Name: 7.2.1.3-TIV-NCOMNIbus-FP0003
Before installing this fix, ensure that all Tivoli Network Management applications installed in $NCHOME have been shutdown.
Enter the following command to install this fix interactively, replacing the arch placeholder with the string identifying your platform:
$NCHOME/install/ncisetup -install 7.2.1.3-TIV-NCOMNIbus-arch-FP0003.jar
Enter the following command to install this fix non-interactively, replacing the arch placeholder with the string identifying your platform:
$NCHOME/install/ncisetup -install 7.2.1.3-TIV-NCOMNIbus-arch-FP0003.jar -silent
Before installing this fix, ensure that all Tivoli Network Managment applications on your computer have been shutdown.
Extract the contents of 7.2.1.3-TIV-NCOMNIbus-win32-FP0003.zip into a temporary location, and double-click setup.exe to install this fix.
The following defect solutions are included in this release:
On a "for each row" trigger defined on a view with a WHERE clause, the WHERE clause was not being applied to the FOR EACH ROW statement. The WHERE clause of the view is now concatenated with the FOR EACH ROW WHERE clause of the trigger.
The ObjectServer gateway would terminate unexpectedly if the source and destination tables had different keys, and the gateway was configured not to pass deletes. This has been fixed.
After applying Fix Pack 7.1.0.9, the proxy server's property file $NCHOME/omnibus/etc/nco_proxy.props was deleted unless it contained some site-specific changes. This file has now been restored.
A defect was introduced in Netcool/OMNIbus V7.1.0.4 that caused the filters of all active transient event lists to be overwritten by the filter of the next transient event list to be opened. The defect affected the Windows operating system only and has now been resolved.
The Confpack (nco_confpack) utility was failing to connect to ObjectServers whose database files had been relocated by using the Memstore.DataDirectory property. A new nco_confpack argument, -memstoredatadirectory, has been added to allow an alternate database directory to be specified for each ObjectServer. The argument uses the following formats, where OSName represents the name of the ObjectServer:
-memstoredatadirectory OSName1:value1,OSName2:value2
-memstoredatadirectory *:value
-memstoredatadirectory valuThe Confpack utility (nco_confpack) now checks, as it imports an external procedure,
to determine if the value of the host field also matches the name
of an argument to the procedure, and if so, does not enclose the value
of the host field in quotation marks when it is imported.
Previously, when these values were enclosed in quotation marks, imported
procedures could fail during execution because the host field
was assigned to the name of a nonexistent system.
When alerts generated by a probe contain invalid characters for the locale in which the probe is running, the ObjectServer cannot insert these alerts when requested to by the probe. To prevent this from occuring, any invalid characters are now stripped from the alert data and replaced with spaces before being inserted. This change does not affect the probe rules, only the insertion of the alert data after the data has been processed by the rules.
If an ObjectServer gateway lost its connection to the ObjectServer while receiving a result set, the gateway could fail to reconnect when the ObjectServer was available once again. This has been fixed.
With a particular type of security setup and trigger configuration, the ObjectServer could fail to send heartbeat messages to clients, causing timeouts to occur in clients. This has been fixed.
From the event list, using the Like or Not Like quick filters on a numeric field or date/time field resulted in an error message and no events being displayed. This was especially confusing for a field such as Severity, which appears as a string but is actually numeric.
Now, Like and Not Like are treated as Equals and Not Equals for non-string selections.
In an SQL procedure or trigger, if a WHERE clause contained "Serial in array" a segmentation fault occurred. This has been fixed.
The commands nco_confpack and nco_config did not work properly on Windows when specifying a parameter that contained a space (for example, a file path such as "c:\program files"). Spaces are now properly handled in all parameters.
On UNIX, if an event list had dual-write connection to two ObjectServers (for example, called MASTER and DISPLAY), the transient event list failed to open on MASTER when run from the command line. This has been fixed.
This APAR resolves an issue with the Filter Builder on Windows, for which a subquery would not parse if created using the Edit SQL window.
When running an external procedure, nco_pad expands any environment variables embedded within the procedure's command and arguments. The format %<name>% is treated as an environment variable by nco_pad regardless of the type of operating system on which the procedure runs, and this is the designed behavior. However, nco_pad was also treating the formats %<name> as an environment variable, and when this format was encountered, all characters including and following the % character were truncated when the procedure was run. The nco_pad daemon has now been updated so that the format %<name> is no longer treated as an environment variable.
