Friday, March 7, 2008

Building an Endpoint Image

Sometimes there are situations that require an image of the endpoint code to be made. In this entry I will demonstrate how to make this work.

You will need to have the following
1. one endpoint build and one test install workstation
2. access to deploy a software package
3. access to run an inventory scan.

Preparing the image
To create the image we will first need to
1. install the endpoint onto a clean workstation
2. install a software package onto the workstation (any package, a small one that copies a file to temp would work fine)
3. execute an inventory scan on the workstation
Note: This is based on the install going to the root of the C drive. You will need to make the various adjustments if the directory is somewhere else

Creating the image
Now that all the files are down for endpoint, software distribution and inventory, we can create the image. To create this image we need to do the following steps
1. Copy all the files in \Tivoli to a working directory like Temp.
2. Create a directory in Temp called Windows and copy the file swdis.ini file from \Windows\. Edit this file and remove the header and keys for the workstation.
3. Copy the directory \Windows\Tivoli to \Temp\Windows. These are the Tivoli Endpoint environment setup files.
4. remove all the workstation specific files such as:
files in the \Tivoli\swdis\1
if it exists \Tivoli\lcf\bin\w32-ix86\mrt\upgrade
if it exists \Tivoli\lcf\dat\1\cache\out-of-date
\Tivoli\lcf\scan\*.bk1 or *.bk2

4. Edit the last.cfg and remove the workstation identifier from the line lcs.machine_name (you could also set some desired values in here for the other workstations). This will get set after the endpoint is installed on the new workstation.
5. Create a new file called \Temp\Tivoli\Temp\uninst_lcfd.reg and add the lines


"UninstallString"="C:\\Windows\\uninst.exe -fC:\\Tivoli\\lcf\\DeIsL1.isu"
6. Use WinZip to zip all these files with the keep directory names option. Depending on how you save this, it might include the \Temp as the beginning of the path, we want it to only have \Tivoli. The easiest way to do this is to right click on the Tivoli directory in \Temp and select WinZip|Add to

Installing the endpoint
To install the endpoint we will create a batch file to make some various calls. We will also need the utility UNZIP.EXE (can be downloaded from or use any other desired CLI unzip utility) The batch file will contain the following entries:
REM Added reg delete to remove a new key added from FW 4.1.1 that stored the GUID for
REM each endpoint. This was causing problems with inventory.
reg delete hklm\software\tivoli\guid /v tqGUID /f

REM Extract the files from the Zip file.
%SYSTEMDRIVE%\temp\unzip.exe -o %SYSTEMDRIVE%\temp\ -d %SYSTEMDRIVE%\

REM Setting the environment variables
call %SYSTEMROOT%\tivoli\lcf\1\lcf_env.cmd

REM Install the endpoint service.
REM the -im means to install the service but do not start. This is important to avoid issues with
REM TAP not being loaded for an inventory scan or distribution.
REM the -w 1 means to enable Wake On Lan (WOL)
REM the -d 3 means to set the debug level to 3
REM the -C C:\Tivoli\lcf\dat\1 specifies the endpoint's working directory
call "%LCF_BINDIR%\lcfd" -im -D lcs.login_interfaces=severname+9494 -w 1 -d 3 -C "%LCF_DATDIR%"

REM Set some of the configs just to confirm.
echo log_threshold=3 >> "%LCF_DATDIR%\last.cfg"
echo wol_enable=1 >> "%LCF_DATDIR%\last.cfg"
echo lcs.login_interfaces=servername+9494 >> "%LCF_DATDIR%\last.cfg"
echo address_notif_interval=43200 >> "%LCF_DATDIR%\last.cfg"
echo login_interval=1800 >> "%LCF_DATDIR%\last.cfg"

REM Run the NTCONFIG.EXE to set the tmersrvd id and Tivoli_Admin_Privileges group
call "%LCF_BINDIR%tconfig" -e

REM Activate TAP. This requires a reboot for it to activate.
call "%LCF_BINDIR%\wlcftap.exe" -a

REM Add registry keys
if exist %SYSTEMDRIVE%\temp\uninst_lcfd.reg regedit /s %SYSTEMDRIVE%\temp\uninst_lcfd.reg

Testing the install
We now have the Zip file, Unzip.exe and the batch file required to do the install of the endpoint. To test this out we need a clean workstation to copy these files to the temp directory on the new workstation. Once the files are copied, execute the batch file to install the endpoint. Then reboot the system so that the TAP is activated.

Now test an Inventory Scan and Distribution. If you check the lcfd.log file, you will notice that when checking the prereqs in the cache, they will report as Found. If there is a missing file you will see Not Found and that file will be copied to the workstation.

On a side note, if you are including the Inventory and SD files as part of your image, you will have to rebuild that image again if there are any changes to FW or CM as this would make the creation of this image pointless if the files had to all be updated anyway.

Also as of FW 4.1.1 there is a new gateway setting called mcache_bwcontrol. This will allow the method cache files to be distributed using MDIST2.

No comments: