Monday, May 7, 2012

SSL Certificate Issue with Tivoli Integrated Portal

Most of the Tivoli Integrated Portal (TIP) users aware of the harmless SSL error.  Whenever one access the Tivoli Integrated Portal login screen, the browser displays a SSL error like the one below.


While it is harmless and just needs an additional click to get to the login screen, you can get rid of this error if you have administrator privileges on the workstation.

Why does this error happen?   Basically the SSL certificate provided by TIP for SSL communication is a self-signed one and therefore not trusted.   There are ways to purchase the certificate from Certificated Authority and import it into TIP but not many sites do that due to cost and maintenance efforts involved.  Here is another way to make your certifcate trusted if you have administrator privileges on client workstations.
  1. Click on "Continue to this website (Not recommended).
  2. In the login screen, click on the "Certificate Error", next to URL bar and click the "View Certificate" link.
  3. In the Certificate Windows, click on "install certificate" to run Certificate Import wizard. 
  4. Click Next and when prompted to choose the Certificate Store location, choose "Place all certificates in the following store" option.
  5. Click on Browse button and choose "Trusted Root Certification Authorities" store and click ok.
  6. Finish the wizard and confirm your selection.   
  7. Restart the browser and next time you access the web page SSL error should be gone.
The downside of the above solution is it is browser & client specific and you will have to do this on each one of your clients (and browsers).  

Hope this helps.

Monday, April 9, 2012

Overview of TEPS/e Administration

Recently there was a question in the mailing list asking if there is an eWAS server supplied with Tivoli Enterprise Portal Server. The answer to the question is Yes and this article addresses the purpose of the eWAS server in TEPS.

The ITM component that utilizes the embedded eWAS server is called TEPS/e Administration console.  The console comes disabled by default and it can be enabled from Manage Tivoli Monitoring Services.

Why would you need the TEPS/e Administration console?   The console is mainly used for LDAP integration when Portal Server Authentication is used.  When you configure TEPS and provide LDAP information (such as LDAP Bind information, hostname, LDAP search string, etc),  the eWAS server stores the information and acts as the AD integration point for ITM.   If you want to view the configuration information or configure for LDAP servers other than Microsoft Active Directory & IBM Directory Server, you will need to use the TEPS/e Administration Server.

By default, the eWAS server is listening on port 15205.  You can access the TEPS/e Administration console by using the following link.

http://teps:15205/ibm/console

The userid for the Admin Console is wasadmin and the password can be set from Manage Tivoli Monitoring Services under TEPS/e Administration. Hope this helps.



Saturday, March 24, 2012

How to update DB2 after changing your Windows hostname

Working with a bunch of VMs, I often have to change names, IP addresses, etc. Today I finally got tired of having an extra (non-functioning) entry in my DB2 control center because I changed the hostname of one of my DB2 servers. Happily, I found this great entry on how to do it:

http://www.dbforums.com/db2/1080165-changing-host-name.html#post4010147

However, after going through the steps, you need to restart your database administration server service, named DB2DAS - DB2DAS00. Once you do that, your new hostname appears, and the default instance (named DB2) is also there. Any non-default instances can just be manually added.

Friday, March 23, 2012

GBS YouTube Channel

Gulf Breeze Software has just created a YouTube channel.   Four videos have already been posted and with plans on posting more videos in the future.  If you have any recommendations/requests please post them in the comments.

YouTube Channel
http://www.youtube.com/user/gulfsoft

ITM Private Situations and Private History
http://www.youtube.com/watch?v=QF1LVnCDuQY

ITM Agent Builder HTTP Provider
http://www.youtube.com/watch?v=j6LJr8zg4Uk

ITM Disk Situation Override
http://www.youtube.com/watch?v=mGNPgev4v18

ITM Dynamic Logical Views
http://www.youtube.com/watch?v=4f6BsRaNjKQ

Friday, March 16, 2012

Using Non-ITM data in TEPS - Updated

A while back, we posted a blog article on how to add custom datasources to TEPS.  The problem with that is the database credentials are stored in plain text format and TEPS now expects the credentials to be encrypted.  Here is an updated and Tivoli supported way to use Non-ITM data in TEPS using ODBC.  

Prerequisites

You should have  aworking ODBC connection to the datasource.  Must be cataloged as a system datasource in Windows. 

Steps to add custom datasource
  1. Open Command prompt and run "tacmd login" to logon to TEMS.
  2. Run the following command to add custom datasource with password. The command will encrypt the password and store it in kfwcma.ini under CNPS directory. 
    "tacmd configureportalserver -d <CANDLEHOME> -s DSUSER1 -p DSN=<ODBC-DSN> UID=<user> PWD=<password>".
  3. Verify the datasource entry by running the following command.
    "tacmd configureportalserver -s DSUSER1 -v"
  4. Recycle the portal server.

An Example

In this case, I created a custom data source to point to Omnibus REPORTER database and created a custom query to pull all the REPORTER_STATUS table entries.  After creating necessary views to use the Custom Query, the data can be seen in TEPS.  Please see the attached screenshot.

Thursday, March 15, 2012

Manually Setting the MOD Level for the ITCAMfAD DataCollector

Normally, you would change the MOD (Monitoring On Demand) level for the ITCAMfAD DC (also used as the DC for older versions of ITCAMfTrans) using the Managing Server. In some cases, however, you may not have a Managing Server, or you may not have access to it. In such cases, you can manually set the MOD level by editing the file:

WASDC_install_dir/runtime/server_name/am.mod

On my machine, the full path is:

/opt/IBM/ITM/lx8266/yn/wasdc/7.1.0.2/runtime/was70.aimssrv1.gulfsoft.comNode01.server1/am.mod

The default value of this file is a single line with the value 1, corresponding to MOD Level 1. To change this, open the file in a text editor and change the value to 2 or 3 (MOD Level 2 and 3, respectively).

One particular case where this is useful is if you don't have an ITCAMfAD MS and you want to capture JDBC calls for topology mapping in ITCAM for Transactions with TTAPI. The data collector will only collect this data in MOD levels 2 and 3, and the only way to set this without a Managing Server is by editing this file.

Tuesday, March 13, 2012