By design, a gateway does not replay a store and forward (SAF) file when Gate.Resync.Enable is set to TRUE, which can lead to event loss in an Event Services Framework (ESF) architecture. When a gateway is writing to a virtual ObjectServer pair, and the primary ObjectServer fails, events are stored in the SAF file until failover to the backup ObjectServer is complete. The events in the SAF file are then lost because Gate.Resync.Enable overrides SAF replay.
To relieve this problem, new boolean properties for gateways have been added to allow SAF replay to occur when Gate.Resync.Enable is set to TRUE. For unidirectional gateways, use the property "Gate.Writer.SAFReplayOnResync". For bidirectional gateways, use the properties "Gate.ObjectServerA.SAFReplayOnResync" and "Gate.ObjectServerB.SAFReplayOnResync".
When Gate.<name>.SAFReplayOnResync is set to TRUE, SAF replay now occurs regardless of whether Gate.Resync.Enable is set to TRUE. When Gate.<name>.SAFReplayOnResync is set to FALSE, SAF replay occurs only when Gate.Resync.Enable is set to FALSE. The default value of Gate.<name>.SAFReplayOnResync is FALSE.
There are also new command-line arguments that correspond to the new properties. For unidirectional gateways, "-writersafreplayonresync boolean" has been added. For bidirectional gateways, "-objectserverasafreplayonresync boolean" and "-objectserverbsafreplayonresync boolean" have been added.
If a user did not have the required permissions and then attempted to set the password of another user, the password was displayed as part of an error message in the log file. This has been fixed so that the password is no longer revealed in the log file error.
This APAR resolves a gateway core dump, which occurred when the gateway was running under process agent control, and the Gate.PAAwareName property specified a process agent that did not exist.
When configured as a PA-aware managed process, the Windows version of the proxy server fails to inform the process agent that it is running. This problem has been fixed.
The AppDescription field in the catalog.connections table could be left empty for probe connections when the probe, ObjectServer, or both were running in a locale that used UTF-8 as the character set. This issue has been fixed, and AppDescription is now populated in catalog.connections as expected.
A Tivoli Netcool/OMNIbus component that has been installed as a service on Windows can be run from the command line if the service is stopped. Command-line arguments that were specified during the installation of the service are merged with the arguments specified on the command line. In case of conflict, precedence is given to the arguments specified on the command line. The console output now displays those arguments that have been merged.
Three columns that were added to the alerts.status table for IBM Tivoli Network Manager were missing from the default ObjectServer gateway mapping files. In addition, some of the mapping commands for the Tivoli Network Manager columns were incorrect.
The following columns have been added to the map files.
'NmosDomainName' = '@NmosDomainName',
'NmosEntityId' = '@NmosEntityId',
'NmosManagedStatus' = '@NmosManagedStatus' ,
Use the following setup for the Tivoli Network Manager columns in the .map file for both the unidirectional and bidirectional ObjectServer gateways.
'NmosSerial' = '@NmosSerial',
'NmosObjInst' = '@NmosObjInst',
'NmosCauseType' = '@NmosCauseType',
'NmosDomainName' = '@NmosDomainName',
'NmosEntityId' = '@NmosEntityId',
'NmosManagedStatus' = '@NmosManagedStatus' ,
'LocalNodeAlias' = '@LocalNodeAlias' ON INSERT ONLY,
A memory corruption that caused ObjectServer gateways to fail intermittently on Windows operating systems has been fixed.
The ObjectServer was not passing the value specified for the group ID of an external procedure to the process agent. This meant all processes were run with the group ID set to 0. This is now fixed.
Unusually long SQL conditions caused the stack to overflow. The stack size has been increased to accommodate this issue.
The ObjectServer gateway generated errors and failed to resynchronize when the IDUCFlushRate property was set to a value greater than 0 and the flush rate was faster than the amount of time taken to perform the resynchronization. This is now fixed.
On Linux on System z, running external procedures could cause the ObjectServer to fail. This has been fixed.
