option, you create all your users
in your directory server, but you manage their membership in security groups in the
Security Groups application in Tivoli Provisioning Manager. This option requires application
security to already be enabled in WebSphere Application Server Network Deployment.
If you select this option, the next panel prompts you for your user base entry. The maxadmin,
maxreg, and mxintadm users must be created before you proceed past this panel.
Use Maximo security for authentication and authorization
If you do not want to use WebSphere Application Server Network Deployment application
security, select this option to have Maximo security manage users and groups for both
authentication and authorization.
25. In the Enter Maximo users panel, enter the following information, and then click Next.
Note: Ensure that you enter the correct passwords, as the installation program does not validate
them.
Maximo administration user
Product administrator user ID used for initial configuration and adding users. The default
value is maxadmin.
Password
Password for the Maximo administration user.
Maximo system registration user
User ID used for the self registration of users. The default value is maxreg.
Password
Password for the Maximo system registration user.
Maximo system integration user
User ID used with enterprise adapters. The default value is mxintadm.
Password
Password for the Maximo system integration user.
26. If you selected Use WebSphere application security only for authentication in the Security panel,
specify the distinguished names of the user and group base entities that you are using, choose how
users are created, and then click Next.

Important: When entering LDAP values for the base services installation, entries in LDIF files, or
values that you enter directly into a directory instance using the directory server tools, follow the
product-specific syntax rules for using special characters in an LDAP string. In most cases, special
characters must be preceded by an escape character in order to make it readable by the directory
server.
Many directory server products consider a blank space as a special character that is part of the
LDAP string. Therefore, if you mistakenly enter an LDAP string that contains a blank, at the end of
a field value, for example, and you do not precede the blank character with an escape character, you
might get errors. See the product documentation for your directory server for more information
about special characters in LDAP strings.
User base entry
Enter the user base entry that is configured for your directory server. The default LDAP
schema user base entry is ou=users,ou=SWG,o=IBM,c=US.
Ensure that the base entry is in the proper format and is accurate. The middleware installer
does not validate the base entry, but the base services installer validates it. If you entered an
incorrect base entry, you must correct it before continuing with the base services installation.
Group base entry
Enter the group base entry that is configured for your directory server. The default LDAP
schema group base entry is ou=groups,ou=SWG,o=IBM,c=US.
Ensure that the group base entry is in the proper format and is accurate. The middleware
installer does not validate the group base entry, but the base services installer validates it. If
you entered an incorrect group base entry, you must correct it before continuing with the
base services installation.
Create the required users
Keep this option selected to allow the installation program to create default users in
WebSphere Application Server Virtual Member Manager (VMM).
This operation requires write access to VMM.
If you do not want to have the users created by the installation program, you must
create them manually before continuing with the installation. See “Manually
configuring directory synchronization for WebSphere Application Server Network
Deployment” on page 134 for synchronization tasks that you must complete after the
installation if you choose to customize your schema.
Microsoft Active Directory
Clear this option.
If you are using Microsoft Active Directory to secure WebSphere Application Server,
you already created the schema using the steps provided in “Securing WebSphere
Application Server with Microsoft Active Directory using the middleware installation
program” on page 68 and “Manually configuring Microsoft Active Directory” on
page 60.
Before continuing with installation, verify the following requirements in Microsoft
Active Directory
a. The following users exist in the directory server:
Group Users
maxadmin mxintadm
maxadmin

Group Users
maximousers mxintadm
maxadmin
maxreg
b. The pre-Windows 2000 name for the group maxadmin is changed to a different
name. This change is required because the maxadmin group contains a user that
is also called maxadmin.
If you are not using the default LDAP schema, you must have it created before advancing
past this panel. The values entered for User and Group base entry fields are used to
configure the VMMSYNC cron task. See “Manually configuring directory synchronization for
WebSphere Application Server Network Deployment” on page 134 for synchronization tasks
you must complete after the installation if you choose to customize your schema.
Below is an example of the default LDIF data that you need to modify and import into your
LDAP repository if you want to customize the schema and create your own users manually:
dn: o=ibm,c=us
objectClass: top
objectClass: organization
o: IBM
dn: ou=SWG, o=ibm,c=us

ou: SWG
objectClass: top
dn: ou=users,ou=SWG, o=ibm,c=us

ou: users
objectClass: top
dn: cn=wasadmin,ou=users,ou=SWG, o=ibm,c=us

uid: wasadmin
userpassword: wasadmin
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: person
objectclass: top
title: WebSphere Administrator
sn: wasadmin
cn: wasadmin
dn: uid=maxadmin,ou=users,ou=SWG, o=ibm,c=us

userPassword: maxadmin
uid: maxadmin
objectClass: top
objectClass: person
sn: maxadmin
cn: maxadmin
dn: uid=mxintadm,ou=users,ou=SWG, o=ibm,c=us

userPassword: mxintadm
uid: mxintadm
objectClass: top
objectClass: person
sn: mxintadm
cn: mxintadm
dn: uid=maxreg,ou=users,ou=SWG, o=ibm,c=us

userPassword: maxreg
uid: maxreg
objectClass: top
objectClass: person
sn: maxreg
cn: maxreg
After the creation of users, you are required to create the following groups and assign the
maxadmin user to them. An LDIF file with the following content needs to be created:
dn: ou=groups,ou=SWG,o=ibm,c=us
ou: groups
objectClass: top
dn: cn=maxadmin,ou=groups,ou=SWG, o=ibm,c=us

objectClass: top
member: uid=dummy
cn: maxadmin
dn: cn=maximousers,ou=groups,ou=SWG, o=ibm,c=us

objectClass: top
member: uid=dummy
member: uid=maxreg,ou=users,ou=SWG,o=IBM,c=US
cn: maximousers
dn:cn=TPDEPLOYMENTSPECIALIST,ou=groups,ou=SWG,O=IBM,C=US
cn: TPDEPLOYMENTSPECIALIST
dn:cn=TPCOMPLIANCEANALYST,ou=groups,ou=SWG,O=IBM,C=US
cn: TPCOMPLIANCEANALYST
dn:cn=TPCONFIGURATIONLIBRARIAN,ou=groups,ou=SWG,O=IBM,C=US
cn: TPCONFIGURATIONLIBRARIAN
dn:cn=TPDEVELOPER,ou=groups,ou=SWG,O=IBM,C=US
cn: TPDEVELOPER
dn:cn=TPADMIN,ou=groups,ou=SWG,O=IBM,C=US
cn: TPADMIN
dn:cn=TPWEBSERVICEUSER,ou=groups,ou=SWG,O=IBM,C=US
cn: TPWEBSERVICEUSER
To create the users and update the membership of the LDAP repository, run the following
command:
ldapmodify -a -D cn=root -w <password> -i <file_name>

27. In the Integration Adapter JMS Configuration panel, enter the following information, and then click
Next. A JMS server requires a DB2 data repository to be configured to maintain messages. If you are
using another database type, the installation program cannot configure message persistence.
JMS Data Source name
Enter the name of the database to be used by JMS. The default value is intjmsds.
Persist JMS messages
Select this option if you want the installation program to persist messages within DB2. For
more information, see “Manually creating a data source for the persistent store” on page 91.
Do not persist JMS messages
Select this option if you do not want the installation program to set the JMS implementation
to persist messages automatically. If you later decide that you want to persist JMS messages,
you must configure the JMS implementation manually.
28. 2000
DB2 If you chose to persist JMS messages, in the DB2 Database Server Configuration panel,
enter the following information, and then click Next. The JMS data store can only be created as a
DB2 database.
Host name
Enter the fully qualified domain name of the server hosting the JMS data store. This value is
case-sensitive.
Port Enter the port used to access the database server. The default value is 50005.
Database name
Enter the name of the database serving as the JMS data store. The default value is maxsibdb.
User ID
Enter the user ID used to access the database server. This user is created if it does not exist.
The default is the database user ID you entered when you selected your database type.
Password
Enter the password for the user ID to access the database server.
29. 2000
DB2 If you chose to persist JMS messages, in the DB2 Database Server Remote Access
Authorization panel, enter authorization information for the automatic configuration feature, and
then click Next.
User ID
Enter the user ID for the base services installer to access the system that hosts the JMS
database. This user must have administrative rights on the computer that you are accessing.
This user must be a member of the DB2ADMNS group.
Password
Enter the password for the user ID.
30. 2000
DB2 In the DB2 Database Instance Configuration panel, enter the following information, and
then click Next.
Installation directory
Enter the installation directory for the DB2 server that is hosting the JMS database that
contains the instance to be used with WebSphere Application Server. For example:
v C:\Program Files\IBM\SQLLIB
Instance
Enter the JMS database instance to be used with WebSphere Application Server. The default
value is ctginst1.
Instance administrator user ID
Enter the user ID for the administrator of the JMS database instance. For example:
v db2admin

Instance administrator password
Enter the password for the JMS database instance administrator user ID.
31. In the SMTP Configuration panel, specify SMTP configuration information used by workflows to
communicate with workflow participants.
SMTP server
Enter the fully qualified host name of the SMTP server that is sending messages to
participants. This value is case-sensitive.
Administrator e-mail
Enter a valid e-mail address. This address is used to send messages.
You can defer SMTP configuration by not providing information on this panel and advancing to the
next panel. However, you must configure these parameters on interface after installation. For more
information, see “Configuring SMTP” on page 115.
32. In the Run Configuration Step panel, select an option to perform the configuration and to deploy the
application files, and then click Next.
Perform installation configuration now
Select this option to perform the configuration step during installation.
Copy files now, and perform installation configuration later, manually
Select this option to have the installation program copy files to the system only.
The Tivoli Provisioning Manager installation program is used to complete tasks such as
gathering information about your Tivoli Provisioning Manager deployment and
configuration, copying files to your local system, and performing configuration tasks using
the values that you have specified. If you select this option, the installation program will
gather your configuration information and copy the Tivoli Provisioning Manager files to
your local system now, and then allow you to run the configuration step at a later date.
Deploy application files automatically
Select this option to have the installation program perform EAR file deployment
automatically during the installation.
Deploy application files manually later
Select this option to defer the deployment of application files. Deferring the deployment of
application files can shorten the time it takes to deploy overall if you intend to install more
than one service management product. Files can be deployed once all products have added
their own functions to the application files. You might also want to use this option if your
organization has application deployment restrictions that require that you deploy application
files either manually or using another approved process.
For manual application deployment instructions for WebSphere Application Server, see
“Deploying Provisioning Manager EAR files” on page 112.
33. In the Choose Shortcut Folder panel, select the type of shortcut for Tivoli Provisioning Manager, and
then click Next. If selecting In the Start Menu to be used with Internet Explorer, ensure that you
have added the Tivoli Provisioning Manager URL to the trusted sites Web content zone and disable
the option of requiring server verification for all sites in the zone.
Note: Do not use the In the Quick Launch Bar options, because it will not create a shortcut in the
Quick Launch bar.
34. In the Input Summary panel, review the information, and then click Next.
35. In the Pre-Installation Summary panel, review the information, and then click Install.
36. In the Install Complete panel, click Done.

Results
The base services installation is completed.
Logs can be found in the following locations:

v MAXIMO_HOME/logs
v MAXIMO_HOME/solutions/logs
v MAXIMO_HOME/maximo/tools/maximo/log
v C:\program files\ibm\common\acsi\logs
In addition, logs can be found in the log directories for the WebSphere Application Server application
server, deployment manager, and node agent.
The configuration values that you entered are stored in the MAXIMO_HOME/applications/maximo/
properties/maximo.properties file. If you did not use the base services installer to perform the
configuration, you can perform them outside of the base services installer by using the taskrunner utility,
located in the MAXIMO_HOME/scripts directory. This utility uses the configuration values stored in the
maximo.properties file to configure base services.
taskrunner CONTINUE <STOPONERROR|NOSTOPONERROR>
Note:
v If you reboot the system, you cannot use the taskrunner utility to run configuration scripts, because
taskrunner data stores are not persisted. If you intend to use the taskrunner utility, do not reboot your
system.
v Passwords are encrypted in the maximo.properties file during the installation process. The encrypted
data is stored in a section of the file after the line mxe.encrypted=true using various characters,
including symbols other characters that are not alphanumeric. Ensure that you do not modify the
encrypted section of the file. A version of the file with the unencrypted password is stored in
maximo.properties_orig in the same directory.
Important: Back up the unencrypted file maximo.properties_orig outside the system file structure. If
you change the database user password, you must update this file with the new password and then
create an encrypted maximo.properties file.
If the installation fails, you can run taskrunner again after resolving the errors if it was run with the
STOPONERROR parameter. The taskrunner utility resumes the installation at the point where the last
successfully completed task was recorded in the previous attempt. If you run taskrunner with the
NOSTOPONERROR parameter, the taskrunner continues despite errors.
What to do next
1. If you want to install support for other languages, proceed to “Installing the language pack” on page
116.
2. Back up the base services home directory. In the launchpad navigation pane, click Custom
Installation, then scroll down to 2. Install the base services and required components and click 2.4
Back up base services home directory. Follow the instructions on the panel to back up, then return to
the custom installation page.
Back up the deployment engine database. Follow the instructions on the panel to back up, then
return to the custom installation page.
4. If you chose not to configure WebSphere Application Server automatically during base services
installation, you must manually create the following required groups and add the maxadmin user to
the groups: TPADMIN, TPCOMPLIANCEANALYST, TPDEPLOYMENTSPECIALIST, TPDEVELOPER,

and TPWEBSERVICEUSER. For more information and depending on the directory server that you are
using, see “Manually configuring Microsoft Active Directory” on page 60 or “Manually configuring
IBM Tivoli Directory Server” on page 54.
5. Proceed to “Installing Tivoli Provisioning Manager core components” on page 119.
Planning worksheet for base services installation

This table lists the settings that you must provide during the base services and core components
installation.
Table 20. Tivoli Provisioning Manager settings
Setting Default value Your value
Tivoli Provisioning Manager v C:\Program Files\IBM\tivoli\tpm
installation directory
Database port number
v 2000
DB2 50005
v Oracle
2000 1521
Tivoli Provisioning Manager database
host name
Maximo database name maxdb71
Maximo database instance ctginst1
Schema name maximo
Maximo database user ID maximo
2000
DB2 DB2 installation directory v SystemDrive:\Program
Files\IBM\SQLLIB
2000
DB2 DB2 instance administrator v db2admin
user ID
2000
DB2 Windows DB2 service user db2admin
ID
Data table space name MAXDATA
Data table space size
v 2000
DB2 5000 MB
Temporary table space name MAXTEMP
Temporary table space size 1000 MB
Index table space name MAXDATA
Index table space size
v 2000
DB2 5000 MB
WebSphere host name
WebSphere SOAP port 8879
WebSphere server home directory v C:\Program Files\IBM\WebSphere\
AppServer
WebSphere admin user ID wasadmin
WebSphere profile name ctgDmgr01
Web server port 9081
Web server name webserver1
Node name ctgNode01
Cluster name MAXIMOCLUSTER

Table 20. Tivoli Provisioning Manager settings (continued)
Setting Default value Your value
Application server MXServer. This value cannot be
changed.
JMS data source Name
JMS database name maxsibdb
JMS server name
Database user ID maxadmin
Group base entry ou=groups,ou=SWG,o=IM, c=US
User base entry ou=users,ou=SWG,o=IM, c=US
SMTP server
Administrator email
Starting the launchpad

The launchpad lets you install all components that are required for Tivoli Provisioning Manager.
Procedure
1. Log on to an account with system administration privileges.
2. If you are using DVDs, insert the Installation DVD for Windows. The disk must be inserted for the
duration of the installation.
3. Run launchpad64.exe (Windows 64-bit) or launchpad.exe (Windows 32-bit) from the root directory.
Results
The launchpad panel is displayed.
Remote configuration enablement

If you plan to take advantage of the Provisioning Manager installation program feature that automates
the configuration of Provisioning Manager middleware, you must enable a remote access protocol for
each system on which you intend to install Provisioning Manager middleware.
Remote access protocols include rsh, rexec, SSH and Windows SMB. Before you start the installation
program you must ensure that you can log on to your remote server or servers using the protocols you
intend to use with the credentials you plan to supply to the installation program.
For remote Windows systems, ensure the following requirements are met before installing the software:
v The operating system user supplied to the installation program must be an administrator (a member of
the Windows defined Administrators group).
v Windows Management Instrumentation (WMI), Remote Registry and the Server Windows services
must be enabled and running.
v The SMB protocol must be enabled and configured. It can be configured to run via NetBIOS over
TCP/IP using port 139 or directly on TCP/IP (without NetBIOS) using port 445.

v Be sure that ports used by protocols you are using are not blocked by firewalls or security policies.
This would include ports 137 and 139 if SMB is configured to run on NetBIOS over TCP/IP, or port
445 if SMB is run directly on TCP/IP (without NetBIOS).
v If your Windows configuration supports Simple File Sharing it must be disabled.
v The Windows drive share name C$ and folder IPC$ must be shared.
v For Windows 2008 Server systems that support it password protected sharing must be disabled and
shares must be shared for the Guest or Everyone accounts.
v For Windows 2008 Server, User Account Control (UAC) must be disabled.
v If Cygwin is installed on the remote Windows system the SSH daemon (sshd) must be uninstalled or
disabled.
Remote configuration does not support accessing network drives on the local or remote system.
Deploying Provisioning Manager EAR files

This section contains information about deploying Provisioning Manager EAR files manually into
WebSphere.
The following instructions are used to manually deploy the Provisioning Manager maximo.ear and
maximohelp.ear files into WebSphere Application Server. Although the Provisioning Manager installation
program deploys these EAR files when you install, there might be a few instances where it would be
desirable to redeploy these EAR files manually:
v If you modify any database connection parameters in the maximo.properties file after the initial
installation, you will have to rebuild of the maximo.ear file (procedure covered in the IBM Tivoli
Provisioning Manager System Administrator Guide), and then redeploy it in WebSphere Application
Server. In this scenario, you would likely only rebuild and redeploy the maximo.ear file. You would not
be required to rebuild and redeploy the maximohelp.ear file.
v Provisioning Manager must be installed into a WebSphere application server. However, Provisioning
Manager can be run within the framework of a WebSphere cluster. If you want to deploy Provisioning
Manager in a cluster, you can either redeploy the Provisioning Manager EAR files into a cluster, or,
create a cluster from the application server used during the installation. If you have already installed
Provisioning Manager into an application server but would like to redeploy into a cluster , then you
will need to either uninstall the MAXIMO application (“Manually uninstalling Provisioning Manager
applications from WebSphere Application Server Network Deployment” on page 115), or provide a
new name for the application when installing the MAXIMO application into a cluster (“Manually
installing Provisioning Manager applications into WebSphere Application Server Network Deployment”
on page 114).
v If you have installed Provisioning Manager into a development environment, you might at some point
like to migrate the deployment into a test or production environment. In this scenario, you will need to
deploy both the maximo and maximohelp applications into the new environment. The steps outlined in
“Manually installing Provisioning Manager applications into WebSphere Application Server Network
Deployment” on page 114 should be performed for both applications.
Related tasks
“Manually building EAR files”
“Manually deploying EAR files” on page 113
“Completing MEA registraton” on page 113
Manually building EAR files

You can manually build Tivoli Provisioning Manager EAR files if, for example, you modify a database
connection parameter in the maximo.properties file after the initial installation.
To manually build Tivoli Provisioning Manager EAR files, complete the following steps:

Procedure
1. Build the maximo EAR file:
<CCMDB_HOME>\maximo\deployment\buildmaximoear.cmd|sh
2. Build the maximohelp EAR file:
<CCMDB_HOME>\maximo\deployment\buildhelpear.cmd|sh
Manually deploying EAR files

You can manually deploy Tivoli Provisioning Manager EAR files if your organization has application
deployment restrictions that require that you deploy application files either manually or through another
approved process.
Note: If you are deploying using a WebLogic server, you must deploy the EAR files manually.
To manually deploy Tivoli Provisioning Manager EAR files, complete the following steps:
Procedure
1. Deploy the maximo EAR file:
<CCMDB_HOME>\jacl\solutions\DeployApplication.bat <WASAdminUserName>
<WASAdminPassword> "MAXIMO" <WASNodeName> <WASApplicationServerName>
"<CCMDB_HOME>\maximo\deployment\default\maximo.ear" <WASVirtualHost>
<WASWebServerName>
2. Deploy the maximohelp EAR file:
<CCMDB_HOME>\jacl\solutions\DeployApplication.bat <WASAdminUserName>
<WASAdminPassword> "MAXIMOHELP" <WASNodeName> <WASApplicationServerName>
"<CCMDB_HOME>\maximo\deployment\default\maximohelp.ear" <WASVirtualHost>
<WASWebServerName>
where,
<WASAdminUserName>
A WebSphere® Application Server Network Deployment account with deployment privileges.
<WASAdminPassword>
The password of the user specified in the WAS User parameter.
<WASNodeName>
The name of the WebSphere Application Server Network Deployment node.
<WASApplicationServerName>
The name of the WebSphere Application Server Network Deployment application server.
<WASVirtualHost>
The name of the WebSphere Application Server Network Deployment virtual host.
<WASWebServerName>
The name of the WebSphere Application Server Network Deployment Web server.
Completing MEA registraton

MEA registration is required for process managers that include integration with other software. If you
have chosen the option of deploying application files manually later during the Tivoli Provisioning
Manager installation process, you must manually perform MEA registration after manually deploying the
maximo EAR file.
To manually perform MEA registration, complete the following steps:
Procedure
1. Open a command prompt on the administrative system.
2. Run the following command:

<CCMDB_HOME>\jacl\solutions\meareg <WASDMGR> <PORT> <MAXUSER> <MAXPASSWD>
none none ./installedApps/<CELL_NAME>/MAXIMO.ear/meaweb.war/
WEB-INF/MeaRegistrationFiles/taddm
where,
<WASDMGR>
The fully-qualified host name of your WebSphere® Application Server Network Deployment
manager server.
<PORT>
The HTTP port on the WebSphere Application Server Network Deployment manager server.
<MAXUSER>
The maximo user.
<MAXPASSWD>
The maximo user password.
<CELL_NAME>
The WebSphere Application Server Network Deployment cell name. By default this value is
ctgCell01.
Manually installing Provisioning Manager applications into WebSphere

Application Server Network Deployment
This section contains information about manually installing Provisioning Manager applications into
Procedure
1. Log in to the WebSphere Application Server Network Deployment administrative console.
2. Click the Applications link, and then click Install New Application,
3. From the Specify the EAR, WAR, JAR, or SAR module to upload and install. page, select Local file
system, and then browse to the location on your system of the maximo.ear file.
4. Select Show me all installation options and parameters, and then click Next.
5. From the Choose to generate default bindings and mappings. page, select Generate Default
Bindings, and then click Next
6. From the Application Security Warnings page, click Continue.
7. From the Select installation options page, set the application name to be MAXIMO. If you are deploying
to a cluster and want to keep the application that was installed during the Provisioning Manager
installation, you will need to use a different application name value here.
8. Ensure Distribute application, Deploy enterprise beans, and Create MBeans for resources are all
checked and then click Next.
9. From the Map modules to servers page, in the Clusters and Servers text box, select the cluster (or
application server) and webserver listed. Also select all modules appearing in the modules table by
selecting their respective check boxes. Click Apply, and then click Next.
10. From the Provide options to perform the EJB Deploy page, accept the defaults and click Next.
11. From the Provide JSP reloading options for Web modules page, accept defaults and click Next.
12. From the Map shared libraries page, accept defaults and click Next.
13. From the Initialize parameters for servlets page, accept defaults and click Next.
14. From the Bind listeners for message-driven beans, ensure Activation specification is set to
intjmsact, and then click Next.
15. From the Provide JNDI names for beans page, accept defaults and click Next.
16. From the Map EJB references to beans page, accept defaults and click Next.
17. From the Map virtual hosts for Web modules page, select your virtual host from the drop down box
for all modules and then click Next.
18. From the Map context roots for Web modules page, accept the defaults and then click Next.
19. From the Map environment entries for Web modules page, accept defaults and then click Next.
20. From the Map security roles to users or groups page, first select the check box adjacent to the
maximouser role, and then check All authenticated? before clicking Next.
21. From the Ensure all unprotected 2.x methods have the correct level of protection page, accept
defaults and click Next.
22. From the summary page, click Finish.
23. From the WebSphere Application Server Administrative Console navigation pane, select Servers >
WebServers.
24. Select the Webserver listed in the table, and then click Generate Plug-in. Once completed, click
Propagate Plug-in.
25. Click on Applications, click the check box next to the application just installed, and click Start.
26. From the WebSphere Application Server Network Deployment Administrative Console navigation
pane, select Applications
27. Select the check box next to the application that was just installed, and then click Start.
Manually uninstalling Provisioning Manager applications from

WebSphere Application Server Network Deployment
This section contains information about uninstalling Provisioning Manager applications from WebSphere
Application Server Network Deployment.
Procedure
1. Open the WebSphere Application Server Network Deployment Administrative Console.
2. Click the Applications link.
3. Select the check box next to the application you are uninstalling. By default, the Provisioning Manager
applications are named maximo and maximohelp.
4. Click Stop.
5. Select the check box next to the application you are uninstalling.
6. Click Uninstall.
Configuring SMTP
If you did not configure SMTP parameters during installation, you will have to configure them through
the product console.
Before you begin
This task must be completed before you begin the tasks described in “Applying changes to the database”
on page 116.
To configure SMTP for Provisioning Manager, complete the following steps.
Procedure
1. Login to the console as maxadmin.
2. Navigate to Go To > System Configuration > Platform Configuration > System Properties
3. Using the Filter feature, search for the mail.smtp.host Property Name.
4. Expand the mail.smtp.host property and set the Global Value attribute to your SMTP host.
5. Select the mail.smtp.host record check box.
6. Click the Live Refresh icon in the toolbar.
7. From the Live Refresh dialog, click OK.
8. Using the Filter feature, search for the mxe.adminEmail Property Name.
9. Expand the mxe.adminEmail property and set the Global Value attribute to your e-mail address.
10. Select the mxe.adminEmail record checkbox.
11. Click the Live Refresh icon in the toolbar.
12. From the Live Refresh dialog, click OK.
Applying changes to the database

When you create organizations, work types, item and company sets and so on, these configuration
changes must be applied to the Maximo database.
To apply configuration changes to the Maximo database, complete the following steps.
Procedure
1. Login to the Maximo console as maxadmin
2. Navigate to Go To > System Configuration > Platform Configuration > Database Configuration.
Every object that must be updated in the Maximo database will display a status of To Be Added.
3. On the Select Action list, select Manage Admin Mode.
4. Click Turn Admin Mode ON, and then click OK when prompted. This task will take several minutes
to complete. You can use the Refresh Status button to view progress.
5. Once Admin Mode has been successfully enabled, select Apply Configuration Changes, which will
apply the changes to the Maximo database. To Be Changed should not appear in the status column
for objects listed.
6. Log out of the Maximo console.
7. On the administrative system, run the following command:
v MAXIMO_HOME\maximo\tools\maximo\dropbackup.bat
8. Restart the MXServer application within WebSphere Application Server Network Deployment.
9. Turn Admin Mode OFF.
a. Navigate to Go To > System Configuration > Platform Configuration > Database Configuration.
b. From the Select Action list, select Manage Admin Mode.
c. Click Turn Admin Mode OFF, and then click OK when prompted. Failing to turn off Admin
Mode within the application will cause cron tasks to fail.
Installing the language pack

You can add languages to the product by installing the Tivoli Provisioning Manager language pack.
Before you begin

v If you plan to add language support to Tivoli Provisioning Manager, you must use the language pack
installation program before you perform any post-installation steps.
v Because language pack installation might take an extended period to complete, decide which
additional languages you need before starting the language pack installation. Each additional language
selected increases the installation time.
v Note that even if you added additional languages through the language pack installation program, and
you set the locale or your machine to a language that was installed as an additional language, you
might still encounter instances in the product interface where items are displayed in the language you
identified as the base language of the machine. This is a known limitation and does not indicate that
the language pack installation failed.
v In some cases, shortcut elements appearing in the interface, for example, menu choices, will only be
displayed in the base language designated, or in English only.
v You must load all languages that you need during the initial installation. If you decide to install
additional languages at a later time, the previously installed languages will also be reloaded at that
time. Any changes made to the information from customization or fix pack installation will be lost.

v Ensure that MXServer is started.
v Ensure all middleware servers and services are running. If you get an error because of an inactive
middleware server or service, start that server or service, and then run the language pack installation
program again. For more information, see:
You can choose to add language support during installation, or you can defer the task until a later date.
At any time after you have successfully deployed Tivoli Provisioning Manager, you can add language
support to Tivoli Provisioning Manager, including the Tivoli Provisioning Manager user interface, and
process managers, using the Tivoli Provisioning Manager language pack installation program. The Tivoli
Provisioning Manager process managers can be updated using this method. If you later deploy other
process managers, see “Installing and refreshing language support files for a package” on page 119.
To install the language pack:
Procedure
2. In the launchpad navigation pane, click Custom Installation. Scroll down to 2. Install base services
and required components and click Install the language pack.
3. Select a language for the installation, and then click OK. This choice is only for use during the
installation and its selection will not affect the languages being installed.
4. From the Introduction panel, click Next.
5. From the Base-language selection panel, select a base language that will be used with Tivoli
Provisioning Manager, and then click Next.
This is the only time that you can select a base language. You cannot change the base language at a
later time.
6. From the Additional language selection panel, select the additional languages to be supported, and
then click Next.
7. From the language selection summary panel, review the information and then click Next.
8. From the Pre-installation Summary panel, click Install.
9. From the Deploy Application Files panel, select how to deploy the language files.
Deploy application files automatically
Select this option to have the installation program perform application file deployment
automatically during the installation.
Deploy application files manually later
Select this option to defer the deployment of application files. Use this option if your
organization has application deployment restrictions that require that you deploy application
files either manually or through another approved process. Application EAR files will be
deployed later either manually or through the use of the product installer at a later date.
What to do next
1. Back up the base services home directory. In the launchpad navigation pane, click Custom
Back up base services home directory. Follow the instructions on the panel to back up, then return to
the custom installation page.
Back up the deployment engine database. Follow the instructions on the panel to back up, then
return to the custom installation page.
3. Proceed to “Installing Tivoli Provisioning Manager core components” on page 119.

