|Attachmate Management & Control Services Version 2.2.2
© 2002-2003, 2004 Attachmate Corporation. All rights reserved.
Management & Control Services (MCS) is a Web-based server console that you can use to centrally manage and configure compatible Attachmate products and components.
Back to top
Restarting Servers in a Cluster
|You must start servers in a cluster one at a time. If you attempt to start two or more servers simultaneously, none will start successfully.|
If a server in your cluster won't start or you have other general behavior issues for which you can't identify a cause, you may need to shut down and then restart the servers in your cluster. This process is necessary only for troubleshooting purposes; for other purposes, you can shut down an individual server without having to shut down all servers in the cluster.
|To shut down and restart servers in your cluster|
Enabling the Replication Timer
If you install MCS in a clustered environment, the server's replication timer is not enabled by default. This service is used for ensuring that data is replicated across servers in a cluster. It checks to make sure that a server has not gone offline when replication takes longer than it should.
If a server does go offline during replication, the replication timer removes it from the queue and begins replication to the next server in the cluster. If you do not enable the replication timer and a server goes offline during data replication, the replication process is suspended at that server.
To enable the replication timer, you'll need to edit the scm.properties file for the primary server in your cluster, located in the /mcs/WEB-INF/data/mcs/scm directory, and then restart all secondary servers.
|To enable the replication timer|
Modifying Connection Information for Servers in a Clustered Environment
If, after installation, the IP address, host name, or port number of a secondary server in your cluster changes, you need to manually reconfigure values at the primary server, and then restart all servers in the cluster so that they are updated with the changes.
If the IP address, host name, or port number of your primary server changes, you need to manually reconfigure values for the primary server on all servers in the cluster.
|This procedure is necessary only if you work in a clustered environment. If you work in a single MCS server environment, a change in its address can be automatically detected.|
The following procedure assumes that your Web server has also been updated with the new values.
|To manually update connection information for a secondary server|
|To manually update connection information for your primary server|
Assigning Rights to Configure Agent Clusters
Assigning rights to a user to configure agent clusters appears to function correctly in the Rights Management user interface; however, when the user attempts to configure an agent cluster, the attempt fails and an error message is displayed.
To configure an agent cluster, log in to MCS as the "system" user.
Back to top
OS/390 LDAP Interface to RACF Requires OMVS Segments
If MCS is installed under OS/390 USS and using the LDAP interface to RACF for the directory service, each user that requires MCS access must have an OMVS Segment in their userid (in RACF) in order to be properly authenticated.
Using RACF Directory Service in a WebLogic 8.1 Environment
When a user without rights to directory service functions attempts to view information or make a change under Directory Services (Services | Security | Directory Services), an error is displayed when the attempt fails.
Directory List Displays "Unable to load this node" Message
If you attempt to view the directory list and instead are presented with a repeating message, "Unable to load this node," check to make sure that the directory service has been correctly configured.
Back to top
Web Server Must be Configured to Allow Both Secured and Unsecured Connections
Before installing MCS, make sure that your Web server's secure only option is cleared. This ensures that you can successfully install MCS, and provide access using either a secured or an unsecured connection, as necessary.
Installing MCS and management components with Windows XP SP2
During the installation of MCS or an MCS management component, you may see a Windows security alert one or more times. This message is displayed only if you use Windows XP with the Windows XP firewall enabled (as it is by default). The message asks you if you want to keep blocking the program java or javaw. To continue with the installation, when you see this message, click Unblock.
After you click Unblock, these programs are logged in the Windows Firewall Exceptions page. Although not evident on this page, the entire path to the program has been saved. Running either program from the logged location will not display the security alert; however, running them from a different location will display the alert.
Localhost Setup in UNIX and USS Environments
In order to install and run successfully in UNIX and USS environments, you must set the following values in your /etc/hosts or hosts file.
loopback 127.0.0.1 localhost
ID Management Error Messages During Installation
In some environments, during installation a stream of repetitive error messages may be logged about ID management. These messages can be safely ignored. They do not adversely affect MCS functionality after installation.