A probe that was configured to use circular store-and-forward functionality replayed its history with each polling cycle when a virtual ObjectServer definition was used for the Server property. This is now fixed.
When either the unidirectional or bidirectional ObjectServer gateway was configured to transfer alerts.journal table data from a V3.6 or earlier ObjectServer to a V7.2 ObjectServer, the gateway failed. This has been fixed.
Probes can be configured to use the legacy store-and-forward or circular store-and-forward option by using the following property:
StoreAndForward: [ 0 | 1 | 2 ]
Type: INTEGER
Default Value: 1
The values are represented as follows:
0 - Do not use store-and-forward
1 - Legacy store-and-forward
2 - Circular store-and-forward
Netcool/OMNIbus Administrator (nco_config) now correctly differentiates between parameters and literal host names when configuring ObjectServer external procedures.
When running nco_pad with the default option '-authenticate UNIX', it was not possible to use passwords that had been protected with the nco_pa_crypt utility. This affected the ObjectServer PA.Password property when nco_pad was running in secure mode, and also affected connections from nco_pa_* utilities. This has been fixed.
A communication failure that occurred between the proxy server and clients running on a different endian architecture has been fixed. One example of this problem occurred between a probe running on a Windows x86 operating system, and a proxy server and ObjectServer running on a UNIX (PPC, SPARC) operating system.
Previously, an SQL interactive interface (nco_sql) client was unable to connect to the ObjectServer when connecting from a proxy server. This has been fixed.
Previously, running the Confpack utility (nco_confpack) from the Korn shell caused an "Out of Memory" error. This has been fixed by increasing the amount of memory available to the JVM.
On Windows, if an event list had dual write connection to two ObjectServers (for example, called MASTER and DISPLAY), the transient event list failed to open on MASTER when run from the command line. This has been fixed.
On Windows, the nco_elct utility could fail if load balancing was used on the desktop server. This has been fixed.
When two ObjectServer clients executed QUERY and SEND MESSAGE concurrently, there was a remote chance of a deadlock. This has been fixed.
Store-and-forward (SAF) functionality in the Probe API is
enhanced to minimize event loss during ObjectServer failover. If
a connection to an ObjectServer is lost, when the probe connects
to the backup ObjectServer, the probe replays the last
RollSAFInterval seconds of events to the ObjectServer.
The following new properties have been added to the libOpl
library:
1)
RollSAFInterval:90
Type: INT
Value: >= 1.5 * Granularity of ObjectServer in failover pair
Purpose: Specifies the time interval in seconds after which the
SAF file is rolled over to the next file. This should be set to a
value that is greater than the granularity of the ObjectServer to
minimise event loss. The default is 90s.
2)
SAFPoolSize : 3
Type: INT
Value: >0
Purpose: Specifies the number of files in the pool that can be
used to store events when the probe is running in SAF mode.
The ObjectServer changes required for this functionality to work
include:
1) Add a new column ProbeSubSecondId (int) to the alerts.status
table in a failover pair of ObjectServers.
The default value for this field is 0. The probe will assign the
incremented value to the ProbeSubSecondId field for those events
that have the same LastOccurrence value.
2) Add the ProbeSubSecondId column to the gateway map.
3) Replace the deduplication trigger in the failover pair of
ObjectServers as follows:
create or replace trigger deduplication
group default_triggers
debug false
enabled true
priority 1
comment 'Deduplication processing for ALERTS.STATUS'
before reinsert on alerts.status
for each row
begin
if ( (old.LastOccurrence > new.LastOccurrence) or ( (
old.ProbeSubSecondId >= new.ProbeSubSecondId)
and (old.LastOccurrence = new.LastOccurrence) ) ) then
cancel;
else
set old.Tally = old.Tally + 1;
set old.LastOccurrence = new.LastOccurrence;
set old.StateChange = getdate();
set old.InternalLast = getdate();
set old.Summary = new.Summary;
set old.AlertKey = new.AlertKey;
set old.ProbeSubSecondId = new.ProbeSubSecondId;
if (( old.Severity = 0) and (new.Severity > 0))
then
set old.Severity = new.Severity;
end if;
end if;
end
Known Issue:
Circular store-and-forward functionality does not behave as expected on ObjectServer failback if a probe is configured to use a virtual ObjectServer definition for the Server property.