Deployment for packages with a single special language support feature
Packages can be deployed with single special language support.
Many process solution packages define a single language support feature with a feature identifier of
LANG_SUPT_FEATURE. For these packages, the Process Solution Command Line Interface allow this
special language support feature to be deployed during a base install using the -loadlanguages parameter.
The language support for this special feature can also be installed after a base install or refreshed using
the refreshlangs action of the Process Solution Command Line Interface.
Installing language support files at base install
When you initially perform a base install of a package with the special language support feature,
you can elect to also install the language support files for the package.
Using the Installation Wizard
When using the Process Solution Installation wizard to perform a base install of a
package, the Feature Selection Panel will display the language support feature in the set
of available features for the package. When you select this check box, the Process Solution
Installation wizard will unpack the language support files associated with the package
and then invoke the Maximo Translation Data Toolkit -PMPUPDATE function.
Using the Command Line Interface
When using the Process Solution Command Line Interface, you can install the language
support files for the package by specifying the -loadlanguages command line flag when
you perform a base install of a package using the -action install subcommand.
Installing or refreshing language support after base install
After the package has been initially installed, you can install or refresh the language support files
for the package. The Process Solution Command Line Interface provides a -action refreshlangs
subcommand for this purpose. This action is only supported for packages that are already
installed. The action can be used even if the language support files were not installed when the
package was originally installed. In both scenarios, the language support files for the package are
unpacked and copied to the Provisioning Manager administrative workstation and the Maximo
Translation Data Toolkit -PMPUPDATE function.
The function to install or refresh language support files is only available using the Process
Solution Command Line Interface. The function is not available using the Process Solution
Installation wizard.
Deployment for packages with multiple language support features

Packages can be deployed with multiple language support.
A process solution package that supports a variety of selectable features might also have multiple
language support features.
Installing language support files at base install
The language support features for packages that define multiple language support could be
deployed during a base install of the package or might be added after the base install using the
new selectable feature support in the Process Solution Installation Wizard and Process Solution
Command Line Interface. For these types of packages, the language support features are
managed just like other selectable features defined for the package.
Installing or refreshing language support after base install
When the refreshlangs action of the Process Solution Command Line Interface is invoked for a
package with multiple language support features, only currently installed language support
features for the package are refreshed. This is accomplished by re-execution of the deployment
actions associated with all currently installed language support features.
The refreshlangs action when invoked on a package with multiple language support features,
will not install those language support features. The refresh processing is only performed against
currently installed language support features. Note that this behavior differs from the

refreshlangs behavior when applied against a package defining the special
LANG_SUPT_FEATURE identifier. In that scenario, the special language support feature would
be installed if it is not currently installed or refreshed if it is installed.
Installing and refreshing language support files for a package

A process solution package may define one or more language support features. When a language support
feature for a process solution package is installed using the process solution installers, XLIFF files
associated with all support languages are unpacked onto the Tivoli Provisioning Manager administrative
workstation. The Maximo Translation Data Toolkit -PMPUPDATE is invoked. This utility imports the
XLIFF files associated with the process manager into the Maximo database, based on the base language
and any other selected languages that have been installed into Maximo.
If you intend to refresh language support files for the change or configuration management process
managers, or you have installed another process manager, use the instructions provided in this section.
There are two models for how the process solution package can expose its language support.
v A package can define a single language support feature with a special feature identifier. The process
solution installers provide some built-in special mechanisms for deploying language support for
packages using this model.
v A package can define multiple language support features. The selectable feature support in the process
solution installers are used for deploying language support for packages using this model.
Installing Tivoli Provisioning Manager core components

After you installed the base services, you can install the Tivoli Provisioning Manager core components.
The core components must be installed on the provisioning server (the agent manager, Tivoli Provisioning
Manager for Dynamic Content Delivery, Tivoli Provisioning Manager for Job Management Service
federator and Tivoli Provisioning Manager for OS Deployment).
Before you begin

1. Make sure that the middleware applications are started. If you installed the middleware with the
middleware installer, the middleware applications are started automatically after installation. If you
have rebooted the computer or if you installed the middleware manually, see:
v “Starting middleware on Windows” on page 94
2. Make sure that you installed the base services. See “Installing the base services” on page 98.
3. If you installed WebSphere Application Server manually (and not using the middleware installer),
verify that SSL Signer is set properly. For more information, see “Verifying WebSphere Application
Server SSL Signer” on page 128.
4. During installation:
v Ensure that you enter the correct passwords in the installer panels, as the installation program does
not validate them.
v Directory paths cannot contain a back slash as the last character of the path (\).
v If you are using a virtual host name on the computer where you are installing the core components,
note that Tivoli Provisioning Manager for OS Deployment does not support virtual host names.
Tivoli Provisioning Manager for OS Deployment can only be accessed using the local host name of
the computer.
Procedure

2. In the launchpad navigation pane, click Custom Installation. Scroll down to 3. Install Tivoli
Provisioning Manager core components and click Verify core components installation
prerequisites. After verifying and confirming the prerequisites, return to the custom installation
page.
3. Click Install core components.
4. Select the language for the installation and click OK.
7. In the Topology Configuration panel, specify all required fields and click Next.
Database Information
You must use the same values that you used for the database during the base services
installation.
v Only DB2 is supported. Oracle Database is not supported.
v If the database server is on a separate computer, select the Use Remote Database check
box.
Authentication Information
Select the authentication type that is available in your environment:
v Tivoli Directory Server
v Microsoft Active Directory
v Base Services Authentication
To confirm that the base services administration user exists in the LDAP repository, select the
corresponding check box. Use this option only if you selected either Tivoli Directory Server
or Microsoft Active Directory as the authentication type.
Middleware Installer Workspace Information
v If you installed the middleware with the middleware installer, select the Import data from
middleware installer workspace check box and then specify the location of the
middleware installer workspace. In a multiserver topology, this location is specified during
middleware installation. The default value is:
– C:\ibm\tivoli\mwi\workspace
v Select the Use Service IP check box if you are using virtual IP addresses and host names
for all the computers in your installation topology. The virtual IP addresses and host
names that you use in this installer must match the values that you specified during
middleware installation.
8. In the Select Components panel, select all components and click Next. The core components are:
v Required: The agent manager
v Required: Tivoli Provisioning Manager for Dynamic Content Delivery
v Required: Tivoli Provisioning Manager for Job Management Service federator
v Optional: Tivoli Provisioning Manager for OS Deployment
v 2000
DB2If you used the middleware installer to install the DB2 server and you are using a
configuration where Tivoli Directory Server and Tivoli Provisioning Manager are installed on the
same computer, while DB2 is installed on a different computer, then do not select the DB2 client
check box. This check box does not apply if you installed the middleware manually.
v If you want to back up the database and the WebSphere Application Server configuration files,
select the corresponding check box.
9. If you selected Tivoli Provisioning Manager for OS Deployment, accept the license agreement and
click Next.
10. If Cygwin is already installed, specify the directory where Cygwin is installed and click Next.

v If you do not require support for IPv6 communication in the Tivoli Provisioning Manager
environment, Cygwin 1.5.10 or later is required.
v If you require support for IPv6 communication in the Tivoli Provisioning Manager environment,
Cygwin 1.7 or later is required.
If you want to install Cygwin, specify all required fields and click Next.
Select a Cygwin download mirror site
Select a location that you want to use to download Cygwin installation files. A location that
is geographically closest to you is recommended.
User Name
Specify the user name for running the Cygwin SSH service.
11. In the Directories for Core Components panel, specify all required fields and click Next.
v To enable support for Federal Information Processing Standard (FIPS) 140-2, select the
corresponding check box.
v If you are using downloaded installation images, specify the directory where they are located.
v If you want to copy the installation images from DVDs, specify the destination directory where
you want the images to be copied, and select the Copy installation images from DVDs check box.
v If you want to verify the integrity of the installation images, select the Verify file integrity check
box.
v Specify the directory for log files and serviceability scripts. The default value is:
– Program Files\IBM\tivoli\common
If you have a process automation engine product installed on your system, the directory for log
files and serviceability scripts was set as a common location by the other product, and so this field
is not displayed in the Directories for Core Components panel.
v Specify the directory for temporary files.
v Specify the directories to store the backups for the WebSphere Application Server configuration
files and the database files. These directories must exist either on the provisioning server, for
single-server configurations, or on the database server, if the database is located on a separate
computer.
12. If you enabled FIPS 140-2 compliance, in the FIPS 140-2 Configuration panel, specify encryption
options.
v For more information about this standard and Tivoli Provisioning Manager compliance, see
“Compliance with Federal Information Processing Standard 140-2” on page 232.
v For detailed technical descriptions of cipher algorithms and encryption key options in relation to
FIPS 140-2, see the National Institute of Standards and Technology web site.
Cipher algorithm
Select the method to use for encrypting data.
Block cipher mode
Select a mode for encrypting blocks of data with the selected cipher algorithm. A block
cipher encrypts data blocks of a fixed length, which can result in repetitive patterns in the
encrypted data. A block cipher mode determines how to apply a cipher algorithm to reduce
repetitive patterns in the encrypted data.
Key pair generator algorithm
Select the algorithm that you want to use for generating encryption keys.
Generated key pair size
Select the size of the generated encryption keys.
13. 2000
DB2 In the DB2 Configuration panel, specify all required fields and click Next. The values must
match the values that you specified when you installed DB2.

Fully Qualified Domain Name or IP Address
The fully qualified domain name of the server where DB2 is installed, for example,
database.example.com. This value is case-sensitive. If you are using a virtual IP address or
host name, ensure that you specify the correct virtual host name.
DB2 Server Instance Port Number
The DB2 TCP/IP port number used by this server to listen for connection requests from
clients, for example, 50005.
Database Name for the IBM Tivoli Provisioning Manager database
The database name can only contain uppercase letters, lowercase letters, and numbers. The
default value is MAXDB71 .
Node name for remote database
The node name for the database server, if your database is installed on a separate computer.
The default value is MAXDB71.
DB2 Server Instance Owner
The user who owns the database instance. The default value is:
v db2admin
DB2 Server Instance Owner Password
The password for the instance owner.
Use Tivoli Provisioning Manager recommended instance configuration
Leave this check box selected so that the installer configures your instance with performance
settings. This setting is the recommended option for installation.
This check box does not apply if your database is installed on a separate computer.
Use Tivoli Provisioning Manager recommended database configuration
Leave this check box selected so that the installer configures your database with performance
settings. This setting is the recommended option for installation.
DB2 Server User Name
The name of the administrator user on the server where DB2 is installed. Enter the same
name as the value from the Database user ID field used when installing the base services.
The default value is maximo.
DB2 Server User Password
The password for the specified administrator user on the database server.
Local DB2 Instance SQLLIB Directory
The location of the local DB2 instance for the DB2 client.
v The default value is SystemDrive:\Program Files\IBM\SQLLIB.
Local DB2 Instance Name
The database instance name for the DB2 client. The default value is ctginst1. If you used
the middleware installer to install the DB2 server and you are using a configuration where
Tivoli Directory Server and Tivoli Provisioning Manager are installed on the same computer,
while DB2 is installed on a different computer, then specify an existing instance name, for
example, DB2.
14. In the WebSphere Application Server Network Deployment Configuration panel, specify all required
fields and click Next. For more information about WebSphere Application Server configuration, such
as cell and node configuration, see the WebSphere Application Server documentation.
Installation Directory
The directory where WebSphere Application Server is installed. The default is:
Fully-qualified Domain Name of the WebSphere Application Server
The fully qualified domain name of the computer where you are installing the provisioning

server core components, for example, tpmserver.example.com. This value is case-sensitive. If
you are using a virtual IP address or host name, ensure that you specify the correct IP
address or host name.
Cell Name
Enter the WebSphere Application Server Cell name. The default value is ctgCell01.
WebSphere Deployment Manager Profile Name
Enter the WebSphere Application Server profile name of the deployment manager server.
The default value is ctgDmgr01.
Application Server Node name
Enter the name of the WebSphere Application Server node. The default value is ctgNode01.
Application Server Profile Name
Enter the WebSphere Application Server profile name of the application server. The default
value is ctgAppSrv01.
Server Name
Enter the name of the Maximo application server, for example, MXServer.
Deployment Manager Administrator User
Enter the WebSphere Application Server administrative account name. The default value is
wasadmin.
Deployment Manager Administrator Password
Enter the password for the WebSphere Application Server administrative account.
Deployment Manager Port
Enter the administrator port for WebSphere Application Server. The default is 8879.
15. In the Authentication Configuration panel, specify all required fields and click Next. Depending on
the authentication option selected in the Topology Configuration panel, not all fields described are
displayed. For more information about specific directory server settings, see your directory server
documentation.
Use SSL for LDAP Server
Applies to Tivoli Directory Server only.
Select this option to enable secure communication with the directory server. The directory
server contains information about your users, so enabling this option is recommended to
ensure that data transmission between the directory server and other computers is secure.
Fully-Qualified Domain Name or IP Address
The fully qualified domain name of the directory server, for example, ldap.example.com.
This value is case-sensitive. If you are using a virtual IP address or host name, ensure that
you specify the correct virtual host name.
Host Public Port
The port number for Tivoli Directory Server or Microsoft Active Directory. The default value
is 389.
Host SSL Port
Enter the secure port number of the Tivoli Directory Server. The default value is 636.
User Base DN
Specify the base distinguished name (DN) for the directory server. The settings must match
the organizational unit and the organization and country suffix specified in the middleware
installer. For example, ou=users,ou=SWG,o=IBM,c=US. If you want to use the Distinguished
Name of the user that you specify for the LDAP Binding User Name, select the check box
below this field.

Microsoft Active Directory Server Domain Name
Applies to Microsoft Active Directory only.
The domain name for Microsoft Active Directory, for example, testmsad.com.
LDAP Binding Distinguished User Name
Enter the bind distinguished name for binding to the LDAP instance. The default value is
cn=root.
Base Services Administration User
Enter the instance administrator user ID, as entered during the base services installation. The
default value is maxadmin.
Base Services Administrator Password
Enter the instance administrator password, as entered during the base services installation.
Registration User
Enter the registration user, as entered during the base services installation. The default value
is maxreg.
Registration User Password
Enter the registration user password, as entered during the base services installation.
Integration User
Enter the integration user ID, as entered during the base services installation. The default
value is mxintadm.
LDAP Binding User Name
Applies to Microsoft Active Directory only.
The binding user name for Microsoft Active Directory, for example, Administrator.
LDAP Binder User Password
User Logon Name Attribute
Specify the LDAP attribute for user names in your directory server. For example, uid (User
ID), cn (Common Name), or sAMAccountName.
User Search Filter
There is a check on the User Search Filter during the installation that has to be correctly set
before continuing. This filter is used for searching for the user in the registry. It contains
information such as the objectclass that the user belongs to. See the following examples:
v For Tivoli Directory Server:
(&(cn=%v)(objectclass=organizationalPerson))
v For Microsoft Active Directory:
(&(sAMAccountName=%v)(objectcategory=user))
The parameter %v is necessary because during the search, the %v will be replaced with the
real user name.
16. In the IBM Tivoli Provisioning Manager Configuration panel, specify all required fields and click
Next.
v Specify the installation directory. The default value is:
– C:\Program Files\IBM\tivoli\tpm
Note: For some components, such as GUID, or the deployment engine, the installation program
uses the predefined installation locations for these components, so it always saves a number of
files on:
– %SystemDrive%

v Specify the password for the user tioadmin. This user is created during installation and is used to
start the Tivoli Provisioning Manager services.
v Specify the following port numbers:
Software Distribution Infrastructure Server SSL Port
Specify the port for communication with the provisioning server, which is the WebSphere
Application Server HTTPS port. The default value is 9045.
Software Distribution Infrastructure Client SSL Port
Specify a port for communication with clients using mutually authenticated SSL. The
default value is 9046.
Software Distribution Infrastructure Non SSL Port
Specify the secure HTTP port for communication with the provisioning server. The default
value is 9080.
Tivoli Provisioning Manager SSL Port
A port using server-side SSL to provide encryption and to authenticate WebSphere
Application Server to the other servers. The default port number is 9443.
v Specify the keystore and truststore information:
Tivoli Provisioning Manager SSL Keystore Name
Specify the file name of the keystore file for Tivoli Provisioning Manager. The keystore file
is a key database file that contains both public keys and private keys for SSL
communication. The default value is tpmKeyStore.
Tivoli Provisioning Manager SSL Keystore Password
Specify the password for the Tivoli Provisioning Manager keystore.
Tivoli Provisioning Manager SSL Truststore Name
Specify the file name of the Tivoli Provisioning Manager truststore. A truststore file is a
key database file that contains the public keys for SSL communication with target
computers. The default value is jks.tpmTrustStore.jks.
Tivoli Provisioning Manager SSL Truststore Password
Specify the password for the Tivoli Provisioning Manager truststore.
Your company name
Specify your company name. This name is used on the SSL certificate created during
installation.
Agents will connect to the agent manager using
Specify whether you want agents on managed computers to connect to the agent manager
using the IP address or the fully qualified domain name of the server.
17. In the WebSphere Profile Configuration for Agent Manager panel, specify all required fields and
click Next.
Cell Name
Specify the WebSphere Application Server Cell name. The default value is the host name
followed by Node01Cell. For example, tpmserverNode01Cell.
Node Name
Enter the name of the application node. The default is the host name followed by Node01.
For example, tpmserverNode01.
WebSphere Profile Name
Specify the WebSphere Application Server profile name of the application server for the
agent manager. The default value is casprofile.
Common Agent Services Standalone profile path
Specify the full path of the profile directory for the agent manager. The default value is
WAS_HOME/profiles/casprofile.

Starting Port
Specify the lowest port number used by the agent manager. The default is 21000.
18. In the Agent Manager Configuration panel, specify all required fields and click Next.
Agent Manager Install Directory
The installation directory for the agent manager. Ensure that there are no extra spaces before
or after specified path.
Agent Manager Fully Qualified Domain Name
This value is normally the fully qualified domain name of the Tivoli Provisioning Manager
computer. If you installed the agent manager on another computer, specify the fully qualified
domain name of that computer. This value is case-sensitive.
Registration Port
The registration port uses server-side SSL to provide encryption and authenticate the agent
manager to clients. The default value is 9511.
Secure Port
A port using server-side SSL with client authentication to provide encryption and
authenticate the agent manager to clients. The default value is 9512.
Public Port
The unsecured port number for communications between the agent manager and the clients.
The default value is 9513.
Registration password
A common agent must provide this password to register with the agent manager and to
unlock the agentTrust.jks file. A common agent or resource manager compares the
certificate in its copy of the agentTrust.jks file with the certificate presented by the agent
manager to ensure that it registers with the correct agent manager. This password is used to
create the common agent.
Agent Manager Password
This password is used by the agent manager to create the Certificate Authority Certificate
and to unlock the agent manager trust keystore (agentManagerTrust.jks) and keystore
(agentManagerKeys.jks) files.
Security Domain
Specify the domain that is managed by a single access policy. Specify the security domain
that contains the assets to be managed with Tivoli Provisioning Manager.
For example, if you have two security domains for the networks users.intranet.example.com
and dev.intranet.example.com, and you only want Tivoli Provisioning Manager to manage
assets in users.intranet.example.com, you would specify users.intranet.example.com as the
security domain.
Agent Manager IP address
The IP address of the agent manager computer. If you are using a remote computer for agent
manager specify the IP address of the remote computer.
Resource Manager User Name
The user name for the resource manager on the agent manager server. Each product that
uses Tivoli Common Agent Services has its own resource manager and subagents. For
example, Tivoli Provisioning Manager has a resource manager and subagents for software
distribution and software inventory scanning. The default user name when you install the
agent manager with this installer is tpmManager. If you are using an existing agent manager
installation that was not installed with this installer, the default user name is manager.
Resource Manager Password
The password for the resource manager user. If you are using an existing agent manager
installation that was not installed with this installer, the default password is password.

19. In the Dynamic Content Delivery Configuration panel, specify all required fields and click Next.
v Specify the installation directory for the dynamic content delivery.
20. In the Tivoli Provisioning Manager for Job Management Service federator Configuration panel,
specify the installation directory for the Tivoli Provisioning Manager for Job Management Service
federator and click Next.
21. In the Tivoli Provisioning Manager for OS Deployment panel, specify all required fields and click
Next.
a. HTTP Port: The HTTP port for the Tivoli Provisioning Manager for OS Deployment console. The
default is 8080.
b. HTTPS Port: The secure HTTP port for the Tivoli Provisioning Manager for OS Deployment
console. The default is 443.
c. Data directory: The directory for operating system images and files managed by Tivoli
Provisioning Manager for OS Deployment. The default directory is:
v C:\tpmfosd files\. If you are using the root directory of a drive, ensure that the value that
you specify ends in a \. For example D:\
Note: The language of Tivoli Provisioning Manager for OS Deployment installation is the language
of the operating system. To change the language after installation, click Go To > Deployment > OS
Management > Boot Servers, and select the Configuration tab.
22. Review the summary of your installation settings and click Next.
23. When the installation is complete, click Finish.
Results
The following software components are installed:

v Tivoli Provisioning Manager engines
v The agent manager
v Tivoli Provisioning Manager for Dynamic Content Delivery
v Tivoli Provisioning Manager for Job Management Service federator
v Tivoli Provisioning Manager for OS Deployment
What to do next
1. Proceed to “Installing Tivoli Provisioning Manager web components” on page 128.
Installing the language pack for Tivoli Monitoring agent

Follow these procedures to install the language pack.
Before you begin
Ensure that %JAVA_HOME%\bin is in the PATH system variable.
You can install the language pack on a system which has one or more of the following components:
v Tivoli Enterprise Portal server
v Tivoli Enterprise Portal client
v Tivoli Monitoring agent (Tivoli Provisioning Manager server).
Procedure
1. Extract the LP_ITMAgentForTPM72.zip file from the Supplemental DVD for your operating system to
the ITM server local directory.
2. Change the current directory, to the directory where you extracted the files.

3. Run the installer with the appropriate command:
On the Tivoli Enterprise Portal client and server
lpinstaller.bat
<candle_home>
Tivoli Monitoring directory
<install_mode>
One of the following values:
v gui
v console
v silent
On the Tivoli Provisioning Manager computer
lpinstaller.exe
4. On the Introduction panel, click Next.
5. On the Select Action panel, select Add/Update to install or update the language pack and click Next.
6. On the Choose Folder panel, specify the path of where you extracted the nlspackge directory and
click Next.
7. On the Select Product panel, select Tivoli Monitoring agent for Tivoli Provisioning Manager and click
Next.
8. On the Select Language panel, select the language from the list and click Next.
9. On the Preview panel, click Next and then click Done.
10. Restart the Tivoli Enterprise Portal server, Tivoli Enterprise Portal client, and Tivoli Monitoring
agent.
Results
The language pack for Tivoli Monitoring agent is installed.
Verifying WebSphere Application Server SSL Signer

If you installed WebSphere Application Server manually (and not using the middleware installer), verify
that SSL Signer is set properly.
Procedure
1. Log on as the administrator user.
2. Change to the directory WAS_HOME/AppServer/profiles/AppSrv01/bin.
3. Run the following command to check if the SSL signer is set properly in WebSphere Application
Server:
wsadmin.bat -lang jython
4. Enter your WebSphere Application Server user name and password.
5. If asked to add signer to the trust store, type y. Otherwise, the signer was already added to the
truststore.
6. Start the Tivoli Provisioning Manager core component installation.
Installing Tivoli Provisioning Manager web components

After you have installed the core components, you can install the web components. You must install the
web components on the same computer on which you installed the base services, either the provisioning
server or the administrative workstation.

Before you begin
1. Ensure that the core components are installed. See “Installing Tivoli Provisioning Manager core
components” on page 119.
2. Ensure that the middleware is started. If you used the middleware installer to install the middleware,
the middleware applications are started after installation. If you have rebooted the computer or if you
installed the middleware manually, verify that the middleware is started. See:
3. Ensure that the Cygwin SSH daemon is stopped on the provisioning server and the administrative
workstation (if your configuration requires one).
To stop the Cygwin SSH daemon from a command window, run:
net stop sshd
To stop the Cygwin SSH daemon from a Cygwin shell window, run:
cygrunsrv --stop sshd
Procedure
2. In the launchpad navigation pane, click Custom Installation. Scroll down to 4. Install the Tivoli
Provisioning Manager web components and click Install Tivoli Provisioning Manager web
components.
5. In the Process Solution Installer Packages Installation panel, specify all required fields and click Next.
Database User ID
Enter the user ID to access the database. This user must be the same user ID that you
specified during base services installation. The default value is maximo.
Database Password
Enter the password for the specified database user name.
WebSphere Application Server Administrative User Name
Enter the WebSphere Application Server administrator user name. The default value is
wasadmin.
WebSphere Application Server Password
Enter the password for the WebSphere Application Server administrator user.
WebSphere Application Server Remote Access User Name
Enter the name of a user with administrator access, for example, Administrator.
Tivoli Provisioning Manager is configured to start the WebSphere Application Server profiles
automatically with this user name when you start Tivoli Provisioning Manager.
WebSphere Application Server Remote Access Password
Specify the password for the remote access user.
Note: Do not use the WebSphere Application Server console to modify Tivoli Provisioning
Manager user passwords. Instead, use the changePassword.cmd|sh tool to change the
password.
For more information on how to change your password, see the changePassword command in
the information center.
Base Services Installation Directory
Specify the full path of the base services installation directory. The default location is:
v C:\IBM\SMP

Load language support files associated with the packages
Select the check box to update the language files for web components. If you installed
language packs during base services installation using the steps in the topic “Installing the
language pack” on page 116, you must select this check box, otherwise no language packs are
installed.
Important: Leave this check box clear if you installed a process automation engine product
that does not install language pack support by default.
6. In the Installation Preview panel, review your installation settings, and then click Next.
7. When the installation is complete, the Installation Summary panel is displayed. Click Finish.
Results
The web components are now installed.
What to do next
Before you start using Tivoli Provisioning Manager, additional configuration is required. See Chapter 4,
“Post-installation tasks,” on page 131.

Chapter 4. Post-installation tasks
Depending on the features that you plan to use, some configuration might be required after the product
is installed.
Important for language support: If you plan to add language support to Tivoli Provisioning Manager,
you must use the Tivoli Provisioning Manager language pack installation program before you perform
these post-installation steps.
Installing the language pack for Tivoli Monitoring agent

Follow these procedures to install the language pack.
Before you begin
Ensure that %JAVA_HOME%\bin is in the PATH system variable.
You can install the language pack on a system which has one or more of the following components:
v Tivoli Enterprise Portal server
v Tivoli Enterprise Portal client
v Tivoli Monitoring agent (Tivoli Provisioning Manager server).
Procedure
1. Extract the LP_ITMAgentForTPM72.zip file from the Supplemental DVD for your operating system to
the ITM server local directory.
2. Change the current directory, to the directory where you extracted the files.
3. Run the installer with the appropriate command:
On the Tivoli Enterprise Portal client and server
lpinstaller.bat
<candle_home>
Tivoli Monitoring directory
<install_mode>
One of the following values:
v gui
v console
v silent
On the Tivoli Provisioning Manager computer
lpinstaller.exe
4. On the Introduction panel, click Next.
5. On the Select Action panel, select Add/Update to install or update the language pack and click Next.
6. On the Choose Folder panel, specify the path of where you extracted the nlspackge directory and
click Next.
7. On the Select Product panel, select Tivoli Monitoring agent for Tivoli Provisioning Manager and click
Next.
8. On the Select Language panel, select the language from the list and click Next.
9. On the Preview panel, click Next and then click Done.

10. Restart the Tivoli Enterprise Portal server, Tivoli Enterprise Portal client, and Tivoli Monitoring
agent.
Results
The language pack for Tivoli Monitoring agent is installed.
Backing up the administrative workstation

If you do not want to keep the administrative workstation active after installation, you must create a
backup of the software installed on the computer.
The administrative workstation is not required to use Tivoli Provisioning Manager after installation.
However, the computer is required to install program patches, product upgrades, new applications, new
process managers, and additional language packs. Because the installation of the deployment software on
the administrative workstation also includes changes to the Windows registry, you must back up the
installation so that all settings can be restored when you want to change your installation.
If you are using a virtual server for your administrative workstation, you can create a virtual server
image to save the administrative workstation configuration. You can also back up the administrative
workstation manually as described in this section.
Procedure
1. Back up the installed base services and web components.
a. Change to the following directory:
v C:\Program Files\IBM\Common\acsi\bin
v de_backupdb.cmd -bfile C:\IBM\SMP\DE_BACKUPS\AFTER_INSTALL_PMP_7.2.0.0
2. Create a backup of the deployment directory.
v C:\IBM\SMP
3. Create a backup of the registry entries.
Table 21. Registry entries for the base services
Location Key name Key value
My Computer\HKEY_LOCAL_MACHINE\SOFTWARE\IBM\Tivoli Base InstallDir C:\IBM\SMP
Services
Version 7.1.1.6
Results
You now have a backup of the administrative workstation.
If you later need to restore the backup, perform the following steps:
1. Copy the deployment directory to the new computer. The default location is:
v C:\IBM\SMP
2. Copy the registry entries into the Windows registry of the new computer.
3. Change to the following directory:
v C:\ibm\SMP\de
4. To reinstall the deployment engine, run the following command:
si_inst.[bat|sh]
5. To restore the backup of the installed packages, run the following command:
v de_restoredb.cmd -bfile C:\IBM\SMP\DE_BACKUPS\AFTER_INSTALL_PMP_7.2.0.0

Configuring a web browser for Federal Information Processing
Standard 140-2 compliance
If you have enabled Federal Information Processing Standard (FIPS) 140-2 compliance, you must enable
Transport Layer Security (TLS) in the web browser to make the connections with the provisioning server
FIPS 140-2 compliant.
Procedure
v For Internet Explorer 6 or 7:
1. In Internet Explorer, click Tools > Options.
2. Click the Advanced tab.
3. Under Security:
– Clear Use SSL 2.0
– Clear Use SSL 3.0
– Select Use TLS 1.0
4. Click Apply, and then click OK.
v For Firefox 3:
1. In Firefox, click Tools > Options.
2. Click the Advanced icon.
3. Click the Encryption tab.
4. In the Protocols section.
– Clear Use SSL 3.0.
– Select Use TLS 1.0.
5. Click Security Devices.
6. Select NSS Internal PKCS #11 Module and then click Enable FIPS.
Note: You must have a master password set for each listed security device before FIPS-mode can
be enabled.
7. Click OK.
8. Disable all TLS cipher suites that are not FIPS compliant. See step 3 of the instructions in the
Firefox knowledge base article about FIPS 140-2 compliance for details.
Starting the provisioning server on Windows

After installing Tivoli Provisioning Manager, start the provisioning server so that you can use the
product.
Before you begin
Ensure that the middleware applications are started. For more information, see “Starting middleware on
Windows” on page 94.
Follow these steps only if you want to start the provisioning server after installation. To start the
provisioning server in other cases, for example, if the provisioning server is stopped and you need to
restart it, see “Starting and stopping the provisioning server on Windows” on page 211.
Procedure
1. Log on as the tioadmin user or the Administrator user.
2. Change to %TIO_HOME%\tools
3. Type tio.cmd start tpm
Chapter 4. Post-installation tasks 133

2008 Select the option Run as administrator for all the commands that you run from
%TIO_HOME%\tools. For more information about user account control in Windows 2008, see User
Account Control Step-by-Step Guide.
4. After the provisioning server is ready, open a web browser and log on by typing:
https://host_name:9443/maximo
5. Type the user name and password. The default user is maxadmin.
Manually configuring directory synchronization for WebSphere

Application Server Network Deployment
You can manually configure a cron task to schedule synchronization of users and groups between a
directory server and Provisioning Manager.
VMMSYNC is the cron task that schedules the synchronization between Provisioning Manager and
Virtual Member Manager. This cron task is set up automatically during installation. The manual
procedure is required only if you need to change the existing configuration of the cron task.
Procedure
1. Open a web browser and go to http://host_name:port/maximo.
2. Log on to Provisioning Manager using the maxadmin user ID.
3. Click Go To > System Configuration > Platform Configuration > Cron Task Setup.
4. Type VMM in the Cron Task field, and press Enter.
5. Locate and select the VMMSYNC cron task, and click it.
6. Configure the following values:
Active?
Enable the Active? option by selecting the check box.
Credential
This value is the password used for the Principal account. In this case, enter the password for
wasadmin.
GroupMapping
This field contains XML mapping files that map LDAP object attributes to database repository
table columns. Change the following object entries to use the organizational unit ou value that
you defined for your organization when setting up Provisioning Manager middleware.
Basedn
This value defines the LDAP subtree that the Virtual Member Manager cron task uses
to search for group objects. For example, ou=groups,ou=SWG,o=IBM,c=US for IBM Tivoli
Directory Server and ou=groups,ou=SWG,dc=IBM,dc=COM for Microsoft Active Directory.
Filter This value is the Virtual Member Manager object class that the service uses to search
for group objects in LDAP:
Group
GroupSearchAttribute
This value is the LDAP group object attribute used to search for groups under the configured
directory subtree.
For example, cn.
Principal
This value is the user required by the CronTask application to connect to the local Virtual
Member Manager service. This value can be any directory server administrative user that has
authorization to connect to the local Virtual Member Manager service. Customize it to use the
organizational unit ou and domain name dc values that you defined for your organization

when setting up the middleware. For example, cn=wasadmin,ou=users,ou=SWG,o=IBM,c=US for
IBM Tivoli Directory Server and uid=wasadmin,ou=users,ou=SWG,dc=IBM,dc=COM for Microsoft
Active Directory.
SynchAdapter
psdi.security.vmm.DefaultVMMSyncAdapter
This value is the Java class that writes LDAP data to the database.
SynchClass
psdi.security.vmm.VMMSynchronizer
This value is the Java class that connects to the Virtual Member Manager local service to
search for required objects.
UserMapping
This field contains XML mapping files that map LDAP object attributes to database repository
table columns. Change the following object entries to use the organizational unit ou value you
defined for your organization when setting up the middleware.
Basedn
This value defines the LDAP subtree that the Virtual Member Manager cron task uses
to search for group objects. For example, ou=users,ou=SWG,o=IBM,c=US for IBM Tivoli
Directory Server and ou=users,ou=SWG,dc=IBM,dc=COM for Microsoft Active Directory.
Filter
PersonAccount
This value is the Virtual Member Manager object class that the service uses to search
for user objects in LDAP.
UserSearchAttribute
This value is the LDAP user object attribute used to search for users under configured
directory subtree. For example, cn for IBM Tivoli Directory Server and uid for Microsoft
Active Directory.
You must click the arrow located in the header of the Cron Task Parameters table to view all
parameters.
7. Click the save icon.
Results
By default, the cron task runs every 5 minutes. Change the Schedule field of the cron task if you want to
change the interval. The updated parameters are used at the next scheduled synchronization.
Configuring the LDAP server for user authentication only

When the installation is completed, you can configure your environment to store user information in the
LDAP server and security roles and groups in the provisioning database.
If you want authentication to be handled by the LDAP server, instead of by the Tivoli Provisioning
Manager database, you can configure security so that the authentication process uses the LDAP server,
which stores the user information only. The authorization process is handled by loading the security roles
information from the provisioning database.
To configure security for this model, complete the following steps to turn off VMMSync to separate the
user and security group information.

Procedure
1. Click Go To > System Configuration > Platform Configuration > Cron Task Setup.
2. In the Cron Task field, type VMMSynch.
3. Click VMMSync and click the Cron Task tab.
4. Clear the Active check box. Click to save your changes.