Error Messages During Installation in a USS Environment
java.lang.UnsatisfiedLinkError: gcNoCompact at sun.security.provider.SeedGenerator$BogusThread.run(SeedGenerator.java:343) at java.lang.Thread.run(Thread.java:513)
This message can be safely ignored. It does not affect MCS installation or functionality.
Back to top
Using MCS with Windows XP
If you use MCS with Windows XP, you may experience some irregularities in the user interface. MCS functionality is not affected.
Internet Explorer Security Settings
If your Internet Explorer (IE) security settings are set to High, you will not be able to run some of the Java applets necessary to display various property pages in the MCS console window. Various IE error messages will be displayed regarding security and script errors.
Cannot use the Licensing Feature in Linux Environments
In Linux environments, if you attempt to install a new license certificate, an error is displayed and the attempt fails.
Generating a Range of IDs for Host Types Matip, Sabre, and Shares
When you attempt to generate a range of IDs when creating an ID pool with a Matip, Sabre, or Shares host type, the Finish button is unavailable unless you retype the ID name after specifying the range information.
Managing Events in a Solaris Environment
If you install MCS in a Solaris environment, you cannot limit the types of events that are logged (Services | Events | Manage Events | Filters). All events are recorded.
MCS Error Page Doesn't Display Properly in USS
If MCS is installed in a USS environment and an error page does not display correctly, for example when an access denied message should be displayed, you may need to remove a section of the file ../mcs/WEB-INF/web.xml, so that the default error page is used instead.
Back to top
Unable to Connect Using TLS Only
If you select the option Use TLS Only on the Security Services Configuration page, you will not be able to access the MCS console using a secure connection because of incompatibilities between Internet Explorer and the Java plug-in. You will still be able to access the MCS console with an unsecured connection unless you also selected Force 128-bit Encryption.
If you cannot access the MCS console because both of these options are selected, you'll need to edit the SecurityGateway.properties file directly to change their values. The SecurityGateway.properties file is located in the ../mcs/WEB-INF/data/securitygateway/settings directory. However, if Secure the Integrity of Critical MCS Files is selected, you cannot edit the SecurityGateway.properties file directly. You will need to reinstall MCS.
Implementing RSA SecurID Authentication
If you select RSA SecurID authentication, you must ensure that the RSA server and client have been set up before you will be allowed to log in to the MCS server again. If RSA SecurID authentication is selected in error, you may need to reinstall MCS before you can log in to select a new authentication option. MCS currently supports RSA SecurID only with Windows.
Failure Using Client Certificates with Java Plug-in
If you attempt to use client certificate authentication with the Java plug-in as your default VM, a communication failure may occur. This can result in MCS menus not displaying, or not displaying properly.
This is because the Java plug-in does not use client certificates from the browser's certificate store for HTTPS client authentication. Instead, it uses a certificate store specific to the JRE. At the time of writing, information about configuring the Java plug-in for client certificate authentication could be found in the following article:
Exception Generated When Making a Secure Connection to MCS With Java Plug-in Cache Enabled
If caching is enabled in the Java plug-in and you attempt to make a secure connection to MCS, an exception will be logged to the Java plug-in console. This is a known bug in the Java plug-in version 1.4.2, documented on the Sun Web site in the following article:
Enabling the Save Button on the Security Services Configuration Page
If you have previously selected the option Secure the Integrity of Critical MCS Files on the Security Services Configuration page and you clear it, the Save button is not enabled. That is, you cannot immediately save your change.
After clearing the Secure the Integrity of Critical MCS Files check box, you can select and then clear another check box on the page to enable the Save button so that you can save your change.
Using Client Certificates That Contain Unicode Strings
If you are running MCS on either of the platforms listed below, you cannot use client certificates that contain Unicode strings in the subject distinguished name (DN) field of the certificate:
You can, however, use client certificates that do not contain Unicode strings. On Sun Solaris, you can also use Sun Java 2 SDK 1.3.x, which works with either.
Authentication Type and Rights Management
If you do not require user authentication for accessing the MCS console (Authentication Type = None), all users will have all MCS rights, regardless of your selections under Rights Management.
Back to top