Workaround:
Configure the probe to use a primary ObjectServer for the Server property and a backup ObjectServer (with BackupObjectServer: TRUE) for the ServerBackup property.
The Windows Filter Builder did not handle strings containing escaped single quotes correctly. This has been fixed.
On HP-UX, host names were truncated to 8 characters, which was causing the Oracle Gateway to fail. This has been fixed.
When running the Windows event list with the -config command-line option, opening remote event list configuration (.elc) files by using FTP could fail. This has been fixed.
The default directory for the process agent running as a Win32 service is now OMNIHOME/log. Unless otherwise specified, this will also be the default working directory of any child processes that are spawned by the process agent. Previously, the working directory was %SYSTEMROOT%\win32.
The ObjectServer gateways no longer exit when an invalid transfer command is received. Previously, issuing the command "TRANSFER 'tablename' FROM NCOMS TO NCOMS1;" via nco_sql, could cause the process to exit. This issue has been fixed.
On Windows, it is possible to use the SIGHUP signal to make probes re-read their rules files. This only works for probes running under process control. Use the Netcool/OMNIbus Administrator GUI to generate the SIGHUP signal.
The process agent now logs the failure to resolve reverse host name lookup of an IPv6 address only as a WARNING. Previously, it was logged as an ERROR although the program was able to continue.
When using the SSL certificate migration tool nco_ssl_migrate with the -auto option to migrate the digital certificate of an ObjectServer from V3.6 to V7.2.1 on Windows, the properties file for the ObjectServer could not be located. This has been fixed.
If a host name was specified in the process agent configuration file and it failed to resolve, the error message would be logged at the informational level. This has been raised to the warning level.
When using the SSL certificate migration tool nco_ssl_migrate with the -auto option to migrate the digital certificate of an ObjectServer on UNIX, ObjectServer entries that had both SSL and unencrypted ports configured could not be processed. This has been fixed.
A new "-elc" command-line option is added to NCOConductor.exe. This option affects all the event list instances invoked from the Conductor menu for that instance of the Conductor. This feature provides similar functionality to the "-config/elc" option of the event list.
When the ObjectServer is run on Windows 2003 and IPv6 is installed, IDUC connections might fail when connecting using IPv4. This has been fixed.
The SSL certificate migration tool (nco_ssl_migrate) now expands environment variables from the Ipc.SSLCertificate or SSLCertificate properties when performing automatic migration. Any environment variable (for example, ENV) will be expanded if it takes the following form:
$ENV
${ENV}
%ENV% (Windows only)
UNIX environment variables are case-sensitive. Windows environment variables are not case-sensitive.
If the "-fromnchome" or "-fromomnihome" command-line options are supplied, these are used as the environment variables for NCHOME and OMNIHOME respectively. See below for the order in which the variables are used:
NCHOME: "-fromnchome", "-fromomnihome"
OMNIHOME: "-fromnchome"/omnibus, "-fromomnihome"
A new property has been added to the ObjectServer: RestrictionFiltersAND -restrictfiltersand
This property controls how user restriction filters and group restriction filters are concatenated. The property is set for the system and not per user. Changes to the property come into effect only after the ObjectServer is restarted. The default setting is "true". The values for this property are as follows:
false: All restriction filters are combined using the OR operator. For example, user_rf OR group1 OR group2.
true: All restriction filters are combined using the AND operator. For example, user_rf AND group1 AND group2.
This internal update is in preparation for updates to some gateways on the Windows platform.
All Netcool components can now be installed as Win32 services, even when installed with arbitrarily long command-line arguments.
The following permissions are added to the default AlertsGateway role. This prevents "permission denied" errors being logged when ObjectServer gateways connect to the ObjectServer as a user belonging to the Gateway group.
grant select on table master.servergroups to role 'AlertsGateway';
grant insert on table master.servergroups to role 'AlertsGateway';
grant update on table master.servergroups to role 'AlertsGateway';
grant delete on table master.servergroups to role 'AlertsGateway';
grant raise on signal gw_counterpart_down to role 'AlertsGateway';
grant raise on signal gw_counterpart_up to role 'AlertsGateway';
grant raise on signal gw_resync_start to role 'AlertsGateway';
grant raise on signal gw_resync_finish to role 'AlertsGateway';
These permissions are in the security.sql file, and so are automatically added to any new ObjectServers that are created using nco_dbinit.