5. Ensure that the mxe.LDAPUserMgmt property is not enabled. Click Go To > System Configuration >
Platform Configuration > System Properties.
6. Expand Filter and search for the mxe.LDAPUserMgmt property.
7. Ensure that Current Value is set to zero (0).
Results
If Current Value has a value other than 0, complete the following steps:
1. Log on to the database server and run the following SQL command:
UPDATE <schema_name>.MAXPROPVALUE SET PROPVALUE = ’0’ WHERE PROPNAME = ’mxe.LDAPUserMgmt’
where <schema_name> is the schema name.

2. For the changes to take effect, restart the provisioning server:
v Enter tio.cmd stop and then enter tio.cmd start.
Users are now separated and stored in the LDAP server for authentication only. Security groups are
stored in the provisioning database for authorization purposes. Now that VMMSync is disabled, the
LDAP server and provisioning database are not synchronized. When new users are added to the LDAP
server, security groups and users, and the membership of the users to the security groups, must be
manually added to the provisioning database using the web interface.
Adding users and security groups

You must add users and security groups to the provisioning database.
Procedure
1. To create a user, log on to the web interface and click Go To > Security > Users.
2. Click to create the user. Enter the required information and save your changes. This user must
also be created in the LDAP for the authentication server.
3. To create a security group, click Go To > Security > Security Groups. Click to create the security
group. Enter the required information and save your changes.
4. To add users to the security group, click the Users tab and click New Row. In the User field, type the
user name or click and select the user to add to the security group.
Note: If an exception occurs when you are trying to add a user to a security group, the access rights
must be changed so that you can change the group membership. The MAXADMIN user must change
the permissions.
a. Log in as MAXADMIN.
b. Click Go To > Security > Security Groups.
c. Click the Group tab and click the security group.
d. Click Select Action > Authorize Group Reassignment.
e. Click Select Users and select the user that must have the access rights to add other users to that
security group. Click OK. Confirm the changes by clicking OK again.

f. Log on to the web interface as the user who now has the appropriate access rights to the security
group.
g. Click Go To > Security > Security Groups. Select the User tab and add the user.
Defining the boot server after installation

You must create your boot server if you ran the installation program without the Tivoli Provisioning
Manager for OS Deployment component.
If you ran the installation program without the Tivoli Provisioning Manager for OS Deployment
component and then ran it again with the Tivoli Provisioning Manager for OS Deployment component
selected, the OS deployment boot server object is not created. To create it, you must run the TPMfOSD
Installation Discovery against your local provisioning server.
For more information, see Discovering an OS deployment server in the information center.
Setting up the infrastructure for software distribution tasks

This procedure explains how to set up a scalable distribution infrastructure.
If you are planning to use the scalable distribution infrastructure for your software distribution tasks, you
do not need to complete this post-installation task.
If you are not planning to use the scalable distribution infrastructure for your software distribution tasks,
you must set a global variable to specify so. The TCA.Create.EO.SAP global variable determines if the
scalable distribution infrastructure is used or not. This parameter is set to true by default.
You must set the TCA.Create.EO.SAP global variable to false if you do not want to use the scalable
distribution infrastructure.
Procedure
1. Log on to the web interface.
2. Click Go To > Provisioning Global Settings > Variables.
3. Find the TCA.Create.EO.SAP global variable and set its value to false.
For more information about the scalable distribution infrastructure, see Scalable distribution
infrastructure in the information center.

Chapter 5. Uninstalling Tivoli Provisioning Manager
A single uninstallation program for all Tivoli Provisioning Manager components is not available. To
uninstall Tivoli Provisioning Manager, you must remove the software in the order below. Do not use
other methods to uninstall Provisioning Manager, such as the Add/Remove Programs panel.
1. Uninstall core
components
2. Uninstall base services

and Web components
3. Uninstall middleware
4. Remove
remaining items
Software is uninstalled
Uninstalling Tivoli Provisioning Manager core components

This section describes how to uninstall Tivoli Provisioning Manager core components.
Before you begin
If Windows Terminal Server is installed, configure the terminal server to install mode by running:
change user /install
To uninstall the core components, complete the tasks in this section.
Uninstalling the Tivoli Monitoring agent

If you installed the Tivoli Monitoring agent, uninstall it before you uninstall core components such as the
device manager service, dynamic content delivery, or agent manager.
Procedure
To uninstall the agent:

1. Log on as Administrator user.
2. Open the Add/Remove Programs control panel.
3. From the list of applications, select IBM Tivoli Monitoring for Provisioning.
4. Click Change/Remove.

5. Select Remove and click Next.
6. Click OK to confirm the uninstallation.
7. Click Finish to complete the uninstallation.
What to do next
Proceed to “Uninstalling Tivoli Provisioning Manager for OS Deployment.”
Uninstalling Tivoli Provisioning Manager for OS Deployment

If you installed Tivoli Provisioning Manager for OS Deployment, uninstall it before you uninstall core
components such the device manager service, dynamic content delivery, or agent manager.
Uninstalling Tivoli Provisioning Manager for OS Deployment on Windows

If you installed Tivoli Provisioning Manager for OS Deployment, complete the following procedure to
uninstall it.
Procedure
1. Stop Tivoli Provisioning Manager for OS Deployment. In a command window, run:
net stop remboagent
net stop remboserver
2. In the Add/Remove Programs control panel, click Tivoli Provisioning Manager for OS
Deployment.
3. Click Change.
4. Select a language and then click —>.
5. On the welcome panel, click Next.
6. Click Remove.
7. To completely remove Tivoli Provisioning Manager for OS Deployment, select Remove Tivoli
Provisioning Manager for OS Deployment completely, including user data.
8. Click Remove.
9. When Tivoli Provisioning Manager for OS Deployment is uninstalled, click Finish.
10. Drop the Tivoli Provisioning Manager for OS Deployment database in the database server.
a. In a command window, run the following command to open a DB2 command window:
db2cmd
b. Set the database instance to the Tivoli Provisioning Manager database instance. The default is
ctginst1.
c. Run the following command to drop the database:
db2 drop database tpmfosd
11. If the DB2 server is on a remote system, run the following commands on a Tivoli Provisioning
Manager server where a DB2 client is installed.
a. In a command window, run the following command to open a DB2 command window:
db2cmd
b. Set the database instance to the Tivoli Provisioning Manager database instance. The default value
is ctginst1.
c. Run the following command to drop the database:
db2 uncatalog database TPMFOSD
db2 uncatalog node TPMFOSD
db2 terminate
12. Check if the following directories exist. If they still exist, delete them.

v The IBM Tivoli folder. The default location is C:\Program Files\Common Files\IBM Tivoli
v The data directory. The default location is C:\tpmfosd files
What to do next
1. If you removed Tivoli Provisioning Manager for OS Deployment successfully, proceed to “Uninstalling
Tivoli Provisioning Manager for Job Management Service federator.”
2. If you were unable to remove Tivoli Provisioning Manager for OS Deployment using the uninstaller,
remove it manually:
a. Check if the following directories exist. If they still exist, delete them.
v The IBM Tivoli folder. The default location is C:\Program Files\IBM\Tivoli
v The data directory. The default location is C:\tpmfosd files
b. Check if the database tpmfosd is created. Run the commands:
db2 list db directory
c. If the database exists, drop the database:
db2 drop database tpmfosd
3. If the following registry keys exist, remove the keys and any children keys.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemboAgent
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemboODBC
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RemboServer
Uninstalling Tivoli Provisioning Manager for Job Management Service

federator
This procedure explains how to uninstall the device manager service.
Before you begin

1. Close all database command windows and device manager consoles.
2. Log on to the Tivoli Provisioning Manager server:
v Log on as administrator.
3. Stop Tivoli Provisioning Manager. Run the following command from the /TIO_HOME/tools directory:
[tio.cmd|tio.sh] stop -t
4. Verify that the WebSphere Application Server profiles and the database are running.
Procedure
1. Log out as tioadmin and log back on as:
v Administrator
2. Remove the device manager service database tables:
2000
DB2
a. Open a command window.

b. Change to the TIO_HOME/tools/DMS directory.
c. Start the DB2 command line:
db2cmd
d. Set the database instance to the Tivoli Provisioning Manager database instance. The default
instance for a custom installation is ctginst1, and the instance owner is maximo.
Chapter 5. Uninstallation tasks 141

e. Enter the following command on a single line:
[DMS_DB2_uninstall.bat|./DMS_DB2_uninstall.sh] db_name db_owner db_owner_pwd dm_dir schema_name
db_name
The name of the Tivoli Provisioning Manager database.
db_owner
The database instance owner.
The default owner is db2admin.
db_owner_pwd
The password for the database instance owner.
dm_dir
The full path of the device manager service installation directory. The default value is:
v C:\Program Files\ibm\DeviceManager
Note:
v Ensure that you include a backslash (\) at the end of the path.
v The directory path cannot include spaces. For directories that contain spaces, ensure
that you use short names. For example Program Files must be shortened to Progra~1.
schema_name
The database schema name. The default value is maximo.
For example:
v DMS_DB2_uninstall.bat MAXDB71 db2admin pas5word c:\Progra~1\ibm\DeviceManager maximo
3. Open a command window.
4. Change to the config directory in the following directory:
5. If you changed the administrator user for the directory server to another user name, complete the
following steps:
a. Open the file DMSconfig.properties in a text editor.
b. In the instWASUsername=tioadmin line, change tioadmin to the current WebSphere Application
Server administrator user name. For example, if the current WebSphere Application Server
administrator is wasadmin, change the line to:
instWASUsername=wasadmin
c. In the instWASPassword line, change the value of the password in the file to the password for the
current WebSphere Application Server administrator. For example, if the current password is
pass5word, change the line to:
instWASPassword=pass5word
6. Verify if the device manager service application is installed in WebSphere Application Server:
a. Log on to the WebSphere Application Server administrative console.
b. Click Applications > Enterprise Applications and verify if an application named DMS_WebApp
is installed.
c. If DMS_WebApp is installed, continue with step 7.
d. If DMS_WebApp is not installed, skip step 7 and continue with step 8.
7. Remove the device manager service configuration:
[DMSremoveconfig.bat|./DMSremoveconfig.sh] -server -file DMSconfig.properties -showtrace
8. Change to the _uninst directory in the following directory:

9. Run the uninstaller:
uninstaller.[exe|bin]
10. Remove the device manager service installation directory:
What to do next
Proceed to “Uninstalling Tivoli Provisioning Manager for dynamic content delivery.”
Uninstalling Tivoli Provisioning Manager for dynamic content delivery

Uninstall Tivoli Provisioning Manager for dynamic content delivery to remove the component responsible
for centralized control of the uploading, replication, and downloading of files.
Procedure
2. Ensure that Tivoli Provisioning Manager is stopped.
3. Ensure that the device manager service is uninstalled. See “Uninstalling Tivoli Provisioning Manager
for Job Management Service federator” on page 141.
5. Change to the _uninst directory of the following directory. The default location is:
v C:\Program Files\IBM\tivoli\CDS\_uninst
6. Run the uninstaller:
[uninstaller.exe|./uninstaller.bin]
7. When the uninstallation is complete, remove the dynamic content delivery installation directory.
8. Verify if the cds_manager directory contains some directories named Gen1 or Gen2. The default value
for the cds_manager directory is:
v Program Files\Common Files\InstallShield\Universal\cds_manager
If the Gen1 or Gen2 directories exist, delete them.
What to do next
Proceed to “Uninstalling the agent manager.”
Uninstalling the agent manager

Uninstall the agent manager to remove the agent manager servlets from WebSphere Application Server.
The uninstallation wizard does not drop the registry database or delete the agent manager objects from
the database.
Before you begin

1. Log on as tioadmin.
2. Ensure that Tivoli Provisioning Manager is stopped.
3. Ensure that the device manager service and the dynamic content delivery are uninstalled. See
“Uninstalling Tivoli Provisioning Manager for Job Management Service federator” on page 141 and
“Uninstalling Tivoli Provisioning Manager for dynamic content delivery.”

Procedure
2. Remove the database tables.
v 2000
DB2
a. To start the DB2 command line, run the command:

db2cmd
b. Set the database instance to the Tivoli Provisioning Manager database instance. The default
value is ctginst1.
c. Change to the TIO_HOME/tools/CAS directory and run the command:
[CAS_DB2_uninstall.bat|./CAS_DB2_uninstall.sh] db_name db_owner db_owner_pwd
Note: The CAS_DB2_uninstall.bat script closes the command window after you run it. If you
want the command window to remain open so that you can see the status of the command after
it runs, remove the last exit statement from the script.
In the previous command, replace the parameters with the appropriate values:
db_name
The name of the Tivoli Provisioning Manager database.
db_owner
The database instance owner.
The default owner is db2admin.
db_owner_pwd
The password for the database instance owner.
For example:
[CAS_DB2_uninstall.bat|./CAS_DB2_uninstall.sh] MAXDB71 ctginst1 mypassword
3. Log out as tioadmin and log on as Administrator.
4. Run the uninstaller and follow the instructions in the wizard:
AM_HOME/_uninst/uninstaller.[exe|bin]
5. Delete the agent manager installation directory.
6. Remove the WebSphere Application Server profile for the agent manager. The default profile name is
casprofile.
WAS_HOME/bin/manageprofiles.[bat|sh] -delete -profileName casprofile
7. Remove the profile directory WAS_HOME/profiles/casprofile.
What to do next
Proceed to “Uninstalling Tivoli Provisioning Manager engines.”
Uninstalling Tivoli Provisioning Manager engines

Each core component must be uninstalled individually.
Before you begin

1. Ensure that other core components, such as the monitoring agent, Tivoli Provisioning Manager for OS
Deployment, Tivoli Provisioning Manager for Job Management Service federator, the dynamic content
delivery, and the agent manager, are uninstalled. For more information, see “Uninstalling Tivoli
Provisioning Manager core components” on page 139.

3. Stop Tivoli Provisioning Manager and ensure that any running Java processes are stopped. For more
information, see:
v “Starting and stopping the provisioning server on Windows” on page 211
4. Ensure that the database is still running. To start the database:
v 2000
DB2 In the following steps, the database instance is named ctginst1.
a. Log on as a user with administrative permissions.
b. Click Start and select Run.
c. Type services.msc and click OK.
d. Select DB2 - DB2COPY1 - CTGINST1-0 and click Start the service.
Alternatively, you can use the db2start command from a command line to start CTGINST1.
a. Log on as a user with administrative permissions.
b. Start the database:
The uninstallation only removes the Tivoli Provisioning Manager engines. It does not remove:
v The database and application server
v The log files
Procedure
%TIO_HOME%\_uninst\_uninstTPM\uninstaller.exe
2. If you plan to reinstall Tivoli Provisioning Manager, complete the following steps:
a. Log on as tioadmin.
b. Remove the Tivoli Provisioning Manager installation directory.
c. Keep the user tioadmin so that it is ready for the reinstallation.
What to do next
1. If you installed the DB2 client, proceed to “Uninstalling the DB2 client.” Otherwise, skip this step.
2. Proceed to “Uninstalling the base services and web components” on page 146.
Uninstalling the DB2 client

2000
DB2
If you installed the DB2 client, uninstall it after you uninstall core components such as the device
manager service, dynamic content delivery, or agent manager.
Procedure
To uninstall the DB2 client on Windows:

1. Log on as the Administrator user.
2. Open the Add/Remove Programs control panel.
3. From the list of applications, select DB2 client.
4. Click Change/Remove.
5. Select Remove and click Next.
6. Click OK and click Finish.

Uninstalling the base services and web components
To remove the base services and the web components, or if the installation failed while installing the base
services, use these steps to remove the software.
Before you begin

1. Ensure that the core components are uninstalled.
2. Ensure that WebSphere Application Server is running.
Note: If another Tivoli process automation engine product is installed on the same computer as Tivoli
Provisioning Manager, for example, Service Request Manager (SRM) or Change and Configuration
Management Database (CCMDB), do not uninstall the base services and web components.
Procedure
1. Log on to the administrative workstation:
v As the Administrator user.
v MAXIMO_HOME\_uninstall\uninstall.bat. The default location for MAXIMO_HOME is
C:\ibm\SMP.
3. Remove the MAXIMO_HOME directory.
4. Restore the deployment engine database to the backup you created before installing the base services.
For more information, see “Recovering the deployment engine” on page 159.
What to do next
If you are uninstalling middleware on Windows, AIX or Linux, proceed to “Uninstalling middleware.”
Uninstalling middleware
To uninstall the middleware, you must run the middleware installer to undeploy the previously deployed
deployment plan.
Before you begin

v Make sure that the base services are uninstalled. See “Uninstalling the base services and web
components.”
v If you installed the middleware using the middleware installer, you must uninstall the middleware
using the same middleware installer. Otherwise, the registry created when installing the middleware no
longer matches with what is deployed. Therefore, if you then try to reinstall middleware using the
middleware installer, errors might occur.
v If you did not use the middleware installer to install your middleware, see your middleware
documentation for uninstallation instructions.
v At points during the uninstallation process, the middleware installer progress bar might appear to
pause. In most cases, the middleware installer progress bar resumes shortly after pausing. If you think
that your uninstallation process has experienced an error, refer to the middleware installer log files.
v If you reinstall middleware, provide the same value used previously for the DB2 administrators group
during the reinstallation. The middleware installation program creates a default instance for DB2 and
adds the owner of the default instance to the DB2 administrator group specified. When DB2 is
uninstalled, users and groups are not removed. If a different DB2 administrators group value is
supplied, DB2 attempts to associate the owner of the default instance with this new group. This
attempt fails because the owner already belongs to the group specified during the initial installation. To
specify a new DB2 administrators group, remove the existing instance owner and DB2 administrator
group. This task must be done before rerunning the middleware installation program.

To uninstall the application server, ensure that the directory server (Tivoli Directory Server or Microsoft
Active Directory) is running. Do not uninstall the directory server until the application server has been
uninstalled.
If you want to uninstall middleware after a failed middleware installation, complete the following steps
before using the middleware uninstaller:
1. Stop the IBM Tivoli Directory Server (IBM Tivoli Directory Server v6.2 - idsccmdb).
2. Stop the IBM Tivoli Directory Server daemon (IBM Tivoli Directory Admin Server v6.2 - idsccmdb).
3. Start DB2.
4. Start the idsccmdb DB2 instance (DB2 - DB2COPY1 - IDSCCMDB).
5. Start the IBM Tivoli Directory Server daemon (IBM Tivoli Directory Admin Server v6.2 - idsccmdb).
Procedure
1. Log in as:
v Administrator
3. In the launchpad navigation pane, click Custom Installation.
4. Click Install middleware.
6. From the Welcome panel, click Next.
8. From the Choose Workspace panel, specify the workspace directory containing the currently
deployed plan and click Next. The default location for the workspace is the last workspace location
specified. For example:
9. From the Select Operation panel, select Undeploy the plan and click Next.
10. From the undeployment preview panel, click Next to undeploy the plan.
11. From the successful undeployment panel, click Cancel to exit the middleware installer.
12. Reboot the system if you plan to reinstall middleware on this system using the middleware installer.
What to do next
Proceed to “Removing items remaining after uninstallation.”
Removing items remaining after uninstallation

Some uninstallation programs do not remove all files or configuration settings on the computer. Ensure
that you remove all items remaining after uninstallation if you want to reinstall any Tivoli Provisioning
Manager software.
After uninstalling Tivoli Provisioning Manager, you might need to perform some cleanup tasks.
Removing application files and configuration settings

Files and configuration settings that remain after some applications are uninstalled can cause an
installation of Tivoli Provisioning Manager to fail. Ensure that you check for files and settings that need
to be removed.
If you uninstalled Tivoli Provisioning Manager, check that the installation directory has been
deleted. The default location is:
v C:\Program Files\IBM\tivoli\tpm

If this directory remains after uninstallation, reinstallation of the product might fail.
WebSphere Application Server
If WebSphere Application Server was previously installed on the computer, verify the following
items:
v Ensure that the WebSphere Application Server installation directory is deleted. The default
location is:
– C:\Program Files\IBM\WebSphere\AppServer
v The vpd.properties file lists program components that are installed. Check the vpd.properties
file for entries that must be removed.
– The file is located in the operating system installation directory, such as C:\windows.
For more information about the file, see the following topic in the WebSphere Application
Server information center.
Middleware Installer Directories
Ensure that the following directories are deleted:
v 2000
DB2
– SystemDrive:\Program Files\IBM\SQLLIB
where SystemDrive is the disk drive that contains the hardware-specific files used to start
Windows. Typically, the system drive is C.
v Tivoli Directory Server
– C:\Program Files\IBM\LDAP\V6.2
v IBM HTTP Server
– C:\Program Files\IBM\HTTPServer
The deployment engine database
1. Set up the environment using the following command:
v C:\Program Files\IBM\common\asci\setup\setenv.cmd
2. Remove the deployment engine database using the si_inst command:
v C:\Program Files\IBM\common\asci\bin\si_inst.bat
3. Delete the \asci directory.
4. Restart the provisioning server.
Removing the Global Unique Identifier

A Global Unique Identifier is used to identify a Tivoli common agent on a computer. The agent ID is the
name of the installation directory of the common agent. If you are uninstalling the Tivoli GUID tool or
the Tivoli Common Agent, the agent ID is not automatically removed from the system. You must remove
existing agent IDs from the computer before you install Tivoli Provisioning Manager.
The following is an example of the registry entry:

[HKEY_LOCAL_MACHINE\SOFTWARE\Tivoli\GUID]
"Path"="C:\\Program Files\\Tivoli\\guid"
"TIVGUID"=hex:32,b0,e6,f0,c9,ca,11,d7,9a,e6,00,60,94,53,9b,b6
@=""
To manually remove the GUID from the registry, complete the following steps:
1. Start regedit.
2. Navigate to \HKEY_LOCAL_MACHINE\SOFTWARE\Tivoli\GUID\.
3. Remove the GUID entry.

Results
The Tivoli Provisioning Manager uninstallation is completed.
What to do next
v If you plan to reinstall middleware using the middleware installer, ensure that you provide the same
value for the DB2 administrators group during the reinstallation. The middleware installer creates a
default instance for DB2 and adds the owner of the default instance to the DB2 administrator group
specified. When DB2 is uninstalled, users and groups are not removed. During the reinstallation, if a
different DB2 administrators group value is supplied, DB2 attempts to associate the owner of the
default instance with this new group, which might fail because the owner already belongs to the group
specified during the initial installation. If you must specify a new DB2 administrators group during the
reinstallation, remove the existing instance owner and DB2 administrator group before running the
middleware installer again.
v In most cases, the middleware installer does not stop the uninstallation process or report failures
during the uninstallation process. Only in the case where you are uninstalling an application server
that was secured using IBM Tivoli Directory Server and that directory server has not been started, you
encounter an error that stops the uninstallation process. This exception is also recorded in the mwi.log
file.
To verify that middleware products were correctly uninstalled, you must check the deployment plan
logs. For more information, see “The middleware installer logs” on page 34.
Uninstalling and reinstalling the deployment engine database

These instructions are for restoring the deployment engine database to the state it was in before process
managers were installed.
Before you begin

1. Stop the deployment engine:
v Control Panel > Administrative Tools > Services > IBM ADE Service.
2. Back up the deployment engine database of the administrative system before and after applying any
updates to an existing deployment. Having backups allows you to recover from partial installation
attempts where process manager components were partially installed. If you do not have a backup of
the deployment engine database, you must reset the database to a clean state by uninstalling and
reinstalling the deployment engine. This is a destructive process. If products other than Tivoli
Provisioning Manager are using the deployment engine, this deletes data for those products also.
To uninstall and resinstall the deployment engine database, complete the following steps:
Procedure
1. Change directory to the deployment engine installation location.
2. Remove any locks held by deployment engine:
erase "c:\Program Files\IBM\Common\acsi\logs\.lock*"
3. Include jre (Java) in the class path:
set path=C:\IBM\SMP\jre\bin;%PATH%
4. Uninstall the deployment engine
si_inst -r -f
Results
You can safely ignore warnings that all files and directories cannot be removed. The deployment engine
is reinstalled when the product installation program is run again.

Reinstalling Tivoli Provisioning Manager
Before you reinstall software, ensure that the product has been uninstalled correctly and that the services
required during each installation stage are started.
1. Ensure that you uninstalled all software as described in Chapter 5, “Uninstalling Tivoli Provisioning
2. 2000
DB2 If you reinstall the middleware, provide the same value used previously for the DB2
administrators group during the reinstallation. The middleware installation program creates a default
instance for DB2 and adds the owner of the default instance to the DB2 administrator group specified.
When DB2 is uninstalled, users and groups are not removed. If a different DB2 administrators group
value is supplied, DB2 attempts to associate the owner of the default instance with this new group.
This attempt fails because the owner already belongs to the group specified during the initial
installation. To specify a new DB2 administrators group, remove the existing instance owner and DB2
administrator group. This task must be done before reinstalling the middleware.
3. Ensure that the services are started:
The base services
v Middleware
v The deployment engine for the solution installer on the administrative workstation:
– Check the Services control panel. If the IBM ADE service is not running, start it.
Tivoli Provisioning Manager core components
Ensure that the middleware is started before you resume installation.
Ensure that the Tivoli Provisioning Manager installation directory and the GUID are removed
as described in “Removing items remaining after uninstallation” on page 147. The middleware
steps do not need to be performed.
The middleware
If you are using the middleware installer to reinstall the middleware, the deployment engine
for the solution installer must be started on all middleware computers, if it is still installed.

Appendix A. Troubleshooting installation
Review the following topics for problems that you might encounter during installation.
If you encounter errors during Tivoli Monitoring agent installation, see the following resources:
v Troubleshooting information in the Tivoli Monitoring agent for Tivoli Provisioning Manager User
Guide.
v The Troubleshooting Guide in the IBM Tivoli Monitoring Version 6.2.2 information center.
Problems during middleware installation

See the following information to diagnose and resolve middleware installation errors.
In addition to the problems listed in this topic, check the technotes for middleware installation problems
available at http://www-01.ibm.com/support/search.wss?rs=1015&tc=SS2GNX&dc=DB560
&rankprofile=8&q1=mwi&sort=desc&dtm.
Backing up and restoring the deployment engine database

These instructions are for backing up and restoring the deployment engine database to the state it was
before installing middleware on middleware servers or process managers on the administrative
workstation.
Before you begin

1. Stop the deployment engine:
v Control Panel > Administrative Tools > Services > IBM ADE Service
2. Back up the deployment engine database of the administrative system before and after applying any
updates to an existing deployment. Having backups allows you to recover from partial installation
attempts where process manager components were partially installed. These instructions are provided
for manual backup and restore of the deployment engine database. If you used the launchpad links to
back up the deployment engine database automatically, restore the deployment engine database from
the location that you specified in the installer panels.
Procedure
1. Set up the environment using the following command:
c:\Program Files\IBM\Common\acsi\setenv.cmd
2. Run the command to back up the deployment engine registry:
c:\Program Files\IBM\Common\acsi\bin\de_backupdb.cmd <backup file name>
Use a meaningful name for <backup_file_name> to indicate that it contains the state of the registry
after your installation of Provisioning Manager.
To restore a backup of the deployment engine database:
c:\Program Files\IBM\Common\acsi\bin\de_restoredb -bfile "<backup_directory>\DEBackupBeforeMBS"
where <backup_directory> is the directory that you selected to back up the deployment engine
database. where <backup_file_name> is the file containing the deployment engine backup that you
made.

CTGIN9077E error during middleware installation
If the middleware installer is canceled during middleware installation, you might encounter errors.
Symptoms
The following error is generated in the installation step for the deployment engine:
CTGIN9077E: Deployment Engine did not start successfully. Please try to manually start
the Deployment Engine and restart the installer.
Resolving the problem

1. Exit the middleware installation program.
2. Restart the deployment engine. Run the command:
v net start "IBM ADE Service"
If the deployment engine is started successfully, restart the middleware installation program and resume
middleware deployment.
Links in the launchpad do not work

Symptoms
If the installation binary files are copied in a Windows mapped network drive, and the launchpad.exe file
is run from there, the following links in the launchpad do not work:
v 1.3 Back up WebSphere Configuration
v 2.4 Back up base service Home Directory
v Start backup

1. Copy the launchpad64.exe (Windows 64-bit) or launchpad.exe (Windows 32-bit), and launchpad.ini
files to the launchpad folder and the install/tools folder to your local hard disk directory.
2. Run the launchpad64.exe (Windows 64-bit) or launchpad.exe (Windows 32-bit) file from your local
hard disk drive directory to back up the WebSphere Application Server and base services.
Errors with the middleware installer

Solutions to installation errors regarding insufficient disk space and the middleware installer.
Symptoms
1. The solution installer is included with some IBM products. If the middleware installer detects an
existing installation and the service is not started, an error is displayed.

1. If the middleware installer reports insufficient disk space, make more disk space available on the
computer, and then restart the middleware installer program. Check the disk space requirements in
the installation guide.
2. If the solution installer was previously installed by another product, you must start it manually before
running the middleware installer.
a. Check for an existing installation of solution installer. The default installation location is:
b. If an installation exists, check that the deployment engine is working:
1) Run the command setenv.
2) Run the following command from the solution installer directory:

listIU.cmd
If the deployment engine installed correctly, you receive output similar to the following:
IU UUID: DDCE934782398B3E81431666515AC8B5 Name: DE Extensions
Interfaces CLI IU Version: 1.3.1
IU UUID: C37109911C8A11D98E1700061BDE7AEA Name: Deployment
Engine IU Version: 1.3.1
IU RootIU UUID: D94240D11C8B11D99F2D00061BDE7AEA Name:
Install IU Version: 1.3.1
c. If solution installer is already installed, start the service:
DB2 installation fails when configured names do not match

2000
DB2
The node name and host name must match when installing DB2.
Symptoms
DB2 installation stops halfway when the configured node name is different from the configured host
name.
Causes
The DB2 installation uses the uname -n command to obtain the node name of the computer. Typically, the
node name is the same as the host name that is returned with the hostname command. Tivoli
Provisioning Manager installation requires that the host name and the node name of the computer are
identical.
Check the value of the host name and node name. You must change the node name if it does not match
the host name.
1. Run the command hostname to obtain the host name.
2. Run the command uname -n to obtain the node name.
3. If the node name is different than the host name:
a. Log on as root.
b. Change the node name to match the host name. For example, to change the node name to
myserver, run the following command:
uname -S myserver
Database error during installation

2000
DB2
You might receive an error stating that the DB2INSTANCE variable is missing, but it can be disregarded.
Symptoms
v You receive this error during installation:
SQL1390C The environment variable DB2INSTANCE is not defined or is
invalid.
v The following message appears in the DB2 installation log called db2inst.log:
1: WARNING:A minor error occurred while installing "DB2 Enterprise Server
Edition" on this computer. Some features may not function correctly.
Appendix A. Troubleshooting 153

Causes
This is a known issue. This error occurs because Tivoli Provisioning Manager is initially deployed
without any DB2 instances. The DB2INSTANCE variable is defined later in the installation process.
This error message can be disregarded.
Cannot connect to Tivoli Directory Server

Tivoli Directory Server must be installed and running before you install Tivoli Provisioning Manager.
Symptoms
During the Tivoli Provisioning Manager installation, the system might indicate that it cannot connect to
the IBM Tivoli Directory Server.
Causes
This error occurs because Tivoli Directory Server was not started before running the installer. Tivoli
Directory Server must be started before you install Tivoli Provisioning Manager so that the installer can
connect to it.

1. Ensure that Tivoli Directory Server is installed:
a. If the installation destination directory was created, check the installation log file for the directory
server:
v C:\IBM\LDAP\ldapinst.log
After the installation of the directory server is complete, an LDAP database must be created within
DB2. For more information, refer to the Tivoli Provisioning Manager 7.2 Installation Guide.
The ldapcfg.stat file shows the syntax that was used at the time of the database creation:
C:\IBM\ldap\bin\ldapcfg -n -a db2inst1 -w password -d LDAP -l
C: -c -f C:\IBM\ldap\tmp\ldapcfg.dat
The ldapcfg.stat file is located in the following directory:
v C:\IBM\ldap\tmp\ldapcfg.stat
2. Verify the status of the directory server, using the ibmdirctl tool, located in the following directory:
v C:\IBM\ldap\bin
Type the following command to check the directory server status:
ibmdirctl -D cn=root -w <password> status
3. If the directory server is not started, start it by using the following command:
start: ibmdirctl -D cn=root -w <password> start
Cannot connect to the database server during installation

The database server must be installed and running before you install Tivoli Provisioning Manager.
Symptoms
During the installation, the system indicates that it cannot connect to the database.
Causes

This error occurred because the database was not started before running the installer. The database server
must be started before you install Tivoli Provisioning Manager, so that the installer can connect to it.
Ensure that the database server is installed. Verify the status of the database server. If it is not started,
start it. Use the following commands to start the DB2 server:
v DB2 - <instance_name>
If the database server was successfully started, you can see the following output:
db2start 12-21-2004 14:44:01 0 0 SQL1063N
DB2START processing was successful. SQL1063N
DB2START processing was successful
You must also verify whether the required port is available:

netstat -an |grep 50000
Tivoli Directory Server installation step fails during Tivoli Provisioning

Manager installation
The Tivoli Directory Server instance creation will fail if it cannot write files to the home directory of the
LDAP instance user or if the home directory does not exist.
Symptoms
During the Tivoli Management Agent installation, the Tivoli Directory Server installation step fails. The
log file /tmp/itds60/idsicrt.log has an error message similar to the following:
GLPICR058E: The specified directory, /home/ldapinst,
is not a valid directory, does not exist, or is not writable.
Causes
The LDAP instance user was manually created but the associated home directory does not exist. This
causes the Tivoli Directory Server instance creation to fail because it cannot write files to the home
directory of the LDAP instance user.
If the LDAP instance user is manually created, check to ensure that the home directory exists and that it
is writable by the LDAP instance user.
The Microsoft Active Directory configuration fails

The Microsoft Active Directory SSL certificate must be generated and configured manually.
Symptoms
The Microsoft Active Directory configuration fails.
Causes
The Microsoft Active Directory SSL certificate is missing. If you run the Tivoli Provisioning Manager
installer without the SSL certificate, the Microsoft Active Directory configuration will fail.

This is a manual configuration step that you must complete before you install Tivoli Provisioning
Manager.
1. Generate the SSL certificate on the Microsoft Active Directory server.
2. Install the SSL certificate on the client.
3. Import the schema.ldif and ldap.ldif files into the Microsoft Active Directory server. Instructions for
this step are found in theTivoli Provisioning Manager Installation Guide Version 7.2.
Error configuring database during middleware installation

An error occurs during the database configuration because of missing XML files when installing the
middleware.
Symptoms
File corruption leads to missing XML files.
Causes
Older versions of Winzip causes an incompatibility problem.
Use a newer version of Winzip.
The Tivoli Provisioning Manager installation fails with incorrect

certificate value
If your Tivoli Provisioning Manager installation fails with error code 1005, it is because your Microsoft
Active Directory certificate value is incorrect.
Symptoms
The Tivoli Provisioning Manager installation exits with error 1005.
Causes
The Microsoft Active Directory certificate is missing but the user enters a value for the certificate location
during the install. If the file does not exist, then the error occurs. There is no other information available
with this error code.
Ensure that you have a correct certificate value.
WAS_HOME error when using login window manager

If you use a login window manager like Common Desktop Environment (CDE), it might bypass the user
profile file for tioadmin. When the profile file is bypassed, the system cannot create a complete login
environment, causing an error.
Symptoms
When starting Tivoli Provisioning Manager using a login window manager such as the Common Desktop
Environment (CDE), a message informs you that WAS_HOME is not set.
Causes

The login window manager might have bypassed the required user profile file.
The tioadmin user uses the bash shell as the login shell, which is supported for a line-mode login (for
example, using telnet). If you use a login window manager, it might bypass the .profile file for
tioadmin. When the profile file is bypassed, the system cannot create a complete login environment.

1. Create the .bashrc file in the tioadmin home directory, and insert the following line: $HOME/.profile
2. Save the file.
3. Edit the .dtprofile in the tioadmin home directory and remove the comment from the line:
DTSOURCEPROFILE=true. This file is created automatically when user tioadmin logs in to the login
window manager for the first time.
4. Login as tioadmin again to the login window manager.
Encountering error CTGIN9042E

During middleware installation using the middleware installer, you might encounter error CTGIN9042E
which occurs during the installation step for WebSphere Application Server Network Deployment 6.1.
If you encounter error CTGIN9042E during the normal use of the middleware installation program, it
might be related to stale entries in the CEI registry.
In order to troubleshoot this error, complete the following steps:
Procedure
1. First check de_processreq.log for failures related to VerifyLogsInInstallLogs Action. The
de_processreq.log file can be found at:
<workspace>\<machine name>\deploymentPlan\MachinePlan_<computer shortname>
/00009_WAS_ND_6.1/install/01_BASE/[INSTALL_<processing.req.id>]/logs/de_processreq.log
So, for example, if the workspace is located at: C:\ibm\tivoli\workspace, the computer name is
mycomputer, and the processing.req.id is created as a date_timestamp, then the de_processreq.log
would be located in:
C:\ibm\tivoli\mwi\workspace\mymachine.ibm.com\deploymentPlan\MachinePlan_mymachine\
00009_WAS_ND_6.1\install\01_BASE\[INSTALL_1130_06.54]\logs
2. Next, check for any stale WebSphere Application Server Network Deployment entries:
a. Extract the native image of WebSphere Application Server Network Deployment:
v WAS-ND_WindowsIA32_Custom_v61023
b. Open the console window.
c. Navigate to the bin folder of extracted image. For example:
\WAS\installRegistryUtils\bin
d. List registry entries:
v installRegistryUtils.bat -listProducts
e. Check for WebSphere Application Server Network Deployment related entries. If any WebSphere
Application Server Network Deployment entries are listed, even if you have successfully
uninstalled WebSphere Application Server Network Deployment, you will need to clean the
registry entry.
3. Clean the registry entries:
a. Clean WebSphere Application Server Network Deployment entries from the registry:
installRegistryUtils -cleanProduct -offeringID ND -installLocation
<WAS installation location path>

b. Edit the vpd.properties file by removing any WebSphere Application Server Network Deployment
entries, and then save the file. The file is located in the installation directory of the operating
system:
v C:\WINNT directory or C:\windows directory
4. After cleaning the registry, run the middleware installation program again and restart the plan.
WebSphere Application Server Network Deployment is now successfully installed in the default
location.
For example, C:\Program Files\IBM\WebSphere\AppServer.
Uninstallation of WebSphere Application Server Network Deployment

fails after unsuccessful binding to the LDAP directory
You encounter an error during the installation of WebSphere Application Server Network Deployment
using the middleware installation program and then when you attempt to undeploy the middleware
deployment plan related to unsuccessful binding to the LDAP directory.
When using the middleware installation program, you encounter the option to configure WebSphere
Application Server Network Deployment security with an existing remote LDAP directory. The remote
LDAP directory can be hosted by either Microsoft Active Directory or by IBM Tivoli Directory Server. To
configure WebSphere Application Server Network Deployment successfully, you need to provide the
credentials to access the remote LDAP server. The set of credentials include:
v Host name or IP address
v Port in which LDAP server is running
v LDAP base entry
v User, Group, and Organization suffix
v Bind DN and password
Also the WebSphere Application Server Network Deployment Administrator user ID and password must
have existing entries in the remote LDAP Directory. If you provide the middleware installation program
with the wrong credentials, the installation might fail at the WebSphere Application Server Network
Deployment configuration step. Once the initial installation has failed, the uninstallation (undeployment)
of the deployment plan might fail due to incorrect credentials given at the time of installation. WebSphere
Application Server Network Deployment cannot issue the stopManager command in order to stop the
ctgDmgr01 profile. The following error is generated:
SECJ0305I: The role-based authorization check failed for admin-authz operation
Server:stop:java.lang.Boolean:java.lang.Integer. The user UNAUTHENTICATED
(unique ID: unauthenticated) was not granted any of the following required roles:
operator, administrator.
To resolve the problem:

1.
a. In the Services control panel, change the startup type of the following WebSphere Application
Server Network Deployment entries from Automatic to Manual.
IBM WebSphere Application Server V6.1 - ctgCellManager01
IBM WebSphere Application Server V6.1 - nodeagent
b. Restart the system.
c. Restart the middleware installation program to undeploy the plan.
Problems during base services installation

See the following information to diagnose and resolve base services installation errors.

Recovering from a failed installation without the uninstallation
program
If the installation program has failed at the point where it did not produce the product uninstallation
program, you must perform additional manual uninstallation tasks.
Complete the following steps to uninstall Provisioning Manager:

1. Resolve the cause of the problem.
2. Recover the deployment engine database. For more information, see “Recovering the deployment
engine.”
3. Custom
Default
XML Recover the database. Drop the Provisioning Manager database and create it again.
Default For default installation on Windows, skip this step.
4. Ensure that you are logged on as the same user ID used to start the installation program and delete
the MAXIMO_HOME directory manually. The default location is:
v C:\IBM\SMP
5. If you are using IBM Tivoli Directory Server, restart the directory server.
6. Attempt the installation again.
Base services installation does not accept LDAP names with spaces
Add quotation marks (" ") around the LDAP distinguished names if you need to include spaces.
Symptoms
Manually entering the User base entry and Group base entry LDAP information during the base services
installation causes the LDAP validation to fail.
Causes
Spaces in the LDAP distinguished names are not supported.
Add quotation marks (" ") around the LDAP distinguished names. For example, if the distinguished
names for your User base entry is Test Users and LDAP Test, add quotation marks around the
distinguished names.
ou="Test Users",ou="LDAP Test",DC=mydomain,DC=tod,DC=ibm,DC=com
Recovering the deployment engine

Depending on your specific scenario, you might restore a previous backup of the deployment engine
registry or remove the deployment engine completely.
Recovering the deployment engine can result in loss of registration information about installed software
components, which includes both Provisioning Manager and non-Provisioning Manager components. This
situation causes the deployment engine registry to not accurately reflect the state of the system. Before
using these uninstallation instructions or scripts, read the following information to determine the effect of
these operations to your environment.
Recovery from a partial installation in which no base services programs were registered in the
deployment engine registry
To determine if base services programs have been deployed and registered in the deployment
engine registry:
1. Change to the MAXIMO_HOME/bin directory.

solutionInstaller -action showinstalled -type all
The CTGIN0059I message indicates which base services programs are installed. If no base
services programs have been installed, the installation failed before any programs were installed
and registered in the deployment engine registry. If no programs are installed, do not uninstall
the deployment engine or restore a previous backup. The current deployment engine registry
must be preserved and does not prohibit installation of the base services programs during the
subsequent installation.
Recovery from a partial or full installation in which one or more base services programs were
registered in the deployment engine registry
If the showinstalled results indicate that there are one or more base services programs installed,
you must restore the backup of the deployment engine database using the following command:
v c:\Program Files\IBM\Common\acsi\bin\de_restoredb.cmd -bfile <backup file loc>
where, <backup file name> is the file containing the deployment engine backup. Restore the
deployment engine database backup after completing the steps to remove the Process Manager
configuration. You must not uninstall the deployment engine before reinstalling Provisioning
Manager.
Recovering from problems during base services installation

If the base services installation fails, restore the WebSphere Application Server configuration and the
database to their previous states, and then start the base services installation again.
Symptoms
The base services installation fails with the error message Failed to install IBM Tivoli Provisioning
Manager base services.
There might be errors regarding a database update problem.

1. Uninstall the base services. For more information, see “Uninstalling the base services and web
components” on page 146.
2. Log on to the computer where WebSphere Application Server is installed and recover the backup
data.
a. Stop WebSphere Application Server Network Deployment:
%WAS_HOME%\profiles\ctgAppSrv01\bin\stopServer.bat MXServer -username <wasadmin_user> -password <wasadmin_password>
%WAS_HOME%\profiles\ctgAppSrv01\bin\stopNode.bat -username <wasadmin_user> -password <wasadmin_password>
%WAS_HOME%\profiles\ctgDmgr01\bin\stopManager.bat -username <wasadmin_user> -password <wasadmin_password>
b. Restore the ctgDmgr01 configuration. Enter the following command on a single line.
%WAS_HOME%\bin\restoreConfig.bat c:\backups\WASBackup_beforeBSI_DMProfile.zip -logfile
c:\backups\restore_dmgr.log -user <wasadmin_user> -password <wasadmin_password> -profileName ctgDmgr01
c. Restore the ctgAppSrv01 configuration. Enter the following command on a single line:
%WAS_HOME%\bin\restoreConfig.bat c:\backups\WASBackup_beforeBSI_AppSrvProfile.zip -logfile
c:\backups\restore_appSrv01.log -user <wasadmin_user> -password <wasadmin_password>
-profileName ctgAppSrv01
3. Log on to the database server as the database instance owner and recover the database. For example,
if the default user is ctginst1:
2000
DB2
a. set db2instance=ctginst1
b. Drop the database:
db2 drop db <db_name>
c. Restore the database. Enter the following command on a single line:
db2 restore database <db_name> user ctginst1 using <instance_owner_password> from <DB2_BACKUP_DIR>
with 3 buffers buffer 1000 without rolling forward without prompting

4. If you are using the base services for other products that are installed in the same environment as
Provisioning Manager, restore the deployment engine database to the state before installing the base
services. For more information, see “Backing up and restoring the deployment engine database” on
page 151.
5. Log on to the computer where WebSphere Application Server is installed and start WebSphere
Application Server:
6. Restart the base services installation. For more information, see “Installing the base services” on page
98.
Deployment of MAXIMO.ear fails

The port settings need to be properly set up on both the provisioning server and on the administrative
workstation where the base services are installed.
Symptoms
The base services WebSphere Application Server trace logs indicate that there was a file transfer error for
MAXIMO.ear.
Causes
The port settings might not be properly set up.
Verify the port settings on both the provisioning server and on the Windows computer where the base
services are installed. On both computers, ensure that the port speed settings for the network interface
card and for the port switch match. Setting the port speed to bidirectional communication on both the
network interface card and on the port switch is recommended.
Error CTGIN2252I during base services installation

If you did not encounter other installation errors for the web components and you can successfully log
on to the web interface, you can continue with installation.
Symptoms
At the end of base services installation, the following error is displayed:

CTGIN2252I: Can not access to base services web application.
Causes
At the end of the base services installation, the installer tries to connect to the web application. The
connection might fail if the web application is not yet running on the application server.
If you did not encounter other installation errors for the web components and you can successfully log
on to the web interface, you can continue with installation. To log on to the web interface, open a
browser window and type https://host_name:port/maximo, where host_name is the fully-qualified
domain name of the provisioning server and the default port number is 9443.

Errors CTGIN2381E or CTGIN2489E during Maximo database upgrade
By failing to commit environmental changes when installing a second ISM family product on a system
that already hosts another ISM family product, this error might be displayed during middleware
installation.
Symptoms
One of the following error messages can occur either in an installation panel, or the
CTGInstallTrace00.log file:
CTGIN2381E: Maximo Database upgrade command failed. Command: Database Upgrade command validation failed.
CTGIN2381E: Maximo updatedb utility would fail.
The following message can occur in the CCMDB_install.log file:

CTGIN2489E: The Maximo database contains backup tables that must be manually
removed before this update can be applied. Please refer to the readme information
that came with this update or the upgrade section of the guide for Planning and
installing the product for more information.
Causes
This message indicates that there were changes made in your environment that need to be committed in
the database before new products can be added into the database.
To commit the pending database changes:

1. Click Go To > System Configuration > Platform Configuration > Database Configuration.
2. From the Select Action menu, click Manage Admin Mode.
3. Click Turn Admin Mode ON.
4. Click OK, then wait for about five minutes for the change to take effect.
5. From the Select Action menu, click Apply Configuration Changes, then monitor to completion.
6. Click Go To > System Configuration > Platform Configuration > Database Configuration.
7. From the Select Action menu, click Manage Admin Mode.
8. Click Turn Admin Mode OFF.
9. Stop the MXServer.
10. In the directory <base_services_install_dir>\maximo\tools\maximo, run configdb.bat|.sh once,
and dropbackup.bat|.sh twice.
11. If you get any error messages, run these scripts again.
12. Continue with the installation.
The base services installation fails

Make sure the deployment engine is running when installing the base services.
Symptoms
The following message is displayed at the end of the base services installation:
The installation is finished, but some serious errors occurred during the install.
The error message tells you to check the file CTGInstallTrace00.log. The log file contains an error similar
to the following example:

** ERROR: Autonomic Deployment Engine installation/upgrade failure.
Return code: 3
Failure: DE in use or general failure
See the CCMDB si_inst.log and DE logs for additional information.
If you continue with web components installation on the same computer, the installation fails.
Causes
There are several possible causes for this error.
Verify the following:

1. Change to the following directory:
2. Clean up any existing .lck files.
Note: If you created images after completing stages of the Tivoli Provisioning Manager installation,
the lock files might have been present in an image of the computer that you recovered before running
the web components installer.
3. Verify that the deployment engine is running. Check the Services control panel. If the IBM ADE
service is not running, start it.
4. Set the environment:
setenv.cmd
5. Run the following command from the solution installer directory.
listIU.cmd
If the deployment engine engine installed correctly, you receive output similar to the following
example:
IU UUID: DDCE934782398B3E81431666515AC8B5 Name: DE Extensions
Interfaces CLI IU Version: 1.3.1
IU UUID: C37109911C8A11D98E1700061BDE7AEA Name: Deployment
Engine IU Version: 1.3.1
IU RootIU UUID: D94240D11C8B11D99F2D00061BDE7AEA Name:
Install IU Version: 1.3.1
6. If the deployment engine is not running properly:
Copy
a. %TEMP%\CCMDBTaskStore
b. In MAXIMO_HOME\de directory, reinstall the deployment engine.
si_inst.bat
c. Run the listIU command again.
d. If the deployment engine is still is not running properly, restart the administrative workstation and
copy MAXIMO_HOME\CCMDBTaskStore back to %TEMP% or /tmp.
e. Ensure that the deployment engine service is running.
f. Run the listIU command again to verify the deployment engine installation.
7. Change to the MAXIMO_HOME\bin directory and run the following command:
solutionInstaller -action showinstalled -type all
8. Continue the base services installation. In the MAXIMO_HOME\scripts directory, run the following
command:
taskRunner.bat CONTINUE STOPONERROR

The base services installer fails to validate the installation
Symptoms
When you have more than one middleware node installed and you import the middleware configuration
information, the base services installation fails.
Causes
Middleware installed on different computers, with multiple middleware installer workspaces contain
fragments of the middleware configuration information. When you run the base services installation, it
fails because it does not have the complete set of data.
When running the base services installation, deselect the Import data from Middleware Installer
workspace check box, and type all the middleware information.
Maximo business objects are out of sync between the deployment

engine and the WebSphere runtime
Ensure that the Tivoli Provisioning Manager deployment engine runtime and the Maximo WebSphere
Application Server runtime must be in sync. If any changes are made from base services, or additional
packages to WebSphere Application Server runtime under the base services are added, it could cause
code binary level to be out of sync.
Symptoms
The Tivoli Provisioning Manager server uses Maximo businessobjects.jar and other version-related xml
files in its deployment engine runtime, while starting MXServer as part of provisioning server startup.
Causes
The businessobjects.jar file and other xml files must be synchronized between WebSphere Application
Server runtime and the Tivoli Provisioning Manager LWI runtime.
After installation or upgrade, the user must check the businessobjects.jar file size and make sure that
the version from both WebSphere Application Server and Tivoli Provisioning Manager LWI runtime are
the same size.
Note: : If this is an ISM integration use case, you must do this check each time you install or update a
new Tivoli Process Automation Engine (TPAE) or application. For example, if a user installs a Change
and Configuration Management database (CCMDB) or Service Request Manager (SRM) on top of the
existing Tivoli Provisioning Manager server, or upgrading TPAE fixes/hotfixes you must check that the
files are in sync.
If the file sizes are different, you must manually align the runtimes.
1. Log in to the provisioning server as tioadmin.
2. Back up the businessobjects.jar folder:
v TIO_HOME\lwi\runtime\tpm\eclipse\plugins\tpm_pmp\maximoLibs
3. Go to the /WebSphere/AppServer/profiles/ctgAppSrv01/installedApps/ctgCell01/MAXIMO.ear/ and
locate the businessobjects.jar file.
4. Copy the businessobjects.jar file from the MAXIMO.ear/ folder to the Tivoli Provisioning Manager
LWI runtime folder:

cp businessobjects.jar $TIO_HOME/lwi/runtime/tpm/eclipse/plugins/tpm_pmp/maximoLibs/businessobjects.jar
5. Restart the provisioning server.
Maximo business objects from the deployment engine gets out of sync
with the ones in the application server
The Maximo business objects that the deployment engine uses need to be in sync with the Maximo
business objects deployed in the application server. If these objects are out of sync, it can potentially
break the production deployment engine.
Symptoms
If you install a fix pack for a different base services product in a base services environment, then the fix
pack is only deployed on the application server. Because of this, the Maximo business objects that the
deployment engine is using might be out of sync with the ones in the application server, causing errors.
Causes
The Maximo business objects that the deployment engine uses need to be in sync with the Maximo
business objects deployed in the application server. If these objects are out of sync, it can potentially
break the production deployment engine.
If you have Tivoli Provisioning Manager deployed with other base services products, you must re-create
and copy the Maximo business objects used by the Web application to the deployment engine. To do this,
follow these steps:
1. Enter these commands in the command prompt:
MAXIMO_HOME
unzip maximo.ear businessobjects.jar
This will generate a file named businessobjects.jar.
Note: The businessobjects.jar file is extracted from the maximo.ear file that is created after
deploying any fix pack from the MAXIMO_HOME/deployment/default directory.
2. Copy the businessobjects.jar file into the following directories:
v TIO_HOME/eclipse/plugins/pm_pmp/maximoLibs
v TIO_HOME/lwi/runtime/tpm/eclipse/plugins/tpm_pmp/maximoLibs
If there is already a businessobjects.jar file in either directory, overwrite it.
Error CWLAA6003 occurs after CCMDB installation

To display the portlet, you must reinstall the ISC.
Symptoms
After the Change and Configuration Management Database (CCMDB) installation, the Manage Users and
Manage Groups in the ISC (Integrated Solutions Console) display the following error:
CWLAA6003: Could not display the portlet, the portlet may not be started.
Causes
The ISC is corrupted following the CCMDB installation.

To reinstall the ISC:
1. Back up the current environment.
2. Stop the Server1 stand alone profile or dmgr (deployment manager process)
3. Clean up the old logs, and workspace directory content of <WAS Server1 or dmgr>\profiles\
profileName\logs and <WAS Server1 or dmgr>\profiles\profileName\wstemp.
v WAS_HOME\profiles\profileName\bin\wsadmin.bat -conntype NONE -f deployConsole.py remove
ISC ear was removed successfully.
v
<WAS Server1 or dmgr>\profiles\profileName\bin\wsadmin.bat -conntype NONE -f deployConsole.py install
Check ISC reinstalled successfully.
6. Restart Server1 or dmgr process.
Recovering from deployment engine failure during installation

If the deployment engine fails during installation, you must clean it up using the steps in this procedure.
Before you begin
You might see the following messages in the DE_Install.log file, which indicate a problem with the
deployment engine:
WaitForStart main Exception is: DRDA_NoIO.S:Could not connect to Derby Network Server on host 127.0.0.1,
port 4130.
WaitForStart main Caught an Exception in loop #2 while pinging the NetworkServerControl server.
By default, the log file is located in:

v C:\Program Files\IBM\Common\acsi\logs\Administrator
where user_name is the name of the user who installed the deployment engine.
First attempt to remove the deployment engine database using the si_inst command:
If the installation was done using the Administrator user

C:\Program Files\IBM\Common\acsi\bin\si_inst -r
If the installation was done using a user other than Administrator
C:\Documents and Setting\<userid>\acsi_<user_name>\si_inst -r
where user_name is the name of the user who installed the deployment engine.
If the si_inst command does not remove the deployment engine database, delete it manually.
Removing the deployment engine database on Windows

If the installation was done using the Administrator user:
1. In Windows Task Manager, select the jservice.exe process, click End Process, and then click OK.
2. Remove the C:\Program Files\IBM\Common directory.
3. Remove the %TEMP%\acu_de.log file, if it exists.
4. Remove the %TEMP%\<user_name> directory, where user_name is the name of the user that installed the
deployment engine, for example, Administrator.

5. Open the Windows Services panel. If they exist, ensure the IBM ADE Service or ACSI Service
services are stopped. While stopping these services is satisfactory, if you want to remove them, delete
the acsisrv entry found in the HKEY_LOCAL_MACHINE/SYSTEM/CurrentControlSet/Services key of the
Windows registry.
6. Reboot the computer.
If the installation was done using a user other than Administrator:

1. Remove the C:\Documents and Settings\<user_name>\My Documents\.acsi_<user_name> directory,
where user_name is the name of the user that installed the deployment engine.
2. Remove the %TEMP% \acsitempLogs_<user_name> directory.
3. Remove the %TEMP% \acsiTemp_<user_name> directory.
Password policy is set to never expire during base services

installation
Symptoms
The following message appears in the base services installation log files:
The password has been successfully set to NEVER EXPIRE
for user db_user on host_name machine
where db_user is the database runtime user. The default value is maximo.
Causes
The message indicates that the user is configured so that the account does not lock during the install
process. The base services installer did not change the password policy you configured.
Enabling RXA tracing

RXA tracing is enabled to allow better troubleshooting in case there are connection problems between the
administrative workstation and the provisioning server.
Before you begin

1. Ensure the connection between the administrative workstation and provisioning server is working. On
the administrative workstation, go to:
v C:\IBM\SMP\scripts
v TestRXA.bat <hostname of TPM server> <username> <password>
If the connection is successful, you are returned a message like:
** Successful RXA access to swgc302 using user/password: root/<password>.
swgc302 OS type: IBM AIX.
Procedure
1. Set the environment variable ENABLE_RXA_TRACE=yes
2. Check that RXA tracing is enabled in the command window where you launched the installer with
the following command:
v echo %ENABLE_RXA_TRACE%
3. Relaunch the base services installer.
4. Check the CTG installation trace log for the RXA trace information.

Problems during core components installation
See the following information to diagnose and resolve Tivoli Provisioning Manager core components
installation errors.
Step by step recovery for core components installation (custom

installation)
Custom
Default
XML
Complete the following steps to recover from problems that you might encounter when installing Tivoli
Provisioning Manager for the first time using a custom installation.
Note the following general recovery information:

v If the installation of a component fails and you need to modify or view the previous fields in a panel,
and then perform recovery, quit and restart the installer and select only the components that remain to
be installed.
v If the installation of a component fails during a post-installation step, for example, database failure,
recover by uninstalling the failed component and restarting the installer.
v Where log files are mentioned, TEMP represents:
v %TEMP%
v For information about uninstalling components, see Chapter 5, “Uninstalling Tivoli Provisioning
If a problem occurs during the Cygwin installation and configuration

1. Check the log files to determine the problem:
C:\cygwin\var\log\
TEMP/tclog_wrapper/downloadCygwinSetup.log
TEMP/tclog_wrapper/downloadCygwinRep.log
TEMP/tclog_wrapper/instCygwin.log
TEMP/tclog_wrapper/cygwin_ssh_config.log
TEMP/tclog_wrapper/cygwin_ssh_config.err
2. Resolve the cause and then try again.
2000
DB2
If a problem occurs during the DB2 client installation (if using remote database)
TEMP/tclog_wrapper/extractDB2Client.log
TEMP/tclog_wrapper/extractDB2Client_err.log
TEMP/tclog_wrapper/db2install-stdout.log
TEMP/tclog_wrapper/db2install-stderr.log
3. Uninstall the DB2 client and then try again.
2000
DB2
If a problem occurs during the Tivoli Provisioning Manager installation, DB2
backup
TEMP/tclog_wrapper/DBbackupafterMBS-stdout.log
TEMP/tclog_wrapper/DBbackupafterMBS-stderr.log

If a problem occurs during the Tivoli Provisioning Manager installation,
WebSphere Application Server backup
TEMP/tclog_wrapper/WASbackupctgDmgr01-afterMBS-stdout.log
TEMP/tclog_wrapper/WASbackupctgDmgr01-afterMBS-stderr.log
TEMP/tclog_wrapper/WASbackupAppSrv01-afterMBS-stdout.log
TEMP/tclog_wrapper/WASbackupAppSrv01-afterMBS-stderr.log

WebSphere Application Server configuration, JVM setup
If you plan to use the same values in the WebSphere Application Server Network Deployment
Configuration panel after the failure:
TEMP/tclog_wrapper/call_was_config.log
TEMP/tclog_wrapper/call_was_config_fips.log
If you plan to use different values in the WebSphere Application Server Network Deployment
TEMP/tclog_wrapper/call_was_config.log
TEMP/tclog_wrapper/call_was_config_fips.log
3. In the WebSphere Application Server console, remove the JVM parameter for the old values that were
used in the WebSphere Application Server Network Deployment Configuration panel.
4. Try again.
If a problem occurs during theTivoli Provisioning Manager installation, engines

installation
TEMP/tclog_wrapper/nonUI_install.log
TEMP/tclog_wrapper/nonUI_install_err.log
TEMP/tclog
3. Restore the database and then try again.
If a problem occurs during the Agent Manager installation, profile creation

TEMP/tclog_wrapper/create_wasprofile.log
WAS_HOME/AppServer/profiles/casprofile/logs/AboutThisProfile.txt
3. Clean up the agent manager profile and then try again.
If a problem occurs during the Agent Manager installation, actual installation
If only the agent manager installation fails and the agent manager profile is removed successfully:
TEMP/tclog_wrapper/amtrace.log
TEMP/tclog_wrapper/amtrace.err
TCA_HOME/logs
TCA_HOME/toolkit/logs

If the failure occurs during removal of agent manager profile:

TEMP/tclog_wrapper/amtrace.log
TEMP/tclog_wrapper/amtrace.err
TCA_HOME/logs
TCA_HOME/toolkit/logs
If a problem occurs during the Dynamic Content Delivery installation, registration

with the common agent
TEMP/tclog_wrapper/preparePingAM.log
TEMP/tclog_wrapper/preparePingAM.err
TEMP/tclog_wrapper/call_pingam.log
TEMP/tclog_wrapper/call_pingam_err.log
3. Verify that the WebSphere Application Server profile for the agent manager is running and start it, if
necessary:
v Log in as the tioadmin user and run the following command:
%WAS_HOME%\profiles\<AM profile>\bin\startServer.bat server1
where the default value for <AM profile> is casprofile.
If a problem occurs during the Dynamic Content Delivery installation, SSL

configuration
TEMP/tclog_wrapper/config_ssl.log
TEMP/tclog_wrapper/config_ssl.err
TEMP/tclog_wrapper/soap-sslconfig.log
TEMP/tclog_wrapper/soap-sslconfig.err
necessary:
If a problem occurs during the Dynamic Content Delivery installation, actual

installation
TEMP/tclog_wrapper/getAMPass4CDS.log
TEMP/tclog_wrapper/getAMPass4CDS.err
TEMP/tclog_wrapper/CDSinstall-stdout.log
TEMP/tclog_wrapper/CDSinstall-stderr.log
DCD_HOME/log
3. Uninstall the dynamic content delivery.

necessary:
If a problem occurs during the Device manager service installation, actual

installation
TEMP/tclog_wrapper/dmsinstalltrace.log
TEMP/tclog_wrapper/dmsinstalltrace.err
necessary:
If a problem occurs during the Device manager service installation, configuration

TEMP/tclog_wrapper/dmsconfigtrace.log
TEMP/tclog_wrapper/dmsconfigtrace.err
DMS_HOME/logs/dms_config_trace.log
DMS_HOME/logs/dms_config.log
3. If the device manager service database was installed successfully, uninstall the device manager
service.
4. If the device manager service database was not installed successfully, resolve the cause of the
problem.
necessary:
If a problem occurs during the Device manager service installation, SSL

configuration
TEMP/tclog_wrapper/dms_getpass.log
TEMP/tclog_wrapper/dms_getpass_err.log
necessary:

If a problem occurs during the Tivoli Provisioning Manager for OS Deployment

installation
TEMP/tclog_wrapper/tpmfosd.log
TEMP/tclog_wrapper/tpmfosd.err
TEMP/tclog_wrapper/call_importXML4OSD.log
TEMP/tclog_wrapper/call_importXML4OSD.err
3. Uninstall Tivoli Provisioning Manager for OS Deployment.
necessary. Log in as the tioadmin user and run the following command:
WAS_HOME/profiles/<AM profile>/bin/startServer.[bat|sh] server1

If a problem occurs while configuring WebSphere Application Server to run as

tioadmin
TEMP/tclog_wrapper/cas_runastioadmin.log
TEMP/tclog_wrapper/cas_runastioadmin.err
TEMP/tclog_wrapper/stop_CASServer_root.log
TEMP/tclog_wrapper/stop_CASServer_root.err
TEMP/tclog_wrapper/changePermission_cas.log
TEMP/tclog_wrapper/changePermission_cas.err
TEMP/tclog_wrapper/start_CASServer_tioadmin.log
TEMP/tclog_wrapper/start_CASServer_tioadmin.err
TEMP/tclog_wrapper/wasND_runastioadmin.log
TEMP/tclog_wrapper/wasND_runastioadmin.err
TEMP/tclog_wrapper/stop_MXServer_root.log
TEMP/tclog_wrapper/stop_MXServer_root.err
TEMP/tclog_wrapper/stop_nodedmgr_root.log
TEMP/tclog_wrapper/stop_nodedmgr_root.err
TEMP/tclog_wrapper/changePermission_was.log
TEMP/tclog_wrapper/changePermission_was.err
TEMP/tclog_wrapper/start_nodedmgr_tioadmin.log
TEMP/tclog_wrapper/start_nodedmgr_tioadmin.err
2. For information how to resolve the problem, see “Error when configuring WebSphere Application
Server to run as tioadmin” on page 179.
2000
DB2
If a problem occurs while restarting DB2 (if using a local database)
TEMP/tclog_wrapper/call_db2_restart.log
TEMP/tclog_wrapper/call_db2_restart.err
3. Restart DB2 manually.
If a problem occurs while backing up the database