For existing ObjectServers, the above commands must be applied to a running ObjectServer by using nco_sql or nco_config.
A number of problems relating to the processing of SQL elseif statements have been fixed.
1. A sub-select query would cache result sets when it formed part of an elseif statement in a trigger.
2. The cancel command would be incorrectly permitted in a post database action trigger when the command was contained within an elseif statement.
3. A "for each" row loop containing an insert into the table being indexed by the loop would be incorrectly permitted when the insert statement was contained in an elseif statement.
Existing triggers that should not have been permitted will be dropped when the ObjectServer is restarted. A message will be logged if any triggers are dropped.
Previously, the ObjectServer would exit if a nested subselect statement used a function. For example, the following SQL command would cause the ObjectServer to exit:
select FullName from security.users where UserID in (select UserID from security.group_members where GroupID in (select OwnerGID from alerts.status where hourofday(LastOccurrence) < 23))
This has been fixed.
The process agent (nco_pad) no longer sends service record changes to other process agents. This used to cause corruption or invalid information in nco_pa_status output, and has been fixed.
Files created using the "CREATE FILE" SQL command would have incorrect permissions on rollover. This has been fixed.
Journal entries over 250 characters in length are no longer corrupted when submitted using the Windows event list.
Integer values used in dynamic prompt tools are no longer corrupted in the Windows event list.
The UNIX event list now silently handles embedded carriage returns in external tools that previously caused execution errors.
There is no longer a memory leak in the ObjectServer when the system backup sql statement is executed.
There is no longer a memory leak in the ObjectServer when an external procedure is created.
The Event List will now check the status of the connection to the master ObjectServer before commencing a resync operation in Dual Server Desktop mode. The connection will be re-established if necessary. Previously the EventList would fail to re-establish a lost connection.
Previously, the result of the SQL to_date function could be wrong by one hour due to incorrect handling of daylight saving time. This problem has been fixed.
Under some circumstances an ObjectServer running on a Windows 2003 server with both IPv4 and IPv6 enabled would not accept connections correctly from Event Lists and gateways. This issue has been fixed.
Previously the ObjectServer failed when creating a pre-database insert trigger that passed a new.field value to a procedure. This has been fixed.
This change provides functionality in Netcool/OMNIbus libraries that is required by some probes. Users of v7.2.1 should apply this fix instead of the patch common-libncrypt-1_0.
| nco_libOpl | 5.11.40 |
| nco_libnobjserv | 5.11.45 |
| nco_libniduc_client | 5.11.33 |
| nco_libPa | 5.11.40 |
| nco_libArch | 5.11.33 |
| nco_libnetcool | 5.11.45 |
| nco_objserv | 5.11.45 |
| nco_administrator | 5.11.45 |
| nco_libncmd | 5.11.34 |
| nco_libngobjserv | 5.11.45 |
| nco_libDaemon | 5.11.32 |
| nco_pad | 5.11.40 |
| nco_desktop_dll | 5.11.45 |
| nco_libngtk | 5.11.45 |
| nco_g_crypt | 5.11.28 |
| nco_proxyserv | 5.11.41 |
| nco_confpack | 5.11.45 |
| nco_ssl_migrate | 5.11.45 |
| nco_g_objserv_bi | 5.11.45 |
| nco_patching | 5.11.28 |
| nco_store_resize | 5.11.28 |
| nco_dbinit | 5.11.34 |
| nco_elct | 5.11.45 |
| nco_libnproc | 5.11.40 |
| nco_libnipc | 5.11.45 |
| nco_eventlist | 5.11.45 |
| nco_conductor | 5.11.45 |
| nco_check_store | 5.11.28 |
| nco_crypt | 5.11.28 |
| libncrypt | 1.0.5 |
| nco_libnregion | 5.11.28 |
| nco_libnstore | 5.11.40 |
| nco_get_login_token | 5.11.33 |
| nco_ping | 5.11.28 |
| nco_network_ipv6 | 5.11.28 |
| nco_libniduc_server | 5.11.32 |
| nco_g_objserv_uni | 5.11.45 |
| nco_libOul | 5.11.33 |