TEMP/tclog_wrapper/DBbackupafterTPMCore-stdout.log
TEMP/tclog_wrapper/DBbackupafterTPMCore-stderr.log

If a problem occurs during the WebSphere Application Server backup
TEMP/tclog_wrapper/WASbackupctgDmgr01-afterTPMCore-stdout.log
TEMP/tclog_wrapper/WASbackupctgDmgr01-afterTPMCore-stderr.log
TEMP/tclog_wrapper/WASbackupAppSrv01-afterTPMCore-stdout.log
TEMP/tclog_wrapper/WASbackupAppSrv01-afterTPMCore-stderr.log
Step by step recovery for core components installation (default

installation)
Default
Complete the following steps to recover from problems that you might encounter when installing Tivoli
Provisioning Manager for the first time using a default installation.
Note the following general recovery information:

v If the installation of a component fails and you need to modify or view the previous fields in a panel,
and then perform recovery, quit and restart the installer and select only the components that remain to
be installed.
v If the installation of a component fails during a post-installation step, for example, database failure,
recover by uninstalling the failed component and restarting the installer.
v Where log files are mentioned, TEMP represents:
– %TEMP%
v For information about uninstalling components, see Chapter 5, “Uninstalling Tivoli Provisioning
If a problem occurs during the Cygwin installation and configuration

C:\cygwin\var\log\
%TEMP%\tclog_wrapper\downloadCygwinSetup.log
%TEMP%\tclog_wrapper\downloadCygwinRep.log
%TEMP%\tclog_wrapper\instCygwin.log
%TEMP%\tclog_wrapper\cygwin_ssh_config.log
%TEMP%\tclog_wrapper\cygwin_ssh_config.err
If a problem occurs during the middleware installation

1. Check the log files to determine the problem.
C:\ibm\tivoli\mwi\workspace\mwi.log
C:\ibm\tivoli\mwi\workspace\mwi.err
Deployment engine log files:
MWI_workspace\hostname\deploymentPlan\logs\INSTALL_<timestamp>
2000
DB2 DB2 log files:
MWI_workspace\hostname\deploymentplan\MachinePlan_hostname\00004_DB2_9.5\install\01_BASE\
INSTALL_<timestamp>\logs
MWI_workspace\hostname\deploymentPlan\MachinePlan_wind\00004_DB2_9\logs
WebSphere Application Server log files:
MWI_workspace\hostname\deploymentplan\MachinePlan_hostname\00009_WAS_ND_6.1\install\01_BASE\
INSTALL_<timestamp>\logs
MWI_workspace\hostname\deploymentPlan\MachinePlan_hostname\00009_WAS_ND_6.1\logs
C:\Program Files\IBM\WebSphere\AppServer\logs\install\
Tivoli Directory Server log files:

MWI_workspace\hostname\deploymentplan\MachinePlan_hostname\00007_ITDS_6.1\install\02_BASE\
INSTALL_<timestamp>\logs\
MWI_workspace\hostname\deploymentPlan\MachinePlan_hostname\00006_ITDS_DB2_CCMDB\logs
MWI_workspace\hostname\deploymentPlan\MachinePlan_hostname\00008_ITDS_Configuration\logs
3. Remove the failed component and then try again.
If a problem occurs during the base services installation, actual installation

v Run the following command: MAXIMO_HOME\scripts\LogZipper.bat
v Find the [current date]_[timestamp].zip file in the MAXIMO_HOME\debug directory
3. Uninstall the base services.
4. Restore the deployment engine database and try again. For more information, see Backing up and
restoring the deployment engine database.
If a problem occurs during the base services installation, backup

%TEMP%\tclog_wrapper\MBSBackupB4TPM-stdout.log
%TEMP%\tclog_wrapper\MBSBackupB4TPM-stderr.log
If a problem occurs during the Tivoli Provisioning Manager installation, DB2

backup
%TEMP%\tclog_wrapper\DBbackupafterMBS-stdout.log
%TEMP%\tclog_wrapper\DBbackupafterMBS-stderr.log

WebSphere Application Server backup
%TEMP%\tclog_wrapper\WASbackupctgDmgr01-afterMBS-stdout.log
%TEMP%\tclog_wrapper\WASbackupctgDmgr01-afterMBS-stderr.log
%TEMP%\tclog_wrapper\WASbackupAppSrv01-afterMBS-stdout.log
%TEMP%\tclog_wrapper\WASbackupAppSrv01-afterMBS-stderr.log

WebSphere Application Server configuration, JVM setup
If you plan to use the same values in the WebSphere Application Server Network Deployment
%TEMP%\tclog_wrapper\call_was_config.log
%TEMP%\tclog_wrapper\call_was_config_fips.log
If you plan to use different values in the WebSphere Application Server Network Deployment
%TEMP%\tclog_wrapper\call_was_config.log
%TEMP%\tclog_wrapper\call_was_config_fips.log

3. In the WebSphere Application Server console, remove the JVM parameter for the old values that were
used in the WebSphere Application Server Network Deployment Configuration panel.
4. Try again.
If a problem occurs during the Tivoli Provisioning Manager installation, engines

installation
%TEMP%\tclog_wrapper\nonUI_install.log
%TEMP%\tclog_wrapper\nonUI_install_err.log
%TEMP%\tclog
3. Restore the database and then try again.
If a problem occurs during the Agent Manager installation, profile creation

%TEMP%\tclog_wrapper\create_wasprofile.log
WAS_HOME\AppServer\profiles\casprofile\logs\AboutThisProfile
If a problem occurs during the Agent Manager installation, actual installation
If only the agent manager installation fails and the agent manager profile is removed successfully:
%TEMP%\tclog_wrapper\amtrace.log
%TEMP%\tclog_wrapper\amtrace.err
If the failure occurs during removal of agent manager profile:

TCA_HOME\logs
TCA_HOME\toolkit\logs
If a problem occurs during the Dynamic Content Delivery installation, registration

with the common agent
%TEMP%\tclog_wrapper\preparePingAM.log
%TEMP%\tclog_wrapper\preparePingAM.err
%TEMP%\tclog_wrapper\call_pingam.log
%TEMP%\tclog_wrapper\call_pingam_err.log
WAS_HOME\profiles\<AM profile>\bin\startServer.bat server1


If a problem occurs during the Dynamic Content Delivery installation, SSL
configuration
%TEMP%\tclog_wrapper\config_ssl.log
%TEMP%\tclog_wrapper\config_ssl.err
%TEMP%\tclog_wrapper\soap-sslconfig.log
%TEMP%\tclog_wrapper\soap-sslconfig.err

If a problem occurs during the Dynamic Content Delivery installation, actual

installation
%TEMP%\tclog_wrapper\getAMPass4CDS.log
%TEMP%\tclog_wrapper\getAMPass4CDS.err
%TEMP%\tclog_wrapper\CDSinstall-stdout.log
%TEMP%\tclog_wrapper\CDSinstall-stderr.log
DCD_HOME\log
3. Uninstall the dynamic content delivery.

If a problem occurs during the Device manager service installation, actual

installation
%TEMP%\tclog_wrapper\dmsinstalltrace.log
%TEMP%\tclog_wrapper\dmsinstalltrace.err

If a problem occurs during the Device manager service installation, configuration

%TEMP%\tclog_wrapper\dmsconfigtrace.log
%TEMP%\tclog_wrapper\dmsconfigtrace.err
DMS_HOME\logs\dms_config_trace.log
DMS_HOME\logs\dms_config.log

3. If the device manager service database was installed successfully, uninstall the device manager
service.
4. If the device manager service database was not installed successfully, resolve the cause of the
problem.

If a problem occurs during the Device manager service installation, SSL

configuration
%TEMP%\tclog_wrapper\dms_getpass.log
%TEMP%\tclog_wrapper\dms_getpass_err.log

If a problem occurs during the Tivoli Provisioning Manager for OS Deployment

installation
%TEMP%\tclog_wrapper\tpmfosd.log
%TEMP%\tclog_wrapper\tpmfosd.err
%TEMP%\tclog_wrapper\call_importXML4OSD.log
%TEMP%\tclog_wrapper\call_importXML4OSD.err
3. Uninstall Tivoli Provisioning Manager for OS Deployment.

2000
DB2
If a problem occurs while restarting DB2 (if using a local database)
%TEMP%\tclog_wrapper\call_db2_restart.log
%TEMP%\tclog_wrapper\call_db2_restart.err
3. Restart DB2 manually.
If a problem occurs while backing up the database

%TEMP%\tclog_wrapper\DBbackupafterTPMCore-stdout.log
%TEMP%\tclog_wrapper\DBbackupafterTPMCore-stderr.log

If a problem occurs during the WebSphere Application Server backup

%TEMP%\tclog_wrapper\WASbackupctgDmgr01-afterTPMCore-stdout.log
%TEMP%\tclog_wrapper\WASbackupctgDmgr01-afterTPMCore-stderr.log
%TEMP%\tclog_wrapper\WASbackupAppSrv01-afterTPMCore-stdout.log
%TEMP%\tclog_wrapper\WASbackupAppSrv01-afterTPMCore-stderr.log
If a problem occurs during the Process solutions installer

%TEMP%\tclog_wrapper\psi_tpm.log
MAXIMO_HOME\solutions\logs\TPM_PMP
3. Restore the database.
4. Restore WebSphere Application Server.
5. Restore base services backup and DE database backup from after the base services installation.
6. Try again.
Recovering from problems during core components installation

If the core components installation fails, restore the WebSphere Application Server and the database to
their previous states, and then start the core components installation again.
Symptoms
Installation fails during the core components installation.

1. Uninstall the core components. For more information, see “Uninstalling Tivoli Provisioning Manager
core components” on page 139.
2. Log on to the computer where WebSphere Application Server is installed and restore the backup data:
a. Stop WebSphere Application Server Network Deployment:
WAS_HOME\profiles\ctgAppSrv01\bin\stopServer.bat MXServer -username <wasadmin_user> -password <wasadmin_password>
WAS_HOME\profiles\ctgAppSrv01\bin\stopNode.bat -username <wasadmin_user> -password <wasadmin_password>
WAS_HOME\profiles\ctgDmgr01\bin\stopManager.bat -username <wasadmin_user> -password <wasadmin_password>
b. Restore ctgDmgr01 configuration. Enter the command on a single line:
WAS_HOME\bin\restoreConfig.bat c:\backups\WASBackup_afterMBS_ctgDmgr01.zip -logfile
c:\backups\restore_dmgr.log -user <wasadmin_user> -password <wasadmin_password> -profileName ctgDmgr01
c. Restore ctgAppSrv01 configuration. Enter the command on a single line:
WAS_HOME\bin\restoreConfig.bat c:\backups\WASBackup_afterMBS_AppSrv01.zip -logfile
c:\backups\restore_appSrv01.log -user <wasadmin_user> -password <wasadmin_password>
-profileName ctgAppSrv01
3. Log on to the database server as the database instance owner and restore the database:
2000
DB2
a. Open the file TIO_HOME/config/dcm.xml to verify the database name and user name. The
name element contains an alias for the database name, and the username element contains
the user name.
b. Change the user to your DB2 instance owner. The default database owner is ctginst1. For
example:
su - ctginst1
c. Log on as Administrator and open a DB2 command window.

d. Run the following command to check for other running applications
e. If the command lists other applications, run the following command to disconnect them
f. End the DB2 session:
db2 terminate
g. Stop DB2:
v If the server does not have a virtual IP address: db2stop
v If the server has a virtual IP address: db2gcf -d -p 0 -i ctginst1
h. Stop all DB2 interprocess communications by running ipclean.
i. Start DB2:
v If the server does not have a virtual IP address: db2start
v If the server has a virtual IP address: db2gcf -u -p 0 -i ctginst1
j. Delete and uncatalog the existing database:
db2 drop db db_name
where db_name is the name of the database.

k. If the server has a remote database, attach to the local host alias:
db2 attach to LHOST0 user user_name using password
l. Restore the database backup:
db2 restore db db_name user user_name using password from location
where
v db_name is the name of the database
v user_name is the user name of the user restoring the database
v password is the password of the user
v location is the full path location of the backup
Application Server:
WAS_HOME\profiles\ctgDmgr01\bin\startManager.bat
WAS_HOME\profiles\ctgAppSrv01\bin\startNode.bat
WAS_HOME\profiles\ctgAppSrv01\bin\startServer.bat MXServer
5. Restart the core components installation. For more information, see “Installing Tivoli Provisioning
Manager core components” on page 119.
Error when configuring WebSphere Application Server to run as

tioadmin
To recover from installation errors when installing the Tivoli Provisioning Manager core components,
complete some recovery steps to bring the computer back to a consistent state.
Symptoms
Tivoli Provisioning Manager core components installation failed. The /tmp/tclog_wrapper/tcinstall.log

log file contains one of the following error messages:
v Failed to configure the Agent Manager profile to run as tioadmin
v Failed to configure the WebSphere Application Server Network Deployment to run as tioadmin
v Failed to change the ownership of the Agent Manager profile
v Failed to change the ownership of the WebSphere Application Server Network Deployment

If you encounter an installation error when configuring WebSphere Application Server to run under the
user tioadmin, you need to perform some recovery steps to bring the computer back to a consistent state.
v If the log contains the error Failed to configure the Agent Manager profile to run as tioadmin:
1. Check the file cas_runastioadmin.log for a detailed error message, and then fix the problem.
2. Click Back to the Summary panel, then click Next to continue installation.
v If the log contains the error Failed to configure the WebSphere Application Server Network
Deployment to run as tioadmin:
1. Check the wasND_runastioadmin.log log file for a detailed error message, and fix the problem.
2. Click Back to the Summary panel, then click Next to continue installation.
Errors creating the agent manager profile

If the agent manager installation fails, you might need to remove the WebSphere Application Server
profile manually before reinstalling the agent manager.
Symptoms
During installation of the core components, one of the following errors occurs for the WebSphere
Application Server profile for the agent manager. The profile name is casprofile by default.
1. The installer checks the computer to verify that it can create the profile, and the validation fails.
2. The validation is successful, but the profile is not successfully created.
Causes
When the core components installer installs the agent manager, it automatically removes the WebSphere
Application Server profile for the agent manager if the agent manager installation fails. In some
situations, the automatic removal might not work and the profile must be removed manually before you
try to install the agent manager again.

Perform the following steps to address the error. The instructions use the default profile name
caseprofile.
Validation failed
The installer checks for the following requirements:
v A profile with the same name does not already exist.
v If a directory for the profile already exists, it must be empty.
v The cell name is the same as WebSphere Application Server Network Deployment cell name.
If the validation fails, check the log files:
v %TMP%\tclog_wrapper\validation_casprofile.log (or validation_casprofile.err)
To resolve the error:
1. If a profile with the same name already exists, specify a different name in the installer or
remove the existing profile. To remove casprofile, run the following command:
WAS_HOME/bin/manageprofiles.[bat|sh] -delete -profileName casprofile
2. If the profile directory already exists, check for an existing casprofile directory. Run the
following command:
WAS_HOME/bin/manageprofiles.[bat|sh] -listProfiles

If casprofile is not listed, remove the directory WAS_HOME/profiles/casprofile. If casprofile is
listed, specify a different profile name or remove the existing profile as described in step 1.
Validation passed but the profile cannot be created
1. Check the following log files to identify the reason why the profile cannot be created.
v %TMP%\tclog_wrapper\create_wasprofile.log
2. Fix the error described in the log.
3. Click Back in the core components installer to go to the panel before the installation preview.
4. Click Next. The installer verifies the requirements to create the profile again. If the validation
is successful, the installer tries to create the profile again. If the validation fails, perform the
steps described in the previous section for a failed validation.
Agent Manager installation fails

Multiple causes of agent manager installation failure, and their solutions.
Symptoms
The installation of the agent manager fails during the Tivoli Provisioning Manager installation.
Causes
Consult the agent manager logs to identify the cause of this problem. The agent manager log files are
located in the AM_HOME\logs directory. Possible causes might include:
v The port required for the agent manager installation might be busy.
v The agent manager has already been installed on your system.
Solution 1
If no agent manager installation has been performed on the provisioning server before the Tivoli
Provisioning Manager installation, follow these steps:
1. Consult the agent manager log files and make all the necessary changes following the instructions in
the logs.
2. Install Tivoli Provisioning Manager again. The provisioning server installer will detect that Tivoli
Provisioning Manager is already installed and will install only the agent manager.
For more details on the agent manager reinstallation, refer to the Tivoli Provisioning Manager Installation
Guide.
Solution 2
If the agent manager was previously installed on the provisioning server, you must uninstall the agent
manager first, and then run the Tivoli Provisioning Manager installation again.
Important: To prevent the loss of data:

v Do not uninstall the agent manager until all products that use it have been uninstalled.
v Do not clean the agent manager tables from the registry or drop the registry database until all products
that use the registry are uninstalled.
To uninstall the agent manager, follow these steps:

1. Stop the agent manager server if it is running:
v As a Windows service:

To stop the agent manager server if the installation program created a Windows service, use the
Windows Services window or the Services folder in the Microsoft Management Console to stop the
service with the following name:
IBM WebSphere Application Server V6.1 - Tivoli Agent Manager
v On Windows but not as a service:
To stop the agent manager server if it is not a Windows service:
a. Open a command prompt window.
WAS_HOME\profiles\casprofile\bin\stopServer server1
When the agent manager server is stopped, the following message is generated:
ADMU4000I: Server server1 stop completed.
2. Optionally, remove agent manager objects from the registry database.
v If the registry database is used only by the agent manager and is not shared with another program,
drop the database using the database administration tools for your type of database. If the registry
is in a remote database, you might have to perform this step on the remote database server instead
of on the agent manager server.
v If the database is shared with other programs, remove the agent manager-specific tables from the
database by following the procedure for your database type. You can do this step on the agent
manager server, even if the registry is in a remote database:
– 2000
DB2
a. In a command line window, change to the AM_HOME/db/db2 directory.

- db2cmd /c /i /w "RemoveCASTables.bat database_password"
Replace database_password with the DB2 database password.
3. Start the uninstallation program for your operating system:
v Use either the Add/Remove Programs window to uninstall the agent manager, or run the
following command from a command prompt:
AM_HOME\_uninst\uninstall.exe
4. If the agent manager application server is not named AgentManager, determine whether other Web
applications are using that application server. If no other applications are using that application
server, you can optionally delete the application server.
5. If you do not need the uninstallation logs, optionally delete the agent manager installation directory.
By default, this is the following directory:
v C:\Program Files\IBM\AgentManager
Tip: You might have to restart the system before you can delete the agent manager installation
directory.
6. If the registry is in a remote database, run the following command on the remote database server to
uninstall the agent manager from that system:
java -jar "Agent_Manager_install_dir/_uninstDS/uninstall.jar" -silent
7. If you do not need the uninstallation logs on the remote database server, optionally delete the agent
manager installation directory. By default, this is the following directory:
v C:\Program Files\IBM\AgentManager
Tip: You might have to restart the system before you can delete the agent manager installation
directory.
8. If you will not be reinstalling the agent manager on this system, remove the definition of
TivoliAgentRecovery from your DNS servers.

The agent manager is now uninstalled.
Reinstalling Tivoli Provisioning Manager: Install Tivoli Provisioning Manager again. The installer will
detect that Tivoli Provisioning Manager is already installed, and will install only agent manager.
The common agent and the agent manager cannot be installed

The common agent cannot be installed on the provisioning server if the agent manager is also installed
on it.
Symptoms
The common agent and the agent manager cannot be installed.
Causes
Installing the common agent on the provisioning server, where the agent manager is also installed, is not
supported.
Manually uninstall the common agent.
Installation fails after WebSphere Application Server is uninstalled

If the WebSphere Application Server installation directory remains after it was uninstalled, the Tivoli
Provisioning Manager installation might fail.
Symptoms
The installation of Tivoli Provisioning Manager installation fails if WebSphere Application Server was
uninstalled.
Causes
If WebSphere Application Server was uninstalled but the WebSphere Application Server installation
directory was not removed, the Tivoli Provisioning Manager installer might identify WebSphere
Application Server as installed, and then fail during theTivoli Provisioning Manager installation.
If WebSphere Application Server was uninstalled on the computer, perform the following steps:
v Ensure that the WebSphere Application Server installation directory is removed. The default location is:
– C:\Program Files\IBM\WebSphere\AppServer
v Click Back in the installer until you reach the Configure the target servers panel. Click Next so that
the installer can check again for installed components. On the Validation Summary panel, the Found
column displays No if WebSphere Application Server is fully uninstalled. You can now continue with
the installation.
Core components or web components installation hangs during

Cygwin installation
Problems with your Cygwin installation might cause the installer to hang during prerequisite verification.
Symptoms

While the installer verifies prerequisites during Tivoli Provisioning Manager core components or web
components installation, the following message appears:
The Installation Wizard is checking the system prerequisites.
After waiting a few minutes, the installer seems to hang and the Next button remains disabled.
Causes
There might be a problem with your Cygwin installation.

1. Close the installer.
2. Verify if Cygwin is installed.
3. If Cygwin is not installed, install it manually. If Cygwin is installed, uninstall and then reinstall it
manually. For more information, see “Installing Cygwin manually” on page 208.
DB2 BIND warning during Tivoli Provisioning Manager for OS

Deployment installation
You need to perform the BIND commands if your DB2 client and server are 9.5 and 9.1 respectively.
Symptoms
The following message appears in the installation panel:

WARNING: DB2 bind warning occurred during Tivoli Provisioning Manager
for OS Deployment installation. You must bind again after the installation.
For more information, see the Troubleshooting Guide.
Causes
If you have a DB2 client version 9.5 and a DB2 server version 9.1, the IBM® Data Server Runtime Client
cannot be used to bind the database utilities and DB2 CLI bind files.
Perform the BIND commands from an IBM Data Server Client (or other DB2 database product) that is
running on the same operating system and the same DB2 version and fix pack level as the Data Server
Runtime Client.
1. To get access to perform the BIND commands, run the following command:
set DB2INSTANCE=DB_INSTANCE
where DB_INSTANCE is the DB2 instance that was used to install Tivoli Provisioning Manager. The
default instance name is ctginst1.
2. To BIND, run the following commands:
db2 terminate
db2 CONNECT TO TPMFOSD
db2 BIND path\db2schema.bnd BLOCKING ALL GRANT PUBLIC SQLERROR CONTINUE
db2 BIND path\@db2ubind.lst BLOCKING ALL GRANT PUBLIC ACTION ADD
db2 BIND path\@db2cli.lst BLOCKING ALL GRANT PUBLIC ACTION ADD
where path is the full path name of the directory where the bind files are located, such as
INSTHOME\sqllib\bnd where INSTHOME represents the home directory of the DB2 instance. db2ubind.lst
and db2cli.lst contain lists of required bind files used by DB2 database products. Packages that are
already bound will return an SQL0719N error. This is expected.

3. Verify that the Tivoli Provisioning Manager for OS Deployment is running. For more information, see
“Starting and stopping Tivoli Provisioning Manager components” on page 213.
Tivoli Provisioning Manager installation fails with invalid directory

name
Tivoli Provisioning Manager installation fails if its installation directory name is longer than eight
characters and the Windows short name capability is disabled.
Symptoms
Tivoli Provisioning Manager fails with an error message that is like the following:
’D:\Program’ is not recognized as an internal or external command,
operable program or batch file.
Causes
This error occurs when all of the following conditions are true:
v You selected a different installation directory from the default directory.
v The selected path contains a space, and the folder name with the space does not exist.
v Short name capability is disabled.
By default, Windows supports the ability to create short names for directories whose names contain more
than eight characters. These abbreviated names contain the first six characters of the original name and
then a two-character extension. For example, D:\Program Files can be abbreviated by the system as
D:\Progra~1. This capability must be enabled if you want to install Tivoli Provisioning Manager in a
directory other than the default directory, and if the directory name contains spaces.
To check the current configuration of short name capability, run the following command:
fsutil behavior query disable8dot3
The command returns one of the following messages:

disable8dot3 = 0
Short name capability is enabled.
disable8dot3 = 1
Short name capability is disabled.
If short name capability is disabled, run the following command to enable it:
fsutil behavior set disable8dot3 0
Silent installation exits before installation is completed

The silent installation of Tivoli Provisioning Manager exits prematurely if WebSphere Application Server
is not running.
Symptoms
The silent installation program for Tivoli Provisioning Manager exits before the installation is completed.
Causes
WebSphere Application Server was not started before the silent installation started.

Before you run the silent installation:

1. Ensure that WebSphere Application Server is started.
2. Ensure that WebSphere Application Server security is not running.
Disk space check failure during silent installation of Tivoli

Provisioning Manager
The silent installation of Tivoli Provisioning Manager will exit prematurely if disk space check fails.
Symptoms
The silent installation of core components for Tivoli Provisioning Manager exits before the installation is
completed. The tcinstall.log file contains the following error message:
[timestamp] ERROR DiskSpaceCheckWizardAction - Disk space check failed.
[partition]- [required space] MB of disk space is required, but only [free space] MB is available
Causes
There is insufficient free space on the partition mentioned.
Increase the amount of free space on the partition. If the required free space and available free space are
different by a margin of 1000 MB, run the following command to bypass the disk space checks:
-W DiskSpaceSeq.active="False"
Command example:
install/bin/setupSolarisSparc64.bin -options <response file path and name>
-silent -W WzdSeq_PreInstallCheck.active="false" -W DiskSpaceSeq.active="False"
Installation fails because of unrecognized font

An installation error occurs if a recognized font cannot be resolved on startup. This can be fixed by
changing the font settings in Reflection X.
Symptoms
During installation, the installation fails with the following error:

An error has occurred. See the log file
/var/tmp/TopologyInstaller/workspace/.metadata/.log
The log file also contains an error that begins with org.eclipse.swt.SWTError: Font not valid.
Causes
This error has been observed when accessing a remote computer with Reflection X. The error occurs if a
recognized font cannot be resolved at startup time.
You can fix the problem by changing font settings in Reflection X.

1. In the Reflection X Client Manager, navigate to Settings > Fonts. Change Sub directories and font
servers to 100dpi 75dpi misc hp sun ibm dec.

2. Reconnect to the computer that you are doing the installation on, and then run the installer again.
Cannot use hyphen in domain name suffix field

You cannot use the hyphen (-) character in the Domain Name Suffix field when specifying WebSphere
Application Server settings on the Tivoli Provisioning Manager configuration tab. If you must use a
hyphen, do a silent installation with a modified response file.
Symptoms
The DNS suffix does not accept hyphens.
Causes
This issue applies to a custom installation. When you specify WebSphere Application Server settings on
the Tivoli Provisioning Manager configuration tab of the installer, you cannot use the hyphen (-) character
in the Domain Name Suffix field.
If you need to include a hyphen in the domain name suffix, perform a silent installation with a modified
response file.
1. Create your response file for a silent installation. Omit any hyphens from the domain name suffix. See
the appendix in the Tivoli Provisioning Manager Installation Guide instructions on creating a response
file for silent installations.
2. Open the response file in a text editor and modify the domain name suffix so that it includes the
hyphen character. Save your changes.
3. Perform a silent installation. See the appendix "Performing a silent installation" in the Tivoli
Provisioning Manager Installation Guide for instructions.
Installation of dynamic content delivery fails

If the PATH variable does not properly indicate where Java is installed, the dynamic content delivery
installation will fail.
Symptoms
Installation of the dynamic content delivery service fails. In the log file /opt/ibm/tivoli/ctgde/logs/
cds_upgrade.txt, the following error is displayed:
INSTALLER_PATH=/extra/ibm/tivoli/tio/CDS/scripts/./setup.binChecking the environment
variables specified in the JVM files to find the JVM...
Verifying... /bin/java -cp /tmp/istemp7613004171417/Verify.jarVerify java.vendor
java.versionVerification passed for / using the JVM file /tmp/istemp7613004171417/
relative_to_upgrade.jvm.
JavaHome is not resolved correctly in the jvm file /tmp/istemp7613004171417/
relative_to_upgrade.jvm.
Failed to launch the application.
Causes
The location of Java cannot be found by the installer. This error occurs when Java is installed in the
/bin/java directory, when /bin is the directory listed in the PATH variable.
To fix the error, update the PATH variable so that the java command does not contain the /bin directory.
1. To confirm the location of Java, run this command:

which java
If this command is unavailable on your system, run the following command instead:
type java
2. If the returned value is /bin/java, run the following command to display the contents of the PATH
variable:
echo $PATH
3. If the first part of the path is /bin, update the PATH variable so that /bin does not resolve the java
command, you can:
v Move /bin to the end of the list of paths in the PATH variable. Normally the java command will
resolve to /usr/bin/java.
v Create a symbolic link for /bin/java under another directory and add that path to the front of the
PATH variable. For example, if you have a link in /usr/bin to the java command, ensure that
/usr/bin is at the front of the PATH variable, or place /usr/bin before /bin in the list of paths.
Core components installation fails during the dependency check

The core components installation exits with an error message during the dependency check.
Symptoms
The following error message appears:

ERROR: Installation did not complete successfully.
View the log at \tclog_wrapper\tcinstall.log for more details.
Causes
There are multiple versions of Cygwin on the system registry which interfere with the dependency check.

1. Uninstall Cygwin and install the correct version. For more information, see Installing Cygwin.
2. Restore the database backup taken after installing the base services. By default, the backup is stored
in:
v 2000
DB2 <backup_dir>/DB2Backup_AfterMBS
where <backup_dir> is the directory that you selected at the end of the base services installation.
3. Select Back followed by Next to try again.
Error message Insert disk 1

Symptoms
During installation, an error message Insert disk 1 appears.
Causes
This is caused by a limitation of the package installer program.
If you receive this error, insert the Installation DVD for your operating system.

Tivoli Provisioning Manager does not install when terminal server is
enabled
The terminal server needs to be stopped before installing Tivoli Provisioning Manager, or else adb2.exe
application error will occur and the installation will fail.
Causes
The Tivoli Provisioning Manager installation fails with DB2 when the terminal server is enabled. There is
a db2.exe application error. The DB2 command will not work.
Stop the terminal server, restart the computer, and then install again.
Editing text files changes permissions

Various factors can change permissions when editing text files.
Symptoms
Files in a UNIX or Cygwin environment have specific permissions for the owner of the file, the group for
the file, and other users.
Causes
There are various factors that can cause can change the permissions of a file. Consider the following
factors when editing text files:
v Default user permissions. Each user has default permissions for files that they create, and those
defaults can be changed with the umask command. This means that file permissions for the user who
created a file can be different than the permissions for another user. If you edit a file in Cygwin using
an editor such as vi, it is recommended that you log on as the owner of the file.
v If you are using a text editor that automatically creates file backups, your updated file might have
different permissions than the original file.
You can check the current permissions of a file in Cygwin by typing the following command:
ls -l filename
where filename is the name of the file.
If you need to edit text files, ensure that the updated file retains the original file permissions.
Remote connection to database hangs when database server is on a

multiprocessor computer
There might not be enough connection managers allocated from the database server. Provide additional
connection managers and take the number of processors into account when calculating the value of a
given computer.
Symptoms
When the database server is on a multiprocessor computer, the remote connection to the database might
hang. The database server then logs the following error in the db2diag.log file:
DIA3208E Error encountered in TCP/IP protocol support. TCP/IP function "accept".
Socket was "920". Errno was "10061".

Causes
Not enough connection managers are allocated from the database server.

1. Update the database registry DB2TCPCONNMGRS to enable the database server to provide additional
connection managers.
2. Considering that DB2TCPCONNMGRS takes values between 1 and 8, use the following formula to
determine the value of a given computer:
Calculate the square root of the number of processors and then round up to a maximum value of 8.
3. Run the following command to update the registry:
db2set DB2TCPCONNMGRS=<value_calculated>
4. After changing the registry value, restart DB2 as follows:
db2stop force
db2start
For more information, refer to the DB2 product documentation.
Step by step recovery for IBM Tivoli Monitoring agent manual

installation
Complete the following steps to recover from problems that you might encounter when manually
installing Tivoli Monitoring agent for the first time.
Symptoms
If you receive an error during the monitoring agent manual installation, check the log files to determine
the problem.

1. Check the log files:
ITM_HOME\InstallITM/IBM Tivoli Monitoring for Provisioning<timestamp>.log
3. Uninstall the Tivoli Monitoring agent.
WAS_HOME/profiles/<AM profile>/bin/startServer.[bat|sh] server1

Problems during web components installation

See the following information to diagnose and resolve Tivoli Provisioning Manager web components
installation errors.
Recovering from errors during a default installation

If the default installation fails, remove the installation and try the reinstall again.
Symptoms
Installation failed during a default installation with the error message Failed to install IBM Tivoli
Provisioning Manager Web components.

The following steps describe how to remove a default installation when:

v The default installation failed during web components installation.
v The installation completed successfully.
The following variables are used in the steps:

%BACKUPDIR%
The directory you specified in the Backup Files Location field of the default installation installer.
%PASSWORD%
The password you specified in the Generic Password field of the default installation installer.
%DBTIMESTAMP%
The timestamp of the most recent database backup file in the %BACKUPDIR% directory. An example file
name is:
MAXDB71.0.CTGINST1.NODE0000.CATN0000.20081009193807.00
In this example, 20081009193807 is the timestamp.

1. Restore the base services folder and open a DOS command prompt.
a. Exit the default installation installer and if it is still running.
b. Delete the C:\ibm\SMP folder.
c. Extract the contents of %BACKUPDIR%\MBSBackupBeforeTPM.zip to C:\
d. Open a DOS command window.
2. Stop WebSphere Application Server. Run each command that starts with call on a single line.
call "C:\Program Files\IBM\WebSphere\AppServer\profiles\ctgAppSrv01\bin\stopNode.bat"
-username wasadmin -password %PASSWORD%
call "C:\Program Files\IBM\WebSphere\AppServer\profiles\ctgDmgr01\bin\stopManager.bat"
-timeout 1200 -username wasadmin -password %PASSWORD%
3. Restore the DB2 database:
a. Open a DB2 command window by running the following command at the command prompt:
db2cmd
b. Run the following command in the DB2 command window: set db2instance=ctginst1
c. Restart the database.
Run the following commands:
db2stop force
db2start
If you are using a virtual IP address for the DB2 server, use the following commands. In
this example, the database instance is ctginst1.
db2gcf -d -p 0 -i ctginst1
d. Restore the database. Enter the entire command on a single line.
db2 "restore database MAXDB71 user db2admin using %PASSWORD% from %BACKUPDIR% taken
at %DBTIMESTAMP% with 3 buffers buffer 1000 without rolling forward without prompting"
e. Close the DB2 window.
4. Restore WebSphere Application Server configurations. Run each command that starts with call on a
single line.
call "C:\Program Files\IBM\WebSphere\AppServer\profiles\ctgAppSrv01\bin\restoreConfig.bat"
%BACKUPDIR%\WASBackup_afterTPMCore_AppSrv01.zip -location C:\Progra~1\IBM\WebSphere\AppServer\profiles\ctgAppSrv01\config\
-logfile %BACKUPDIR%\restore_ctgAppSrv01.log -username wasadmin -password %PASSWORD% -profileName ctgAppSrv01

call "C:\Program Files\IBM\WebSphere\AppServer\profiles\ctgDmgr01\bin\restoreConfig.bat"
%BACKUPDIR%\WASBackup_afterTPMCore_ctgDmgr01.zip -location C:\Progra~1\IBM\WebSphere\AppServer\profiles\ctgDmgr01\config\
-logfile %BACKUPDIR%\restore_ctgDmgr01.log -username wasadmin -password %PASSWORD% -profileName ctgDmgr01
5. Restore the deployment engine registry. Run the following command at the command prompt:
call "C:\Program Files\ibm\Common\acsi\bin\de_restoredb.cmd" -bfile "%BACKUPDIR%\DEBackupBeforeTPM"
6. Remove the deployed information center. Run the following command at the command prompt:
rmdir /S /Q "C:\Program Files\IBM\WebSphere\AppServer\systemApps\isclite.ear\tpm_olh.war"
7. Start WebSphere Application Server. Run each command that starts with call on a single line.
call "C:\Program Files\IBM\WebSphere\AppServer\profiles\ctgDmgr01\bin\startManager.bat"
call "C:\Program Files\IBM\WebSphere\AppServer\profiles\ctgAppSrv01\bin\startNode.bat"
8. Run the default installation again. You must use the same user name and password that you used to
run the default installation previously.
Recovering from errors during web components installation

If the web components installation fails, you must restore the provisioning server back to its previous
state, before installing the web components.
Symptoms
The web components installation has failed with the error message Failed to install IBM Tivoli
Provisioning Manager Web components.

1. Log on to the administrative workstation as the Administrator user.
2. Restore the base services folder:
a. Exit the installer if it is still running.
b. Delete the base services directory. The default values are:
v C:\ibm\SMP
c. Restore the backup of the base services home directory to the removed base services folder. The
backup name is backup_folder/MBSBackupBeforeTPM.zip, where backup_folder is the location that
you specified in the launchpad after installing the base services.
3. Restore the deployment engine registry. Enter the following command on a single line:
call "C:\Program Files\ibm\Common\acsi\bin\de_restoredb.cmd" -bfile
"base_services_folder\DE_BACKUPS\AfterActions<timestamp>"
where base_services_folder is the directory where the base services are installed.
4. Log on to the computer where WebSphere Application Server is installed as tioadmin and recover the
backup data:
a. Stop WebSphere Application Server Network Deployment.
WAS_HOME\profiles\app_profile\bin\stopNode.bat
-username was_adminID -password was_admin_pwd
WAS_HOME\profiles\dm_profile\bin\stopManager.bat
-username was_adminID -password was_admin_pwd
where,
app_profile
The WebSphere Application Server profile.
was_adminID
The WebSphere Application Server administrator ID. If you are using read-only LDAP
authentication, the default user ID is wasadmin.

was_admin_pwd
The password for the WebSphere Application Server administrator. If you are using read-only
LDAP authentication, enter the password for the wasadmin user.
dm_profile
The deployment manager profile.
b. Restore the deployment manager profile configuration. Enter the following command on a single
line:
WAS_HOME\bin\restoreConfig.bat backup_folder\
WASBackup_afterTPMCore_ctgDmgr01.zip -logfile
backup_folder\restore_dmgr.log -user was_adminID
-password was_admin_pwd -profileName dm_profile
where backup_folder is the backup directory where the backup data is stored.
c. Restore the application server profile configuration. Enter the following command on a single line:
WAS_HOME\bin\restoreConfig.bat backup_folder\
WASBackup_afterTPMCore_AppSrv01.zip -logfile
backup_folder\restore_appSrv01.log -user was_adminID
-password was_admin_pwd -profileName app_profile
5. Remove the deployed information center if it exists using the Administrator user. To do this, delete
the file WAS_HOME/systemApps/isclite.ear/tpm_olh.war.
6. 2000
DB2 Log on to the database server as the database instance owner and recover the database.
a. Run the following command:
set DB2INSTANCE=<db2instance>
The default value for <db2instance> is CTGINST1 db2cmd.

b. Restore the database. Enter the following command on a single line:
db2 restore database MAXDB71 user db_adminID using db_admin_pwd
from backup_files_location/DB2Backup_AfterTPMCore/ with 3 buffers
buffer 1000 without rolling forward without prompting
db_adminID
The database instance owner that was used to install Tivoli Provisioning Manager.
db_admin_pwd
The password of the database instance owner that was specified during Tivoli Provisioning
Manager installation.
backup_files_location
The directory specified in the Backup Files Location field in the Directories for Core
Components panel.
Application Server.
WAS_HOME\profiles\dm_profile\bin\startManager.bat
WAS_HOME\profiles\app_profile\bin\startNode.bat
Deployment engine error during web components installation

While installing the web components, you might encounter errors.
Symptoms
While installing the web components, the following error is generated:

Error: The IBM Autonomic Computing Deployment Engine is not working. Start or restart
the IBM Autonomic Computing Deployment Engine.

Restart the deployment engine. Run the command:
v net start "IBM ADE Service"
Node agent not started during web components installation

If you are able to log on to the WebSphere Application Server, but you receive this error, the problem
might be a mismatch between data that is stored in the properties for the installation and the values you
are providing.
Symptoms
An error is displayed, indicating that the node agent was not started during web components installation.
Causes
This error can be created from a variety of causes. Check the following items:
1. Verify this that the node agent is started. Log on to the WebSphere Application Server console for the
node agent and see if the status is green. You can also run the startNode.bat command to check if the
node agent is started.
2. If the node agent is running, check the node agent logs for an error that indicates that the node agent
is not started. The following error is an example:
Oct 8, 2008 3:09:18 PM com.ibm.tivoli.ccmdb.install.common.config.was.CfgConfigWebSphere runJythonScript
INFO: NOTE ^[runJythonScript] Result: 105
^n^
Oct 8, 2008 3:09:18 PM com.ibm.tivoli.ccmdb.install.common.config.was.CfgConfigWebSphere runJythonScript
FINE: NOTE ^STDOUT: WASX7246E: Cannot establish "SOAP" connection to host "MYMACHINE" because of an authentication failure.
Ensure that user and password are correct on the command line or in a properties file.
Exception message (if any): "ADMN0022E: Access is denied for the getProcessType operation on Server MBean because of
insufficient or empty credentials."
WASX7213I: This scripting client is not connected to a server process; please refer to the log file
C:\IBM\SMP\wasclient\logs\wsadmin.traceout for additional information.
In this example, the start script cannot determine if the node agent is running because it cannot access
the server due to incorrect credentials. If you are able to log on to the WebSphere Application Server,
but you receive this error, the problem might be a mismatch between data that is stored in the
properties for the installation and the values you are providing.
If the error is what was described above, then follow these steps:
1. In <Maximo_HOME>\maximo\en\script, back up the V7110_props.xml.
2. Modify the V7110_props.xml file so that it only includes values that do not exist in your MAXPROP
table. Query the MAXPROP table to see what properties have been added to the database. For
example, if the property mxe.db.logSQLTimeLimit is already in the table, remove the
<Add_property.....> tag for that entry in the XML file.
3. Rename the file to V7110_props.dbc.
4. Import the base services properties located in <Maximo_HOME>\maximo\en\script\V7110_props.xml.
5. In the \ibm\SMP\maximo\tools\maximo\ directory, run the updatedb command.
6. After importing the properties successfully, rename the V7110_props.dbc file so that it will not be
imported again.
Log files for process solution installer

A chart of log file descriptions and locations.
The process solution installer is called by the web components installer to deploy the web components.
The following log files are associated with installation of web components.

Table 22. Log file information
Log type Description Location
Package log These files contain the StdOut and MAXIMO_HOME\solutions\logs\
StdErr output of external commands <PACKAGE_NAME>\
launched by the package as it is
processed by the deployment engine. For instance, if PSI encounters an
These log files are typically vital to error in the Change package, and the
the debugging of package issues. base services installation directory is
C:\IBM\SMP, then the logs for the
In general, logs have two parts, a Change Package would be found in:
.out and .err file, both with the C:\IBM\SMP\solutions\logs\
same pre-extension file name. The Change_PMP\.
.out files contain the contents of the
Standard Output stream as generated
by the external command. The .err
files contain the contents of the
Standard Error stream. It is common
for one part to be blank, provided
there was no error output (or if there
were only error outputs).
You might discover numerous (10-20)

package log files generated for any
particular package installed.
Tivoli Provisioning Manager log The are logs kept by the PSI MAXIMO_HOME\logs\
subsystem. CTGInstallMessageXX.log
MAXIMO_HOME\logs\
CTGInstallTraceXX.log
XX is a two-digit number such as 00.

These logs contain the trace output of
the PSI subsystem.
Note: You might encounter messages

like the following in the
MAXIMO_DEPLOY_ERR.err file found in
the MAXIMO_HOME\solutions\logs
directory for a process manager once
it has been installed:
v sys-package-mgr: processing new
jar, C:\IBM\SMP\lib\icl.jar
jar, C:\IBM\SMP\lib\
CTGInstallCommon.jar
jar, C:\IBM\SMP\lib\
CTGInstallResources.jar
Although these messages are found
in the error log file, they are
informational only, and do not
represent deployment errors. These
messages can be safely ignored.

Table 22. Log file information (continued)
Solution Install/Deployment Engine These are logs kept by the IBM C:\Program Files\IBM\Common\acsi\
Logs Solution Installer/Deployment engine logs\<USERNAME>\de_msg.log
run time. PSI uses the IBM
technology as the means to install C:\Program Files\IBM\Common\acsi\
and track installed packages. This logs\<USERNAME>\de_trace.log
run time has its own logging system.
So for instance, if you installed under
Note: After an installation these logs the user name tioadmin, the logs
will contain sensitive credentials. It is would be found under:
strongly recommended that these v C:\Program Files\IBM\Common\
logs be removed after a successful acsi\logs\tioadmin\de_msg.log
install. v /usr/ibm/common/acsi/tioadmin/
de_msg.log
WebSphere Application Server Logs These are logs kept of connections, WAS_HOME\profiles\<PROFILE>\logs\
exceptions, and other failures AboutThisProfile.txt
experienced by the WebSphere
Application Server in its day-to-day WAS_HOME\profiles\<PROFILE>\logs\
running. These logs are often helpful <SERVER_NAME>\startServer.log
in the diagnosis of errors in
particular EAR files or other WAS_HOME\profiles\<PROFILE>\logs\
back-end operations, such as <SERVER_NAME>\stopServer.log
database connections.
WAS_HOME\profiles\<PROFILE>\logs\
<SERVER_NAME>\SystemErr.log
WAS_HOME\profiles\<PROFILE>\logs\
<SERVER_NAME>\SystemOut.log
For example, if your WebSphere

Application Server is installed in the
C:\IBM\WebSphere\AppServer\, your
profile name is AppSrv01, and your
server name is server1, your logs
would be in this location:
C:\IBM\WebSphere\AppServer\
profiles\AppSrv01\logs\
AboutThisProfile.txt
Maximo Logs There are also a few logs kept by MAXIMO_HOME\maximo\tools\maximo\
Maximo itself. These are useful in log\updatedb<TIMESTAMP>.log
tracking the progress, success, and
failure of a few back-end commands For example, if your base services
provided by Maximo. installation directory is
C:\IBM\SMP\Maximo, and that you run
the UpdateDB command on April
19th at approximately 5:06:07PM, the
logging information would be written
to these files: C:\IBM\SMP\Maximo\
tools\maximo\log\
updatedb20070419170607.log

Table 22. Log file information (continued)
WAS Thin Client Logs The WAS thin client is the MAXIMO_HOME\wasclient\logs\
mechanism by which the process CTGIN_wsadmin.traceout
manager packages communicate with
the WebSphere Application Server. If MAXIMO_HOME\wasclient\logs\
this automated deployment fails, the wsadmin.traceout
exact actions the Thin Client took
and the associated responses from the MAXIMO_HOME\wasclient\logs\
WebSphere Application Server are wsadmin.valout
stored in logs.
It is a good practice to rename existing logs before attempting a package installation. It is useful to have a
log that consists only of the information related to the success or failure of current package installation to
facilitate problem determination.
Core components or web components installation hangs during

Cygwin installation
Problems with your Cygwin installation might cause the installer to hang during prerequisite verification.
Symptoms
While the installer verifies prerequisites during Tivoli Provisioning Manager core components or web
components installation, the following message appears:
The Installation Wizard is checking the system prerequisites.
After waiting a few minutes, the installer seems to hang and the Next button remains disabled.
Causes
There might be a problem with your Cygwin installation.

1. Close the installer.
2. Verify if Cygwin is installed.
3. If Cygwin is not installed, install it manually. If Cygwin is installed, uninstall and then reinstall it
Silent installation of Tivoli Provisioning Manager fails

A silent installation of Tivoli Provisioning Manager will fail if Cygwin is not installed.
Symptoms
The silent installation of Tivoli Provisioning Manager fails.
Causes
Cygwin is not installed. Tivoli Provisioning Manager requires Cygwin, and required Cygwin settings are
configured during the installation process. Cygwin is not automatically installed during the Tivoli
Provisioning Manager silent install.
Install Cygwin manually before running the silent installation.

First discovery fails after installing Cygwin
After installing Cygwin, the first discovery fails because of a missing directory. Create the directory and
then proceed normally.
Symptoms
During the first discovery target server validation after installing Cygwin, an error message like the
following is displayed:
First discovery failed: /home/administrator does not exist
Causes
After Cygwin is installed, no /home/Administrator directory is created. When the first discovery does not
detect this directory, the error message is displayed.

1. Click OK to close the error window.
2. Double-click the Cygwin icon on the Windows desktop on the Tivoli Provisioning Manager compute
to create the missing directory.
3. Click Next in the installer to continue with the installation.
Cygwin installation fails

Cygwin installation will not work if the download site is unavailable. Choose a different download site
and try again.
Symptoms
The Cygwin installation fails.
Causes
The download site that you chose for the Cygwin install might be unavailable.

1. Click Back.
2. Select a different download site from the Cygwin Download Mirror Sites list.
3. Click Next to continue with the installation.
If the problem persists, cancel the installation, uninstall Cygwin, and then attempt to install Cygwin
Missing tools from Cygwin installation

If you installed Cygwin manually, you might be missing some of the required Cygwin installation
packages and be missing tools such as Telnet or FTP as a result.
Symptoms
You receive an error message that refers to missing tools, such as Telnet or FTP.
Causes
If you installed Cygwin manually, you might be missing some of the required Cygwin installation
packages.

Verify that you have a fresh Cygwin installation with all the required Cygwin packages. For more
information, see “Installing Cygwin manually” on page 208.
Web components installation fails with registry service unavailable

Java exception (IURegException)
Symptoms
The following IURegException appears in MAXIMO_HOME\logs\CTGInstallTrace00.log:

FINE: ENTER^java.lang.RuntimeException: com.ibm.ac.si.iuregistry.IURegException:
IURegistryServiceUnavailable
Ensure that the deployment engine is working by running the following commands and examine the
output:
1. Program Files\IBM\Common\acsi\setenv
2. Program Files\IBM\Common\acsi\bin\listIU
If the listIU command reports no output or a return code of 2, then the deployment engine is not in a
working state.
1. Check the log files under Program Files\IBM\Common\acsi\logs\Administrator.
2. Use the Windows Control Panel to stop and start the service called IBM ADE Service.
3. Run the listIU command again.
4. Start the web component installation again.
Turning on Admin mode is slow

Interactive user sessions or background processing might be occurring at the same time Admin mode is
turning on. It will eventually turn on if left alone, but you can also use it immediately by running the
configdb command.
Symptoms
Turning on Admin mode from the Database Configuration application takes a long time.
Causes
Interactive user sessions or background processing might be occurring at the same time Admin mode is
turning on.
Typically, if left alone, Admin mode will eventually turn on. However, if you need to quickly apply
database configuration changes, you can manually run the configdb command to get into Admin mode
without waiting.
Note: You must have login access to the installation admin workstation to run the configdb command.
Follow the steps below to quickly turn on Admin mode:

1. Stop the application server, WebSphere MX server, either using the WebSphere Administrative
Console or the command line.

2. Stop the deployment engine using the tio.cmd stop command.
3. Run the configDB command. For more information about this command, see the section called
Configuring the database in the System Administrator Guide.
Other problems
See the following information to diagnose and resolve other problems and installation errors.
Log file errors after successful installation on Microsoft Windows

Server 2008 R2 Standard Edition (x86 64-bit) any SP
After a successful installation of Tivoli Provisioning Manager on Microsoft Windows Server 2008 R2
Standard Edition (x86 64-bit) any SP, several log files might contain error messages. These particular error
messages do not indicate a problem with your installation and you can ignore them.
Symptoms
After successfully installing Tivoli Provisioning Manager, several log files contain error messages.
Diagnosing the problem
Several log files contain error messages. Some of the log files that contain error messages are:
v TIO_LOGS/trace.log
v TIO_LOGS/console.log
v TIO_LOGS/install_wrapper/tcinstall.log
The error messages look like the following:

ERROR [Workflow Dispatcher] (WorkflowDispatcher.java:243): COPDEX040E
An unexpected deployment engine exception occurred: java.lang.
ClassNotFoundException: com.ibm.tivoli.orchestrator.de.dto.maximo.DeploymentRequestDAO.
You can ignore these error messages. They do not indicate a problem with your installation.
Cannot log on after successful installation

If you specify a user ID during base services installation that does not exactly match the corresponding
Tivoli Provisioning Manager database user ID, the installation completes successfully but you cannot log
in to Tivoli Provisioning Manager. The user ID authentication validation between LDAP and the Tivoli
Provisioning Manager MAXUSER table is case-sensitive so the values must be identical.
Symptoms
After successfully installing Tivoli Provisioning Manager using the "Use WebSphere application security
only for authentication" option, you cannot log in to Tivoli Provisioning Manager as the Admin user. You
receive the following error message when you try to log in:
BMXAAA0035E - The user Admin is not recognized. Please contact your system administrator
Causes
If the Tivoli Provisioning Manager user ID in the MAXUSER table does not exactly match the user ID
value in LDAP, the user ID is not recognized and you cannot log in. When you try to log in, the Tivoli
Provisioning Manager authentication service validates the user ID with the user ID value in LDAP. The
user ID validation is case-sensitive so the Tivoli Provisioning Manager table name value and the user ID
value in LDAP must be identical.
To resolve this problem, you can update the user ID values in the Tivoli Provisioning Manager
MAXUSER and the CREDENTIALS_PASSWORD database tables to match the LDAP values. To do this,
complete the following steps:
1. Determine the value of the MAXUSER table. For example, if your LOGINID is Maxadmin, run a SQL
command like the following:
SELECT USERID,LOGINID FROM MAXUSER WHERE LOGINID=’Maxadmin’
This returns output like:

USERID LOGINID
--------------------------------------------------
MAXADMIN Maxadmin
1 record(s) selected.
2. Update the database record to match the LDAP record by running a SQL command like the following
one:
UPDATE MAXUSER SET LOGINID=’<ldap_loginname>’ WHERE LOGINID=’Maxadmin’
For example, if LOGINID in LDAP is maxadmin, update the database table as follows:
UPDATE MAXUSER SET LOGINID=’maxadmin’ WHERE LOGINID=’Maxadmin’
3. Determine the values of the CREDENTIALS_PASSWORD table by running a command like the
following:
SELECT USER_NAME FROM CREDENTIALS_PASSWORD WHERE USER_NAME=’Maxadmin’
4. If there are no values in the CREDENTIALS_PASSWORD table, you can proceed to log in to Tivoli
Provisioning Manager. If there are values in the CREDENTIALS_PASSWORD table, run the following
command:
UPDATE CREDENTIALS_PASSWORD SET USER_NAME=’maxadmin’ WHERE USER_NAME=’Maxadmin’
You should now be able to log in to Tivoli Provisioning Manager.
For information about the user attribute mappings between LDAP and Tivoli Provisioning Manager, see
Attribute mapping from LDAP to IBM Tivoli Provisioning Manager in the information center.
Collecting information about installation problems

Use this list to collect information when contacting IBM Tivoli Software Support.
If you need to contact IBM Tivoli Software Support, collect the following information.
v Operating system type and version, including service packs and fix packs.
v Hardware description.
v The installation log files. You can use the IBM Support Assistant to collect log files.
For information about IBM Support Assistant, see Using log files for troubleshooting in the information
center.
Note: Log files are encoded in UTF-8 format. When you are viewing log files, ensure that you are
using a text editor that supports UTF-8, for example Windows Notepad.
v The version of WebSphere Application Server. Run the following command from the WAS_HOME/bin
directory:
genVersionReport.bat
The command generates a report called versionReport.html, which identifies the installed version of
WebSphere Application Server and all installed maintenance packages.

v The version of the database server.
2000
DB2 To check the version of DB2, run db2level
v The version of Java. Change to the WAS_HOME directory and run:
java -version
v Installation media type (disks or electronic download) and level.
v Any Windows event log relevant to the installation error.
v Windows services that were active during the installation, for example, antivirus software.
v If you are logged on to the computer locally. Running the installation using Remote Desktop is not
supported.
v If you are logged on as a local administrator or a domain administrator. Cross-domain installation is
not supported.
Procedure
1. Default If you performed a default installation, review information about the values used for the
installation. You might need this information to perform some recovery actions. You can also use these
values if want to reinstall the product using the custom installation option.
2. Middleware installation: See “The middleware installer logs” on page 34 for information about the
middleware installation logs.
3. Discovery: The installer uses discovery software to identify software and hardware on your computer.
Table 23. Discovery logs
Type of information Header
Installation of Inventory If there are installation errors, check
discovery v %TEMP%\cit\cit.log
Inventory discovery scan v %TEMP%\CITTrace.log

log
The results of discovery The files are located in:

v %TEMP%
Results are stored in XML files with the fully qualified domain name in the file name.
For example if the fully qualified domain name is tpmserver.example.com, the file
names include:
cit_tpmserver.example.com_output.xml
tpmserver.example.com_hwoutput.xml
tpmserver.example.com_swoutput.xml
tpmserver.example.com_vpdoutput.xml
For some errors, for example, insufficient disk space, you can click Back in the installer to go to the
panel before the error occurred, resolve the problem by making more space available, and then click
Next to continue with the installation.
v %TIO_LOGS%\install
4. Software installation: The following log files are created during the software installation:
Table 24. Log files for product components
Component Log file
Cygwin Log files are located in %TEMP%\cygwin-logs

Table 24. Log files for product components (continued)
Component Log file
Tivoli Provisioning
%TIO_LOGS%\install
Manager core components
Logs for the Tivoli Provisioning Manager core component installer are located in
TIO_LOGS/install_wrapper.
If these logs are not available, you can also check the following locations:
%TMP%\tclog and %TMP%\tclog_wrapper
WebSphere Application
Server
v %TEMP%\was-logs\was-ismp-install.log
WebSphere Application Server SystemOut log
v %WAS_HOME%\profiles\ctgAppSrv01\logs\MXServer\SystemOut.log
Logs created by WebSphere Application Server
Logs are stored in the following locations:
v %WAS_HOME%\logs
<user_root>\logs
v where <user_root> is the WebSphere Application Server profile installation
path. The defaults are:
– %WAS_HOME%\profiles\ctgDmgr01\logs
– %WAS_HOME%\profiles\ctgAppSrv01\logs
DB2 The main installation logs are located in:

v %TEMP%\db2_install_log.#####
Search for additional log files that start with db2 for other log information.
Agent Manager Agent Manager
v AgentManager\logs\AMReturnValues.log
v AgentManager\logs\am_upgrade.log
where AgentManager is the Agent Manager installation directory.
Agent Manager certificate generation
wsadmin.traceout
Dynamic Content Delivery Check the following location:
v C:\Program Files\IBM\tivoli\common\ctgde
The log files are:

v trace_manager_install.log
v trace_isx_install.log
v *.out
v *.err
Ensure that you check the *.out and *.err files, even if they are 0 KB.
If you see errors starting with The system cannot find the path specified in the
MC-WAS-install-AS-CAS.err file, you can ignore them as they do not indicate a
problem with the Dynamic Content Delivery services.

Table 24. Log files for product components (continued)
Component Log file
Tivoli Provisioning The following log files are in TIO_HOME\DeviceManager\log:
Manager for Job
DMS_install.log
Management Service
Contains information about the Tivoli Provisioning Manager for Job
federator
Management Service federator installation.
dms_config_trace.log
Contains detailed installation information when Tivoli Provisioning Manager
for Job Management Service federator server and database is configured. It
also contains trace information after running the DMSconfig or
DMSremoveconfig command with the showtrace option
dms_config_trace.log
Contains messages after running the DMSconfig or DMSremoveconfig
command.
Values used for configuration are in:

TIO_HOME\DeviceManager\config\DMSconfig.properties
The base services Collect the log files from the computer where the base services are installed:
v Run the following command:
– MAXIMO_HOME\scripts\LogZipper.bat
v Find the [current date]_[timestamp].zip file in the MAXIMO_HOME\debug directory.
v CTGInstallMessage[nn].log and CTGInstallTrace[nn].log in the following
directories:
– C:\Documents and Settings\Administrator
Collect the log files from the computer where WebSphere Application Server is
installed:
v Logs under the application server directory, for example, C:\IBM
\WebSphere\AppServer\profiles\ctgAppSrv01\logs
v Deployment manager logs in the deployment manager directory, for example,
C:\WebSphere\DeploymentManager\logs
Tivoli common directory The Tivoli common log directory:
v C:\Program Files\IBM\tivoli\common\COP\logs
5. Starting Tivoli Provisioning Manager. When you start Tivoli Provisioning Manager, the file
tio_start.log is created in the default location:
v C:\Program Files\IBM\tivoli\common\COP\logs
6. Uninstallation: When you uninstall Tivoli Provisioning Manager core components, the log files are
located in:
v %TIO_LOGS%\uninstall
If the logs are not available in this location, check the following location:
v %TMP%/tclog_uninstall

Appendix B. Other installation and configuration tasks
The topics in this section provide information about installation and configuration tasks that support the
installation of Tivoli Provisioning Manager.
Installing Tivoli Provisioning Manager with default values

Default
In a default installation, all software is installed on a single Windows computer and default values are
used for installation settings.
Before you begin
The following limitations apply to the default installation:

v A default installation is only supported on Windows.
v A default installation is only supported on disk C:\. Verify that the disk space requirements are met on
disk C:\.
v A default installation is not supported in Japanese due to limitations with the directory server
installation. You must perform a custom installation instead.
The following diagram shows the high level steps for a default installation.
Software installation Post-installation
1. Run the default 2. Perform required

installation configuration
3. Verify your
Software is installed
installation
Figure 3. Default installation steps
To install Tivoli Provisioning Manager using a default installation:
Procedure
1. Log on with an account with system administration privileges.
2. Double-click launchpad64.exe (Windows 64-bit) or launchpad.exe (Windows 32-bit) from the
launchpad directory. If you are installing from a DVD, the launchpad is on the Installation DVD for
Windows.
4. Click Default Installation and click Run default installation.
6. On the Select Components panel, leave all the check boxes selected.
7. If you selected Tivoli Provisioning Manager for OS Deployment, accept the license agreement and
click Next.

8. If Cygwin is already installed, specify the directory where Cygwin is installed and click Next.
v If you do not require support for IPv6 communication in the Tivoli Provisioning Manager
environment, Cygwin 1.5.10 or later is required.
If you want to install Cygwin, specify all required fields and click Next.
Select a Cygwin download mirror site
Select a location that you want to use to download Cygwin installation files. A location that
is geographically closest to you is recommended.
User Name
Specify the user name for running the Cygwin SSH service.
9. On the Default Installation panel, specify the remaining settings for the installation and then click
Next.
Generic Password for Default Installation
Specify the password that you want to use for the main Tivoli Provisioning Manager
administrator user, tioadmin, the database instance owner, and other administrator users
created during installation. The password must meet DB2 password requirements described
in “Preinstallation Step 7: Verify requirements for user names, database names, and user
passwords” on page 21.
Workstation Login User Name
Specify the administrator user that you are using to perform the installation. The default
Windows administrator user is Administrator.
Location of Images
Specify the full path for the directory that contains the installation images. If you want to
copy the installation images from disks, select the Copy installation images from media
check box and specify the location of the images.
Specify the temporary directory for uncompressing installation images
Select a temporary directory location to use during installation for extracting installation files
from installation images.
Fully-Qualified Host Name
The fully qualified domain name of the computer. For example, tpmserver.example.com. This
value is case-sensitive.
Backup Files Location
The installer creates a backup of the database and key configuration files after the core
component installation completes successfully. Specify the location where you want to store
the backup.
When you click Next, the installer validates the workstation login information and then displays a
summary of your installation settings. If you selected the option to copy installation files from
DVDs, you will be prompted to insert the DVDs so that the files can be copied. After the DVDs are
copied, insert the Installation DVD for Windows again.
10. Review your installation settings and then click Next.
Results
The default installation is complete.

What to do next
Start Tivoli Provisioning Manager by running the following command:

tio start tpm
After it has started, open a web browser and log on by typing: https://host_name:9443/maximo. Once
logged on, the user name and password are maxadmin and maxadmin.
Removing a default installation

To remove a completed default installation, you must restore a system image that was captured before
you started the installation. This approach is useful in situations where you have installed Tivoli
Provisioning Manager for testing or evaluation purposes.
To remove a default installation at different stages, because the installation has failed, see “Step by step
recovery for core components installation (default installation)” on page 173.
When you have completely removed all Tivoli Provisioning Manager software, you can reinstall the
product if needed.
Silent installation and other installation tasks

The following tasks are not mandatory for a Tivoli Provisioning Manager installation, but might be useful
depending on the configuration and products that you are using together with Tivoli Provisioning
Manager. These topics can be found in the Tivoli Provisioning Manager wiki.
Installation of Tivoli Change and Configuration Management Database (CCMDB)

with Tivoli Provisioning Manager
See Installation of IBM Tivoli Change and Configuration Management Database and Tivoli Service
Request Manager with Tivoli Provisioning Manager version 7.2.
This task provides high-level instructions for installing Tivoli Provisioning Manager 7.2 to coexist with
Tivoli Change and Configuration Management Database (CCMDB) 7.2.0.1 on the same system.
Installation of Tivoli Service Request Manager (SRM) with Tivoli Provisioning

Manager
See Installation of IBM Tivoli Change and Configuration Management Database and Tivoli Service
Request Manager with Tivoli Provisioning Manager version 7.2.
This task provides high-level instructions for installing Tivoli Provisioning Manager 7.2 to coexist with
Tivoli Service Request Manager (SRM) 7.2.0.1 on the same system.
Silent installation
Default installation. See Installing Tivoli Provisioning Manager silently - default installation
Custom installation. See Installing Tivoli Provisioning Manager silently - custom installation
Uninstalling IBM Agent Controller
Manually installing the IBM Tivoli Agent Controller
Appendix B. Other installation tasks 207

Installing the monitoring agent for Tivoli Provisioning Manager
Manually installing the monitoring agent for Tivoli Provisioning Manager
Checking WebSphere Application Server status and version
Checking WebSphere Application Server status and version
Backing up the database and important data
Backing up the database and important data
Changing default passwords

Changing default passwords
Changing the transfer mode for the DVD-ROM
Changing the transfer mode for the DVD-ROM
Updating the port for the information center
Updating the port for the information center
Installing Cygwin manually

The Tivoli Provisioning Manager core components installer and web components installer require a fresh
installation of Cygwin, and the computer must have only one Cygwin installation.
Before you begin

v If you do not require support for IPv6 communication in the Tivoli Provisioning Manager environment,
Cygwin 1.5.10 or later is required.
Note: Install Cygwin just before installing the core components. During a middleware installation
Cygwin might cause an installation failure.
If an existing version of Cygwin is installed, perform the following steps to remove it. For additional
details, see Setting up Cygwin. After Cygwin is removed, you can install it again.
Removing a Cygwin installation

To remove Cygwin:
1. Remove all Cygwin services such as sshd, cron, cygserver, and inetd. If the service is running, stop it
with the following command:
cygrunsrv -E name
where name is the name of the service. Then uninstall the service with the following command:
cygrunsrv -R name
2. Stop the X11 server if it is running, and stop any Cygwin programs that might be running in the
background. Remove all mount information with the following command:
umount -A

Exit the command prompt and ensure that no Cygwin processes remain.
3. Delete the Cygwin installation directory and all its subdirectories.
v If you receive an error about an object is in use, ensure that all services are stopped and all Cygwin
programs are closed.
v If you receive a Permission Denied error, modify the permissions or ownership to your user
account on the files or folders that caused the error. To change ownership for the Cygwin folder
from Windows Explorer, right-click the Cygwin folder and click Properties. On the Security tab,
click Advanced. On the Owner tab, ensure that your account is listed as the owner. Select the
Replace owner on subcontainers and objects check box and then click OK.
4. Delete the Cygwin shortcuts on the Desktop and Start Menu.
5. If you added Cygwin to your system path, remove it.
6. If you set the CYGWIN environment variable, remove it.
7. In Windows Registry, delete the registry tree Software\Cygnus Solutions under HKEY_LOCAL_MACHINE
and HKEY_CURRENT_USER, if it exists. Normally, the only information stored in the registry is the mount
information.
8. Reboot the computer.
Installing Cygwin manually

To install Cygwin manually:
1. Log on to the Windows computer using a user account with administrator privileges.
2. Go to www.cygwin.com and install an appropriate version of Cygwin based on the Cygwin version
requirements.
3. On the Select Package panel of the Cygwin installer, clear the Hide obsolete and administrative
packages check box.
4. Select the following packages:
Table 25. Cygwin packages
Category Package
Admin
All default packages and the following additional packages:
cron
cygrunsrv (contains cygrunsrv.exe)
shutdown
Archive
cabextract
sharutils
unzip
zip
Base All default packages and the following additional packages:
bash (contains bash.exe)

gzip (contains gzip.exe)
Database All default packages
Devel
All default packages and the following additional package:
cvs
Doc
perl_manpages

Table 25. Cygwin packages (continued)
Category Package
Editors
ed
vim
Gnome All default packages
Graphics All default packages
Interpreters
The following packages:
expect (contains expect.exe)
gawk
perl
Libs All default packages
Mail All default packages
Math All default packages
Net All default packages and the following additional packages:
curl
inetutils (telnet, ftp)
openssh (contains ssh.exe)
openssl (contains ssl.exe)
ping
rsync
urlgrabber
Publishing All default packages
Shells
ash
bash (contains bash.exe)
System All default packages
Text
util-linux
Utils
ccrypt
cpio
cygutils
diffutils
file
keychain
time
Web
wget
X11 All default packages
PostInstallLast All default packages
python All default packages
5. After installation, add the Cygwin\bin directory to your Windows %PATH% environment variable. The
directory must be the first one in the %PATH% variable.

a. On the desktop, right-click My Computer and click Properties.
b. Click the Advanced tab.
c. Click Environment Variables.
d. In the System Variables section, edit the value of the Path variable. The following example shows
a Path value with the Cygwin\bin directory at the beginning. The actual contents of the variable
will depend on the configuration of your computer.
PATH=C:\Cygwin\bin;%SystemRoot%\system32
6. Ensure that permissions are set properly. Open a Cygwin console and run the following commands:
chmod +r /etc/passwd
chmod +r /etc/group
chmod 755 /var
7. Ensure that SSH is running. To set up SSH, run the command ssh-host-config -y locally on the
computer. Running it from a remote desktop can cause problems with Tivoli Provisioning Manager
installation.
8. If you modified the PATH variable, reboot the computer before you continue with Tivoli Provisioning
Manager installation to ensure that the changes take effect.
Starting and stopping

Starting and stopping the provisioning server.
See the following topics for more information about starting and stopping the provisioning server.
Starting and stopping the provisioning server on Windows

Starting the provisioning server allows you work with the web interface.
Starting the provisioning server

Before you begin
1. Ensure that the middleware applications are started. These services are started automatically after
installation or after a reboot, except for the Tivoli Directory Server database instance and
administration daemon. To start the middleware, see “Starting middleware on Windows” on page 94.
2. 2008 Select the option Run as administrator for all the commands that you run from
Use the following procedure if the provisioning server is stopped and you must restart it. After a reboot,
the provisioning server is not started automatically, so you must start it manually. By default, when you
start the provisioning server, the WebSphere Application Server profiles associated with the provisioning
server are also started.
For information about other start and stop options for the provisioning server, see the tio command in
the Reference section of the information center.
You can start the provisioning server in one of the following ways:
v From the Windows desktop
v From the command line
Important: The database server and directory server must be running before starting the provisioning
server and remain running while the provisioning server is running. The provisioning server
communicates with the database to perform most of your actions on the web interface, including
retrieving the data to be displayed, running provisioning tasks, and tracking and recording status and
activity. The provisioning server uses the directory server to authenticate users when they log on and to
validate access permissions while using the product.

Procedure
1. Log on as the tioadmin or the Administrator user.
2. Start the provisioning server.
From the Windows desktop
Double-click TPM Start.
From the command line
a. Change to %TIO_HOME%\tools.
b. Type tio.cmd start
3. When prompted, enter the WebSphere Application Server administrator user name and password.
Results
When the provisioning server is ready, the message TIO startup completed. is displayed.
If the provisioning server does not start, check the following log files for errors:
v %TIO_LOGS%\tio_start.log
v %TIO_LOGS%\tio_start_service.log
v %TIO_LOGS%\policyengine\policyengine_start.log
v %TIO_LOGS%\agentshellserver\agentshellserver_start.log
v %TIO_LOGS%\dmsresultserver\dmsresultserver_start.log
v %TIO_LOGS%\activityplan\activityplanengine_start.log
Note: If you see errors that start with [ERROR] Failed to get reports in the tio_start.log file or
Failed to connect to server in the console.log or trace.log files, these errors can be ignored and do
not indicate a problem starting the provisioning server.
If the provisioning server is not properly stopped and preventing startup, run the TPM Stop icon or the
tio.cmd stop command again to stop the provisioning server properly. When the provisioning server is
properly stopped, you can start the provisioning server.
Stopping the provisioning server

If you must make configuration changes to the provisioning server, or if you change a default
administrator password, you must stop the provisioning server.
You can stop the provisioning server in one of the following ways:
v From the Windows desktop
v From the command line
By default, when you stop the provisioning server, the WebSphere Application Server profiles associated
with the provisioning server are also stopped.
For information about other start and stop options for the provisioning server, see the tio command in
the Reference section of the information center.
Procedure
1. Log on as the tioadmin user.
2. Stop the provisioning server.
From the Windows desktop:
Double-click TPM Stop.
From the command line

a. At a command prompt, go to %TIO_HOME%\tools.
b. Type tio.cmd stop
3. If you must stop other components or middleware, you must stop them separately. See the following
information:
a. “Starting and stopping Tivoli Provisioning Manager components”
b. “Stopping middleware” on page 95
Results
Upon successful shutdown, the message TIO shutdown completed. is displayed.
If the provisioning server does not stop, check the following log files for errors
v %TIO_LOGS%\tio_stop.log
v %TIO_LOGS%\tio_stop_service.log
If the provisioning server is not properly stopped, run the TPM Stop icon or the tio.cmd stop command
again to stop the provisioning server properly.
Starting and stopping Tivoli Provisioning Manager components

Use these instructions if you need to start or stop specific Tivoli Provisioning Manager components
manually.
All WebSphere Application Server profiles are started automatically by Tivoli Provisioning Manager,
except webserver1. The webserver1 profile is started automatically with the HTTP server.
Procedure
1. Log on as an administrative user.
2. To start a component, run the appropriate commands.
Tivoli Provisioning Manager for OS Deployment
v Starts automatically after installation or after a reboot.
a. Log on as an administrative user.
b. Open a command window and run:
net start remboserver
net start remboagent
Alternatively, you can start Tivoli Provisioning Manager for OS Deployment from the Services
control panel.
Tivoli Monitoring agent
v Starts automatically after installation or after a reboot:
a. Click Start, and select Run.
b. Type services.msc, and click OK.
c. Select Monitoring Agent for Tivoli Provisioning Manager - Primary, and click Start the
service.
The agent manager
v Starts when you start Tivoli Provisioning Manager.
a. Change to the AM_HOME\bin directory.
startServer.bat

To verify the status of the agent manager, go to http://host_name:9513/AgentMgr/Info. A status
page is displayed for the agent manager with information about the agent manager version and
configuration.
3. To stop a component, run the appropriate command.
Tivoli Provisioning Manager for OS Deployment
a. Log on as an administrative user.
b. In a command window, type the following commands:
net stop remboagent
net stop remboserver
Note: You can also stop Tivoli Provisioning Manager for OS Deployment from the Services control
panel.
The agent manager
a. Change to the WAS_HOME\profiles\casprofile\bin directory.
stopServer.bat server1 -username wasadmin_username -password wasadmin_password
Starting and stopping the Tivoli Monitoring agent

Complete these steps to manually start or stop the Tivoli Monitoring agent.
Procedure
1. To start the monitoring agent:
c. Select Monitoring Agent for Tivoli Provisioning Manager - Primary, and click Start the service.
2. To stop the monitoring agent:
c. Select Monitoring Agent for Tivoli Provisioning Manager - Primary, and click Stop the service.
Verifying components
Verify that you can access the main interface and that main components are running.
Procedure
1. Start Tivoli Provisioning Manager:
v “Starting and stopping the provisioning server on Windows” on page 211
2. Verify the installation of the device manager service:
a. In a supported web browser, type the following URL:
https://host_name:9045/dmserver/TraceServlet?trace=set
If you see the word SUCCESS!, the device manager service is successfully installed.
b. Check the log file WAS_HOME/profiles/ctgAppSrv01/logs/MXServer/DMSMsg1.log for any additional
information.
3. Verify that you can log on to the dynamic content delivery management center:
a. In a supported web browser, type the following URL:
https://host_name:9045/admin
b. Log on with the Tivoli Provisioning Manager administrator user name and password that you
specified during core components installation. The default user is maxadmin.

If you can log on successfully, the dynamic content delivery management center was installed
successfully.
4. Verify the status of the agent manager. In a supported web browser, type the following URL:
https://host_name:9511/AgentMgr/Info
Information about the agent manager version and configuration is displayed.

5. If you installed Tivoli Provisioning Manager for OS Deployment, verify the installation:
a. In a supported web browser, type: https://host_name:9443/maximo
b. Click Go To > Deployment > OS Management > Boot Servers.
c. In the list of boot servers, verify that a computer with the Tivoli Provisioning Manager host name
is in the list. This is the parent boot server.
d. Click the Configuration tab to view information about the boot server.
6. Verify that you can log on to the WebSphere administrator console. In a supported web browser, type
the following URL:
https://host_name:9043/ibm/console
Log on with the WebSphere administrator user name and password. The default user name is
wasadmin.
7. If you configured compliance with Federal Information Processing Standard (FIPS) 140-2 during
installation, verify that FIPS compliance is enabled.
a. Click Go To > Administration > Provisioning > Provisioning Global Settings.
b. Click the FIPS tab.
c. Check the value of the variable called FIPS. If the check box is selected, FIPS compliance is
enabled. If the check box is cleared, FIPS compliance is disabled.
Signing on to the provisioning server

For security reasons, you must sign on to the provisioning server.
Before you begin
The following web browsers are supported:

v Microsoft Internet Explorer version 6.0 or 7.0 with the latest patch.
v Mozilla Firefox 3.0 and higher.
To verify the Mozilla Firefox version, run:
firefox -version
Ensure that the command returns no errors before starting the installation.
Make sure that the following requirements are met:

v The provisioning server is running.
v You know the fully qualified domain name of the provisioning server. For example,
hostname.domain.com.
v You know your user name and password for the provisioning server.
v Do not use the maxadmin user to perform provisioning tasks. Before starting to use Tivoli Provisioning
Manager, the maxadmin user must set up security roles and users for your organization. Specific roles
can be assigned to perform different provisioning tasks. For more information, see the Controlling user
access topics in the Provisioning User Guide.
v You have read the Controlling user access topics in the Tivoli Provisioning Manager information center
to understand how security is implemented in Tivoli Provisioning Manager.

Table 26. Users and groups
User Groups
wasadmin
maxadmin (maxadminusr for MS Active Directory) maxadmin
mxintadm maxadmin
maxreg
The following example command lists users in a standard Tivoli Directory Server installation:
ldapsearch -D cn=root -w <password> -s sub -b "o=ibm,c=us" objectclass=person
The following example command lists all members of the maxadmin group:
ldapsearch -D cn=root -w <password> -s base -b "cn=maxadmin,ou=groups,ou=swg,o=ibm,c=us" objectclass=* ibm-allmembers
You can also use an LDAP browser tool to help you to obtain user and group information from your
directory server.
For the users maxadmin, maxadminusr, and mxintadm, the password for each user ID is the same as the User
Name (for example, maxadmin is both the user name and the default password). For the wasadmin user, the
password is the one that you specified during installation.
Note: User names and passwords are case sensitive. The default user names and passwords are
lowercase.
To sign on to the provisioning server:
Procedure
1. Start the web browser and type https://host_name:port/maximo, where host_name is the fully
qualified domain name of the provisioning server. This value is case-sensitive. The default port
number is 9443.
2. In the Log On window, type your User ID and Password and click Log On.
Results
You are now signed on to the provisioning server, which displays the Start Center.
If you have problems logging on, verify the following:

v Your system meets the logon prerequisites.
v Your user name and password are correct.
v In Internet Explorer, check the security settings in the browser.
1. Click Tools > Internet Options.
2. Click the Security tab.
3. If you are using customized settings for any of the web content zones, click Default Level to use
the default security level and then try to log on again.
Signing off the provisioning server

To prevent unauthorized access to the web interface, log off the provisioning server after you have
completed your tasks. By default, you are automatically logged off after 30 minutes of inactivity.

Procedure
Click Sign Out to sign out of the web interface.
Results
You are now signed out of the web interface.
What to do next
You must completely close all tabs and exit the browser after logging off the web interface to completely
end the session. If you do not exit the browser after logging off, another user can open a new tab and
access the web interface without logging on.
Working with users

To create multiple users, define group privileges and add them to the database.
See the following topics for more information about working with users.
Creating multiple users with maxadmin privileges

To create multiple maxadmin users, define group privileges and add them to the database.
Procedure
1. Create the following required users and groups in the directory:
v The MAXIMOUSERS group with the maxadmin, maxreg, and mxintadm users.
v The MAXADMIN group with the maxadmin and mxintadm users.
2. Set the following environment variable:
set skipwasvalidation=yes
3. Set up a silent installation response file with the following lines:
RUN_CONFIG_YES=0
RUN_CONFIG_NO=1
and ensure that the health check is turned off.

4. After the installation is completed, update the c:\ibm\smp\etc\install.properties file with the
following properties:
mxe.adminloginid=<maxadmin>
mxe.adminuserid=<maxadmin>
mxe.adminPasswd=<maxadmin pwd>
mxe.reguser=<maxreg>
mxe.int.dfltuser=<mxintegration>
5. In the c:\ibm\smp\scripts directory, run the following command:
taskRunner CONTINUE STOPONERROR
6. Run the following SQL commands:
v 2000
DB2 Connect to the database. Open a DB2 command window and run the following
command:
connect to maxdb71 user dbusername using dbpassword
where dbusername and dbpassword are the runtime user name and password used to connect to the
database.
Run the following code:

insert into maxuser \
( userid, personid, status, type, defsite, querywithsite, defstoreroom,
storeroomsite, \
pwhintquestion, pwhintanswer,forceexpiration, pwexpiration, failedlogins,
databaseuserid, \
password,loginid, maxuserid, memo, sysuser, inactivesites,screenreader,
rowstamp) values \
(’NEWMAXADM’, ’NEWMAXADM’, ’ACTIVE’, ’TYPE 1’, null,1, null, null, \
null, null,0, null, 0, null, \
cast(’ABC’ as varchar(128) for bit data),’newmaxadm’, NEXTVAL FOR
MAXUSERSEQ, null, 1, 1, 0, NEXTVAL FOR MAXSEQ)

storeroomsite, \
databaseuserid, \
rowstamp) values \
(’NEWMAXREG’, ’NEWMAXREG’, ’ACTIVE’, ’TYPE 1’, null,1, null, null, \
cast(’ABC’ as varchar(128) for bit data),’newmaxreg’, NEXTVAL FOR MAXUSERSEQ,
null, 1, 1, 0, NEXTVAL FOR MAXSEQ)

storeroomsite, \
databaseuserid, \
rowstamp) values \
(’NEWMXINTADM’, ’NEWMXINTADM’, ’ACTIVE’, ’TYPE 1’, null,1, null, null, \
cast(’ABC’ as varchar(128) for bit data),’newmxintadm’, NEXTVAL FOR MAXUSERSEQ,
null, 1, 1, 0, NEXTVAL FOR MAXSEQ)
insert into groupuser (groupuserid,userid,groupname,rowstamp) \
values \
(NEXTVAL FOR GROUPUSERSEQ,’NEWMAXADM’,’TPADMIN’,NEXTVAL for MAXSEQ)

values \
(NEXTVAL FOR GROUPUSERSEQ,’NEWMAXADM’,’TPCOMPLIANCEANALYST’,NEXTVAL for MAXSEQ)

values \
(NEXTVAL FOR GROUPUSERSEQ,’NEWMAXADM’,’TPCONFIGURATIONLIBRARIAN’,NEXTVAL for MAXSEQ)

values \
(NEXTVAL FOR GROUPUSERSEQ,’NEWMAXADM’,’TPDEPLOYMENTSPECIALIST’,NEXTVAL for MAXSEQ)

values \
(NEXTVAL FOR GROUPUSERSEQ,’NEWMAXADM’,’TPDEVELOPER’,NEXTVAL for MAXSEQ)
NEWMAXADM
The value for MAXADMIN
NEWMXINTADM
The value for MXINTADM
NEWMAXREG
The value for MAXREG
7. Continue with the installation process.

Changing user passwords
User passwords cannot be changed in the web interface. Tivoli Directory Server provides a Web
Administration Tool so that users can change their password.
The Web Administration Tool is not installed by default. See the documentation for details on how to
install the Web Administration Tool: http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/
index.jsp?topic=/com.ibm.IBMDS.doc/install27.htm.
After the Web Administration Tool is installed, users can update their password:
Procedure
1. Start the Web Administration Tool using the following command:
v <install_path>\idstools\bin\startWebadminApp.bat
where install_path is the directory where you installed Tivoli Directory Server. For detailed
instructions, see the topic called Starting the Web application server to use the Web Administration
Tool: http://publib.boulder.ibm.com/infocenter/tivihelp/v2r1/index.jsp?topic=/com.ibm.IBMDS.doc/
install18.htm.
2. Launch the tool using the following web address:
http://<hostname>:12100/IDSWebApp/IDSjsp/Login.jsp
where hostname is the host name of the Tivoli Directory Server.

3. Log on to the tool with your user name.
4. Click User properties > Change password.
If users receive the following error when they try to change their password, they do not have
permission to update their own password:
GLPWCO025W
The password cannot be changed. The user does not have
the authority to modify the password.
The LDAP administrator can update the permissions by running the following command:
ldapmodify -D <adminDN> -w <AdminPwd> -i <modifyACL.ldif>
For example:
ldapmodify -D cn=root -w password -i modifyACL.ldif
where the modifyACL.ldif file contains the following information, for example:
dn: cn=tioappadmin,dc=ibm,dc=com
changetype: modify
add: aclentry
aclentry: access-id:cn=this:at.userpassword:rwsc
Replace cn=tioappadmin,dc=ibm,dc=com with your user dn.

After the command is run, users have the correct permissions to update their own passwords.
Using the Tivoli Monitoring agent

The monitoring agent for Tivoli Provisioning Manager enables you to monitor Tivoli Provisioning
Manager and to perform basic operations with Tivoli Provisioning Manager.
The monitoring agent can identify, notify you of, and correct common problems with the application that
it monitors. The software includes the following features:
v Monitoring
v Data gathering

v Event management
The monitoring agent for Tivoli Provisioning Manager can provide the following functions:
Availability Monitoring
Provides information about the provisioning server and the components that are dependent on
Tivoli Provisioning Manager.
Task Monitoring
Collects information about tasks that were executed in the last few days and tasks that are
scheduled for today.
Before you use the monitoring agent for Tivoli Provisioning Manager, you must install the monitoring
agent support on the Tivoli Enterprise Monitoring Server, Tivoli Enterprise Portal Server, and Tivoli
Enterprise Portal desktop client. For information about these tasks, see the topic Installing and enabling
application support in the IBM Tivoli Monitoring Version 6.2.2 information center.
What to do next
v For information about manual installation of the monitoring agent, see Manually installing the
monitoring agent for Tivoli Provisioning Manager in the Tivoli Provisioning Manager wiki.
v If you are working in a Windows environment, continue with a regular upgrade of the monitoring
agent.
v For more information on upgrading the Tivoli Monitoring agent, see the topics Deploying monitoring
agents across your environment and Updating agents in the IBM Tivoli Monitoring Version 6.2.2
information center .
v For information about using the monitoring agent, see Monitoring agent for Tivoli Provisioning
Manager User Guide.
Changing the host name for the provisioning server

When the host name and IP address need to be changed for theTivoli Provisioning Manager server, a few
updates must be performed on the database, related components, and configurations. This process is not
always recoverable, it is highly recommended that you create a backup image of the server before
running the host name rename feature.
To rename the host, log on to the provisioning server and follow the instructions in sequence. If any
issues occur, try to resolve the error and continue from the current step. Script execution tracks where it
failed and skips any steps which had been previously performed.
Note: If the database or directory server is remote, which means it is on another system other than the
Tivoli Provisioning Manager server:
v Changing the host name for the remote database system is not covered by this feature.
v Changing the LDAP server system using a different host name is not covered by this feature.
High Availability and Disaster Recovery Considerations
A common reason to perform a host name and IP change is in preparation for a High Availability and
Disaster Recovery (HADR) configuration. The Tivoli Provisioning Manager HADR solution is based on
the usage of a Service IP, and the host name change solution may be used to establish the Service IP. For
example:
1. Determine the Service IP address for the provisioning server HADR cluster.
2. Perform the host change scenario described herein using the Service IP.
3. Proceed with the HADR configuration.

For an existing HADR configuration, the host change scenario has not been validated. While in theory the
solution is general purpose, general HADR considerations such as ensuring that the operational state of
the resource group is offline, would have to be considered. Given the installation-specific nature of many
HADR solutions, it is recommended to contact Tivoli Provisioning Manager support if a host name
change is required for an active provisioning server cluster.
For more information about HADR, see High availability disaster recovery
Required passwords
Host name rename requires the input of passwords on some components.
Changing the host name is completed using a series of steps which includes execution of two scripts
which modify the application configurations.
Table 27. Required passwords for changing the host name on the new provisioning server
Component Password
DB2 The password for the database instance or the database
runtime user.
Agent Manager The password for the resource manager user name. This
is the user name to connect to the agent manager.
Resource Manager SSL The default password for the resource manager is
CDSRMPASS.
WebSphere Application Server The password for the WebSphere Application Server
administrator.
Adding the parameter values to the property file

When changing the host name, you run two scripts. Complete the property file with all the parameter
values that the scripts use when changing the host name.
There is one property file that manages all the parameters required for the scripts to back up the old
provisioning server to change the host name to the new provisioning server. Edit the property file and
add all the values for the parameters. When you run the scripts, the parameter values are pulled from
this file.
These parameters are used for the scripts that are run on the new provisioning server:
v tpmChangeDBHost
v tpmChangeOtherHost
Requirements for the property files:

v All parameters that specify a value in brackets ([]) are example values and must be reviewed. If the
example value is correct, delete the brackets. If the example value is not correct, delete the example
value and the brackets and type the correct value. The script checks that all brackets are removed for
required parameters.
Procedure
1. Open the property file.
v TIO_HOME/tools/rename_host/script_win.properties
2. Add the parameter values to change the other host names (the values are case-sensitive):

v dbIsRemote
v dbInstanceName
v dbPort
v dbHome
v dbOSUser
v wasUser
v wasCellName
v fqNewHostName
v fqOldHostName
v tpmfosdDataDir
v TrustedCertificateQuery.Host
v CatalogueService.Host
v httpServerHome
v AgentManagerQuery.Host
v AgentQuery.Host
v amPort
v CertManagement.Host
v Registration.Server.Host
v amUser
v dmgrSoapPort
v ldapType
See “Parameters for the host name rename feature” on page 226 for a list of parameters and their
default values, or example values, and descriptions.
3. Remove any database-specific parameters that do not apply to your provisioning environment. For
example, if you use DB2 database, remove any parameters that are specific to Oracle database.
4. Review the list of parameters and values to ensure that they are correct.
5. Save the property file.
What to do next
When you are satisfied that the parameter values are correct, proceed to “Assigning the new host name
to the provisioning server.”
Assigning the new host name to the provisioning server

To change the host name of Tivoli Provisioning Manager, some manual steps are required after assigning
the new host name.
Before you begin

1. Ensure that the following middleware is running:
v Database server.
v WebSphere Application Server.
v LDAP server.
For details on how to start these systems, see:
2. Ensure the fully qualified host name for the provisioning server defined in the data model contains all
lowercase characters before performing the host name change operation:
a. From the Start Center, click Go To > Deployment > Provisioning Computers.

b. Search for the provisioning server and check if the host name is defined all lowercase characters.
c. Search for the file repository using the provisioning server host name. Ensure that the name is
defined in all lowercase characters. Click Go To > IT Infrastructure > Provisioning Inventory >
File Repositories.
d. Ensure that there are all lowercase characters for the provisioning server host name in
TIO_HOME\xml\tpmfosdbootserver.xml file.
This procedure changes the host name for the server and updates most of the Tivoli Provisioning
Manager database configurations.
Procedure
1. Log on to the new provisioning server.
v Log on to the new provisioning server as administrator.
2. Change the new host name and new IP address of the provisioning server. Follow the naming
convention used by the original host name that you are changing. For example, if the host name is a
fully qualified host name, use a fully qualified host name for the new name. It is recommended that
the user use only lowercase characters.
To change the host name:
a. On the desktop, right-click My Computer and select Properties.
b. From the Computer Name tab, click Change.
c. In the Computer name field, enter the host name of the old provisioning server.
d. Click OK to save your changes.
To change the IP address:
a. Navigate to Control Panel > Network Connections and double-click the local area network
connection that you are using.
b. In the list, select Internet Protocol (TCP/IP) and click Properties.
c. In the IP address field, enter the IP address of the old provisioning server.
d. Save your changes.
3. Reboot the provisioning server. If Tivoli Provisioning Manager is setup to run automatically, it may
fail now because the host name has been changed after the system has restarted. To stop the
provisioning server:
v TIO_HOME\tools\tio stop
4. Validate the host name and IP address of the provisioning server.
a. Host name: At the command prompt, type hostname. The new host name of the new provisioning
server is returned.
b. IP address: At the command prompt, type ping <hostname>, where <hostname> is the host name of
the new provisioning server. The new IP address of the new provisioning server is returned.
5. Stop any WebSphere Application Server Java processes that are running.
v Use the Task Manager to stop the running processes.
6. Open a command window, or command shell, and run the following script from the
TIO_HOME/tools/rename_host/ directory:
v tmpChangeDBHost.cmd
When the script runs, you are prompted for the database administrator user or database instance user
password.

7. 2000
DB2 If your database is remote, restart the database after running the tpmChangeDBHost
command.
8. To validate that the change was successful, go to TIO_LOGS/rename_host and open the
tpmChangeDBHost_status.log. The log lists the status of each step that was completed. All steps are
marked as DONE.
9. Reboot the provisioning server.
Results
When the script runs, it updates the host name of the provisioning server in the following areas:
v The MAXPROPVALUE table
v 2000
DB2 Local database server only: The DB2 registry, the MAXPROPVALUE table and relevant database
configuration parameters.
If you encounter any issues when the changing the host name script runs, view the potential problems
and log files so that you can resolve the issue and continue.
v “Return codes” on page 227
What to do next
Proceed to “Updating the database server host name from the administrative workstation.”
Updating the database server host name from the administrative

workstation
Change the host name and the IP address for the database server.
On the administrative workstation, update the base services maximo.properties file to change the IP or
host name for the database server, or to update the password.
Procedure
1. Log on to the administrative workstation and navigate to MAXIMO_HOME/etc. Edit the
install.properties file by replacing the OldHostname with the NewHostname and save your
changes.
Note: If you have a remote database server, proceed to “Updating the remaining host names” on
page 225.
2. Navigate to MAXIMO_HOME\maximo\applications\maximo\properties and back up the
maximo.properties file using a binary editor. Do not touch the binary part of the file. Use caution and
do not edit the last line or any lines containing symbol characters. After backing up the file, edit the
maximo.properties file by replacing the OldHostname with the NewHostname and save your
changes. If necessary, update the password for the user to access the database.
3. If the following line exists in the maximo.properties file, delete the line:
mxe.crontask.donotrun=ALL
4. Log on to the provisioning server as tioadmin.
5. Navigate to TIO_HOME\lwi\runtime\tpm\eclipse\plugins\tpm_pmp\properties and back up the
existing maximo.properties file.
6. Use binary mode to copy the maximo.properties file that you created on the administrative
workstation to the TIO_HOME\lwi\runtime\tpm\eclipse\plugins\tpm_pmp\properties directory on
the new provisioning server. Replace the existing maximo.properties file.
Note: After the maximo.properties file is copied from a Windows administration workstation to a
non-windows provisioning server, you may see leading and trailing control characters in the file.

Before you continue, remove these characters using a file-conversion utility like dos2unix. If Maximo
fails to start later on, restore the back-up file and redo the changes.
What to do next
Proceed to “Updating the remaining host names.”
Updating the remaining host names

Use the script to update the host names for the directory server, WebSphere Application Server, the
software distribution infrastructure, and Tivoli Provisioning Manager for OS Deployment.
Before you begin
Ensure that the following middleware is running before you continue:

v The LDAP server and the administrative daemon.
v The database server.
For details on how to start your LDAP server, the administrative daemon, and the database server, see
v “Starting the provisioning server on Windows” on page 133
Procedure
1. Open a command window and run the following script from the TIO_HOME/tools/rename_host/
directory:
v tpmChangeOtherHost.cmd
Note: This process can take some time. If the process times out while running the script, relaunch the
script, it picks up from where it left off.
You are prompted for some of the following passwords:
Table 28. Component passwords
Component Password
WebSphere Application Server The password for theWebSphere Application Server
administrator.
DB2 The password for the database instance user.
Agent Manager The password for the resource manager user name for
the Agent Manager.
Resource Manager SSL The default password is CDSRMPASS.
2. To validate that the changes were successful, navigate to TIO_LOGS/rename_host and open the
tpmChangeOtherHost_status.log. The log lists the status of each step that was completed. All steps
must be marked as DONE. You can also check the following files to see the updated information:
a. Open the TIO_HOME/config/endpoint.properties file to see the host name of the provisioning
server.
b. Open the TIO_HOME/config/dcm.xml file. The web address in the <URL> tag must point to the
database host name.
3. Navigate to TIO_HOME\lwi\runtime\tpm\eclipse\plugins\tpm_pmp\properties and ensure the
following lines exist in the maximo.properties file with the correct values:

mxe.crontask.donotrun=ALL
mxe.report.birt.disablequeuemanager=1
mxe.rmi.enabled=0
4. Reconfigure Cygwin so that the Cygwin login function works correctly after the host name change:
a. Log on as administrator on the provisioning server.
b. At a Cygwin prompt, back up and then delete the files in the /etc/passwd and /etc/group
directories.
c. Run the following commands:
mkpasswd -l > /etc/passwd
mkgroup -l > /etc/group
/usr/bin/ssh-host-config
5. Restart the IBM Tivoli Provisioning Manager server.
Results
When you run the host name script, the following tasks are completed:
1. Updates the host name in the user-factory.xml file if the directory server is located on the same
computer as the new provisioning server.
2. Updates the host name for WebSphere Application Server ND.
3. Updates the host name for the scalable distribution infrastructure.
4. Updates the Tivoli Provisioning Manager for OS Deployment host name.
5. Updates the dcm.xml file for database configuration if database reference points to local hostname.
6. Changes the host name in the tivoli.send.conf and tivoli.receive.conf files.
If you encounter any issues when the script runs, view the potential problems and log files so that you
can resolve the issue and continue.
What to do next
Proceed to “Return codes” on page 227.
Parameters for the host name rename feature

Various parameters are required for each of the scripts that are used in changing the host name. A
complete list of the parameters, descriptions, and example values are provided here.
Table 29. Parameters for scripts for Windows and UNIX computers. Add the values to the parameters in the
script_win.properties and script_unix.properties files
Parameter name Parameter description Default/Example value
AgentManagerQuery.Host The fully qualified host name for the agent exampleNewHost.ibm.com
manager query service. This value is
case-sensitive.
AgentQuery.Host The fully qualified host name for the agent exampleNewHost.ibm.com
manager query service. This value is
case-sensitive.
amPort The agent manager public registration port. 9511
amUser The agent manager resource manager user tpmManager
name.
The IBM Tivoli Provisioning Manager new

installer creates the user name, tpmManager.
Unless you have changed this user name after
the installation, use the default.
CatalogueService.Host The fully qualified host name for the catalog exampleNewHost.ibm.com
service. This value is case-sensitive.
cdsHome Dynamic content delivery installation directory. v C:\Program Files\ibm\Tivoli\CDS\

Table 29. Parameters for scripts for Windows and UNIX computers (continued). Add the values to the parameters in
the script_win.properties and script_unix.properties files
Parameter name Parameter description Default/Example value
CertManagement.Host The fully qualified host name for the agent exampleNewHost.ibm.com
manager certification manager. This value is
case-sensitive.
dbInstanceName ctginst1
v 2000
DB2 The database instance name
dbIsRemote Indicate the location of the database server.
v 2000
DB2 ctginst1
v Specify no if the database server is local; on
the same computer as the provisioning server.
v Specify yes if the database server is remote;
on a separate computer than the provisioning
server.
This value must be specified.

dbHome The local database directory, or the database C:\Program Files\ibm\SQLLIB
client directory if the database is remote.
dbPort The database host port.
v 2000
DB2 50005
If you have configured DB2 with a different
port, change the value to the correct port v Oracle
2000 1521
number.
dmgrSoapPort The deployment manager SOAP port. 8879
fqNewHostName The new fully qualified host name for the IBM examplenewhost.ibm.com
Tivoli Provisioning Manager. This value is
case-sensitive, and must contain only lowercase
characters.
fqOldHostName The old fully qualified host name for the IBM exampleOldHost.ibm.com
Tivoli Provisioning Manager. This value is NOT
case-sensitive.
httpServerHome The HTTP server home directory. v C:\Program Files\IBM\HTTPServer
ldapType The specified LDAP type that is in use. v ITDS
v MSAD
v MAXIMO
Registration.Server.Host The fully qualified host name for the agent exampleNewHost.ibm.com
manager registration server. This value is
case-sensitive.
tpmfosdDataDir The directory where the Tivoli Provisioning v C:\tpmfosd files
Manager for OS Deployment configuration, logs,
and image files are located.
If you do not have this installed, you can

remove the parameter.
TrustedCertificateQuery.Host The fully qualified host name for the agent exampleNewHost.ibm.com
manager trusted certificate query service. This
value is case-sensitive.
wasCellName The WebSphere Application Server cell name. ctgCell01
wasUser WebSphere Application Server administrator wasadmin
user.
Return codes
Review the list of return codes for information about how to resolve any problems during the host name
change.
Table 30. List of return codes
Code Description
12005 Reorganizing the dynamic content delivery database failed.
16000 A generic error occurred in the hostname rename process. See the step
details to resolve the issue.

Table 30. List of return codes (continued)
Code Description
16001 No script name has been provided for tracking. Ensure that all the
"TrackBatch" calls in the '%LaunchTitle%'includes a script name and try
again.
16002 The '%LaunchTitle%' must be run as the '%runasuser%' user. Log out and log
in as '%runasuser%' and run the script again.
16003 The TIO_HOME environment must be defined. See the information center for
details.
16004 The user must belong to the '%TIOADMIN_GRP%' group to do the
installation. Assign the user to the group and try again.
16005 Cannot find the '%SETUPCMD%' file. The Tivoli Provisioning Manager
environment might be corrupted. See the information center for details.
16006 Unable to find the product version for Tivoli Provisioning Manager in the
'%TIO_HOME%/config/build-version.properties' file. See the information
center for details.
16007 Unable to determine the product version of Tivoli Provisioning Manager.
See the information center for details.
16009 The TIO_LOGS environment is not defined so the process logs will be stored
in the %TMP% directory. Run the script as the tioadmin user and try again.
16011 Option "%~1" is not valid. Check the usage syntax and try again.
16012 Option "%~1" is missing a value. Check the usage syntax and try again.
16013 The '%DEST_DIR%' directory cannot be created because of the
%ERRLEVEL% code. Fix the error and try again.
16015 The host name rename process cannot be performed on the current version
'%VERSION%'. The required version is '%FEATURE_VERSION%'.
16017 The host name rename process is not supported for this Linux architecture,
16018 The host name rename process is not supported for this operating system.
16019 The '%SETUPCMD%' script cannot be run. Use the 'chmod +x' command to
execute this script.
16021 The TERM variable is not properly set. Set it to 'ansi', 'xterm' or 'vt100'.
16022 The '%TIO_LOG%' value of the TIO_LOG variable must be defined as a valid
directory. See the information center for details.
16025 There is an unsupported database type '%DB_TYPE%'. The 'type' value
under the TIO_HOME/config/dcm.xml file must be set to 'db2jcc' or 'ORACLE'.
16027 The user name for the database cannot be determined. Check the
’username’ value under the TIO_HOME/config/dcm.xml file.
16028 The database name cannot be determined. Check the 'name' value under the
TIO_HOME/config/dcm.xml file.
16036 A file compression utility is either not installed or the compression
executable path is not included in PATH variable, put the file compression
utility in the PATH variable.
16040 Reserved error for internal messages about invalid script tracking. Check the
code syntax if this error is reported.
16045 The '%DEST_DIR%' directory cannot be located. Check the directory path.
16046 Changing the DB2 host name failed.
16047 Changing the Oracle Database host name failed.

Code Description
16048 Updating the database Maximo properties failed.
16049 Changing the WebSphere Application Server host name failed.
16050 Updating the Agent Manager host name failed.
16051 Changing the Tivoli Provisioning Manager for OS Deployment host name
failed.
16052 Restarting Tivoli Provisioning Manager for OS Deployment failed.
16053 A user has selected to exit the current process to change the input
parameters.
16054 Failed to find the file with the DB2 configuration file path.
16055 '%EXPECTING%' options include bracketed default values. They must be
replaced with actual values without brackets in the '%PropertyFile%' file.
16057 Failed to update endpoint.properties.
16058 Failed to update the user-factory.xml file.
16059 Failed to update the tpm-cds-authentication.properties file.
16060 Failed to update the config.csv file.
16061 Failed to update the dcm.xml file.
16062 Failed to open the target file.
16063 Failed to open the temporary file.
16064 The script input arguments are missing or invalid.
16065 Failed to update tec-event-customer-info.xml file.
16066 Failed to update tivoli.send.conf file.
16067 Failed to update tivoli.receive.conf file.
16068 Failed to register the dynamic content delivery service.
16069 The default compressed file utility cannot be located in the Tivoli
Provisioning Manager installation. Set the zipBackupFiles file to false in
the '%PropertyFile%' file, run the script again and then perform a manual
compressed file on the backup files.

Code Description
16077 Failed to import tpmfosdbootserver.xml to create the Tivoli Provisioning
Manager for OS Deployment boot server object.
This error occurs when the script tpmChangeOtherHost.cmd or fails to

create the parent OS deployment server on the provisioning server using the
data in tpmfosdbootserver.xml.
The source of the failure might be:

v Problems with database connectivity
v Incorrect data in the database
v An invalid tpmfosdbootserver.xml file
To resolve the error:

1. Verify that the ctginst1 database is started.
2. Verify that the name of the Tivoli Provisioning Manager server object in
the data model is either the short host name or fully qualified domain
name of the provisioning server. This value is case-sensitive.
3. In tpmfosdbootserver.xml, verify that the host-server attribute is either
the short host name or fully qualified domain name of the provisioning
server. This value is case-sensitive.
4. When you have performed all the previous steps, run
tpmChangeOtherHost.cmd or to continue with the migration.
16078 Unable to find the fully qualified new Tivoli Provisioning Manager host
name from the TIO_HOME/lwi/runtime/tpm/eclipse/plugins/tpm_pmp/
properties/maximo.properties file. The host name checking failed.
16079 Unable to find the fully qualified Tivoli Provisioning Manager old host
name from the TIO_HOME/xml/tpmserver.xml file. The host name checking
failed.
16086 The host name value returned by the 'hostname' command is different than
the new Tivoli Provisioning Manager fully qualified host name. Check the
values and ensure that they match.
16087 Failed to update the information center host name.
23003 Failed to create %NEW_DB_NAME% database [DB2 Return
Code=%RETURNCODE%][Error Description=%RETURN_MSG%]. Correct the issue
and run the script again.
23004 Failed to connect to database. Ensure that the user name and password are
valid and run the script again.
23005 Failed to restore %TC_DB% database [DB2 Return Code=%RETURNCODE
%][Error Description=%RETURN_MSG%]. Correct the issue and run the script
again.
23006 Failed to copy the database schema. Ensure there is enough disk space and
correct any issues reported.
23007 Failed to drop the original database schema. Correct any reported issues
and run the script again.
23008 Failed to drop the database temporary table. Ensure that no other database
clients are accessing the database and run the script again.
23009 Failed to drop the database temporary function. Ensure that no other
database clients are accessing the database and run the script again.
23010 Failed to drop the database temporary stored procedure. Ensure that no
other database clients are accessing the database and run the script again.

Code Description
23011 Failed to drop the database temporary schema. Ensure that no other
database clients are accessing the database and run the script again.
23013 Failed to install the database schema renaming stored procedures. Check the
tmp_ prefixed.log files in the tmp or temp directory for error messages.
23014 Failed to back up the %TC_DB% database. Check the reported issues and
run the script again.
23015 REGEDIT failed to export DB2 registry to the file.
23016 Failed to open exported registry file.
23017 Failed to open the file for registry import.
23018 REGEDIT failed to import the DB2 registry from the file.
23019 The script input arguments are missed or they are not valid. Check for the
validity of all input parameters. If the problem persists, contact IBM
Support.
23020 Failed to get the property value from the database MAXPROPVALUE table.
Validate the database user in the TIO_HOME/config/dcm.xml file and run the
script again.
23021 Failed to update the property value in the database MAXPROPVALUE table.
Contact IBM Support.
23022 Failed to update the database configuration. Contact IBM Support.
23023 Failed to set the database parameter. Verify and correct the database system
configuration and run the script again.
23024 Failed to alter the database buffer pool. Verify and correct the database
system configuration and run the script again.
23025 Failed to extract and save the path to the database configuration files.
Ensure that there is enough disk space and correct any reported issues.
23026 Failed to stop the Database Administrator Server. Verify and correct the state
of the database and run the script again.
23027 Failed to start the Database Administrator Server. Verify and correct the
state of the database and run the script again.
23028 Failed to start the database manager. Verify and correct the state of the
database and run the script again.
23029 Failed to update database admin configuration. Verify and correct the
database issue reported and run the script again.
23030 Failed to get the database admin configuration. Verify and correct the
database issue reported and run the script again.
23031 Failed to process the CDB schema during the database restore. Contact IBM
Support.
23032 The table aliases in the CDB schema do not match with the expected list.
Contact IBM Support.
WebSphere Application Server tasks

See the following topics for more information about WebSphere Application Server.

Verifying the installation of WebSphere Application Server
Use the First Steps tool to verify the installation of WebSphere Application Server.
Procedure
To verify the installation of WebSphere Application Server, use the First Steps tool. This tool is located in
the app_server_root/firststeps directory. Run the appropriate file for your operating system:
v firststeps.bat
Compliance with Federal Information Processing Standard 140-2

A Federal Information Processing Standard (FIPS) is a standard issued by the United States National
Institute of Standards and Technology (NIST) for federal government computer systems. Standard 140-2
specifies requirements for cryptography modules.
FIPS 140-2 compliance is only available for new installations of Tivoli Provisioning Manager. For more
information about these standards, see the National Institute of Standards and Technology.
Tivoli Provisioning Manager support for FIPS 140-2 includes:

Centralized cryptographic module using FIPS 140-2 compliant providers
For FIPS 140-2 compliance, the Java virtual machine is configured to use compliant providers.
WebSphere Application Server integrates cryptographic modules including Java Secure Socket
Extension (JSSE) and Java Cryptography Extension (JCE). These modules are validated for FIPS
140-2 compliance. You can view the validation information on the NIST Web site.
FIPS 140-2 cryptographic services for credentials in a service access point.
The deployment engine runs provisioning workflows against managed computers using a
combination of protocols and credentials. Credentials are encrypted using FIPS-compliant
algorithms.
The following protocols are supported:
v File Transfer Protocol (FTP) and Telnet
v ICMP, for the ping command
v SCP, for secure remote transfer of a file from one computer to another using the SSH protocol
v SSH, for secure remote access
v SNMP, for queries and configurations. If the SNMP protocol is used, credentials for the service
access point are required for snmp-set and snmp-get operations.
Services are provided by the operating system or additional utilities and software applications.
FIPS-compliant connections to UNIX computers that do not have the common agent.
For running commands locally on managed computers, the following services are used for
connections:
v RXA, which uses SMB and SSH protocols. SMB uses the NT LAN Manager authentication
protocol which is not FIPS-compliant.
v SSH, SCP, and Telnet using scriptlets. When FIPS 140-2 compliance is enabled, these services
must be run in FIPS mode, using a version of the cryptographic library that has been FIPS
140-2 certified. OpenSSH is not FIPS 140-2 compliant, so an alternative FIPS-compliant SSH
product must be used.
FIPS-compliant SSL for the Common Agent Services
If FIPS 140-2 compliance is enabled, the agent manager and the common agent are configured to
use FIPS certified Java providers. Use of compliant signature and encryption algorithms is also
configured. The agent manager and common agent configuration provides:
v FIPS-compliant SSL from agent shell server in the deployment engine to the common agent.

v FIPS-compliant SSL from the common agent to the agent manager, job management service
federator, and dynamic content delivery service management center.
Limitations
Due to limitations of some software components used by Tivoli Provisioning Manager, the following
limitations apply in a FIPS-enabled environment:
For Windows computers that do not have the common agent:

v SMB connections provided by RXA are not FIPS-compliant. The SMB protocol is used for discovery
operations on Windows computers and is available in a FIPS-enabled environment.
v The OpenSSH package included with Cygwin is not FIPS compliant. To make an SSH connection
compliant, you must install a FIPS-compliant SSH product. For more information, see the white paper
Tivoli Provisioning Manager: FIPS 140-2 Enablement in the Integrated Service Management Library at
http://www-01.ibm.com/software/brandcatalog/ismlibrary/details?catalog.label=1TW101084.
The following product components are not FIPS-compliant:

v Tivoli Provisioning Manager for OS Deployment. Integration with Tivoli Provisioning Manager for OS
Deployment is not supported when FIPS compliance is enabled in Tivoli Provisioning Manager. The
Tivoli Provisioning Manager for OS Deployment interface is not accessible when FIPS compliance is
enabled.
v IBM Tivoli Monitoring Agent.
Installation directories and other paths

This topic provides information about installation directories and other path variables.
The following variables are used to represent installation and other directory paths. In some cases, the
variable name matches the name of an environment variable that is set in the operating system. For
example, TIO_HOME represents the environment variable:
v %TIO_HOME%
Table 31. Path variables
Path variable Component Default directory
AM_HOME The agent manager v C:\Program Files\IBM\AgentManager
APDE_HOME Automation Package Developer APDE_HOME/eclipse
Environment
DB2_HOME DB2 v SystemDrive:\Program Files\IBM\SQLLIB
SystemDrive is the disk drive that contains the

hardware-specific files used to start Windows.
Typically, the system drive is C.
DCD_HOME Tivoli Provisioning Manager for v %Program Files%\IBM\tivoli\CDS
dynamic content delivery
DMS_HOME The device manager service v C:\Program Files\ibm\DeviceManager
installation directory
ECLIPSE_HOME Eclipse Defined by the user.
HTTP_HOME IBM HTTP Server v C:\Program Files\IBM\HTTPServer
ITM_HOME Tivoli Monitoring agent v C:\ibm\tivoli\ITM

Table 31. Path variables (continued)
Path variable Component Default directory
JAVA_HOME Java Runtime Environment v For Automation Package Developer
Environment, APDE_HOME\java\jre. For
example:
– C:\APDE\java\jre
v For IBM Tivoli Provisioning Manager,
WAS_HOME/java
MAXIMO_HOME The base services v C:\IBM\SMP
MWI_workspace Middleware installer directory v C:\ibm\tivoli\mwi\workspace
Oracle
2000 OSD_DATADIR Tivoli Provisioning Manager for OS Default data directory for Tivoli Provisioning
Deployment data directory Manager for OS Deployment parent servers:
v %SYSTEMDRIVE%\tpmfosd files
Default data directory for Tivoli Provisioning

Manager for OS Deployment child servers:
v %SYSTEMDRIVE%\TPMfOSd Files
Oracle
2000 OSD_HOME Tivoli Provisioning Manager for OS Parent servers, installed by the Tivoli
Deployment installation directory Provisioning Manager installer:
v %COMMONPROGRAMFILES%\IBM Tivoli
Child servers, installed by the Tivoli

Provisioning Manager for OS Deployment
workflows:
v %COMMONPROGRAMFILES%\IBM Tivoli
TCA_HOME common agent v C:\Program Files\tivoli\ep
TDS_HOME Tivoli Directory Server v C:\Program Files\IBM\LDAP\V6.2
TIO_HOME Tivoli Provisioning Manager v C:\Program Files\IBM\tivoli\tpm
TIO_LOGS Tivoli Provisioning Manager runtime v C:\Program Files\IBM\tivoli\common\COP\
logs logs
%TEMP% Windows directory for temporary files When logged on as Administrator,
C:\Documents and Settings\Administrator\
Local Settings\Temp
WAS_HOME WebSphere Application Server v C:\Program Files\IBM\WebSphere\
AppServer

Notices
This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this document in other countries.
Consult your local IBM representative for information on the products and services currently available in
your area. Any reference to an IBM product, program, or service is not intended to state or imply that
only that IBM product, program, or service may be used. Any functionally equivalent product, program,
or service that does not infringe any IBM intellectual property right may be used instead. However, it is
the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or
service.
IBM may have patents or pending patent applications covering subject matter described in this
document. The furnishing of this document does not grant you any license to these patents. You can send
license inquiries, in writing, to:
IBM Director of Licensing

IBM Corporation
North Castle Drive
Armonk, NY 10504-1785
U.S.A.
For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property
Department in your country or send inquiries, in writing, to:
Intellectual Property Licensing

Legal and Intellectual Property Law
IBM Japan Ltd.
1623-14, Shimotsuruma, Yamato-shi
Kanagawa 242-8502 Japan
The following paragraph does not apply to the United Kingdom or any other country where such
provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION
PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR
IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some
states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this
statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically
made to the information herein; these changes will be incorporated in new editions of the publication.
IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this
publication at any time without notice.
Any references in this information to non-IBM Web sites are provided for convenience only and do not in
any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of
the materials for this IBM product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without
incurring any obligation to you.

Licensees of this program who wish to have information about it for the purpose of enabling: (i) the
exchange of information between independently created programs and other programs (including this
one) and (ii) the mutual use of the information which has been exchanged, should contact:
IBM Corporation
2Z4A/101
11400 Burnet Road
Austin, TX 78758 U.S.A.
Such information may be available, subject to appropriate terms and conditions, including in some cases
payment of a fee.
The licensed program described in this document and all licensed material available for it are provided
by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement or
any equivalent agreement between us.
Information concerning non-IBM products was obtained from the suppliers of those products, their
published announcements or other publicly available sources. IBM has not tested those products and
cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM
products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of
those products.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which illustrate programming
techniques on various operating platforms. You may copy, modify, and distribute these sample programs
in any form without payment to IBM, for the purposes of developing, using, marketing or distributing
application programs conforming to the application programming interface for the operating platform for
which the sample programs are written. These examples have not been thoroughly tested under all
conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these
programs. The sample programs are provided "AS IS", without warranty of any kind. IBM shall not be
liable for any damages arising out of your use of the sample programs.
Trademarks
IBM, the IBM logo, and ibm.com are trademarks or registered trademarks of International Business
Machines Corp., registered in many jurisdictions worldwide. Other product and service names might be
trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at
“Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml.
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks
of Adobe Systems Incorporated in the United States, and/or other countries.
IT Infrastructure Library is a registered trademark of the Central Computer and Telecommunications

Agency which is now part of the Office of Government Commerce.
Intel, Intel logo, Intel Inside, Intel Inside logo, Intel Centrino, Intel Centrino logo, Celeron, Intel Xeon,
Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its
subsidiaries in the United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the
United States, other countries, or both.

ITIL is a registered trademark, and a registered community trademark of the Office of Government
Commerce, and is registered in the U.S. Patent and Trademark Office.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Oracle and/or
its affiliates.
Other product and service names may be trademarks of IBM or other companies.
Notices 237
Index
Numerics components (continued)
verifying after installation 214
dynamic content delivery
troubleshooting
1.3 Back up WebSphere configure Virtual Member Manager 75 install fails because Java not
Configuration 152 configuring LDAP server found 187
for user authentication only 135 uninstalling 143
configuring VMM 75
A core components
administrative workstation 6 error messages
recovery from failure 179
E
administrative workstationbacking EAR files 112
up 132 installing 119
enabling RXA tracing 167
agent manager Cygwin 188
error CTGIN2381E 162
unistalling 143 error when creating agent manager
error CTGIN2489E 162
authentication service 82 profile 180
error messages
hangs in Cygwin 183, 197
core components
B troubleshooting overview 168,
178
error CTGIN22521I 161
base services installation
uninstalling 144
installation troubleshooting after uninstalling Websphere
Creating MEA registation 113
fails to validate 164 Application Server 183
CTGIN9077E
fails without deployment base services 161
error 152, 193
engine 162 invalid directory name 185
custom installation 25
invalid LDAP names 159 errors
installing silently 207
overview 159 return codes for migration 227
CWLAA6003 165
recovering from problems 160 Cygwin
removing 146 installing 208
troubleshooting fails without download site 198 F
broken link 167 first discovery failure 198 FDCC
binding LDAP directory 158 missing tools 198 Microsoft Windows Vista
browser uninstalling 208 COPCOM618E 199
configuring for FIPS 140-2 Federal Information Processing Standard
compliance 133 browser configuration for standard
browser requirements
installation 15 D 140-2 133
standard 140-2 232
database upgrade errorMaximo 162
FIPS
DB2
See Federal Information Processing
C BIND commands 184
installing
Standard
CCMDB firewalls
client 50
CWLAA6003 165 required ports 16
server 49
changing troubleshooting
host 220 database error during
name 220 installation 153 G
changing the host name install failure from mismatched groups
database server names 153 creating 217
updating the host name 224 remote connection hangs on
scripts multiprocessor computer 189
parameters for the new
computer 226
DB2 client
uninstallation 145
H
commands hardware
default installation 205
BIND allocating 9
installing silently 207
FDCC 184 hardware requirements
Dependency checker
compatibility installation 9
Core components installation 188
installation 1 host name
deploying EAR files 113
compliance prerequisites
deployment engine 159
Federal Information Processing completing the property file 221
deployment engine failure 166
Standard 140-2 232 property file
device manager service
component requirements parameter values 221
uninstalling 141
installation 12, 15 scripts
directories
operating system 13 parameter values 221
default values 233
components DVD
Tivoli Provisioning Manager 2 disk 1 188

host names
changing
installation (continued)
requirements for operating system 13
M
database server 224 supported topologies 6 Manually building EAR files 112
installation requirements 16 Tivoli Directory Server Manually deploying EAR files 113
migrating cannot write files to home Maximo authentication 75
components 225 directory 155 Maximo business objects 164
provisioning server 222 Tivoli Provisioning Manager MEA registration 113
failure with terminal server Microsoft Active Directory
enabled 189 installing 59
middleware 29, 36, 93
I recovery steps 201
types 3 installing
IBM Agent Controller insufficient disk space error 152
web components
installing and uninstalling 207 uninstalling 146
installation 29, 59 middleware configuration
node agent error 194
base services base services installation
removing default installation 190
fails without deployment validation 164
restoring the provisioning
engine 162 middleware installation 152, 193
server 192
invalid LDAP names 159 Error configuring database 156
troubleshooting 190
troubleshooting 159 migration
cannot connect to database return codes 227
invalid domain name suffix 187
server 154 missing XML 156
verifying 232
cannot connect to Tivoli Directory monitoring agent for Tivoli Provisioning
installation directories 233
Server 154 Manager
installation DVDs 23
cannot install agent manager and installing 207
installation images 23
Tivoli Common Agent on same
installation process 3
provisioning server 183
installing 82
core components
error when creating agent manager
custom installation problems 168 N
Cygwin 208 networking
profile 180
default installation problems 173 antivirus software
prerequisite software products 36, 93 installation requirements 16
Tivoli Provisioning Manager core installation requirements 16
troubleshooting 168
components 119
Cygwin
instance names
fails without download site 198
first discovery failure 198
rules 21
IP addresses
O
missing tools 198 operating systems combinations
installation requirements 16
DB2 middleware 12
database error 153 out of sync 164
failure from mismatched
names 153 L
DB2 client 50
DB2 server 49
launchpad
links do not work 152
P
dynamic content delivery starting 29, 111 passwords
failure because Java not LDAP server device manager service
found 187 migrating FDCC 167
error messages passwords 219 provisioning server password 221
after uninstalling Websphere upgrading required for changing the host
Application Server 183 passwords 217 name 221
base services 161 Linux rules 21
invalid directory name 185 troubleshooting updating after migration 219
fails with agent manager 181 editing files changes updating after upgrade 217
Microsoft Active Directory permissions 189 path variables 233
configuration error 155 log files ports
incorrect certificate value troubleshooting information 201 required 16
error 156 web components post-installation configuration 131
middleware troubleshooting process solution preinstallation checklist 5
for migration 29 installer 194 prerequisite 36, 93
insufficient disk space error 152 logging off prerequisites
middleware troubleshooting 151 the provisioning server 216 checking automatically 6
operating systems and logging on prerequisites scanner
middleware 12 error when using login window running 6
other problems manager 156 provisioning
troubleshooting 200 provisioning server 215 server 220
Reflection X failure from unrecognized provisioning server
font 186 restarting on Windows 211
requirements 5 starting after installation on
requirements for browsers 15 Windows 133
requirements for components 12, 15 starting on Windows 211

provisioning server (continued)
stopping on Windows 211
Tivoli Provisioning Manager (continued)
uninstalling components 139
W
Tivoli Provisioning Manager for OS Web Administration Tool
Deployment installing 217, 219
web components
R starting 213
uninstalling 140 installation
recovering deployment engine 159 restoring the provisioning
Tivoli Provisioning Manager with another
reinstalling server 192
product
Tivoli Provisioning Manager 150 installation troubleshooting
installing 207
removing the deployment engine 166 hangs in Cygwin 183, 197
Tivoli Provisoning Manager
requirements node agent error 194
installation
antivirus software 16 overview 190
failure with terminal server
firewalls 16 restoring the provisioning
enabled 189
host names 16 server 190
topologies
installation media 16 log files
supported for installation 6
IP addresses 16 process solution installer 194
troubleshooting
multibyte text 16 WebSphere Application Server 164
Admin mode is slow 199
networking 16 checking status 207
installation 151
ports 16 checking version 207
base services 159
remote configuration 16 installing
core components 168
SSH 16 verifying the installation 232
other problems 200
X session 16 troubleshooting
web components 190
runtime 164 deployment of MAXIMO.ear
installing base services 160
RXA tracing 167 fails 161
log files
process solution installer 194 invalid domain name suffix 187
troubleshooting information not in sync with Maximo business
S for installation 151 objects 165
scalable distribution infrastructure 137 troubleshooting installation WebSphere Application Server tasks 231
security middleware 151 Windows XP
Federal Information Processing COPCOM618E
Standard 140-2 232 FDCC 199
setting global variables 137
signing off
U
uninstallation WebSphere Application
the provisioning server 216
Server Network Deployment 158
signing on
uninstalling
provisioning server 215
agent manager 143
silent installation 207
Cygwin 208
disk space check 186
DB2 client 145
exits before completion 185
device manager service 141
fails without Cygwin 197
dynamic content delivery 143
software distribution 137
middleware 146
SSL signer
the base services 146
verifying 128
Tivoli Monitoring agent 139
starting
Tivoli Provisioning Manager 139
Tivoli Provisioning Manager for OS
Deployment 213
components 139
starting the provisioning server 211
Tivoli Provisioning Manager core
starting the provisioning server after
components 144
installationon Windows 133
Tivoli Provisioning Manager for OS
stopping
Deployment 140
monitoring agent 214
UNIX
stopping the provisioning server 211
editing files changes permissions 189
updating administrative
workstation 224
T updating workstation configuration 224
tioadmin user authentication
installing core components fails 179 configuring LDAP server 135
Tivoli Directory Server user names
passwords 217, 219 rules 21
Tivoli Monitoring agent users
starting 214 creating 217
uninstalling 139
using 219
components 2
V
Virtual Member Manager 75
reinstalling 150
uninstalling 139
Index 241

Printed in USA

Installation Guide For Windows: Ivo I

Diunggah oleh

Informasi Dokumen

Deskripsi Asli:

Judul Asli

Hak Cipta

Format Tersedia

Bagikan dokumen Ini

Bagikan atau Tanam Dokumen

Opsi Berbagi

Apakah menurut Anda dokumen ini bermanfaat?

Apakah konten ini tidak pantas?

Hak Cipta:

Format Tersedia

Installation Guide For Windows: Ivo I

Diunggah oleh

Hak Cipta:

Format Tersedia

Tivoli Provisioning Manager

Installation Guide for Windows

Installation Guide for Windows

Last updated: December 2010

© Copyright IBM Corp. 2003, 2010 iii

iv IBM Tivoli Provisioning Manager Version 7.2 Installation Guide

Supported platforms and compatibility

Supported operating systems

Tivoli Provisioning Manager can be installed on the following operating systems:

Base services compatibility

© Copyright IBM Corp. 2003, 2010 1

2 IBM Tivoli Provisioning Manager Version 7.2 Installation Guide

Default and custom installations are supported on Windows

Chapter 1. Installation overview 3

1. Run the prerequisites

3. Plan the topology

4. Allocate the appropriate

Ready for installation

Figure 1. Preinstallation steps for new installation

© Copyright IBM Corp. 2003, 2010 5

2008 Microsoft Windows Server 2008 prereq_checker.bat "COX,COZ" detail

2003 Microsoft Windows Server 2003 prereq_checker.bat "COY,COZ" detail

Preinstallation Step 2: Read the release notes

Preinstallation Step 3: Plan the topology

There are two primary deployment strategies:

6 IBM Tivoli Provisioning Manager Version 7.2 Installation Guide

Chapter 2. Preinstallation tasks 7

Database server Provisioning server Administrative workstation

The following deployments are supported depending on the operating system.

8 IBM Tivoli Provisioning Manager Version 7.2 Installation Guide

Supported multiserver topologies

The following components can be on a separate server:

The following middleware can be reused:

Preinstallation Step 4: Allocate appropriate hardware

Processor requirements for the provisioning server

Chapter 2. Preinstallation tasks 9

Administrative workstation requirements

Windows disk space requirements

10 IBM Tivoli Provisioning Manager Version 7.2 Installation Guide

System temporary directory %TEMP% 2.5 GB

Default Back up files for a default installation C:\backup 2 GB

Chapter 2. Preinstallation tasks 11

Preinstallation Step 5: Verify component requirements

Supported operating systems and middleware combinations

Supported operating systems and middleware combinations for Windows

12 IBM Tivoli Provisioning Manager Version 7.2 Installation Guide

Operating system preinstallation tasks

Windows preinstallation tasks

Check requirements for Windows services

Check Windows Scripting Host

By default, Windows Scripting Host is installed.

To check if Windows Scripting Host is enabled: 2008

1. Click Start > Control Panel.

Chapter 2. Preinstallation tasks 13

1. In Windows Explorer, click Tools > Folder Options.

Verify that NetBIOS is enabled

To verify that NetBIOS is enabled: 2008

Verify required user rights

Disable automatic updates

14 IBM Tivoli Provisioning Manager Version 7.2 Installation Guide

Database server requirements

Directory server requirements